Does a lawsuit filed in Arizona by the US Federal Trade Commission signal a sea change in regulatory willingness to act aggressively against transaction laundering?

A lawsuit filed in the United States District Court in Arizona at the end of July this year may be the tipping point in the ongoing regulatory struggle against the online money laundering practice known as transaction laundering.

In this groundbreaking action, the FTC has essentially drawn a line in the sand against online payment fraud. By holding an ISO accountable for a scam perpetrated by one of its merchants, the FTC has ended the years-old practice of regulatory agencies looking the other way while funds for massive amounts of illicit goods and services were laundered electronically.

The suit alleges that Electronic Payment Systems (EPS) facilitated money laundering through the use of fictitious merchant accounts in its capacity as Independent Sales Organization (ISO) in a telemarketing scam referred to as Money Now Funding (MNF) – either owing to willful participation in the scheme or due to negligent KYC/EDD practices.

Backgrounder: What is the FTC?

The FTC is an independent agency of the United States Government created by statute. Among other responsibilities, the FTC enforces those sections of the FTC Act which prohibit unfair or deceptive acts or practices in or affecting commerce. This includes the Telemarketing Act, which prohibits deceptive and abusive telemarketing acts or practices.

What is Transaction Laundering?

The FTC lawsuit relates to transaction laundering by another name, defining “the practice of processing credit card transactions through another company’s merchant accounts” as “credit card laundering” or “factoring”. Despite the nomenclature, the practice is identical – and is illegal under the FTC’s Telemarketing Sales Rule and other regulations.

Transaction laundering occurs when an unknown business uses an approved merchant’s payment credentials to process credit card payments for unknown products and services. It’s a massive problem. EverCompliant estimates that transaction laundering for online sales of products and services is over $200 billion a year in the US alone. Of this, some $6 billion involves illegal goods, which were sold online by nearly 335,000 unregistered merchants.

How Does Transaction Laundering Fit in with the Payments Ecosystem?

Credit card processing involves a complex series of interactions between multiple entities – on one side the consumer and his or her bank, and on the other side the merchant and the merchant’s bank. In between are credit card organizations (like VISA and MasterCard), acquiring banks, and third parties known as Independent Sales Organizations (ISOs).

To accept online credit or debit card payments, every merchant needs to establish a “merchant account” with an acquiring bank. To facilitate this, and grow their volume of merchants, acquirers contract with ISOs. ISOs seek out merchants that want to open credit card merchant accounts, and refer them to the acquiring bank. Sometimes the ISOs actually underwrite the merchants for their acquirer or even process payments on their behalf, either directly or through third party payment processors. ISOs can also engage in screening prospective merchants, or even wholly operate the acquirer’s merchant processing program (directly or through the services of third party processors), and monitor the merchants’ transactions.

By maintaining a trusted relationship with acquirers, ISO’s should function as a gatekeeper – screening and blocking fraudulent merchants from accessing credit card networks. However, less scrupulous ISOs – like EPS, according to the FTC – can actually be complicit with fraudulent merchants, enabling illicit merchants to gain access to credit card networks they would otherwise be unable to touch.

What is the Lawsuit About?

Filed July 28, 2017, the FTC litigation alleges that EPS facilitated transaction laundering in the previously-prosecuted Money Now Funding (MNF) scam.

From 2011 to 2013, the MNF telemarketing scam stole more than $7 million from thousands of consumers. The scam’s telemarketers convinced consumers they could earn income by referring small businesses seeking loans to MNF. However, consumers were first required to make an upfront payment of $299 to $499 to “go into business” with MNF, and only then could receive lucrative commissions for each loan opportunity referred.

After consumers first payment, MNF telemarketers would attempt to deceptively upsells, convincing consumers to pay additional thousands of dollars “leads” – contact information for businesses ostensibly in need of loans. Consumer were promised that these leads would easily generate hundreds or thousands of dollars per month, resulting in in huge returns on their investment in MNF.

In 2015, courts found that MNF was indeed a multi-million dollar scheme to defraud consumers, stipulated damages, and empowered the FTC to begin orchestrating repayments to thousands of affected consumers.

In this new lawsuit, the FTC decided to follow the chain to its source and go after EPS as a facilitator of the MNF scam. The reason is that the scam was wholly dependent on MNF’s ability to accept funds from its victims via credit and debit card, without raising fraud alerts.

To accomplish this, MNF needed to conceal its identity and prevent acquirer and card networks from scrutinizing (and possibly terminating) its merchant account. To make this happen, MNF created multiple fictitious companies, each with an MNF principal or employee as the owner or principal of the company. Then, MNF applied for merchant accounts under each fictitious name, through which they could launder charges to consumer credit or debit cards.

For example, one fictitious company was called “D&D Marketing,” a company whose “owner” was an MNF employee with the initials “D.D.”. Thus, some consumers that made payments in the framework of the MNF scam would see charges on the their credit card statements to “D&D Marketing” rather than “Money Now Funding”.

And here’s where EPS comes into the picture.

The lawsuit alleges that from May to November 2012, one of the defendants submitted phony merchant applications on behalf of 23 of these fictitious companies to EPS for EPS’s underwriting approval. EPS then approved all 23 applications, set up merchant accounts for each fictitious company, and immediately began processing for these accounts through EPS’s acquirer, Merrick Bank.

EPS Facilitated MNF Transaction Laundering

The lawsuit alleges that, in approving these 23 applications, as well as others documented in the paperwork filed, EPS essentially “…engaged in the underwriting and approval of MNF’s fictitious companies, and helped set up merchant accounts with its acquirer for these fictitious companies. Using the services of two payment processors, EPS processed more than $5,895,035 in MNF transactions through these and other fraudulent merchant accounts.”

Without the ISO and processing services provided by EPS, the MNF scam could not have obtained the fraudulent merchant accounts at Merrick, through which MNF’s credit card transactions were processed.

As Merrick’s ISO, EPS was contractually bound to comply with that acquiring bank’s underwriting rules for merchant screening. These included strict guidelines that could verify merchant identity and legitimacy, screening out merchants possibly engaged in fraud. EPS was also obligated to closely monitor merchant transactions, maintain merchant information in Merrick’s merchant database, and ensure that its merchants complied with VISA’s rules and regulations (EPS was also a registered ISO with VISA through Merrick).

Despite this, the lawsuit alleges that EPS did not verify merchant identities, opening merchant accounts in the names of multiple fictitious companies for the same underlying merchant, and misrepresenting the companies’ true identity and ownership. By doing so, EPS also evaded card network fraud and chargeback monitoring programs, which were designed to detect and prevent fraudulent activity.

The Bottom Line: Regulators Are Getting Serious About Transaction Laundering

With its involvement in the MNF scam’s transaction laundering, EPS:

Ignored obvious warning signs of fraud, including likely transaction laundering

Concealed from Merrick (the acquiring) and the card networks the true identity and nature of MNF’s fictitious companies

Made every effort to continue processing for the MNF Fictitious Companies, and other merchants related to the defendants, even after Merrick noticed signs of fraud and instructed EPS to stop

Clearly, this case represents one of the first definitive actions taken by a regulator against transaction laundering. What the exact fallout will be is not yet know, as the lawsuit’s charges have not been assessed. We expect that EPS will ultimately be required to pay all associated card brand fines. But either way, this lawsuit demonstrates that regulatory scrutiny involving transaction laundering has reached critical mass – and that we can expect more cases like this moving forward.