Articles

Subscription Billers Beware

By Bradley O. Cebeci

A proposed settlement announced by the FTC this week signals a new enforcement strategy against negative option marketers that engage in unfair or deceptive practices in connection with automatic renewal billing programs.

The Restore Online Shoppers Confidence Act (“ROSCA”) is a federal statute that prohibits charging consumers for goods or services sold in transactions effected on the Internet through a negative option feature unless the seller (1) clearly and conspicuously discloses all material terms of the transaction before obtaining the consumer’s billing information, (2) obtains the consumer’s express informed consent before making the charge, and (3) provides a simple mechanism to stop recurring charges.

The FTC’s recent action against MoviePass did not challenge its billing disclosures or consent and cancellation mechanisms, however. Instead, the Commission used ROSCA to challenge the Company’s deceptive practices, which prevented consumers from taking advantage of the advertised subscription service.

MoviePass promoted a subscription service that allowed subscribers to view “one movie per day” at local theaters for a $9.95 monthly service fee. But, according to the FTC, MoviePass employed three tactics to block customers from accessing the advertised benefits, including:

1. Fabricating claims of “suspicious activity or potential fraud” on the accounts to invalidate subscriber passwords, which obligated customers to use a cumbersome password reset system that often blocked them from regaining access;
2. Using a ticket verification program, which required subscribers to submit photos of their physical ticket stubs for approval through the MoviePass app within a certain timeframe, in order to discourage use of the service; and
3. Using “trip-wires” to block certain groups of users that viewed more than three movies per month from using the service to buy more tickets.

The Commission alleges that these deceptive tactics rendered the “one movie per day” promise illusory; and, as a result, MoviePass failed to obtain consumers’ informed consent for the recurring subscription fee.

While the proposed settlement does not provide for monetary relief (MoviePass has declared bankruptcy), this action appears to signal a new strategy by the FTC to get around the Supreme Court's recent AMG Decision, which cut off its ability to pursue consumer redress in federal district court under Section 13(b) of the FTC Act. Critically, ROSCA allows the FTC to seek consumer redress, damages and other monetary relief directly in federal court under Section 19 of the FTC Act, without the need for an administrative action as would be required for claims of unfair and deceptive practices brought under Section 5 of the FTC Act.

Thus, by the MoviePass case, FTC has communicated a willingness to expand its use of ROSCA to challenge any aspect of a continuity-billing program that it deems unfair or misleading, thereby opening the door to monetary relief in the form of consumer redress and penalties that would not otherwise be in play.

This should be a warning call to negative option marketers. ROSCA compliance is no longer limited to a simple evaluation of pre-enrollment billing disclosure and consent mechanisms, but should also encompass service quality and fulfillment practices. Those who fail to take heed may face dire consequences.

Bradley O. Cebeci is a Partner with Rome & Associates who focuses his practice on payments, FTC defense, and digital marketing.

by Brad Cebeci

AMG Does Not Mean A Free Ride For Deceptive Marketers

By Bradley O. Cebeci

As we have recently reported, the United States Supreme Court’s decision in AMG Capital Management cut off the FTC’s ability to use section 13(b) of the FTC Act—which facially allows the FTC to seek only injunctive relief to stop practices it views as unfair and deceptive—as a vehicle for pursuing monetary relief against defendants in FTC district court enforcement actions. That does not mean a free ride for marketers who run afoul of the FTC, however.

Case in point.

Earlier this week, the Commission approved final administrative consent orders against three companies, BASF SE, its subsidiary, BASF Corp. and DIEM Labs, which together have agreed to pay more than $416,000 to settle charges that they deceptively marketed two dietary fish oil supplements as clinically proven to reduce liver fat in adults and children with non-alcoholic fatty liver disease (NAFLD).

The FTC’s administrative complaint, filed on March 31, 2021, alleges that BASF SE, which developed and owns the supplements Hepaxa and Hepaxa PD (the “Products”), acted through its US subsidiary, BASF Corp., to retain DIEM Labs to advertise and distribute both supplements in the United States.

The final orders prohibit the companies from claiming that the Products (or any similar products) cure, treat, or mitigate any disease, unless the claim is true and substantiated by competent and reliable scientific evidence in the form of randomized human clinical testing. The final orders also impose a monetary judgment in excess of $416,000 to enable the Commission to provide refunds to all consumers who bought either supplement.

So, if the FTC may no longer pursue monetary relief under section 13(b), why did these companies agree to disgorge these monies?

Because, if a respondent elects to contest the charges brought by the FTC via an administrative complaint, the complaint is adjudicated in a trial-type proceeding before an administrative law judge (“ALJ”). Upon conclusion of the hearing, the ALJ issues an “initial decision” setting forth her findings of fact and conclusions of law, and recommending either entry of an order to cease and desist or dismissal of the complaint. Either side may appeal the initial decision. Upon such an appeal, the Commission receives briefs, holds oral argument, and thereafter issues its own final decision and order. A Commission order generally becomes final 60 days after service on the respondent.

A respondent who violates a final order faces civil penalties, which may be pursued by the FTC in federal district court. After a final order is entered, the Commission may also seek consumer redress from the respondent in federal district court for consumer injury caused by the conduct that was at issue in the administrative proceeding pursuant to Section 19 of the FTC Act. Finally, the Commission may even obtain civil penalties against non-respondents who received a copy of a final order declaring a practice unfair or deceptive.

The takeaway: those deemed by the FTC to be engaged in deceptive or unfair marketing practices should not expect to get a pass. They still face the risk of civil penalties and consumer redress.

If you have been served with a Civil Investigative Demand or FTC complaint, you need experienced counsel to defend your interests.

Bradley O. Cebeci is a Partner with Rome & Associates who focuses his practice on payments, FTC defense, and digital marketing.

by Brad Cebeci

The Uncertain Future of FTC's Ability to Seek Equitable Monetary Relief

By Bradley O. Cebeci 

On April 22, the Supreme Court issued its opinion in AMG Capital Management LLC v. FTC overruling four decades of judicial decisions holding that section 13(b) of the FTC Act authorizes courts to require law violators to return illegal gains to harmed consumers. Days before the AMG ruling, a bill—The Consumer Protection and Recovery Act (H.R. 2668)—was introduced in the House that would amend section 13(b) to codify the FTC's ability to seek the return of ill-gotten monies through restitution and disgorgement, and pursue conduct that is no longer occurring. Not everyone wants to see that happen: the US Chamber of Commerce has taken the position that the FTC’s ability to pursue monetary damages should be restricted to section 19, which requires the FTC to use administrative proceedings to find a violation before going to court, and then to prove that a reasonable person should have known they were violating the law. The Chamber also wants to limit FTC’s enforcement powers under section 13(b) to only ongoing or imminent conduct. On Tuesday of this week, the FTC’s Acting Chairwoman, Rebecca Kelly Slaughter, wrote a letter to the Senate Committee on Commerce, Science, and Transportation responding to the Chamber’s arguments. While Democrats and Republicans alike appear to agree that FTC's ability to seek financial restitution is important, there is significant disagreement along partisan lines as to the appropriate scope of that authority. This fight is just getting started. Break out your popcorn.

Bradley O. Cebeci is a Partner with Rome & Associates, APC. Brad focuses on Payments and Digital Marketing Law.

by Brad Cebeci

Marketing CBD Products in a Landscape of Uncertainty

By Bradley O. Cebeci and Jennifer Cho

The 2018 Farm Bill legalized hemp production at the federal level. Yet hemp products intended for human or animal consumption remain subject to the Food, Drug, and Cosmetic Act (FDCA) and FDA regulations, as well as the Federal Trade Commission Act (FTCA) and Federal Trade Commission (FTC) regulations. CBD products – including edibles, tinctures, and oils – have been regulatory targets since April 2019, when the FDA and FTC issued warning letters to several CBD marketers for promoting the ability of their products to treat and cure a host of illnesses and diseases.

In the summer of 2020, the FDA submitted a CBD enforcement policy document to the White House Office of Management and Budget (OMB) for review and approval. The policy was expected to settle the FDA’s good manufacturing practices and provide a path around the FDCA, which makes CBD in foods, drinks and dietary supplements illegal.

However, FDA recently withdrew its enforcement policy from OMB following a Biden administration memorandum to all federal agencies directing them to withdraw pending rules. The memorandum explained that the action was part of President Biden’s plan for managing the Federal regulatory process at the outset of his Administration in order to ensure that his appointees have the opportunity to review any pending rules. Thus, while the memo was not targeted at CBD, it caused certain hurdles to the marketing of CBD products to remain in place.

It is unclear when or even if the FDA will ultimately release a CBD enforcement policy or guidance for the industry. Until then, many CBD businesses are operating under an old gamblers’ saying: “Just don’t break the law, while you’re breaking the law.” Practically, the companies that will succeed in a market where they are selling a product that violates FDA regulations and, specifically, the FD&C Act, are those who are able to avoid attracting regulatory attention by making the fewest marketing claims.

This raises the question: how can a business minimize regulatory scrutiny? CBD businesses can infer some guidance from actions that federal regulators have taken to date. For instance, over the past several years, FTC and FDA have issued various warning letters, and FTC has also initiated enforcement actions against a number of CBD advertisers.

These actions provide some key takeaways for marketers of CBD products:

Products Marketed Around COVID-19

In the past year, in light of the global outbreak of respiratory disease caused by a novel coronavirus, the FTC and FDA have paid particular attention to businesses—not just those selling CBD products—advertising products that, without approval or authorization by FDA, claim to mitigate, prevent, treat, diagnose or cure COVID-19 in people. Thus, CBD merchants should avoid making claims regarding the ability of their products to mitigate, prevent, treat, diagnose or cure COVID-19. Health claims regarding the benefits of CBD in connection with COVID-19 or, more generally, viral infections, lung inflammation or strengthening the immune system, are similarly problematic, and just as likely to get you in hot water.

Marketing CBD-Products for Use in Children and Infants

CBD products that are marketed for use in children and infants, no matter how administered, will invite immediate scrutiny. FDA takes the position that the use of untested drugs can have unpredictable and unintended consequences, especially in vulnerable populations such as children who may be at greater risk for adverse reactions associated with certain drug products due to differences in the ability of children to absorb, metabolize, distribute, or excrete such drug products or their metabolites.

“Red-Flag” Application or Ingestion Methods of CBD-Products

Oral Inhalation

CBD products for oral inhalation, such as by “vaping,” will invite immediate scrutiny. FDA explains that the ingredients and potential impurities in oral inhalation products may trigger laryngospasm and bronchospasm and may be toxic to the tissues in the upper or lower airways. Inhalation products that are intended to act locally in the respiratory system also may be absorbed and exert undesirable systemic effects, such as increased heart rate or elevated blood pressure.

Nasal Administration

Nasal administration is a route of administration in which drugs are insufflated through the nose, such as nasal spray drug products. These products are highly concerning to FDA because intranasal drug products may be rapidly absorbed through the highly vascularized nasal mucosa directly into systemic blood circulation, where they may exert undesirable systemic effects such as increased heart rate or elevated blood pressure. If toxic substances are introduced directly into the nose, harmful local effects such as bleeding, ulceration, or nasal septal perforation may occur.

Ophthalmic Use / Injection

CBD products intended for direct application onto the eyes will invite immediate scrutiny. Ophthalmic drug products can pose serious risk of harm to humans and/or animals if toxic substances are introduced directly into the eye because irreversible damage, including vision loss, can result.

Of course, FDA is also extremely concerned about any injectable CBD products because they are delivered directly into the bloodstream and bypass many of the body’s natural defenses against toxic ingredients, toxins, or dangerous organisms that can lead to serious and life-threatening conditions.

FDA Crackdown On CBD Marketing Claims

Dietary Supplement Labeling

FDA has concluded that CBD products are excluded from the “dietary supplement” definition provided in the FD&C Act. The FD&C Act defines “dietary supplement” as “a product (other than tobacco) intended to supplement the diet that contains one or more of the following dietary ingredients: a vitamin; a mineral; an herb or other botanical; an amino acid; a dietary substance for use by man to supplement the diet by increasing the total dietary intake; or a concentrate, metabolite, constituent, or extract. 21 U.S.C. 321(ff).

Under the FD&C Act, if an article (such as CBD) is an active ingredient in a drug product that has been approved under section 505 of the FD&C Act, or has been authorized for investigation as a new drug for which substantial clinical investigations have been instituted and made public, then products containing that substance are outside the definition of dietary supplement. CBD is an active ingredient in an FDA-approved drug product Epidiolex. Furthermore, the existence of substantial clinical investigations regarding CBD has been made public.

Although there is an exception of the substance was “marketed as “a dietary supplement or as a conventional good before the new drug investigations were authorized, FDA has concluded that this is not the case for CBD. Thus, CBD-merchants should avoid marketing their products as dietary supplements.

Unapproved New Drugs / Misbranded Drugs

The FD&C Act defines “drugs” as substances intended for use in the diagnosis, cure, mitigation, treatment or prevention of disease and/or intended to affect the structure or any function of the body. Topical creams, oils and ointments may also fall under the definition of “drugs.” “New drugs” are those that are not generally recognized as safe and effective for their referenced uses. “New drugs” may not be marketed or sold without prior approval from FDA based on scientific data and information demonstrating that the drug is safe and effective.

To date, there are no FDA-approved drug products that contain CBD, except one cannabis-derived and three cannabis-related drug products, which are only available with a prescription from a licensed healthcare provider.

FDA does not recognize any exception for homeopathic drugs with active ingredients measured in homeopathic strengths. Under the FD&C Act, the term “drug” includes articles recognized in the official Homeopathic Pharmacopeia of the United States (HPUS), or any supplement to it. Homeopathic drugs are subject to the same regulatory requirement as other drugs.

Furthermore, the FD&C Act requires that labeling on drug products bear adequate directions for use. “Adequate directions for use” means directions under which a layperson can use a drug safely and for the purposes for which it is intended. See 21 CFR 201.5. Where a CBD-product is marketed as treatment for a condition that is not amenable to self-diagnosis and treatment without the supervision of a licensed practitioner, it is impossible for the product to contain “adequate directions for use.”

A drug is also “misbranded” under the FD&C Act if its labeling is false or misleading, such as where they suggest that a new drug application has been filed with FDA.

Thus, CBD merchants should avoid marketing their products as drugs or in connection with specific health conditions or diseases, particularly where that health condition or disease is not amenable to self-diagnosis and treatment without the supervision of a licensed practitioner. Examples of such conditions include epilepsy, multiple sclerosis, inflammation, dementia, depression and cancer. Such claims are likely to attract the attention of the FDA and the FTC alike (see further discussion below). Note, also, that the product itself need not be advertised as a drug in order to attract the ire of FDA—it is sufficient that a CBD-product is sold alongside claims (i.e. on a blog on the same website) that indicate the intended use of the products as drugs.

Adulterated Human Foods and Food Additives

Under the FD&C Act, it is illegal to sell an “adulterated human food,” which is defined as any food to which has been added a drug approved under section 505 of the FD&C Act or for which clinical investigations have been instituted and made public. FDA has concluded that the prohibition applies to CBD.

Furthermore, as defined in section 201(s) of the FD&C Act, the term “food additive” refers to any substance the intended use of which results in its becoming a component of any food, unless the substance is generally recognized as safe (GRAS) among qualified experts under the conditions of its intended use, or unless the substance meets a listed exception.

Food additives require premarket approval based on data demonstrating safety. Any food additive that has not been approved for its intended use in food is deemed to be unsafe under the FD&C Act, 21 U.S.C. § 348(a), and causes the food to be “adulterated,” as defined above.

There is no food additive regulation which authorizes the use of CBD nor has FDA found an adequate basis to conclude that the use of CBD in food meets the criteria for GRAS status.

Thus, CBD-merchants should be wary of marketing food products (e.g. honey), which contain CBD as an additive.

Unapproved New Animal Drugs

“Animal drugs” are substances intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease in animals and/or intended to affect the structure or any function of the body of an animal. 21 U.S.C. 321(g)(1). Further, as discussed below, this product is an unapproved new animal drug and marketing it violates the FD&C Act. A “new animal drug” is one that has not been generally recognized, among experts qualified by scientific training and experience to evaluate the safety and effectiveness of animal drugs, as safe and effective for use under the conditions prescribed, recommended, or suggested in the labeling. 21 U.S.C. 321(v).

To be legally marketed, a new animal drug must have an approved new animal drug application, conditionally approved new animal drug application, or index listing under sections 512, 571, and 572 of the FD&C Act, 21 U.S.C. 360b, 360ccc, and 360ccc-l.

Thus, unless the merchant is aware of an FDA-approved new animal drug application, it should avoid marketing CBD-containing products as animal drugs.

Adulterated Animal Foods and Food Additives

The FD&C Act prohibits the sale of any animal food to which has been added a drug approved under section 505 of the FD&C Act or for which substantial clinical investigations have been instituted and made public. FDA has concluded that this prohibition applies to CBD.

Furthermore, as is the case with human food additives, additives in animal foods require premarket approval based on data demonstrating safety. Any food additive that has not been approved for its intended use in food is deemed to be unsafe under the FD&C Act, 21 U.S.C. § 348(a), and causes the food to be “adulterated,” as defined above.

There is no food additive regulation that authorizes the use of CBD nor has FDA found an adequate basis to conclude that the use of CBD in animal food meets the criteria for GRAS status.

Thus, CBD-merchants should be wary of marketing animal food products that contain CBD as an additive.

FTC is also Cracking Down on the Deceptive Marketing of CBD Products

The FDA is not the only game in town.

CBD products that are advertised, promoted, offered for sale, sold, and distributed as intended for human use also constitute “food” and/or “drugs” within the meaning of Sections 12 and 15 of the FTC Act. Thus, marketing claims regarding these products fall under the FTC’s oversight, and the FTC is aggressively pursuing marketers who make “health” and “disease” claims about CBD products. Such marketers may find themselves on the wrong end of an FTC enforcement action for (1) false and unsubstantiated “efficacy claims,” (2) false “establishment” claims, and (3) in appropriate cases, deceptive pricing practices to boot.

An “efficacy” claim suggests that a product successfully performs the advertised function or yields the advertised benefit, but includes no suggestion of scientific proof of the product’s effectiveness. Generally speaking, if an ad conveys an efficacy claim, the advertiser needs a reasonable basis to support it. Whether a reasonable basis for the claim exists must be analyzed under the “Pfizer” factors, considering the type of product, the type of claim, the benefit of a truthful claim, the ease of developing substantiation for the claim, the consequences of a false claim, and the amount of substantiation experts in the field would consider reasonable.

An “establishment” claim, by contrast, suggests that a product’s effectiveness or superiority has been scientifically established.” Once advertisers claim to have a certain level of proof, they’ve upped the ante and “must possess the specific substantiation claimed.” If an ad conveys a non-specific establishment claim – for example, by saying that a product has been “medically proven” to work or by using visuals that suggest it’s “based upon a foundation of scientific evidence” – the advertiser “must possess evidence sufficient to satisfy the relevant scientific community of the claim’s truth.”

However, once an advertiser makes “health” or “disease” claims about a product, the distinction between “efficacy” and “establishment” claims largely loses its significance because both types of claims will require essentially the same high level of substantiation.

That is because when it comes to claims about the health benefits, safety, performance, or efficacy of a product (“health claims”), or a product’s ability to treat, cure or prevent disease or serious health conditions (“disease claims”), the last of the Pfizer factors (i.e. the amount of substantiation experts in the field would consider reasonable) requires that such claims must be supported by “competent and reliable scientific evidence,” which means tests, analyses, research, studies, or other evidence based upon the expertise of professionals in the relevant area, that has been conducted and evaluated in an objective manner by persons qualified to do so, using procedures generally accepted to yield accurate and reliable results.

To substantiate “health” and “disease” claims, the FTC generally requires at least two adequate and well-controlled human clinical studies of the covered product, or of an essentially equivalent product, conducted by different researchers, independently of each other, that conform to acceptable designs and protocols and whose results, when considered in light of the entire body of relevant and reliable scientific evidence, support the truth of the representation.

Accordingly, efficacy and establishment claims regarding CBD products generally require the same high level of substantiation.

CONCLUSION

There are plenty of landmines to step on when it comes to marketing CBD products. Do not claim that your product can diagnose, mitigate, treat, or prevent a disease; or make any outrageous claims that would draw scrutiny to your business. Stick to claims for which you have appropriate scientific support upon which qualified experts would agree. Finally, do not trust your own judgment as to whether you are making an impermissible claim. To avoid a campaign that may blow up in your face, have a trusted lawyer review your labeling and marketing claims at the outset. You will be glad you did.

Bradley O. Cebeci is a Partner, and Jennifer Cho is an Associate Attorney, with Rome & Associates, APC. Brad and Jennifer focus on Payments and Digital Marketing Law.

by Brad Cebeci

CBD Marketers Beware: FTC Is Cracking Down...

By Bradley O. Cebeci and Jennifer Cho

The FTC is cracking down on deceptive marketing of CBD products. Last year, the FTC issued administrative complaints against six merchants of CBD-containing products for allegedly making a wide range of scientifically unsupported claims about CBD-products’ ability to prevent and treat serious health conditions. These efforts are summarized in a recent press release.

Background

Each of the six merchants sells various CBD products online. The products include CBD oil, pain-relief creams, coffee, gummies and capsules. In addition to websites, some advertise through platforms such as Twitter and YouTube. Each of the merchants claimed, among other things, that their CBD products were safe for all users, treated pain better than prescription medications, and effectively prevented and treated age-related cognitive decline and serious health conditions, including cancer, diabetes, and heart disease.

In December 2020, the FTC announced settlement orders with all six merchants. Those orders prohibit the merchants, and the individuals behind them, from making unsupported health claims now and in the future. Most of the merchants must pay monetary judgments of $20,000 to $85,000 each, and immediately notify consumers of the FTC’s order.

What qualifies as an unsupported health claim?

The FTC actions raise an important question for CBD merchants: what qualifies as an unsupported health claim? Put another way, what qualifies as a scientifically supported claim? A CBD merchant may not make a health-related representation regarding a CBD-containing product without “competent and reliable scientific evidence” supporting the truth of that representation.

“Competent and reliable scientific evidence” refers to evidence of “sufficient quality and quantity based on standards generally accepted by experts in the relevant disease, condition, or function to which the representation relates, when considered in light of the entire body of relevant and reliable scientific evidence.”

Here, the prohibited claims about the CBD products at issue included the following:

• Safe for all users, treats pain better than prescription medications, effective alternative to prescription medications, and prevents and treats age-related cognitive decline and chronic pain; and
• “Scientifically” and “medically” proven to treat, prevent, cure, improve, reduce the risk of or mitigate serious diseases and health conditions like heart disease, artery blockage, cancer, diabetes, glaucoma, autism, schizophrenia, Alzheimer’s disease, arthritis, autoimmune disease, and irritable bowel syndrome.

FTC banned each of the merchants from making such claims without human clinical testing to substantiate them. The orders also prohibit them from making any other health-related claims without “competent and reliable scientific evidence.”

Conclusion

Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, stated that the message to all CBD merchants is clear: “Don’t make spurious health claims that are unsupported by medical science. Otherwise, don’t be surprised if you hear from the FTC. If you are unsure about whether the product claims on your website or social media page run afoul of these standards, you should consult with an attorney experienced in FTC and advertising matters. We regularly review such content for compliance with FTC and FDA guidelines.

Bradley O. Cebeci is a Partner, and Jennifer Cho is an Associate Attorney, with Rome & Associates, APC.

Brad and Jennifer focus on Payments and Digital Marketing Law.

by Brad Cebeci

First Data Will Pay $40.2 Million to Settle FTC Transaction Laundering Charges

First Data Merchant Services LLC ("First Data") and its former executive, Chi “Vincent” Ko ("Ko"), will pay more than $40.2 million to settle Federal Trade Commission ("FTC") charges they knowingly processed payments and laundered, or assisted laundering of, credit card transactions for scams that targeted hundreds of thousands of consumers.

First Data is a global merchant services acquirer and payment processor that processes over $2 trillion dollars in annual payment volume in the United States through a variety of distribution channels and partnerships. According to the FTC’s complaint, First Data sponsored Ko’s former company, First Pay Solutions LLC ("FPS"), as an ISO. But in doing so, First Data ignored repeated warnings that FPS was laundering payments for fraudulent merchants. And, by its own due diligence and monitoring failures, First Data assisted and facilitated that conduct.

The Schemes

The FTC alleges that, for years, First Data processed payments through hundreds of straw merchant accounts for at least four deceptive schemes that have been the subject of FTC or U.S. Department of Justice law enforcement actions (the “Schemes”). We have written about these Schemes in the past. They include a debt relief scam that used deceptive telemarketing, business opportunity scams that used deceptive websites, and a criminal enterprise that used stolen credit card data to bill consumers without their consent. The $40.2 million to be paid by First Data and Ko in the settlements will be used to provide refunds to consumers harmed by these Schemes.

Red Flags and Repeated Warnings

According to the FTC, First Data ignored repeated warnings and direct evidence that merchants solicited by FPS and Ko were engaged in fraud. First Data violated its own anti-fraud policies, and the rules of its acquiring bank (Wells Fargo) and the card brands, by failing to adequately: (1) underwrite, screen, monitor, and/or oversee FPS or its sales agents; (2) review FPS’s merchant boarding, underwriting, and risk management processes; and (3) monitor or timely terminate the Schemes’ merchant accounts.

Based on this and the following facts, FTC alleges that First Data and Ko knew, or consciously avoided knowing, they were boarding fraudulent merchants.

Starting in 2012, Ko and FPS approved hundreds of merchant applications for the Schemes that were facially false or deceptive, that depicted shell companies as bona fide businesses, or that described business activity that was prohibited by bank and card brand rules. In early 2012, FPS staff told Ko that FPS was opening merchant accounts based on fraudulent applications; and, by April 2012, First Data had already questioned whether to continue a relationship with FPS based on its failure to adequately underwrite merchant accounts.

Nonetheless, for the next two and a half years, First Data and FPS continued to process payments for the Schemes while communicating about deceptive conduct and exorbitant chargeback rates associated with FPS’s portfolio. According to the complaint, FPS’s merchants at one point accrued over 300,000 chargebacks in less than one year, representing approximately 40% of First Data’s excessive chargeback violations for its entire wholesale merchant business.

Fraudulent Boarding Practices

FTC alleges that, during this time, First Data and FPS established hundreds of merchant accounts for the Schemes in the names of “straw men” or “mules” who had not given consent to their personal and financial information being used to apply for merchant accounts and often did not even know that merchant applications had been submitted in their names. These accounts were used, sometimes interchangeably, to process consumer payments for the Schemes. First Data and FPS established these accounts after FPS approved merchant applications that were facially false or deceptive, contained obvious factual discrepancies or internal inconsistencies, omitted key information about the merchant applicant’s business, or contained other “red flags,” or obvious indicators of fraud.

In some instances, FPS approved merchant applications for the Schemes that had no business description, no marketing materials, no merchant category code, no employee information, and no other information identifying the goods or services the merchant offered to consumers. In other instances, First Data and FPS opened accounts after FPS approved merchant applications that were demonstrably false, contained business descriptions that were prohibited by Wells Fargo (the acquirer), violated bank or card brand rules, or demonstrated histories of telemarketing law violations.

During the same time period, from February to September 2014, FPS approved 40 pairs of identical merchant applications. Each pair had the same purported principal and merchant name and was opened the same day. These pairs of identical merchant applications also used suspicious billing descriptors that hid or omitted the merchant’s name. For example, FPS approved merchant applications for purported nutraceutical and web hosting companies with billing descriptors that contained no text except for the phone number to an offshore telemarketing call center – e.g. 888-441-2916.COM.

Rogue’s Gallery of Sales Agents

So how did First Data and FPS board so many bad accounts? Well, FPS’ sales agents included CardReady LLC , Brandon Becker, James Berland, First Pay Systems LLC f/k/a Electronic Payment Services, Inc., KMA Merchant Services LLC, Jay Wigdore, Michael Abdelmesseh, and Richard Kuhlmann.

Wigdore had federal criminal convictions in 1995, 2000, and 2003 for mail fraud, bank fraud, and conspiracy to commit fraud. Wigdore’s illegal conduct was also highlighted in the FBI’s publicly available 2004 “Financial Institution Fraud and Failure Report.” At the time Wigdore contracted with FPS, his convictions were public and the FBI report was available on the Internet.

KMA maintained an “F” ranking with the Better Business Bureau for at least two years prior to contracting with FPS. KMA’s ranking was publicly available on the BBB’s website at the time it began referring merchants to FPS and First Data.

Kuhlmann was subject to numerous publicly available civil judgments and tax liens during the five-year period before becoming an FPS sales agent.

When CardReady contracted with FPS in February 2012, CardReady and its CEO faced an unpaid civil judgment of approximately $700,000 for breach of contract that was public record. CardReady was also named as a defendant in a fraudulent conveyance action that was public record during the time period it referred merchants to FPS and First Data.

Wells Fargo Terminates FPS

Wells Fargo finally brought these practices to an end in late 2014 when it terminated FPS’s sponsorship. In December 2014, Visa required First Data to pay $18.7 million restitution in connection with FPS’s merchants and banned First Data from boarding high-risk merchants pending a forensic audit. And the April 2015 audit found significant failures in First Data’s risk management practices, including “no controls” over high-risk merchant boarding in its wholesale merchant business, deficient merchant transaction monitoring, and failures in due diligence of its agents, like FPS and Ko.

Did First Data respond by severing ties with FPS? On the contrary, in May 2015, First Data acquired FPS’s merchant accounts, took over its office space, and hired most of its employees. A few months later, First Data asked Wells Fargo to allow former FPS employees to solicit high-risk merchants. Wells Fargo said yes, but on two conditions: that the employees were not “associated with or related to Vincent Ko” and that First Data could confirm that “Vincent Ko has no influence.”

Shockingly, after all this, in January 2017, First Data hired Ko as its vice-president of strategic partnerships.

Consequences

Based on the foregoing, FTC alleges that First Data violated the FTC Act and the Telemarketing Sales Rule. FTC reports that, in addition to paying more than $40 million, under the terms of its proposed settlement, First Data, which was acquired by Fiserv, Inc. in 2019, will be prohibited from assisting or facilitating FTC Act violations related to payment processing and evading fraud and risk oversight programs. First Data will also be required to screen and monitor certain high-risk merchant-clients, as well as establish and implement an oversight program to monitor its wholesale ISOs. In addition, the settlement requires First Data to hire an independent assessor to oversee the company’s compliance with the settlement’s oversight program for the next three years.

For his part, Ko will be required to pay $270,373.70. He will be banned from payment processing for certain types of high-risk merchants, credit card laundering activities, making or assisting others in making false or misleading statements, and assisting or facilitating violations of the FTC Act.

The FTC filed the complaint in the U.S. District Court for the Southern District of New York yesterday (May 19). The stipulated final orders for First Data and Ko should be filed shortly.

Why It Matters

This case is a reminder that acquirers, processors, and ISOs that fail to appropriately police the security of the payments system face liability for the bad acts of their sales agents and merchants. Access to the credit card system is a privilege, and banks and their third party agents must employ appropriate controls to keep scammers out, and take quick remedial action to promptly identify and expel those that sneak in.

Bradley O. Cebeci is a Senior Attorney with Rome & Associates, APC. Brad focuses on Payments and Digital Marketing Law.

by Brad Cebeci

RevenueWire Settles Credit Card Laundering Charges

The Federal Trade Commission has announced a proposed settlement with Canadian company RevenueWire, Inc. and its CEO, Roberta Leach for alleged violations of the FTC Act and Telemarketing Sales Rule (TSR). The settlement requires them to pay $6.75 million to settle charges they laundered credit card payments for, and assisted and facilitated, two tech support scams previously sued by the FTC.

Call Stream Model

FTC filed its complaint and stipulated order for permanent injunction and monetary judgment yesterday in the US District Court for the District of Columbia. FTC alleges that RevenueWire (also doing business as “SafeCart”) played a key role in scamming consumers by using a business model named “Call Stream.” Under that model, RevenueWire provided lead generation, business development, payment processing, and money distribution services to numerous tech support fraudsters, leading to hundreds of millions of dollars of consumer injury. Leach signed the corresponding contracts, controlled RevenueWire’s operations, and claims to have invented the “Call Stream” business model.

RevenueWire's Contracts

FTC claims that RevenueWire contracted with software sellers and call centers to provide them with payment processing services. RevenueWire also contracted with banks and payment processors in the US and abroad to open and maintain merchant accounts. The Call Stream model depended on a three-step process. First, the software seller (e.g. PC Cleaner) acted as the lead generator to funnel consumers to the call center. Second, the call center’s telemarketers deceptively upsold consumers tech support services (e.g. ICE and Vast). And third, RevenueWire used its merchant accounts to submit the software company and call center’s respective sales transactions for processing, and then divided the proceeds among itself, the software seller and the call center.

"SafeCart" Sales

RevenueWire’s payment processing services involved two credit card sales drafts. One generated by the transaction between the software companies and consumers when the consumers paid for the software online. And a second generated by the telemarketing transaction between the Call Stream partner call centers and consumers for purported tech support services. With either type of transaction, the name “SafeCart” would appear on consumers’ card statements.

Chase and WorldPay MIDs

The merchant accounts identified RevenueWire as the merchant of record selling “eBooks and software.”  Yet RevenueWire submitted the third-party sales transactions of the software sellers and call centers to Chase and WorldPay through these MIDs as though they were RevenueWire’s own sales transactions. RevenueWire also miscoded the transactions —e.g. coding them as software store sells (MCC 5734) instead of Teleservices (MCC 5967); and disguised renewal and rebill charges.

Settlement Terms

Under the terms of the proposed settlement, RevenueWire and Leach will be required to pay $6.75 million. In addition, they are permanently banned from any further payment laundering or violations of the TSR, and will be required to thoroughly screen and monitor high-risk clients to ensure those clients are not misleading consumers.

Bradley O. Cebeci is a Senior Attorney with Rome & Associates, APC. Brad focuses on Payments and Digital Marketing Law.

by Brad Cebeci