The California Consumer Privacy Act

15 Oct 2018

Following closely on the heels of the EU’s General Data Protection Regulation (GDPR), California recently enacted its own consumer privacy law called the California Consumer Privacy Act of 2018 (CCPA).

The law, which requires protection of personal information of California residents, was passed in June and then amended in late September. Merchants and payment processors will be affected by the CCPA, even those that are not based in California. Businesses will need to think closely about what types of data they collect and how they store and transmit such data. They will also need to establish processes for dealing with consumer requests.

Below are some key provisions:

  1. The law protects the personal information of consumers, defined as natural persons who are residents of California.
  2. It gives consumers the right to know what types of personal information are being collected, and whether personal information is sold or disclosed and to whom.
  3. It authorizes consumers to opt out of the sale of personal information to third parties.
  4. It allows a consumer to request a copy of the specific pieces of information collected and an explanation of the business purposes for which they are used.
  5. It gives consumers the right to request the deletion of personal information collected.
  6. It requires businesses to provide equal service and pricing with respect to privacy, which means a business cannot charge a different price to a consumer who opts out.
  7. For individuals under 16, the CCPA requires an opt-in regime rather than opt-out. So the sale of such an individual’s personal information would require affirmative consent.
  8. The law applies to companies that conduct business in California, collect consumer personal information, and satisfy the following:
    1. Annual gross revenue exceeds $25 million; or
    2. Buys, sells, or shares/receives for commercial purposes (alone or in combination) personal info of 50,000 or more consumers, households, or devices; or
    3. Derives 50% or more of annual revenue from selling consumer personal information.
  9. The law becomes effective on July 1, 2020.

Personal information is defined broadly, encompassing many types of personal, professional, educational, and commercial information, biometric and geolocation data, as well as any inferences drawn from such information to create a consumer profile “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.”

The law also introduces a private right of action against business in certain circumstances involving unauthorized access, theft, or disclosure of personal information that is stored in nonredacted or nonencrypted form.

Merchants and payment processors would be well advised to examine the law, determine its effect on their operations, and prepare well ahead of the effective date in 2020.

California Consumer Privacy Act

— Daniel Ungar and Nicole Meisner, Attorneys, Jaffe, Raitt, Heuer & Weiss, P.C. The above is intended as general information only and should not be construed as legal advice or as creating or soliciting an attorney-client relationship. You should consult your own attorney for guidance with respect to any particular issue or problem.

Daniel Ungar

Daniel Ungar

Daniel M. Ungar is a member of the firm's Electronic Payments Group and Privacy and Datasecurity Group. Daniel, a former patent examiner in the areas of crypto- and cybersecurity, holds an advance computer science degree from Johns Hopkins University and a J.D. from Harvard Law School.

dungar@jaffelaw.com

Texas Latest State to have Surcharge Ban Declared Unenforceable by Federal Courts

9 Oct 2018

In March 2017, the United States Supreme Court issued its opinion in Expressions Hair Design v. Schneiderman, on a challenge to New York’s law prohibiting credit card surcharges. The Supreme Court held that the law restricts merchants’ speech by banning surcharges while allowing cash discounts—two similar business models that differ only by how a merchant’s pricing can be communicated to customers—and then sent the case back down for the lower court to determine whether this particular speech restriction is lawful or not. This case remains pending (the New York state court was consulted to interpret the state statute, and we are still awaiting its response), but other federal courts have already relied on this decision to invalidate equivalent laws in other states.

In the latest blow to state restrictions on surcharges, a federal court in Texas has declared Texas’s surcharge law unenforceable. What is particularly significant about Rowell v. Paxton, decided August 16, 2018, is that it represents a reversal of the previous controlling decision in the case (from 2016) upholding Texas’s surcharge law as an ordinary business regulation. After re-analyzing the law, pursuant to Expressions, as a regulation on speech, however, the court was forced to conclude that the state failed to meet the high standard required to impose such speech restrictions.

This is a significant win for merchants, and it makes Texas the third state to have its anti-surcharge law invalidated, after Florida and California (and when the New York case is finally resolved it will likely be the fourth). However, the issue is not completely settled. First, the legality of surcharges remains untested in all other states that have similar laws. Moreover, even when a federal court declares a state law unenforceable, the statute remains on the books as official state law until it is duly repealed by the state legislature.

To illustrate the problem, consider the Ninth Circuit’s ruling on California’s surcharge ban in January 2018, in Italian Colors v. Becerra. Following the Supreme Court’s guidance in Expressions, the court struck down the law. But then, surprisingly, California’s attorney general took the position that the court’s ruling was limited to the actual plaintiffs of the case but did not, however, prohibit “general enforcement.” This means that California only recognizes the law as invalid for the plaintiffs, but not for anybody else. Therefore, under current state policy, “each use of a credit card surcharge would need to be evaluated based on its own particular facts.”

In light of California’s stance, the Rowell decision appears similarly ambiguous. The court “permanently enjoin[ed] the State of Texas from enforcing the Anti-Surcharge law against the merchants” (emphasis added). But does this mean all merchants, or just the plaintiffs? State regulators have not weighed in.

Thus, while surcharge laws appear to be on their way out nationwide, the laws remain in flux in many jurisdictions, and caution is still warranted.

— Daniel Ungar, Attorney, Jaffe, Raitt, Heuer & Weiss, P.C. The above is intended as general information only and should not be construed as legal advice or as creating or soliciting an attorney-client relationship. You should consult your own attorney for guidance with respect to any particular issue or problem.

Daniel Ungar

Daniel Ungar

Daniel M. Ungar is a member of the firm's Electronic Payments Group and Privacy and Datasecurity Group. Daniel, a former patent examiner in the areas of crypto- and cybersecurity, holds an advance computer science degree from Johns Hopkins University and a J.D. from Harvard Law School.

dungar@jaffelaw.com

Surcharges, Convenience Fees, & Cash Discounts

24 Aug 2018

It’s hard to be a cash-only business, especially when businesses are expected as a matter of course to accept credit and debit cards. But processing fees can make merchants hesitant to sign up for transaction processing services, and many payment processors want to offer merchants the ability to pass processing costs through to the customer. There are several ways these programs can be structured, each subject to a different regulatory framework.

Three common options are surcharges, convenience fees, and cash discounts. They sound similar and many people mistakenly use these terms interchangeably, but each one works in a slightly different fashion and they all have different legal requirements. Businesses can incur significant penalties for running afoul of the rules, so knowing how each method works—and what each one’s limitations are—can be critical.

Surcharges

Payment card networks such as Visa and Mastercard define a surcharge as any extra fee or price increase imposed on a cardholder for paying by credit card as opposed to cash or another payment method. Surcharges are governed by both card brands rules and state law. A number of states have outlawed credit card surcharges entirely, and although such bans have been subject to recent legal challenges (including at the Supreme Court), the status and enforceability of these laws remain in flux. Additionally, the enforceability of state laws do not affect the surcharge rules promulgated by the card brands, which continue to place restrictions on how surcharges can be imposed.

Convenience Fees

Convenience fees are charged for the convenience of paying online rather than in person. Convenience fees can be a good option for certain situations; however, not all merchants are eligible. Because the fees must be for the convenience of the online transaction and not for the use of a credit card, a merchant may not discriminate based on the type of payment used. Similarly, convenience fees can only be charged if the merchant’s ecommerce system qualifies as an “alternative payment channel,” which will only be the case if the merchant also offers a card-present option so the customer can avoid the fee by paying in person, and if other conditions are satisfied.

Cash Discounts

Merchants are allowed to offer discounts for cash payments, and these discounts are not considered “surcharges” under state surcharge bans or card brand rules. Because cash discount programs are virtually unrestricted, there are advantages in implementing such a program over a surcharge program. The difficulty is in distinguishing between surcharges and cash discounts, since they often can be functionally equivalent. Many processors purport to offer compliant programs, but there is reason to be skeptical as to whether many of these programs actually satisfy regulatory requirements. Legal advice should be sought before trying to avoid surcharge rules and laws by describing a program as a cash discount program rather than a surcharge program.

— Daniel Ungar, Attorney, Jaffe, Raitt, Heuer & Weiss, P.C. The above is intended as general information only and should not be construed as legal advice or as creating or soliciting an attorney-client relationship. You should consult your own attorney for guidance with respect to any particular issue or problem.

Daniel Ungar

Daniel Ungar

Daniel M. Ungar is a member of the firm's Electronic Payments Group and Privacy and Datasecurity Group. Daniel, a former patent examiner in the areas of crypto- and cybersecurity, holds an advance computer science degree from Johns Hopkins University and a J.D. from Harvard Law School.

dungar@jaffelaw.com

The Third Stark Lesson: ISO Liable Under TSR For All Merchant Fraud Damages

23 Jan 2018

On December 13, 2017, the United States Court of Appeals for the Eleventh Circuit held that an independent sales organization can be held liable for all damages suffered by consumers as a result of a merchant’s violation of the Telemarketing Sales Rule (“TSR”).  The court rejected the ISO’s argument that its liability should be limited to the fees it received from the merchants as a result of the merchants’ processing activities.

We previously reported on this case when the action was first filed by the FTC, back in 2013.  The complaint alleged that Newtek Merchant Solutions, the ISO, and its President, violated the TSR.  The TSR provides that it is a deceptive telemarketing act, and a violation, for a person to provide substantial assistance or support to any telemarketer when that person knows or consciously avoids knowing that the telemarketer is engaged in a deceptive telemarketing act, as defined in the regulation.

Lesson One:  An officer of an ISO may be held personally liable for violations of the TSR.

The FTC maintained that Newtek’s payment processing services enabled the charges on consumers’ card accounts to clear through the card networks, and that without the ISO’s assistance, it would have been impossible for the merchant to charge consumers fees for its deceptive interest rate reduction services.  Further, Newtek allegedly knew that many of the merchants’ accounts were connected to operations that were likely engaged in fraud. The underlying scheme involved the merchants’ promises that they would reduce the interest rates on consumers’ credit cards if they paid between $600 – $1,000 to the merchants.  The scheme generated more than $2.5 million in credit card payments.

According to the Court, “despite several glaring red flags” including an unusually high number of chargebacks, the ISO opened one and then a second merchant account.  In a previous action, the FTC prevailed against the ISO and its President in holding them liable for the fraud perpetrated by the merchants.

Lesson Two:  An ISO may be liable under the TSR for the fraud perpetrated by one of its merchants.  Be careful who you agree to process for.

The issue in the December action was the amount of the damages to be awarded against the ISO.

The Court of Appeals held that “a violation of the TSR’s substantial assistance rule can support joint and several liability to the extent of the unjust gains.”  It rejected the ISO’s argument that damages should be apportioned between the defendants or that the ISO should only be obligated to disgorge the amount of the fees the ISO retained from processing credit card transactions.

Lesson Three:  An ISO may be liable for all damages incurred as a result of its fraudulent merchant.

This opinion appears to be the first of its kind interpreting the liability provisions of the TSR as applied to ISOs.  It is a wake-up call that ISOs must listen to in order to avoid potential exposure far exceeding the amount of processing revenues.

 

–Holli Targan and Eric Linden, Attorneys and Partners, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Marijuana Banking & Payments: The Impact of AG Sessions’ Recent Memo

16 Jan 2018

On January 4, 2018, U.S. Attorney General Sessions formally rescinded guidance issued by the Department of Justice (DOJ) during the Obama administration related to the DOJ’s approach to the enforcement of state-legalized marijuana activity.   Sessions replaced the former guidance by issuing a memo (“Sessions Memo”) that instructs U.S. Attorneys to “follow the well-established principles that govern all federal prosecutions” when determining which marijuana activities to prosecute.

The question banks and payment processors must be asking is:  How does the Sessions Memo impact the provision of financial services to marijuana-related businesses?

It is no secret that one of the critical issues that has plagued the state-legalized marijuana industry since its inception is the difficulty for marijuana businesses to obtain banking and other essential financial services such as electronic payment acceptance.

For banks and payment processors providing (or those that are considering to provide) services to marijuana related businesses, the greatest impact of the Sessions Memo is the rescission of the federal government’s hand-off approach to enforcement articulated in a memo titled “Guidance Regarding Marijuana Related Financial Crimes” issued by former Deputy Attorney General James Cole in 2014 (“2014 Cole Memo”).

The 2014 Cole Memo outlined the key enforcement priorities for prosecutions involving “financial crimes for which marijuana-related conduct is a predicate,” such as money laundering, unlicensed money transmission, and violations of the Bank Secrecy Act (“BSA”).  The 2014 Cole Memo was issued simultaneously with guidance issued by the Financial Crimes Enforcement Network (“FinCEN”).  The FinCEN guidance clarified how financial institutions could provide services to marijuana-related businesses consistent with their BSA obligations and federal enforcement priorities.

An apparent unintended consequence of the Sessions Memo is that the FinCEN guidance is now uncertain.  The FinCEN guidance is predicated on the DOJ guidance that has now been rescinded. It is unclear how the FinCEN guidance will be implemented in light of the Sessions Memo, as FinCEN has not issued any revised or supplemental guidance.  Initial news reports indicate that FinCEN was not aware of the DOJ’s change in position prior to it becoming public.  A spokesperson of FinCEN has been quoted stating the FinCEN guidance currently “remains in place.”

To be clear, the 2014 Cole Memo and the FinCEN guidance did not obviate or amend federal law prohibiting the sale or use of marijuana. Nor did it provide a defense to those violating such laws.  Instead, the guidance provided marijuana-related businesses and the financial institutions servicing such businesses a framework of the federal government’s enforcement priorities.  In that regard, it provided some degree of comfort to those providing services to this industry.

Although the Sessions Memo presents a change in the status quo of the federal policy on marijuana enforcement, the Sessions Memo is not as aggressive as many had feared it would be given Sessions’ outspoken criticism of marijuana.   The current policy continues to recognize the prosecutorial discretion of the U.S. Attorneys in determining on which conduct to focus its efforts.  Further, it does not instruct U.S. Attorneys to take a more aggressive approach towards state-legalized marijuana conduct by enforcing federal law in all circumstances, nor does it impose a more stringent set of enforcement priorities.  Instead, the current policy leaves marijuana enforcement up to each state’s U.S. Attorney.

For now, it is imperative to closely monitor the actions of the states’ U.S. Attorneys to gauge how the new policy will be implemented.  There is more uncertainty as to whether the federal government will take a more aggressive approach. The bottom line is, more uncertainty = more risk.

Only time will tell the full extent of the impact that the Sessions Memo will have on marijuana-related businesses and the companies that service them.  Stay tuned.

–Nicole Meisner, Attorney, Jaffe, Raitt, Heuer & Weiss, P.C.

DISCLAIMER:  The possession, sale, use, and distribution of marijuana and conduct that assists or facilitates such conduct is illegal under federal law.  This blog is for informational purposes only.  The information contained herein is not legal advice—consult with legal counsel for definitive advice.

Technology Platform Providers and the Risk of Money Transmission

16 Nov 2017

A recent trend that we are encountering frequently is software and internet-based platform providers (“providers”) venturing into the world of payments—sometimes unwittingly. A typical scenario looks something like this:  A provider develops a platform that assists merchants (such as hair salons, utility providers, or medical offices) accept electronic payments from the merchant’s customers.  Most commonly, the providers’ software or technology offerings assist these merchant businesses with virtually every aspect of their operations.  So it seems only natural for the providers to offer a payment solution through the platform.

Although it can be lucrative for a provider to offer customers the ability to accept electronic payments, there are perilous regulatory consequences that must be considered.

First, the provider should consider whether the operational structure implicates money transmitting laws and regulations. A common misconception is that these laws and regulations only apply to person-to-person remittance transactions—for instance, when an individual sends money to a family member located overseas through a third party.  However, this is simply not the case.

Money transmission is regulated at both the state and federal level. To the dismay of money transmitters and those who are trying to decipher whether they are subject to money transmission regulation, there is no universal definition of money transmission in the United States. On the federal level, “money transmitter” is currently defined as: “A person that provides money transmission services.” The term “money transmission services” means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”  The term “person,” however, is not limited to a natural person.  Instead, the term also includes corporations, and partnerships, among many other types of entities and legal personalities.  Federal regulations provide several circumstances where a person’s acceptance and transmission of currency, funds, or other substitute value would not be deemed money transmission—thus, the determination of whether a person is deemed a money transmitter is a matter of facts and circumstances.

To make matters more complicated, nearly every state has its own regulatory regime for money transmission. Each state law has a different definition of money transmission, different exemptions, and varying requirements.  One thing that is consistent across the all regulatory regimes is that the penalty for operating as an unlicensed money transmitter is severe—and can include both civil and criminal penalties on a state and federal basis.

It is imperative for providers to determine whether they are engaged in money transmission so they can understand their own risks and decide how best to operate. Often, providers’ operations can be restructured to mitigate the regulatory risks. Other times, exemptions to the regulatory burden can be utilized, such as through agency relationships with strategic partners such as banks or licensed money transmitters. Unfortunately, there is not a one-size-fits-all solution that works for every provider and the analysis is driven by the unique facts and circumstances of the transaction flow.

Apart from money transmission issues, if the provider offers its merchants the capability of accepting credit cards from their customers, the provider should also consider whether its operations implicate any of the card brand Rules. For instance, the provider may need to consider whether it is operating as an unregistered payment facilitator or marketplace.  The card brand-specific issues are separate from, but parallel to, the money transmission considerations.

The regulatory implications of enabling payment solutions on technology platforms should not be taken lightly. The world of payments is constantly evolving in our tech-driven environment, and that change can be overwhelming.  But by taking a proactive approach, you can understand the laws and regulations that impact your business, identify potential regulatory implications, and work toward a solution that is right for your business.

–Nicole Meisner, Attorney, Jaffe, Raitt, Heuer & Weiss, P.C.

The Supreme Court Weighs in on Merchant Surcharging

30 Mar 2017

On March 29, 2017, the United States Supreme Court issued its long-awaited decision on the litigation surrounding the New York law that prohibits surcharges.  In Expressions Hair Design, et al. v. Schneiderman, Attorney General of New York, et al., the Supreme Court was asked to decide whether a New York law prohibiting merchants from charging credit card users a surcharge above the sticker price was constitutional.  The practical outcome of the Supreme Court decision is that it does not definitively  answer whether the 10 state laws that prohibit surcharges are unconstitutional.  The technical outcome is that the Court remanded, or sent back, the case to the lower court, requiring the lower court to determine whether the law is an unconstitutional violation of the First Amendment.

The Court first reviewed the history of efforts to pass along interchange costs to consumers.  The Court noted that merchant contracts historically barred merchants from charging credit card users higher prices than cash customers, which Congress put a stop to when it passed the Truth In Lending Act.  That law prevented surcharges and it prevented merchants from giving discounts to cash customers.  When Congress allowed the federal surcharge ban to expire, ten states, including New York, enacted their own surcharge bans.

The merchants in the Expressions Hair Design case were five New York businesses who wished to impose surcharges on customers who used credit cards.  As a result, they wanted to advertise their prices by posting a cash price and a price which included a surcharge.

The pivotal issue was whether the surcharge ban regulated conduct, i.e., was a price regulation, rather than speech.  Because the statute told merchants nothing about the amount they were allowed to charge, the Court concluded that the law regulates how sellers communicate their prices, not what they charge.  “In regulating the communication of prices rather than prices themselves, [the New York law] regulates speech.”

The Supreme Court, having determined that the law regulates speech, and not conduct, sent the case back to the lower court to analyze whether it violated the constitutional right to free speech.  The lower court had concluded that the law regulated conduct, and therefore did not analyze that issue.

As you may recall, ten states currently have laws banning surcharges.   Many of these statutes also have been challenged on First Amendment grounds.  In this case and in a parallel Texas case, the federal appellate courts upheld the state statute. In contrast, the Eleventh Circuit struck down Florida’s law governing surcharges.

The Supreme Court decision did not address whether the New York law was constitutional, but it did conclude that the statute regulated speech and had to be analyzed under First Amendment standards.  That decision is binding on other courts.  So, to the extent challenges to similar state statutes were rejected because the court did not think free speech was involved, those decisions will have to be revisited.  The ultimate effect of this decision will depend on whether the case makes its way back to the Supreme Court after the lower court rules again, and how the courts interpret the various state laws that prohibit surcharges.

For now, industry companies should act as though the ten state laws that ban surcharging are still effective.

But stay tuned.

–Eric Linden, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Cyber Insurance Shortfalls

20 Feb 2017

If you store cardholder data, transaction information, or other personally identifiable information you may want to revisit your cyber insurance policy to verify the extent of your coverage.  A court recently found that the cyber insurance policy held by P.F. Chang’s did not cover many losses suffered in P.F. Chang’s data breach.  Based on the court’s findings in this decision and given the structure of the payments industry, many cyber insurance policies will not provide processors, ISOs, or payment facilitators with coverage against fees, fines, and assessments issued by the card brands.
 
On June 10, 2014, P.F. Chang’s learned that hackers had obtained approximately 60,000 credit card numbers belonging to its customers.  P.F. Chang’s turned to its cyber insurance policy to cover the costs of the data breach.  The policy had been advertised as “a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today’s technology-dependent world” that “[c]overs direct loss, legal liability, and consequential loss resulting from cyber security breaches.”
 
Under the cyber insurance policy, P.F. Chang’s was reimbursed for approximately $1.7 million for the cost of an investigation and defending litigation.  However, the insurance company denied coverage of three assessments by MasterCard: a Fraud Recovery Assessment of $1,716,798.85; an Operational Reimbursement Assessment of $163,122.72; and a Case Management Fee of $50,000.  These assessments were technically received by Bank of America, and not by P.F. Chang’s.  P.F. Chang’s used Bank of America Merchant Services (“BAMS”) for its payment processing services.  The assessments were contractually passed through to P.F. Chang’s under its merchant agreement with Bank of America.  P.F. Chang’s filed a lawsuit seeking to recover the amount of the MasterCard assessment.
 
In its opinion, the court sided with the insurance company.  The court found that the Fraud Recovery Assessment was not covered because: P.F. Chang’s received the assessment from BAMS pursuant to its merchant agreement; BAMS did not suffer any privacy injury (as it was the issuing bank’s records that were breached rather than the acquiring bank’s records); and the policy only covered claims brought by those persons whose records were accessed without authorization.
 
In addition, the court found that all three MasterCard assessments were excluded from P.F. Chang’s coverage.  The policy excluded any liability contractually assumed, an exclusion commonly found in insurance contracts.  This exclusion means that any loss incurred by P.F. Chang’s as the result of a contractual relationship (in this case as a result of its merchant agreement with BAMS) would not be covered.
 
Processors, ISOs, and payment facilitators are typically liable for card brand assessments incurred by their sponsor financial institution under their sponsorship agreement.  If you suffer a breach, you may incur card brand assessments.  If one of your merchants suffers a breach, and the merchant isn’t able to pay the related assessments from the card brands, you will likely be liable for the assessment.  Would your cyber insurance policy cover such expenses?  It would be worth your time to check on your insurance coverage and, if appropriate, work with your broker to adjust your insurance policy accordingly.
 
– James Kramer, Attorney, Jaffe Raitt Heuer & Weiss, P.C.

James Kramer

James Kramer

James is a member of the firm's Electronic Payment Group, Corporate Group and Business Transactions Group. James counsels clients on contractual, regulatory, and compliance matters as well as on purchases, sales, mergers, and acquisitions. He routinely advises and negotiates on behalf of financial institutions and entities in the electronic payments industry.

jkramer@jaffelaw.com

Money Transmitter Regulatory Developments

25 May 2016

The controversy swirling around the application of state money transmitter laws to payments companies just won’t abate. The difficulty stems from state regulators grappling with applying old statutory language to the new world of payments. And it leaves payment companies struggling to keep up with those new interpretations.

Next week the Electronic Transactions Association (ETA) will be facilitating the conversation by hosting a Money Transmitter Policy Day in Washington, D.C. A state regulator and FinCEN representative will speak. I am looking forward to participating by presenting a talk there, on June 2nd, on where things stand in “The Changing Regulatory Landscape”. If you are concerned that the myriad of state money transmitter laws may apply to your business, I hope you will join us.

Historically, the states regulated money transmission companies to protect the “unbanked” – consumers that used non-banks for financial services such as check cashing and wire transfers. The goal was to provide oversight of companies holding consumer money. Regulated companies were required to obtain a state license. The regulated activity typically was defined as selling or issuing stored value or receiving monetary value for transmission. That wording is so broad that it arguably brings within its sweep unintended links in the payments chain, such as independent sales organizations.

Barely a week goes by without another state money transmitter development. Some state legislators are taking a fresh look at their statutes, amending the laws to apply to new technologies, such as virtual currencies. Other states are interpreting existing laws in new ways, focusing the application of the licensing requirements on payment processors. And others are recognizing that the purpose of the money transmitter laws was never to regulate the card processing business. Those regulators are publishing guidance indicating that various arguments support the interpretation that the money transmitter laws do not apply to payment processors.

It will be some time before the issue of the extent to which state money transmitter laws apply to payment processors is settled. A vigilant eye on developments is critical to the payments industry. The policy day organized by the ETA, and panel discussions at other industry conferences, is exactly what is needed to keep the conversation flowing and the industry informed.

–Holli Targan, Attorney and Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

State Operation Choke Point Efforts

15 Apr 2016

Regulatory Alert: State governments are now getting into the Operation Choke Point mode. Over the last few years the Federal Trade Commission and other federal agencies have tried to enforce their laws and regulations by cutting off fraudsters’ access to electronic payments networks. By choking off the flow of funds, the federal government puts the fraudsters out of business. This has come to be known as “Operation Choke Point.” Now state governments are getting into the act.

The most recent example comes from Arizona. The Arizona Attorney General has decided to target processors and acquirers in its attempt to enforce its ban on tobacco sales without state licensure. Relying on an Arizona law which prohibits any person from knowingly providing “substantial assistance” to a person who violates a tobacco product sales ban, the Arizona Attorney General seeks to have processors and acquirers prohibit the completion of any tobacco sales into Arizona by unlicensed merchants. In other words, the Arizona Attorney General, like the FTC before it, wants to turn processors into policemen.

And Arizona’s efforts are paying off. On April 14, 2016, Visa released an announcement advising acquirers that they must take immediate action to ensure that their merchants comply with all applicable laws related to the sale and shipping of cigarettes. Visa advised that acquirers must identify and terminate merchants that engage in illegal online cigarette sales. The Visa bulletin further noted that it is the acquirers’ responsibility to confirm that all transactions introduced into the Visa system by their merchants are legal in both the buyers’ and sellers’ jurisdictions.

To protect the integrity of the payments system, acquirers and ISOs are required to review their merchant portfolios to identify any merchants that sell cigarettes online and then take the following concrete actions:

  • Underwrite the principal owners to validate their eligibility to hold a merchant account;
  • Carefully examine the merchant’s website to make sure they are not engaged in illegal activities, have appropriate shipping restrictions in place, and are not circumventing cigarette tax laws;
  • Use a mystery shopper to confirm compliance;
  • Confirm the merchant is not on the list created under the Prevent All Cigarette Trafficking Act;
  • Recheck the MATCH list; and
  • Terminate merchants that are identified as violating applicable laws.

Visa warns that violations of Visa Rules will result in substantial non-compliance assessments.

We expect that other states and agencies will jump on the band wagon in the near future and use the payment networks as leverage to put an end to conduct that they may not have a capacity to regulate on their own. Higher scrutiny of merchants engaged in regulated activities prior to on-boarding is well-advised.

–Eric Linden and Holli Targan, Attorneys and Partners, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com