Acquiring: The Feds’ Underwriting Crackdown

Government authorities are demanding better merchant underwriting and transaction monitoring by payment processors in order to prevent consumer fraud. A laudable goal, but at what cost?

by Jim Daly

Almost two years ago, a Federal Trade Commission official made it known to a meeting of merchant-acquiring executives that their industry needed to do more to prevent shady marketers from getting merchant accounts that would give them access to electronic-payment systems, and keep a closer eye on transactions from existing merchants for possible fraud.

The comments by Lois C. Greisman, associate director in the FTC’s Division of Marketing Practices, didn’t get much publicity at the time. But an FTC attorney repeated the message in October to an audience of independent sales organizations at the Electronic Transactions Association’s Compliance Day conference in Chicago.

That official also revealed the existence of a working group of federal bank regulators and law-enforcement and FTC officials concerned with monitoring the risk to the payment system by so-called third parties such as ISOs and other service providers to merchants.

And in case anybody still didn’t get the message, a settlement the FTC struck last month with an ISO called Landmark Clearing Inc. that signed fraudulent direct marketers brought it home. That message is: Processors, the old standard of equating good risk control with low chargeback rates no longer suffices. The government is now demanding more thorough underwriting and transaction monitoring to prevent consumers from being swindled.

“We need a more concerted effort to target the bad actors,” Greisman tells Digital Transactions.

‘Heightened Scrutiny’

Much of what the feds are now insisting upon actually is nothing new to the acquiring industry. Underwriting tactics that include doing background checks on merchant applicants, investigating multiple merchant accounts held by one person, verifying a merchant’s physical address, reviewing marketing materials and advertising, and other procedures to ascertain an applicant’s good standing have long been either required by the card networks or considered best practices.

Apparently not enough processors are following through, however. And some, as the FTC alleged in the Landmark Clearing case, are willing to live with high return rates in exchange for even higher fee income.

“It’s heightened federal scrutiny, heightened government scrutiny because we were not effectively self-policing,” says Deana Rich of Van Nuys, Calif.-based Deana Rich Consulting Inc. Rich performs reviews of ISOs for both Visa Inc. and MasterCard Inc. for compliance with the networks’ underwriting and risk-monitoring requirements.

While bank regulatory agencies traditionally monitor the acquiring operations of financial institutions, the FTC addresses the problem of consumer fraud from the merchant or non-bank perspective, including online and telephone-based commerce, especially through its role in enforcing the Federal Trade Commission Act and the Telemarketing Sales Rule, which ban unfair and deceptive business practices.

The rise of e-commerce not only has brought shopping-cart providers and other new, non-bank third parties into the transaction process, but it also has created new ways to commit fraud, notes Mary Weaver Bennett, director of government and industry relations at the Washington, D.C.-based Electronic Transactions Association, an acquiring-industry trade group.

“This is what’s causing all the distress, because of the incredibly numerous ways rogue merchants can get around safeguards,” Bennett says.

Attorney Jeffrey D. Knowles, chairman of the Government Division of Venable LLP in Washington, says the FTC is challenging the acquirer mindset that equates good risk control merely with low chargeback rates.

“The FTC has found that simply monitoring chargeback activity alone without greater due diligence by processors was not stemming fraud on consumers driven by online marketing,” he says.

Telemarketing boiler rooms selling everything from vitamins to subscriptions to knock-off consumer goods have long been a major FTC focus. The highest-profile case in recent years involved telemarketers that used three processors that in turn submitted suspect transactions to the former Wachovia Bank, now part of Wells Fargo & Co., to debit consumers’ demand-deposit accounts. In early 2009, the Office of the Comptroller of the Currency announced that Wachovia had paid $150 million to 740,000 fraud victims. The FTC previously had sued two of the processors and the U.S. Department of Justice sued the third.

Greisman says she doesn’t have numbers to quantify how many actions the FTC has brought against fraudulent merchants that also involved ISOs or acquiring banks, but she points to the recent Landmark Clearing case as a reason that heightened government scrutiny is warranted.

“Let’s not kid ourselves, the numbers are not huge, but I feel fairly confident that Landmark may not be the last you’ll see from us on this,” she says.

Draining Accounts

The FTC alleged in a federal lawsuit that Plano, Texas-based Landmark Clearing processed more than 110,000 so-called remotely created payment orders (RCPOs) valued at more than $5.3 million on behalf of one client merchant, Direct Benefits Group (DBG), an online shopping club that had return rates of more than 70%.

The FTC charged DBG with debiting consumers’ bank accounts without their consent, and a federal judge halted DBG’s operation and froze its assets pending further litigation, according to the FTC.

Similarly, Landmark allegedly processed 58,000 RCPOs valued at more than $5.7 million on behalf of Platinum Online Group, of which more than 83% were returned.

In all, Landmark from the fall of 2008 until last spring allegedly used RCPOs to debit, or attempt to debit, millions of dollars from consumers’ accounts without their consent, according to the FTC. The charges drained many accounts, resulting not only in consumer inconvenience but also bounced-check and overdraft fees from banks.

Under terms of the settlement announced Jan. 5, Landmark and two of its principals, Larry Wubbena, president and 33% owner, and Eric Loehr, executive vice president of new business development, can still provide processing services but are banned from using RCPOs and a related debiting method called remotely created checks (RCCs).

Landmark, Wubbena, and Loehr also agreed to a $1.5 million judgment that was suspended in lieu of a $126,000 payment and the surrender of 26 lots Wubbena owns in a subdivision near Dallas that the FTC plans to sell.

Digital Transactions calls to Land­mark were not returned or not answered.

RCCs have been around for some time, but the FTC calls remotely created payment orders a “relatively new payment method.” Apart from initial customer approval, neither method requires a signature for subsequent transactions. Both are identical except at the first step; an RCC originates with a paper check while an RCPO originates electronically. (The Wachovia cases involved RCCs.)

In the Landmark cases, the consumer’s signature was replaced with such statements as, “Authorized by Account Holder,” “Authorized by Drawee,” “Signature Not Required,” or similar language. Then the drafts were submitted for clearing through regular channels.

Such demand drafts are legal provided the consumer freely gives the initial authorization for withdrawals from his checking account and knows what the drafts will be used for. The problem at Landmark was that many consumers whose accounts were debited had never heard of Landmark or its merchants, says Greisman.

Plus, demand drafts get little of the network or processor monitoring that automated clearing house and payment card transactions do, she adds. In fact, Landmark actively marketed its Virtual Draft product to prospective clients that had high check returns or payment card chargebacks.

“‘If you have high chargebacks, we have a product for you,’” says Greisman in summarizing the marketing message. “The benefit of this is there are no eyes on it.”

According to the FTC’s lawsuit, Landmark adopted an internal policy to accept merchants with return rates as high as 50%. The processor charged merchants a fee for every RCPO submitted in addition to a much higher fee for every returned item, the FTC alleged. Landmark’s bank, First Bank of Delaware, stopped accepting RCPOs from Landmark merchants last spring.

The settlement also calls for Landmark to closely monitor its merchants’ return rates and business practices for compliance with the FTC Act and the Telemarketing Sales Rule and possibly shut off a merchant whose total return rate exceeds 2.5%.

Not investigating the backgrounds of new merchants and how they fared with previous processors—or ignoring suspect track records when they do—is one of the key underwriting failures of ISOs and acquirers, according to the FTC.

The agency alleged that Landmark accepted Platinum Online as a merchant even though it previously terminated the merchant account of an online marketer controlled by the same principals as those involved in Platinum, EDebitPay, because of return rates that hit 86% in 2006. The FTC sued EDebitPay, whose principals agreed to pay $2.2 million in consumer redress.

‘We’ve Read the Law’

Knowles, whose firm’s clients include major e-commerce merchants, offers no excuses for processors such as Landmark Clearing, but he fears the government’s heightened oversight could crimp legitimate business.

“The downside for the payment-processing industry is considerable,” he says. Processors “are going to have to undertake a much larger compliance burden from the very outset of initiating a relationship with a new merchant all the way through termination. It’s going to be much more expensive to operate in this new environment.” He adds: “I think it will be somewhat of a windfall for lawyers.”

The increasing focus on underwriting and risk management could particularly affect ISOs willing to take on high-risk merchants. One of those is North Kansas City, Mo.-based BCC Merchant Solutions, parent company of an ISO called BankCard Central.

The government effort overlooks the complexities and nuances of signing honest merchants who work in legal but controversial industries and thus could “turn every underwriter into a federal compliance officer,” says BCC chief executive Rick Noble. “What you have to do now is have every underwriter legally trained.”

BankCard Central already spends plenty of time evaluating legal risk. The ISO will book cigar and other tobacco merchants, whose industry has many regulations involving the age of customers and other issues, even though many acquiring banks shun such merchants. “We’ve read the law and understand the law,” says Noble.

His company also will sign online gun dealers that pass its underwriting screen, but not merchants who sell at gun shows. “There is no control at all” in that segment, Noble says. “No background checks.”

Adding to the already complicated underwriting burden will simply increase costs or shut legitimate and profitable merchants out of the payment card system, according to Noble. “The only thing it will do is get the banks to overreach on their underwriting requirements,” he says.

Processors are especially displeased that the FTC is now saying that in cases it brings it might claim the reserves that acquirers have merchants put aside to cover potential chargebacks. The FTC says those reserves should be used for consumer redress, but without them, acquirers will be forced to eat more losses.

The commission also is eyeing processor fee income and even has indicated it could hold owners of processing companies personally liable for consumer injury, according to Knowles.

“The downside there is tremendous,” he says. “It may make it much more difficult for responsible, compliant online marketers to obtain merchant accounts.”

The FTC, however, is firm in its new stance against slack underwriting.

“This is an extremely important area and we are committed to taking aggressive action,” says Greisman.

 

A Few Underwriting Red Flags

High chargeback or return rates with previous acquirer.

Previous merchant account terminated.

Principals in a suspect business apply for a merchant account for a different business.

Multiple merchant accounts held by one person.*

Little or no activity at listed business address.

Questionable marketing and advertising materials.

* Some merchants have legitimate reasons for multiple accounts.

Source: Digital Transactions