One of the biggest payment processing companies and its former executive will pay more than $40.2 million to settle Federal Trade Commission charges they knowingly processed payments and laundered, or assisted laundering of, credit card transactions for scams that targeted hundreds of thousands of consumers.
According to the FTC’s complaint, Atlanta-based First Data Merchant Services, LLC (First Data) allegedly ignored repeated warnings from employees, banks, and others that Chi “Vincent” Ko, through his company that served as an independent sales agent (ISO) for First Data, was laundering, and First Data was assisting and facilitating laundering, payments for companies that were breaking the law over a number of years. Ko was later hired as an executive at First Data.
“First Data is paying $40 million because it repeatedly looked the other way while its payment processing services were being used to commit fraud,” said Daniel Kaufman, Deputy Director of the FTC’s Bureau of Consumer Protection. “When companies fail to screen out fraudsters exploiting the payment processing system to steal people’s money, they’re breaking the law – and injuring consumers.”
According to the complaint, Ko, through his prior company, First Pay Solutions LLC (First Pay), opened hundreds of merchant accounts for at least four scams – three that were the subject of FTC actions, and one that was the subject of a U.S. Department of Justice criminal prosecution.
According to the complaint, “FPS was also prohibited under the Processing Agreement from soliciting merchants engaged in certain unacceptable business practices because they were presumptively illegal, violated card association rules, or created excessive risk exposure. The banned categories included, for example, businesses selling “debt consolidation services,” “Get Rich Quick Opportunities,” and “[a]my merchant engaged in any form of deceptive marketing practices.”
One of the entities First Data had a relationship with was EM Systems. “From at least January 2013 to November 2014, Defendants established merchant accounts and processed payments for E.M. Systems & Services LLC (“E.M. Systems”) through 26 shell companies. E.M. Systems operated a debt relief telemarketing scam that took over $20 million from consumers for approximately two years. Defendants opened merchant accounts for E.M. Systems’s shell companies based on demonstrably false merchant applications that listed straw men as business owners and fictitious business locations. Defendants then processed E.M. Systems’ payments through these shell accounts, as well as other shell accounts Defendants previously opened for the Coaching Department. In 2015, a federal court in Florida shut down the scheme, and E.M. Systems and its telemarketers subsequently agreed to a stipulated permanent injunction and entry of a partially suspended judgment of more than $12 million.”
The FTC alleges that, from 2012 to 2014, Ko opened accounts under false names, provided Wells Fargo Bank with deceptive information to open the accounts, and ignored evidence that his clients were engaged in fraud. The $40.2 million to be paid in the settlements will be used to provide refunds to consumers harmed by these scams.
The complaint alleges First Data ignored numerous warnings about Ko and First Pay’s activity. Among the warnings was a 2014 e-mail from Wells Fargo’s executive vice president, saying “Why is First Data signing ISOs like [First Pay]? They are going to get First Data and Wells Fargo in trouble with the FTC and CFPB due to consumer deceptive practices…” In addition, a 2014 Visa investigation required First Data to pay back $18.7 million in charges processed by Ko and temporarily banned First Data from bringing on high-risk merchants. A 2015 forensic audit conducted as part of Visa’s investigation indicated that First Data had “no controls” on how the company managed high-risk merchants.
The complaint alleges that the defendants violated the FTC Act and the Telemarketing Sales Rule.
In addition to paying more than $40 million, under the terms of its proposed settlement, First Data, which was acquired by Fiserv, Inc. in 2019, will be prohibited from assisting or facilitating FTC Act violations related to payment processing and evading fraud and risk oversight programs. In addition, the company will be required to screen and monitor certain high-risk merchant-clients, as well as establish and implement an oversight program to monitor its wholesale ISOs. The settlement also requires First Data to hire an independent assessor to oversee the company’s compliance with the settlement’s oversight program for the next three years.
Under the terms of his proposed settlement, Ko will be required to pay $270,373.70. He will be banned from payment processing for certain types of high-risk merchants, credit card laundering activities, making or assisting others in making false or misleading statements, and assisting or facilitating violations of the FTC Act.