Archive | Uncategorized RSS feed for this section

Are you complying with the Fair Credit Reporting Act?

29 Apr

As an employer, you must comply with the Fair Credit Reporting Act (“FCRA”) if you hire an outside third party, known as a “consumer reporting agency” to perform credit and background checks on employees and applicants.  The information provided by a consumer reporting agency to an employer is referred to as a “consumer report” and such report can contain anything from information on an employee or applicant’s creditworthiness and reputation to information regarding their criminal history.  While the FCRA contains many requirements related to consumer reports with which employers must comply, three basic notices employers are required to provide are:

1.            Notice prior to obtaining a consumer report.

After obtaining written permission from an applicant or employee to obtain their consumer report, you must provide them with written notice that you might use information in their consumer report for decisions related to their employment – such as hiring, retention, promotion, reassignment, etc.  This notice must be in its own document and cannot be contained within an employment application.

2.            Notice prior to taking adverse action.

Before you reject a job application, reassign or terminate an employee, deny a promotion, or take any other adverse employment action based on information contained in a consumer report, you must give the applicant or employee a notice that includes a copy of the consumer report you relied on to make your decision and a copy of the FCRA document “A Summary of Your Rights Under the Fair Credit Reporting Act.”

3.            Notice after taking adverse action.

If you take adverse action based on any information contained in a consumer report, you must notify the applicant or employee of that fact.  This notice is called an “adverse action notice” and the FCRA sets forth specifics as to when and how the notice must be sent, in addition to what information the notice must include.

The FCRA is complex and contains potentially significant consequences for non-compliance.  As an employer, you should review your processes and procedures to verify that you are not only sending out the appropriate FCRA notices but that you are in full compliance with all applicable provisions of the act.

Heather Maldegen-Long

Attorney

heamal@jaffelaw.com

Durbin Regulation Ruling: Appeals Court Overturns Lower Court Decision

21 Mar

 Today the District of Columbia Court of Appeals upheld the Federal Reserve Board’s regulations interpreting the Durbin Amendment, and in so doing reversed the lower court’s decision invalidating those rules.  Last July, Judge Leon of the U.S. District Court concluded that the Board’s regulations violated the Durbin Amendment statute’s plain language.  Today the Court of Appeals disagreed, holding that the Board’s rules are a reasonable construction of the law. 

The court noted that it reviewed the Board’s interpretation of the law directly, according no deference to the lower court’s ruling.  In an opinion that is a marked departure from the lower court’s combative tone, today’s opinion logically analyzes each of the arguments advocated by the merchants and by the Federal Reserve Board, concluding that the Board’s interpretation of the Durbin Amendment language should stand.

The court remanded back to the Board one aspect of the Durbin regulation, requiring an explanation of the Board’s interpretation of the fraud prevention adjustment.  In the meanwhile, the existing regulation remains in place.

Thus, unless and until today’s decision is appealed to the Supreme Court, both the interchange fee and the anti-exclusivity aspects of the current regulation govern.

 –Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

CFPB Settles with ISO for Violating the Telemarketing Sales Rule

25 Oct

Once again, an independent sales organization (“ISO”) has been sued by a Federal agency for violating the Telemarketing Sales Rule (the “TSR”). Once again, the government claimed that the ISO provided substantial assistance to merchants while it knew or consciously avoided knowing that the merchants were engaged in abusive telemarketing practices. However, unlike the lawsuits filed this past summer (which are described in our blog posts dated June 20, 2013 and June 24, 2013), the agency involved is the Consumer Financial Protection Bureau (“CFPB”).

On October 3, 2013 the CFPB filed a complaint and settlement order against Meracord LLC (“Meracord”). The TSR prohibits debt-relief service providers (“DRSPs”) from charging consumers fees before settling any of their debts. The CFPB zeroed in on Meracord through investigations into several DRSPs that allegedly charged illegal fees. In building its case against those DRSPs, the CFPB discovered that Meracord had processed at least $11 million in unlawful fees from October 2010 to July 2013. The complaint alleges that more than 11,000 customers were charged upfront fees by the merchants in violation of the TSR, and nearly 5,000 of them had none of their debts settled. The CFPB alleged that Meracord knew that it was transmitting advance fees to DRSPs that had not yet settled consumers’ debts and that were not entitled to advance fees.

At the time the complaint was filed, the CFPB, Meracord and Meracord’s chief executive, Linda Remsberg, agreed to an order that will: (1) permanently bar Meracord and Mrs. Remsberg from processing payments for debt-settlement companies and for members of the related mortgage-settlement industry; (2) impose a civil money penalty of $1.376 million upon Meracord and Mrs. Remsberg, jointly and severally; and (3) subject Meracord and Mrs. Remsberg to submitting additional compliance reports with the CFPB.

This is the first action taken by the CFPB against an ISO, which indicates that there is a new federal agency that ISOs must be cognizant of. The CFPB’s initial foray in the enforcement of the TSR should be seen as another warning sign that the federal government is serious about its enforcement of the TSR and it will hold payment processors accountable for their merchants’ failure to comply with the TSR by using the “knew or consciously avoided knowing that the merchants were engaged in abusive telemarketing practices” TSR language.

With the federal government’s recent actions regarding enforcement of the TSR, it would be in payment processors’ best interests to familiarize themselves with the TSR. Due diligence on merchant activities should be investigated to make sure that merchants are not violating the TSR. Although this routine may be burdensome, it pales in comparison to the alternative of possibly being shut out of the industry and having to pay millions of dollars in fines.

— Andrew Hayner, Jaffe, Raitt, Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Preventing Headaches: Do Your Due Diligence

30 Sep

We’ve encountered a few situations lately that underscore the importance of following basic sound contracting practices.  Rushing to move projects along as quickly as possible may lead companies to contract with vendors before thorough investigation, at their peril.  Far too often researching a potential supplier to discover whether the company is able to perform according to plan is ignored. 

Time spent on conducting due diligence up front can save you money and headaches down the road.  Due diligence means investigating a prospective vendor to ensure that the company is what its agents say it is, and that the company can do what they say they will do.

 Why should you bother?  Scrutinizing every prospective contracting party may avoid lost opportunities, costly mistakes, litigation, and degradation of your good name later on.  In situations where the supplier will be performing a service to your customers, the company will affect your profitability and influence how the customer perceives the quality of the service.  In other cases, a vendor may be manufacturing a piece of equipment or developing software, and inexperience may result in months or years of delay.  The few hours that it takes to complete due diligence will reveal information indicating whether the company is able to perform – information that you are better off knowing before the contract is signed.

 Below are the basics of a due diligence policy to get you started:

 The Policy.  Contracting procedures should require that a “due diligence checklist” be filled out on every prospective vendor.  The checklist will highlight key information that should be explored.  Some of the material may be sensitive in nature, so the prospect may feel more comfortable disclosing such information after both sides sign a confidentiality agreement.  The due diligence policy should require that the disclosures be updated at least annually on companies with whom you will have a continuing relationship. 

 The Inquiry.  Every situation is unique, but at a minimum the following should be examined:

*          The company’s most recent financial statement, audited if available. 

*          Talk to at least three business references that have a contractual relationship similar to the one you are contemplating.  Dig deep, asking the references about challenges they have faced working with the prospective vendor. 

*          Professional biographies on individuals in the company with significant management responsibility. 

*          A schedule of all material insurance policies in effect. 

*          Disaster contingency plans. 

*          Outstanding, anticipated, and recently concluded legal action by or against third parties and all government investigations. 

*          Policies and procedures covering security controls. 

The investigation should be thorough enough to uncover information that will reveal whether or not the company can perform the best job for you, and will be there for the long haul.  A good due diligence policy that has the support of senior management can be your best defense against problems down the road. 

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Bottom Line on the Durbin Amendment Court Ruling

22 Aug

So wow, right?  Who could have guessed that the Federal Reserve Board (“FRB”) regulation implementing the Durbin Amendment would be completely eviscerated.  In 2011 a group of merchants filed suit arguing that the regulation issued by the FRB (“Rule”) did not interpret the statute correctly. On July 31, 2013 Judge Leon of the US District Court for the District of Columbia agreed.   The twists and turns relating to that pricing structure we all know and love as interchange, and those involving debit card routing options, just keep coming.   Yesterday the FRB announced that it will appeal the Court decision.   

Here is the bottom line on what the Court ruled:

1. The interchange fee cap adopted by the FRB (21 cents plus .05% of volume) violates the statutory language of the law, and is void. 

2.  The routing option mandating that two unaffiliated networks be available on each debit card also violates the law, and was struck down.  

Judge Leon declared that the Rule is an unreasonable interpretation of the Durbin Amendment statute because it ignores Congress’ directives regarding interchange fees and network exclusivity. 

With regard to interchange, the Court decided that the plain language and legislative history of the statute make clear exactly which issuer costs may be included in the interchange transaction fee standard, and that the inclusion of other costs violates the law. The decision opined that the only amounts that could be considered in setting the fee cap are the incremental authorization, clearing and settlement costs of a particular transaction.  Judge Leon believes that the law did not allow the FRB to consider any additional costs, including fixed costs, transaction monitoring costs, an allowance for an issuer’s fraud losses, or network processing fees. 

Similarly, the Court found that the non-exclusivity provisions of the Rule contravene both the letter and spirit of the statute.   Judge Leon stated that Congress intended that each transaction must be routed over at least two competing networks for each authorization (PIN and signature) method.  The Rule requires at least two unaffiliated networks be enabled on each debit card, not each debit transaction.  Currently issuers may make only one network available for many transactions, since certain transactions, such as Internet transactions, cannot be authorized via PIN. Thus, because two signature networks are not available on every card for every type of debit transaction, the law is violated.  

So technically the Rule has been overturned.  But where does that leave things?  The Court originally “stayed” its ruling, to enable the FRB and the plaintiffs to present arguments on why the Rule should not be immediately overturned.  Invalidating the Rule means no regulation would be in place guiding industry action.  

The FRB announced yesterday that it will appeal the decision to a higher court, and will ask the appeals court to continue to stay Judge Leon’s ruling pending that appeal.  In the meanwhile, the US District Court again stayed its decision.  So for now, the existing Rule is still effective.  Stay tuned.

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Tip of The Iceberg? A Third ISO Sued By FTC

2 Aug

A third independent sales organization has been sued by the Federal Trade Commission.  Merchant Services Direct LLC of Spokane, Washington (“MSD”) and its principals have been charged with engaging in unfair or deceptive acts in violation of the Federal Trade Commission Act. 

The FTC’s complaint in this case is different than the two most recent actions against card processing companies, which are described in our blog posts dated June 20, 2013 and June 24, 2013.  The prior cases are founded on the FTC’s Telemarketing Sales Rule.  In contrast, this case is not targeting an ISO’s telemarketing activities.  Instead, MSD’s offending actions involve making false and unsubstantiated claims about reducing merchants’ card processing fees, and failing to disclose material facts about the processing services offered by the ISO.

MSD allegedly cold-called merchants to set up in-person appointments, claiming that MSD could save merchants money on card processing fees.  At the meeting, the sales agents indicated they were there to “upgrade” the merchant’s current processing services to get them to a lower rate, quoting a fixed per-transaction fee without mentioning any other fees.  Sales representatives also claimed that the merchants’ current point of sale terminals were outdated or incompatible with MSD’s services, requiring a new terminal.  MSD represented that even with a higher terminal lease cost, the overall fees for card processing would be reduced.  The complaint charges that none of the above statements were true.  A number of other offending practices were also cited in the FTC complaint.

The FTC is seeking to enjoin MSD’s activities, and asks the court to rescind merchants’ contracts, to refund merchants’ money, and to require that MSD pay back all ill-gotten amounts.

Are we witnessing the tip of the iceberg?  This case demonstrates that ISOs should dispel any notion that they can avoid an action by the FTC as long they do not engage in deceptive telemarketing activities.  The FTC’s use of the broader “unfair or deceptive acts” prohibition emphasizes that the FTC has the card processing business in its sights.  Companies should take a close look at the offending activities cited by the FTC in the complaint, and institute procedures to ensure that sales agents avoid such practices.

–Holli Targan, Partner, Jaffe, Raitt Heuer & Weiss, P.C.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

Keeping Merchant Information Confidential

19 Jul

Yesterday I participated in a panel discussion at the Midwest Acquirer’s Association meeting in Chicago.  The topic of the session was the duties every company in the payments space has to keep customer information confidential. 

Industry businesses know plenty about obligations to protect cardholder information by complying with PCI mandates.  But many are not aware of legal requirements to keep their customers’ (i.e., merchants’) personal information secure. 

ISOs and processors typically obtain personal information about merchant principals on the merchant account application form.  Names, addresses, social security numbers, driver’s license numbers, employment history, bank account numbers, and even credit card numbers are provided.  Such information is defined as personally identifiable information (“PII”) required to be kept safe by both Federal and state law. 

On the Federal level, the Federal Trade Commission has filed suit against a number of companies for failing to protect the security of customers’ personal information.   The lawsuits are based on a theory that the businesses have engaged in unfair or deceptive acts.  In those cases, the FTC alleged that the company did not follow reasonable or appropriate security practices, or made false representations regarding its security practices. 

On the state level, a number of states have laws that require businesses to maintain the security of PII.  For example, California law requires that: 1) businesses shred or modify customer PII to make the PII unreadable when the records are no longer to be retained; 2) companies maintain reasonable security procedures and practices to protect PII from unauthorized access; and 3) a company that discloses PII to a third party must require by contract that the third party implement reasonable security procedures to protect the PII.  

California takes this quite seriously.  In early July the California Attorney General stated that it will make it an enforcement priority to investigate breaches involving unencrypted personal information, noting that companies should tighten security controls on PII that they hold. 

State data security breach laws also come into play, which require that any business that maintains PII inform consumers of a data breach or the likelihood of misuse of that information.  Under some state laws, the Attorney General must also be notified.  Each applicable state’s law must be examined to determine specific compliance requirements. 

It turns out the PCI compliance is not enough:  payment companies would be well advised to research their obligations under relevant state law to prevent disclosure and misuse of their customers’ personal information. 

 

–Holli Targan, Partner, Jaffe, Raitt, Heuer & Weiss, P.C.

 

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

NMLS Simplifies Money Transmitter Licensing

1 Jul

Nearly every state requires that money transmitters operating within the state obtain a money transmitter license.  Some states, such as New York, require money transmitters to obtain a license if they transact business with residents of the state, whether or not the company has an actual physical presence in the state.  The process of applying for money transmitter licenses and renewing those licenses every year is quite onerous.  The burden is magnified for companies operating nationally, requiring over forty different money transmitter licenses annually.

Good news for money transmitters: a number of states have recently joined forces to allow companies to complete one universal application or renewal form rather than individual applications and renewals for each state.

Since April 2012, money transmitters seeking to become licensed in participating states can simply complete a universal application located on the Nationwide Mortgage Licensing System (“NMLS”) website found here.

NMLS is a secure, web-based system created by state regulators to provide efficiencies in processing state licenses and to improve supervision of state regulated industries. Formed in 2008, NMLS originally began as a centralized, national repository for information related to mortgage companies.  Currently, NMLS is the sole system of licensure for certain mortgage companies in over 58 jurisdictions.  Over the last 2 years, NMLS has branched out to service state licensing in other areas, including money transmitter licenses.

There are currently 14 states that allow money transmitters to apply for and renew their licenses via NMLS. We anticipate that this number will continue to grow.  During 2013, 5 states joined, including 4 states since June 24th.

Due to the large number of states participating with the NMLS in the mortgage licensing sector, it is likely that more and more states will determine that participating with the NMLS with money transmitter licensing is a safe and efficient way for prospective and current money transmitters to apply for and renew their licenses.  This is sure to lighten the substantial burden imposed on companies attempting to comply with multiple licensing regulatory schemes.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

FTC Sues Another Independent Sales Organization

24 Jun

Not more than a day after we reported a similar action, the FTC filed suit against another independent sales organization, attempting to hold it liable for the alleged fraud perpetrated by its telemarketing merchant.  One significant difference is that in this complaint, the former President of the ISO is personally named.

The lawsuit was filed against Newtek Merchant Solutions and Derek Depuydt, its past President, in the action against Global Financial Assist, LLC (“GFA”), a company providing a credit card interest rate reduction service that was sold through telemarketing.  The claim also names HES Merchant Services Company, Inc. (“HES”), a consulting company that set up the telemarketing operation and website for GFA, provided the Newtek merchant accounts, and assisted with chargeback recovery services.

Newtek and Depuydt allegedly violated the FTC’s Telemarketing Sales Rule (“Rule”), which provides that it is a deceptive telemarketing act and a violation of the Rule for a person to provide substantial assistance or support to any telemarketer when that person knows or consciously avoids knowing that the telemarketer is engaged in a deceptive telemarketing act, as defined in the regulation. 

The FTC maintains that Newtek’s payment processing services enabled the charges on consumers’ card accounts to clear through the credit card networks, and that without Newtek’s and Depuydt’s assistance, it would have been impossible for the merchant to charge consumers fees for the interest rate reduction services.  Further, Newtek and Depuydt allegedly knew that many of HES’ accounts were connected to operations that were likely engaged in fraud.

Cited as support for the ISO’s violation of the Rule is the fact that the merchant failed to produce telemarketing scripts when asked.  The document states:  “Newtek simply ignored this deficiency, which would have alerted them to the [telemarketing sales rule] violation.”  Also noted was the fact that the credit reports pulled by Newtek stated that the principals had substantial debts and serious delinquencies.  And similar to the previous complaint, the FTC asserts that MasterCard put the merchant on a monitoring list for excessive chargebacks and Newtek’s response was merely to increase the merchant reserve.

These two actions indicate a massive shift in the card processing landscape.  Any business connected to processing card transactions, from ISOs to consultants to the card processors, should take a hard look at their underwriting practices to ferret out merchants engaged, or even potentially engaged, in deceptive telemarketing practices.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com

FTC Claims Card Processor Is Liable for Merchant Fraud

20 Jun

   firealarmOn June 4, 2013, the Federal Trade Commission named independent sales organization IRN Payment Systems (“IRN”) in a lawsuit alleging that IRN violated the FTC’s Telemarketing Sales Rule by processing credit card transactions for, and providing cash advances to, a merchant engaged in deceptive telemarketing.  The FTC’s complaint claims that IRN provided substantial assistance to the merchant by, among other things, processing chargebacks while knowing or consciously avoiding knowledge of the merchant’s fraudulent acts. 

The FTC’s suit should be heard as a fire alarm throughout the card processing industry.  The complaint serves both as a loud warning of the pitfalls of processing for certain types of telemarketing merchants, and as a guide on how to avoid the FTC’s wrath when doing so.

The merchant, Innovative Wealth Builders, Inc. (“IWB”), claimed through telemarketing campaigns that it would save consumers money by reducing interest rates on their outstanding credit card balances.  The FTC alleges that IRN’s due diligence revealed that IWB was a telemarketing company selling debt relief services with complaints against it on consumer websites.  Further, IRN was aware of IWB’s deceptive practices through a number of warning systems, including that IWB’s chargeback rates at times exceeded 40% and that IWB was placed on MasterCard’s high fraud alert program. 

Despite such indications, IRN continued to process transactions.  The FTC states that IRN responded to “the numerous indicators of the illegal nature of [IWB’s] business by seeking to protect its own interests”, specifically, increasing the merchant’s reserve account.  In addition, IRN allegedly assisted the merchant in challenging chargeback disputes and made recommendations on how to defeat chargeback requests. 

Those are actions routinely taken by card processors in the normal course of business.  The difference, it seems, is that IRN profited by earning fees for itself while turning a blind eye and “allowing” (apparently by processing its card transactions) IWB to harm consumers who purchased the bogus card interest rate reduction services.

The FTC’s Telemarketing Sales Rule provides that it is a deceptive telemarketing act and a violation of the Rule for a person to provide substantial assistance or support to any telemarketer when that person knows or consciously avoids knowing that the telemarketer is engaged in a deceptive telemarketing act, as defined in the regulation. 

The filing of this action underscores that the FTC is serious about holding card processors liable for the acts of their merchants.  The industry would be well advised to take heed.

Holli Targan

Attorney & Partner

htargan@jaffelaw.com