A trade group of independent ATM deployers on Thursday issued a report blasting the federal government’s Operation Choke Point targeting high-risk merchants, and the nation’s leading retailer association called on the Federal Trade Commission to investigate the PCI Security Standards Council on antitrust grounds.
While mostly affecting a few merchant categories such as payday lenders, telemarketers, certain e-commerce retailers, and others, along with the independent sales organizations and merchant acquirers that bring them payment-processing services, the controversial Operation Choke Point also has ensnared ATM ISOs and related deployers, according to the Sioux Falls, S.D.-based ATM Industry Association. Some banks intent on preventing money laundering have cut off services to ATM deployers, sometimes with little notice, David N. Tente, the ATMIA’s U.S. executive director, tells Digital Transactions News.
Launched in 2013 by the U.S. Department of Justice, Operation Choke Point’s intent was to deny payment services to fraud-prone industries. But critics quickly complained that the initiative, with help from the Federal Deposit Insurance Corp. and other regulatory agencies, was the Obama Administration’s way to put legal but disfavored industries such as gun dealers out of business. The FDIC at one point published a list of industries targeted for increased scrutiny by its examiners, but backed away from it after a chorus of complaints.
But some banks, apparently at the behest of examiners influenced by Operation Choke Point guidelines, are still looking at independent ATM deployers with suspicion, according to Tente. “It’s something that just won’t go away,” he says. “We’re still seeing that our members are getting account-closure letters.”
Tente says he doesn’t have numbers on how many ATMIA members have had problems resulting from Operation Choke Point, but says “it’s a significant number.”
Prevention of money laundering is a frequent reason cited in the account closures, according to the ATMIA. But Tente calls that reasoning flawed because ATMs are “not a very efficient or effective way to do that. Every transaction is tracked … everybody knows where the money goes.”
While there can be legitimate business reasons for them, wide variations in withdrawals of vault cash to supply ATMs are a flag that can attract examiners’ attention, he says. “If you go along and take out half a million bucks a week and all of a sudden you take out $2 million, somebody’s going to take notice,” he says.
The report makes several recommendations to deployers, including increasing the transparency of their funds flows by separating settlement accounts used for vault cash and settlement deposits from accounts for interchange and surcharge revenues. The association also recommended that deployers closely communicate with their bankers about how their businesses operate, and consider placing their accounts with smaller banks or credit unions rather than at big banks that face the most intense regulatory scrutiny.
The FDIC referred a Digital Transactions News request for comment to the DoJ, which had not responded as of late Thursday afternoon.
The ATMIA said it supports H.R. 766, a bill from U.S. Rep. Blaine Leutkemeyer, R-Mo., to quash Operation Choke Point. Luetkemeyer’s bill passed the House of Representatives in February, but a companion measure in the Senate faces an uphill battle and the White House has signaled it might veto such a measure on grounds that it could hinder law enforcement and national security.
Meanwhile, the Washington, D.C.-based National Retail Federation said it sent a letter to FTC chairwoman Edith Ramirez and other commissioners in May asking them to investigate the PCI Council, the body that administers the Payment Card Industry Data Security Standard (PCI DSS) and related rules for merchants, processors, and vendors that handle general-purpose credit and debit card data. The NRF says “the group’s controversial practices raise antitrust concerns.”
Created in 2006 by Visa, MasterCard, American Express, Discover, and JCB, the PCI Council is “a proprietary organization formed and controlled by a single industry sector—the major credit card networks” and “fails to meet any of the principles adopted by the federal government for voluntary standard-setting organizations,” NRF senior vice president and general counsel Mallory Duncan said in the letter. “We believe you will conclude PCI itself is an inappropriate exercise of market power by the dominant U.S. payment card networks and PCI should not continue setting data security standards through its current processes.”
In an emailed statement, the Wakefield, Mass.-based PCI Council said it “is aware of the NRF letter and strongly disagrees with the unfounded assertions it contains. PCI SSC has an ongoing and productive dialogue with the FTC and looks forward to discussing the NRF’s letter with them.”
The FTC in March ordered nine companies that do PCI compliance screening to provide it with information about how they conduct their work. The FTC said it will use the information “to study the state of PCI DSS assessments.”
The NRF’s letter is the latest attack on card-industry standards-setting organizations. U.S. Sen. Richard Durbin, the Illinois Democrat who sponsored the Durbin Amendment in 2010’s Dodd-Frank Act that introduced debit card price controls and transaction-routing requirements, last month asked the FTC to investigate the rocky rollout of EMV chip cards in the U.S. Durbin also has demanded information from EMVCo, the network-owned entity that sets standards for chip cards, about how it works, and said that the networks discourage PIN-authentication of EMV chip card transactions.