InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC sues national retailer for allegedly facilitating money transfer fraud
On June 28, the FTC filed a complaint against a national retailer for allegedly allowing its money-transfer services to facilitate fraud. The complaint alleges the retailer knew about the role money transfer services play in scams but failed to properly secure the services offered at its stores, thus allowing money to be sent to “domestic and international fraud rings.” According to the FTC, at least 226,679 complaints totaling more than $197 million were received by several money transfer services companies about fraud-induced money transfers that were sent from or received at one of the retailer’s stores between January 1, 2013 and December 31, 2018. An investigation by the FTC purportedly revealed that the retailer’s practices allegedly harmed consumers by, among other things, (i) allowing the payout of suspicious money transfers, which allowed scammers to retrieve fraud proceeds at one of the retailer’s stores; (ii) failing to have in place a written anti-fraud policy or consumer protection program until November 2014; (iii) allowing cash pickups for large payments, often through the use of fake IDs; (iv) failing to display or provide materials warning consumers about potential frauds; (v) failing to effectively train or retrain employees; and (vi) allowing money transfers to be used for telemarketing purchases, which are prohibited under the Telemarketing Sales Rule (TSR) due to the high risk of fraud.
According to the complaint, the retailer “is well aware that telemarketing and other mass marketing frauds, such as ‘grandparent’ scams, lottery scams, and government agent impersonator scams, induce people to use [the retailer’s] money transfer services to send money to domestic and international fraud rings. Nevertheless, [the retailer] has continued processing fraud-induced money transfers at its stores—funding telemarketing and other scams—without adopting policies and practices that effectively detect and prevent these transfers.”
The complaint seeks a permanent injunction, monetary relief, civil penalties, restitution, and other relief for each violation of the FTC Act and the TSR. The FTC also requests the “rescission or reformation of contracts, the refund of money, the return of property, the payment of damages, public notification, or other relief necessary to redress injury to consumers damages.”
The retailer issued a press release following the FTC’s announcement, stating that it considers the agency’s claims to be “misguided and legally flawed,” and that the civil lawsuit “was approved by the FTC by the narrowest of margins after Chair Lina Khan refused [the retailer] the due process of hearing directly from the company.” The retailer noted that the FTC’s decision comes after DOJ declined to pursue the case in court. Among other thing, the retailer contended that because it maintains robust anti-fraud measures there is no need for injunctive relief requiring the retailer to change its practices. The retailer pointed to the U.S. Supreme Court’s ruling in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here), to argue that the FTC “pivoted their focus in this case after AMG to a distorted interpretation of the TSR to effectively try and hold [the retailer] strictly liable for money transfers that third-party criminals reportedly persuaded some consumers to send.” The retailer added that “[s]witching their main legal theory to the TSR is an obvious attempt to get around the Supreme Court’s ruling in AMG.”
FTC says consumers lost more than $1 billion to crypto fraud
On June 3, the FTC reported that consumers lost over $1 billion to fraud involving cryptocurrencies from January 2021 through March 2022. The FTC’s recent Consumer Protection Data Spotlight found that cryptocurrency is becoming the payment of choice for many scammers and that most reported cryptocurrency losses involved fake investment opportunities (totaling $575 million in reported losses since January 2021). The spotlight stated that nearly four out of every ten dollars reported lost to a fraud originating on social media was lost in crypto, far more than any other payment method. Following losses related to cryptocurrency schemes, the next largest losses involved romance scams ($185 million) and business and government impersonation scams ($133 million collectively).
FTC sues sales organization in business opportunity scam
On March 15, the FTC filed an administrative complaint against an independent sales organization and its owners (collectively, “respondents”) for allegedly opening merchant accounts for fictitious companies on behalf of a business opportunity scam previously sued by the FTC in 2013. According to the complaint, the scammers promoted business opportunities to consumers that falsely promised they would earn thousands of dollars. From its previous 2013 lawsuit, the FTC obtained judgments and settlements of over $7.3 million (covered by InfoBytes here). The complaint alleged that respondents violated the FTC Act and the Telemarketing Sales Rule by helping the scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignoring warning signs that the merchants were fake. The FTC claimed that the respondents, among other things, (i) opened merchant accounts based on “vague” business descriptions; (ii) ignored the fact that for most of the merchants, the principals or business owners had poor credit ratings, which should have raised questions about the financial health of the merchants; (iii) neglected to obtain merchants’ marketing materials or follow up on signs that the merchants were engaged in telemarketing; and (iv) ignored inconsistencies related to the bank accounts listed on several of the merchants’ applications. The FTC further claimed that the respondents created 43 different merchant accounts for fictitious companies on behalf of the scam and even provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection.
Under the terms of the proposed consent order (which is subject to public comment and final FTC approval), the respondents would be prohibited from engaging in credit card laundering, as well as any other tactics to evade fraud and risk monitoring programs. The respondents would also be banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by credit-card industry monitoring programs. Furthermore, the respondents would be required to screen potential merchants and monitor the sales activity and marketing practices of current merchants engaged in certain activities that could harm consumers. The FTC noted that it is unable to obtain a monetary judgment due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.)
9th Circuit affirms dismissal of investors’ data breach disclosures suit
On March 2, the U.S. Court of Appeals for the Ninth Circuit affirmed the dismissal of a class action suit for failure to state a claim, concluding that investors had failed to adequately allege that statements about the defendant company’s cybersecurity practices in the company’s 2018 Form 10-K amounted to securities fraud. The plaintiffs asserted that certain statements, including statements that the company maintained “a comprehensive security program,” “were misleading because they created the impression that [the company] implemented the data security best practices described in those statements no later than 2016, when in fact, the company did not implement those practices until later.” The plaintiffs argued that based on these statements, “a reasonable investor could have concluded that any data security improvements [the company] described would have been put in place in response to the two public hacks [the company] had experienced in the past, one in 2013 and one in 2016.” The 9th Circuit determined that the plaintiffs had failed to show that the company had misled investors into believing that it had made data security improvements specifically in response to the 2013 and 2016 data breaches and had “plead no facts supporting a reasonable inference that either of those hacks was a prominent enough milestone in company history that the average investor would be led to believe every data security improvement directly followed them.”
The plaintiffs further alleged that other statements in the 10-K were misleading because they “created the impression that it was unlikely [the company] had suffered an undetected data breach in the past, when in reality it was somewhat likely.” The appellate court rejected the plaintiffs’ argument and noted that “these statements would not give an ordinary investor reason to believe that [the company] was asserting that the risk that an undetected breach had occurred was particularly high or low, or that it had changed over time.” The 9th Circuit further agreed with the district court that the plaintiffs had failed to specifically allege that the company acted with the intent to deceive, manipulate, or defraud, or engage in “deliberate recklessness.”
State AGs urge FTC to take action on impersonation scams
On February 23, a coalition of state attorneys general sent a letter to FTC Chair Lina M. Khan, responding to the Commission’s advance notice of proposed rulemaking and urging the FTC to target “impersonation scams” to ensure consumers are protected from harm. As previously covered by InfoBytes, last December the FTC issued a request for comments on a wide range of questions related to government and business impersonation fraud. According to the FTC, reported losses due to impersonation fraud have spiked during the Covid-19 pandemic, with data from the Social Security Administration reporting $2 billion in total losses between October 2020 and September 2021. The AGs commented that overall, they “believe there is a pressing need for FTC rulemaking to address the scourge of impersonation scams impacting consumers across the United States,” noting that “[a] national rule that encompasses and outlaws such commonly experienced scams discussed [within the letter] would assist attorneys general and their partners in reducing consumer harm, maximizing consumer benefits, and holding bad actors to account.” Among other things, the letter discussed state-specific consumer complaints related to business impersonation, document preparation, regulatory compliance, and lead generation scams, and warned that the FTC should explore the means and instrumentalities used in these types of fraud. One example, the AGs pointed out, is impersonators using third-party payment processing services to effectuate their scams, often times requiring certain payment methods for fictitious overdue mortgage, utility, and student loan debts. In stressing the “burgeoning need for a robust standard outlawing impersonation scams,” the AGs stated that “[w]hen a specific type of unfair or deceptive business practice becomes so prevalent, Commission rulemaking is appropriate.” They further added that these efforts are welcomed as part of their ongoing collaborative relationship with the FTC.
SEC: Taking remedial actions may help companies avoid penalties
On January 28, the SEC announced a settlement subject to court approval with a private technology company to resolve allegations that the company, through its former CEO, falsely inflated key financial metrics and doctored internal sales records. The complaint, which alleged violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, claimed that the CEO significantly inflated the value of numerous customer deals, and then masked the inflation by creating fake invoices and altering real invoices to make it seem as if customers had been billed higher amounts. The company’s board of directors conducted an internal investigation, which led to the removal of the CEO, a revised company valuation, and remedial efforts including repaying investors. The company also hired new senior management, expanded its board, and implemented processes and procedures to ensure transparency and accuracy of deal reporting and associated revenues. While the company neither admitted nor denied the allegations, it agreed to be permanently enjoined from violations of the antifraud provisions. The SEC highlighted that the lack of a penalty in the settlement is significant, and demonstrates the Commission’s position that a company may receive credit if it makes significant remedial efforts in the wake of an internal investigation. “For companies wondering what types of remedial actions and cooperation might be credited by the Commission after a company uncovers fraud, this case offers an excellent example,” stated Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “[The company’s] remediation and cooperation included not just its internal investigation and revised valuation, but also repaying harmed investors and improving its governance—all of which were factors that counseled against the imposition of a penalty in this case.”
FTC reports on social media fraud
On January 27, the FTC released a blog post regarding scam data usage on social media. Reports to the FTC showed that social media is increasingly used by scammers and “that social media was far more profitable to scammers in 2021 than any other method of reaching people.” The blog post, Social media a gold mine for scammers in 2021, reported that more than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. Additionally, the FTC noted that investment scams and romance scams had the most reported dollars lost.
FTC proposes rule to combat impersonation fraud
On December 16, the FTC issued an advanced notice of proposed rulemaking (ANPR) seeking comments on a wide-range of questions related to government and business impersonation fraud. According to the FTC, reported losses due to impersonation fraud have spiked during the Covid-19 pandemic, with data from the Social Security Administration reporting $2 billion in total losses between October 2020 and September 2021. These impersonation scams include persons posing as government officials or employees or persons claiming they represent well-known businesses or charities, and may use “misleading domain names, URLs, and ‘spoofed’ contact information’” to create the illusion of legitimacy. The FTC added that scammers are looking for information that can be used to commit identity theft or seek monetary payment and often request that funds be paid through wire transfer, gift cards, or cryptocurrency. Government impersonators also often threaten consumers with severe consequences, while business impersonators regularly use ploys claiming they have identified suspicious activity on a consumer’s account or computer.
The ANPR - the FTC’s first action under its streamlined rulemaking procedures announced earlier this year (covered by InfoBytes here) - seeks feedback, data, and arguments from the public concerning the need for rulemaking to prevent this type of fraud.” Comments on the ANPR are due within 60 days of publication in the Federal Register.
European banks resolve Mozambican bond offerings matter
On October 19, multiple agencies—the DOJ, SEC and UK’s FCA—announced a coordinated resolution with a European bank related to debt offerings for entities in Mozambique. (See here and here.) In total, fines to U.S. and U.K. authorities reached almost $475 million, and the institution also agreed to forgive $200 million of the debt.
In a related action, a London-based subsidiary of a Russian bank (bank) separately agreed to pay over $6 million to settle SEC charges related to its role in a second 2016 bond offering. According to the SEC’s order, the second offering as structured by the bank and reespondent permitted investors “to exchange their loan participation notes (LPNs) for a direct sovereign bond issued by the Republic of Mozambique” in an earlier bond offering. However, the SEC alleged that the offering materials distributed and marketed by the respondent and bank “failed to disclose the full nature of Mozambique’s indebtedness and, relatedly, its risk of default on the notes.” Furthermore, the SEC alleged that proceeds from the financing from the respondent and bank were supposed to be used exclusively for maritime projects, but in reality, without the bank’s knowledge, only a portion of the loan proceeds was applied towards maritime projects while the rest was diverted to pay kickbacks and make improper payments to Mozambican government officials. Mozambique later defaulted on the financings after the full extent of “secret” debt was revealed.
FTC says communities of color disproportionately affected by fraud
On October 15, the FTC released a staff report, Serving Communities of Color, that discusses the Commission’s enforcement and outreach efforts related to the impact of fraud on majority Black and Latino communities. The report details various studies and research. For example, one FTC study examined disparities related to payment methods received from consumers who live in communities of color compared to consumers who live in majority White communities. According to the study, consumers in communities of color more often reported a larger share of losing money when using payment methods that offer few legal protections—e.g. cash, cryptocurrency, money orders, and debit cards. In contrast, consumers living in majority White areas filed the largest share of reports about credit cards, which offer more robust fraud protection. Another study revealed that “different demographic populations reported different types of concerns at different rates,” with consumers living in majority Black communities filing a higher number of reports than consumers living in majority White communities related to credit bureaus, banks and lenders, used auto issues, and debt collection. According to FTC findings, consumers living in majority Latino communities also filed a larger share of reports about credit bureaus, banks and lenders, debt collection, auto issues and business opportunities. The report discusses, among other things, more than 25 enforcement actions where the FTC identified that the unlawful conduct either targeted or disproportionately affected communities of color. Examples include auto buying cases, for-profit colleges, student loan debt relief programs, prepaid card scams, fake Covid-19 products and services, business “opportunities” and pyramid schemes, payday lending, and credit and consumer reporting accuracy. The report also shares information about FTC outreach programs to consumers in these communities.