FTC Looks To Ban Payment Methods Susceptible To Fraud
By Barrie VanBrackle
This article was previously published in E-Finance & Payments Law & Policy (July 2013).
In May, the Federal Trade Commission issued a Notice of Proposed Rulemaking concerning possible amendments to the Federal Telemarketing Sales Rule, which would prohibit sellers and telemarketers from accepting remotely created checks or remotely created payment orders. Barrie VanBrackle of Manatt explores the FTC’s proposal, the potential consequences for payments innovation and the alternatives.
In the last few months, the Federal Trade Commission ('FTC') has filed actions against several payment card processors, which process payment card transactions for merchants accepting payments using remotely created checks (RCC) or remotely created payment orders (RCPO) (the FTC has also pursued the merchants in these or separate actions). The FTC's recent lawsuits against payment processors generally state that the merchants used these deceptive methods with the assistance and knowing cooperation of their payment processors, or, conversely, the payment processors suggested these payment mechanisms to merchants. The basis for the FTC's actions are that certain consumers of the merchants state that they did not authorise the payments made. The FTC further states that these types of payment methods do not require the consumer's authorisations that are required with usual payment methods such as payment cards and thus these types can more easily result in fraud. Recent examples of actions taken by the FTC against payment processors are those against Landmark Clearing (and its principals) (Case No. 4:11-cv-00826) and Automated Electronic Checking, Inc., (Case 3:13-cv-00056.)
The foregoing actions both settled and included in the settlement that the defendants (the payment processors) would be permanently prohibited from processing payments for any of their merchant customers that they know, or should have known, are violating the FTC Act or the Federal Telemarketing Sales Rule (TSR), although the settlement did not include a ban on the acceptance of RCCs or RCPOs as payment methods. However, in May 2013, the FTC issued a Notice of Proposed Rulemaking (NPRM), and request for public comment on amendments to the TSR that would bar sellers and telemarketers from accepting RCCs, RCPOs and other cash reload mechanisms as payment in inbound or outbound telemarketing transactions and would expand the advance fee ban on recovery services (now limited to recovery of losses in prior telemarketing transactions, to include recovery of losses in any previous transaction). The comment period expires on 8 August 2013. This article focuses on the aspect of the NPRM that would prohibit the use of RCCs, RCPOs and cash reload mechanisms from the perspective of the payment processor.
Under the TSR, the FTC has the authority to promulgate rules that 'prohibit deceptive telemarketing acts or practices, and other abusive telemarketing acts or practices.' (Section 310.3 and 310.4 of the TSR). The NPRM focuses on the FTC's interpretation of the aspect of the TSR which allows the FTC to have rulemaking authority over 'other abusive telemarketing acts or practices' as such 'other abusive telemarketing acts or practices' would include those acts or practices that would be considered 'unfair' to consumers (the NPRM then looks to Section 5 of the FTC Act in determining that 'an act or practice is "unfair" under Section 5 of the FTC Act if it causes or is likely to cause substantial injury to consumers, [or] if the harm is not outweighed by any countervailing benefits to consumers...'). The FTC proposes amending the TSR so as to prevent the foregoing payment methods (which it considers 'novel') in that these payment mechanisms are cleared via methods that provide 'little or no systematic monitoring to detect or deter fraud' (p.9, NPRM). However, what is the impact on the acquiring industry if the FTC prevents 'novel' payment mechanisms when not all of these payment mechanisms are used to perpetrate fraud? Secondly, if the FTC is able to deter 'novel' payment mechanisms, will that action not have a chilling effect on legitimate newcomers to payments? Finally, the NPRM only seeks an amendment to the TSR and does not seek to prevent the use of these payment methods through non-TSR merchants and as such, does the FTC go far enough in the NPRM?
The Landmark and Automated cases revolved around merchants that used RCCs and RCPOs as methods of accepting payments. The FTC discusses in both cases that the payment processors had liability because they should have been monitoring the enormous amount of returns and chargebacks to determine that the merchants were perpetrating a fraud on the public. The FTC also intimated via allegations that the payment methods were so novel, that the merchant could not have come up with this method - it relied on the payment processor to come up with these methods.
No one wants to see fraud perpetrated on the public. But, the acquiring industry and merchants continue to work on payment innovations so that consumers who do not utilise conventional payment methods can still purchase goods and services. The public consumes goods and services online and via telemarketing at an ever-increasing rate. The Census Bureau for the Department of Commerce in May 2013 announced that retail ecommerce sales increased 2.7% from the fourth quarter of 2012. Legitimate providers are seeking to provide payment mechanisms, which allow persons that do not wish to use or cannot access conventional payment methods such as payment cards to pay for goods and services using other methods (which may be more cost efficient for the seller). Not all such payment methods are used for the proliferation of fraud. If the FTC seeks to ban payment methods because of fraud risk, could it chill the proliferation of novel methods? Is there another way to address fraud other than eliminating these payment methods?
The FTC suggested in the Landmark and Automated cases that the merchants (and the processors) ignored the amount of chargebacks and returns, and based on the large number, at least the processor should have realized the fraud. Following those settlements, does it not make more sense to require merchants (and their payment processors and acquiring banks) to closely monitor chargebacks and return rates? Enormous amounts of returns could signal fraud. This monitoring would require three different checks from three parties and so detect issues
Moreover, merchant agreements usually include provisions that require the merchant to with all applicable laws, as well as payment card network rules. The FTC Act and the TSR are both Federal laws with which the merchant would be required to comply, and both currently prohibit 'deceptive or abusive acts or practices.' Deducting unauthorised payments from a consumer's bank account would violate those laws. If the merchant violates either of the foregoing (as well as the numerous consumer protection laws), the merchant would be in breach of its merchant agreement, and arguably, depending on the agreement terms, the payment processor would have the right to terminate the merchant. If a merchant is terminated from payments, its 'lifeblood' would be cut-off and the merchant would be prevented from accessing the payments system. Thus the current merchant agreement should prevent a fraud perpetrated on a consumer, without eliminating payment methods that could be used for legitimate purposes.
Further, the NPRM would only prevent the use of RCCs and RCPOs for merchants. However, a nontelemarketing merchant could still use these payment methods (for legitimate purposes). However the NPRM, as proposed, would require payment processors to confirm that none of their merchants are using the prohibited payment methods. A large processor could sign upwards of 10,000 merchants a month. The amount of monitoring that a payment processor would be required to conduct is already enormous. Requiring a payment processor to further monitor all of the payment methods used by all of its merchants could put the payment processor out of business if the FTC seeks to hold the payment processor liable for the acts of its merchants. Should we not continue with the current methodology of having the payment processor and the bank monitor chargebacks (and the FTC continue to monitor complaints), as opposed to prohibiting a payment method that could be used legitimately? And again, the NPRM would only limit this payment method for particular merchants - telemarketers.
The NPRM seeks comment on the elimination of RCCs RCPOs based on the 'staggering' number of returns and the fact that 'the systemic weakness of the check clearing system make it much more accommodating for [merchants] than the credit card system or ACH network' (p. 26-27 of the NPRM). The FTC is seeking comment that these types of payment methods are 'essential' (NPRM, p. 38), and there are bound to be legitimate uses of these methods. Is there not a better way to deter wrongdoers under current laws from using payment system rather than putting another burden on payment processors, potentially squelching payment innovation?
Legitimate methods of doing nearly anything can have a sinister outcome. Is there a better way of preventing access to bank accounts (i.e., much like in the payment card usage, the merchant will have systems directly connecting to the payment processor). There could be some form of requirement that if a consumer provides its bank account number, an authorisation system can be put in place to require confirmation from the consumer? This may deter fraudulent merchants - and would not just be limited to the telemarketing industry.