In taking action against two payment processors earlier this
month for providing processing services to merchants allegedly
engaged in deceptive telemarketing practices, the U.S. Federal
Trade Commission demonstrated a broad view of the scope of its
authority under the Telemarketing Sales Rule to pursue service
providers over the telemarketing practices of their third-party
customers or clients. On June 4 and 18, the FTC filed federal
lawsuits against Newtek Merchant Solutions and IRN Payment Systems
in the U.S. District Court for the Middle District of Florida
alleging that the companies provided substantial assistance or
support to merchants who the processors allegedly knew or
consciously avoided knowing were engaged in deceptive telemarketing
schemes. This aggressive enforcement of consumer protection laws
against payment processors based on alleged privacy violations by
their arms-length customers is of interest to all service providers
that do business with consumer-facing clients.
In late 2012 and early 2013, the FTC filed lawsuits against two
telemarketing operations, "Treasure Your Success" and
"Innovative Wealth Builders," alleging that the companies
engaged in deceptive and abusive telemarketing practices in
violation of the Telemarketing Sales Rule (16 C.F.R. § 310)
and section 5 of the FTC Act (15 U.S.C. § 45(a)). According to
the FTC, the companies cold-called consumers promising to
substantially reduce the interest rates on their credit cards and
charged customers for such services, but failed to deliver them. In
addition, the FTC alleged that Treasure Your Success violated the
Do Not Call Registry, did not honor "do not call"
requests, and made unwanted robocalls.
In June 2013, the FTC expanded its lawsuits to include as
defendants the payment processors that processed the payments made
to the telemarketers by consumers, along with the former president
of one of the processors. The FTC's complaints against the
payment processors and former president allege that they violated a
section of the Telemarketing Sales Rule (16 C.F.R. § 310.3(b))
that prohibits a person from providing "substantial assistance
or support to any seller or telemarketer when that person knows or
consciously avoids knowing that the seller or telemarketer is
engaged in" deceptive telemarketing practices. The FTC's
complaints allege that the processors and former president
"knew or consciously avoided knowing" of their
clients' deceptive telemarketing because, according to the FTC,
they were aware of high chargeback rates associated with their
clients' transactions and had learned of consumer complaints
regarding their clients' businesses. The complaints further
allege that the processors and former president provided
"substantial assistance or support" to the telemarketers
by providing them with access to the payment card networks and
providing related services.
The FTC's actions in these cases are of concern to all service
providers that do business with consumer-facing companies. The
suits represent the latest effort by the agency to assert
enforcement authority for privacy violations not merely against the
companies that commit those violations, but also against companies
that provide services to the violators – even if the company
is not affiliated with the violator, and even if the violator is
not acting as the company's agent. The FTC's approach in
these cases is reminiscent of other efforts by the agency in recent
years to cast a wide regulatory net in privacy and data security
cases. The FTC has previously pursued payment processors on similar
theories, including a joint action along with state regulators
several years ago against payment processor Your Money Access and
its officers that resulted in default and stipulated judgments
imposing significant injunctive and monetary relief. The FTC also
has not limited its broad theories of liability to the payment
processing context. In 2011, for instance, the FTC entered into a
settlement with several credit report resellers based on
allegations that the resellers' clients failed to adequately
secure their computer networks.
With its new actions against payment processors Newtek and IRN Payment Systems, the FTC is seeking to revive and expand upon these theories of liability based on logic that could implicate any number of service providers. Indeed, one would think that the very same legal claims could have been leveled by the FTC with equal if not greater force against card brands such as MasterCard, as the FTC's factual allegations in both cases indicate that MasterCard was aware of the telemarketers' fraud yet continued to provide them with access to its payment network. In short, all corporations that provide services to companies that collect or use consumer information should closely watch the FTC's lawsuits against these two payment processors and fully assess the legal risks that might be associated with their business relationships.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.