InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
INTERPOL seizes $300 million in international financial crime operation
On December 19, INTERPOL announced the conclusion of a transcontinental police operation against online financial crime called HAECHI IV. The operation ended with around 3,500 arrests and seizures of $300 million USD worth of assets across 34 countries. Of the $300 million, about two-thirds of was hard currency and one-third was virtual assets. HAECHI IV targeted seven types of cyber scams, including voice phishing, romance scams, online sextortion, investment fraud, and money laundering associated with illegal online gambling, among others. Through INTERPOL’s stop-payment mechanism to block criminal proceeds, authorities blocked 82,112 “suspicious” bank accounts. Next on INTERPOL’s radar is a new scam in Korea that involves the sale of non-fungible tokens (NFTs) that are a “rug pull,” a crypto scam where developers abandon a project and investors lose their money. Interestingly, the UK team of the operation reported on how scammers used artificial intelligence to create synthetic content, which criminals primarily used for impersonation scams.
CFPB distributes nearly $6 million in relief payment to veterans harmed by bad-faith lenders
On January 2, the CFPB reported it had sent nearly $6 million to consumers harmed by illegal lending practices that specifically targeted veterans. Between 2019 and 2020, the CFPB filed four suits against several loan brokers, which InfoBytes previously covered. In 2019, the CFPB entered into a settlement with an online loan broker that promised to connect veterans with companies offering high-interest loans in exchange for the assignment of some or all of their military pension payments. Again in 2019, InfoBytes covered another settlement between the CFPB and a pension-advance broker for allegedly misrepresenting the contracts offered to veterans and other consumers between 2011 and 2016. In 2020, the CFPB entered into a settlement with and a loan broker who offered high-interest loans to veterans in exchange for assignment of some of their monthly pension or disability payments. Lastly, and again in 2020, InfoBytes covered a complaint brought by the South Carolina Department of Consumer Affairs against a pension-advance scheme in violation of the CFPA for brokering contracts offering high-interest credit to disabled veterans and other consumers in exchange for the assignment of some of the consumers’ unpaid earnings, monthly pensions, or disability payments.
The recent payments totaled $5.1 million from the CFPB’s victims’ relief fund and over $720,000 from money paid by the defendants. The CFPB sent checks in December to certain customers, but an individual who believes they are eligible can submit a claim for a refund.
FTC sues for-profit university for deceptive and illegal practices
On December 27, 2023, the FTC filed a suit in the U.S. District Court of Arizona against a for-profit university for allegedly deceiving students, misrepresenting the university as a nonprofit entity, and committing telemarking abuses. The FTC sued under the FTC Act and Telemarketing Sales Rule (TSR). The complaint alleges that the university in question is a for-profit institution operating as a publicly traded entity, but nonetheless marketed itself as a “nonprofit” university. The complaint further alleges that the university misled students about the cost of its “accelerated” doctoral programs and used abusive telemarketing calls to try to boost enrollment. According to the FTC, the university called those who requested not to be called by the university, as well as consumers on the National Do Not Call Registry. The FTC asserts five claims against the university. The first two counts allege violations of Section 5(a) of the FTC Act for deceptive representations about its non-profit status and for falsely advertising its doctoral programs. The last three counts allege violations of the TSR predicated on deceptive telemarketing acts or practices, contacting those who have requested to not be contacted, and calling people on the National Do Not Call Registry.
DOJ announces crackdown on fraud networks targeting consumer accounts
On December 15, in conjunction with the DOJ’s Consumer Protection Branch efforts to crack down on fraud, the DOJ unsealed two cases against groups that allegedly stole money from consumer accounts with financial institutions. According to the DOJ, the groups used “deceptive tactics” to cover the fraud, and in the two cases, the Department is seeking “temporary restraining orders and the appointment of receivers to stop defendants from dissipating assets.”
The first case (in the U.S. District Court for the Southern District of Florida) involves a group that allegedly committed bank and wire fraud and stole millions from consumers and small businesses by repeatedly creating sham companies. According to the complaint, since at least 2017, the defendants operated fraud schemes disguised as legitimate online marketing service providers by fabricating websites, forging consumer authorizations for charges, and establishing a “customer service” call center to handle complaints. The defendants allegedly obtained bank account information from individuals and small businesses without permission and utilized payment processors to make unauthorized debits to accounts. The DOJ claims that, to carry out the fraud, the defendants used remotely created checks, which are created remotely by a payee using the account holder’s information but without their signature. The second case (in the U.S. District Court for the Eastern District of California) bears many similarities to the first case, including the type of alleged fraud scheme. Both cases also involve the use of “microtransactions,” which are low-dollar fake transactions designed to artificially lower the apparent rate of return or rejected transactions. The defendants in the second case in particular allegedly gathered large deposits from their merchant clients and used those funds to initiate microtransactions that appeared as if they were payments for the merchants’ goods and services. Essentially, according to the Department’s complaint, the merchants paid themselves: the funds initially paid to the defendants were returned to the merchants as microtransactions, while the defendants allegedly collected a percentage of the transactions as service fees.
FTC announces settlement of charges against operators of alleged telemarketing training scheme
On December 11, the FTC issued a press release announcing proposed orders against the CEO and other related individuals and businesses of an income telemarketing training scheme. In connection with the settlement, the FTC filed a complaint in the U.S. District Court of the Middle District of Tennessee alleging violations of the FTC Act and the Telemarking and Consumer Fraud and Abuse Prevention Act. The FTC alleged that the defendants, a Tennessee-based group of companies, practiced deceptive and unlawful advertising, marketing, promotion, distribution, and selling of money-making and investment opportunities in offering a sales mentor program. The complaint alleges defendants performed these acts through several business entities via a telemarketing sales training and coaching program and through marketing practices on social media platforms. Since 2019, consumers paid more than $29 million to defendants for access to this sales training program.
The FTC filed two stipulated judgments for “permanent injunction, monetary judgment, and other reliefs.” The orders contain a total monetary judgment of $16.4 million. The stipulated orders also prohibit the defendants from: (i) making misleading earnings claims, so if the defendants make earnings claim in the future, they have to have a reasonable basis for those claims; and (ii) misrepresenting any sales of goods or services, including the description of the good or service, any past performance, any testimonials, any future predictions of profit earnings, among others. The defendants will also be required to turn over a total of $1 million to be used to refund harmed consumers, with one CEO ordered to pay $600,000 and the other defendants ordered to pay $400,000. All defendants neither admit nor deny any of the allegations in the complaint.
SEC and DOJ charge two co-CEOs operating a $100 million fraud scheme
On November 9, the SEC and DOJ charged two co-CEOs of a tech investment firm for allegedly directing a $100 million fraud scheme. The two individuals were the founders of a failed Fresno-based technology company and were charged with “conspiring to commit wire fraud and taking more than $100,000,000 from various businesses and individuals” under U.S.C. § 1349. The two founders allegedly misled investors through falsified documents, bank records, auditing reports, and accounting statements.
The DOJ alleges that, as recently as January 2022, “[the two individuals lied] to board members, investors, lenders, and others about [the company’s] finances to obtain investments, loans, and other funding… Much of the money went towards paying payroll, including the [co-CEOs’] $600,000 per year salaries.” Authorities discovered the alleged fraud scheme back in May 2023 when the company failed to make payroll and then terminated all its 900 employees. If convicted, the two founders face a maximum statutory penalty of 20 years in prison each and a $250,000 fine.
Fed seeks comment on lowering the interchange fee for debit card issuers
On October 25, the Fed announced a proposed rule that would lower the maximum interchange fee that a debit card issuer with at least $10 billion in total consolidated assets can receive for a debit card transaction and would also establish a regular process for updating the maximum fee amount every other year going forward. Moreover, the Board approved the release of its latest biennial report which sets forth data collected from larger debit card issuers on interchange fees, issuer costs, and fraud related to debit card transactions.
Under the Dodd-Frank Act, the Fed is required to establish standards for assessing whether the amount of any interchange fee received by a debit card issuer is reasonable and proportional to the costs incurred by the issuer for the applicable transaction, which results in the Fed setting an interchange fee cap. The FRB developed the fee cap in 2011 using data provided by large debit card issuers with $10 billion or more in assets. But since that time, the Fed has found that certain costs incurred by such debit card issuers have declined dramatically, yet the interchange fee cap has remained the same. As such, the Fed (i) proposes to update the interchange fee cap based on the latest data reported to the Board by large debit card issuers, and (ii) proposes to update the fee cap every other year by linking the fee cap to data from the Fed’s biennial report of large debit card issuers.
The comment period will close 90 days after the proposal is published in the Federal Register.
FTC reports on efforts to combat cross-border fraud and ransomware attacks
On October 20, the FTC published two reports outlining its efforts to protect consumers against cross-border fraud and ransomware attacks.
In the first report, the FTC described the US SAFE Web Act (SAFE WEB), passed in 2006, as an “indispensable” tool to combat cross-border fraud and protect consumers in an increasingly global and digital economy. For example, the report noted that since SAFE WEB was passed, the FTC has used the law in myriad ways: issuing more than 140 civil investigative demands on behalf of 21 foreign agencies from eight countries; engaging in 148 staff exchanges to build cooperation with foreign counterparts; and sharing confidential information from FTC files with 43 law enforcement agencies in twenty different countries. The report also indicated that SAFE WEB has allowed the FTC to pursue and stop harmful conduct in the US and defend against challenges to its jurisdictional authority over foreign companies targeting American consumers. Notably, SAFE WEB helped the FTC (i) shut down a real estate investment scam that took in more than $100 million (the largest such scheme the FTC has ever targeted); (ii) cooperate with privacy authorities in Canada and the United Kingdom to pursue actions against an online dating site that deceived consumers and failed to protect the account and profile information of more than 36 million individuals; (iii) and work with foreign law enforcement agencies to stop fraudulent money transfers to certain money transfer companies located in Spain in connection with a Nigerian email scam. The FTC recommends that Congress permanently reauthorize SAFE WEB to preserve the agency’s ability to fight cross-border fraud.
In the second report, the FTC discussed its work to target ransomware and other cyber-attacks. The FTC highlighted its longstanding data security enforcement program, which seeks to ensure that businesses engage in reasonable practices to protect the data of their customers. Moreover, the RANSOMWARE Act refers specifically to China, Russia, North Korea, and Iran. The report stated that although the FTC has taken data security-related enforcement actions involving connections to China and Russia, the FTC has had limited interactions with government agencies in China, Russia, North Korea, and Iran. The report included several recommendations for Congress, including making SAFE WEB permanent, amending a provision in the FTC act which would restore the FTC’s ability to provide refunds to harmed consumers, and enacting privacy and data security legislation which would be enforceable by the FTC. The FTC also urged businesses to take steps to safeguard customer data, including retaining information only so long as there is a legitimate business need, restricting access to sensitive data, and storing personal information securely and protecting it during transmission.
FTC data spotlight reveals social media as primary source for scams over other contact methods
On October 6, the FTC released a data spotlight showing that more scams have originated on social media than on any other method of contact with consumers, accounting for $2.7 billion in consumer losses from 2021 to 2023. The FTC reports that the most frequently reported frauds in 2023 were online shopping scams on social media. However, promotions of fake investment opportunities, mostly those relating to cryptocurrency, on social media had the largest overall monetary losses. The FTC also provided a list of tips for consumers to limit their risks of fraud on social media, including restricting who can contact them on these platforms.
District Court grants summary judgement for bank in “spoofing” case
On September 29, the U.S. District Court for the Southern District of New York granted summary judgement on all claims in favor of the defendant bank, while denying summary judgement for the New Jersey-based plaintiff. The plaintiff alleged violations of the UCC, breach of contract, and gross negligence arising from a “spoofing” fraud incident that resulted in more than $8.5 million being wired from the plaintiff’s account with the defendant. The district court reasoned that the plaintiff was not entitled to a refund because the plaintiff’s employees authorized the wires – and claims under Section 4-A of the UCC require that a payment order be both not authorized and not effective in order to refund a payment. The court rejected the plaintiff’s argument that the wires were improper because the bank’s policy prohibited bank employees from authorizing wires over $500,000 – noting that the policy was for “internal use only,” and solely for the bank’s protection. Further, the court rejected the plaintiff’s common law claims as pre-empted by Article 4-A.