ATLANTA — One of the world’s largest payment processing companies and a former executive will pay more than $40.2 million to settle Federal Trade Commission charges they knowingly processed payments and laundered card transactions for scams committed between 2012 and 2014.
With the FTC settlement, First Data Merchant Services Corp. will be required to screen and monitor certain high-risk merchant-clients, as well as establish and implement an oversight program to monitor its wholesale independent sales agents (ISOs).
The settlement also requires First Data, which was acquired by Fiserv Inc. in 2019, to hire an independent assessor to oversee the company’s compliance with the settlement’s oversight program for the next three years.
To show off its control of the payments market, First Data has 6 million merchants, the largest in the payments industry, and handles 45 percent of all U.S. credit and debit transactions. It processes around 2,800 transactions per second and $2.2 trillion in card transactions annually.
The FTC sued First Data after a company it hired to sign up merchants to use its payment processing technology allegedly added scammers and fraudulent businesses to its platform.
According to the FTC’s complaint, Chi “Vincent” Ko, through his company First Pay Solutions, opened hundreds of merchant accounts in the names of fake entities and shell companies and then took payments from consumers, deceiving them.
Authorities later connected the dots of false businesses to at least four scams — three that were the subject of FTC actions and one that was the subject of a Justice Department criminal prosecution.
The FTC, in its complaint, alleged First Data processed payments for Ko and First Pay and ignored “repeated” warnings and evidence about the alleged fraud. First Pay served as an ISO for First Data.
In addition, the FTC noted that a 2014 Visa investigation required First Data to pay back $18.7 million in charges processed by Ko and temporarily banned First Data from bringing on high-risk merchants. A 2015 forensic audit conducted as part of Visa’s investigation indicated that First Data had “no controls” on how the company managed high-risk merchants.
NETbilling Inc. CEO Mitch Farber said that credit card scams like the one Ko was allegedly involved in aren't anything new, and that many fraudsters have been prosecuted over the years for such conduct.
Farber’s NETbilling is one of the adult industry’s leading processors and provides merchant accounts, multicurrency transaction processing and call center services to thousands of e-commerce and retail companies.
“Obtaining merchant accounts for these types of scams often involves the merchant account sales agents and sometimes the ISO that they work for,” Farber told AVN. “Oftentimes they are aware of the fraud in some way to allow them to obtain many merchant accounts and operate with extremely high chargeback rates."
Farber said that the problem in this specific case is that First Data apparently knew of the fraud and turned a blind eye for quite some time. The FTC’s complaint alleged that the defendants violated the FTC Act and the Telemarketing Sales Rule.
“The parties involved have all certainly been punished by the outcome. The FTC, Visa and Mastercard took the necessary steps and have imposed the proper punishment,” Farber said. “I do not feel this will impact the high-risk processing industry, except for implementing some possible additional ISO/agent vetting criteria.
“I also do not believe this will affect the adult industry specifically with all of the fine merchants that work hard to provide a great experience for their consumers.”
Jonathan Corona of MobiusPay, another payment processing company that specializes in adult transactions, called FTC’s ruling “proportionate.”
“It’s an unfortunate situation, but Visa and Mastercard have countless pages of protocol, procedure and guidelines for processors to follow in order to prevent this very situation from happening; the processor is certainly culpable of negligence,” Corona told AVN.
Corey D. Silverstein, an industry attorney with Silverstein Legal, agreed that the First Data settlement won’t have direct impact on the high-risk processing industry, which is necessary for most transactions for adult entertainment services or products.
“The allegations involved in this case date back to 2012 and much has already changed in terms of compliance on the high-risk processing industry since that time,” Silverstein told AVN.
“Know your customer (KYC) guidelines, that are now in force could very well have stopped this incident from occurring back in 2012,” Silverstein said. “The U.S.’s Financial Crimes Enforcement Network (FinCEN) only introduced KYC in 2014, and the enhanced requirements on financial institutions related its customer data collection could very well have stopped this incident back in 2012.”
Silverstein noted that the $40.2 million in fines levied against First Data and Ko was just a sliver of the big picture.
Under terms of the FTC’s proposed settlement, First Data will pay $40 million and Ko will pay $270,374.
Ko also will be banned from payment processing for certain types of high-risk merchants and credit-card laundering activities, according to the FTC deal.
“It’s very important to note that in 2017, First Data’s revenue was $12.05 billion and they employed 22,000 people,” Silverstein said. “It is currently owned by Fiserv Inc., which has a market cap of $68.6 billion. So, while a $40.2 million fine makes for a sexy headline, this really isn’t much more than a hard slap on the wrist.”