Over the years, the Federal Trade Commission has brought a number of cases involving tech support scams, where fraudsters deceptively market services to "fix" purported problems on consumers' computers. In this action, the FTC alleged that RevenueWire and its CEO played an important role in these scams by, among other things, providing credit card processing services to the fraudsters to allow them to improperly collect funds from consumers.
RevenueWire and its CEO settled the case, agreeing to pay $6.75 million and to comply with various restrictions and procedures in connection with any payment processing services that it provides in the future.
There's a lot going on in this case to talk about. But, what's particularly interesting to me about this action is how the FTC holds a company that is providing credit card processing services responsible for a fraud committed by someone else. In a nutshell, the FTC says that the defendants were responsible for the fraud committed by others because they knew what was going on.
The FTC said that the defendants committed an "unfair" practice under Section 5 because they submitted charges through the company's merchant account for other companies that had defrauded consumers. In order for an act or practice to be "unfair," the FTC must show that the act or practice was likely to cause substantial injury to consumers that they are able to reasonably avoid themselves (and where there was no counterveiling benefit to consumers or competition).
Does this make you nervous? Are credit card companies now responsible for any frauds committed through the use of their credit cards? Is the bank where the company deposits the money also responsible? What about the Uber driver who brings the fraudster to the office in the morning? What makes you responsible for a fraud committed by someone else? And where does the FTC draw the line?
This wasn't lost on Commissioner Christine S. Wilson either. In a concurring statement, she said that she supported the settlement with the understanding that "this case does not signal a shift on the part of the FTC to a strict liability standard for payment processors." She emphasized that, "Merely processing payments for merchants that subsequently were found to have made deceptive statements is not a per se unfairness violation." In order to hold a payment processor responsible for someone else's fraud, she said that the company must either actively help the fraudster hide its fraudulent conduct from banks and payment networks or turn a blind eye to the fraud.
So, yes, Uber drivers and many others can rest easier tonight. But, if you're doing business with someone that is committing a fraud -- and you're helping them commit that fraud or you know what's going on -- it may be time to find other business partners.