On May 27, the Governor of New York State announced that the state Department of Labor published new proposed rules intended to better regulate employers who pay their employees using debit cards. The proposed regulations detail the responsibilities of employers that use debit cards to pay employees, and prohibit employers from profiting from or passing along costs to employees. In addition, the proposed rules prohibit employers from imposing fees (such as those for customer service, account maintenance, overdraft, and inactivity), and require employers to (i) obtain advance consent, which must be documented and kept on record for six years; (ii) make known to employees the local locations where their wages can be accessed for free; and (iii) provide unlimited free ATM withdrawals within a local network, including a method to withdraw the full amount of wages each pay period without penalty. The regulations will take effect following a 45-day notice and comment period.
Today, the DOJ unsealed an eighteen-count indictment in Brooklyn, New York charging a Turkish citizen (Defendant) with organizing worldwide cyberattacks against at least three U.S. payment processors’ computer networks. The Defendant’s organization allegedly used “sophisticated intrusion techniques” to hack the computer systems, stealing prepaid debit card data and subsequently using the stolen data to make ATM withdrawals in which standard withdrawal limits were manipulated to allow for greater withdrawals. According to the indictment, the Defendant managed a group of co-conspirators responsible for distributing the stolen card information to “cashing crews” around the world, who then used the information to conduct tens of thousands of fraudulent ATM withdrawals and fraudulent purchases. Within two days – February 27 and 28, 2011 – the DOJ alleges that the “cashing crews withdrew approximately $10 million through approximately 15,000 fraudulent ATM withdrawals in at least 18 countries.” The remaining two operations, occurring in late 2012 and early 2013, resulted in ATM withdrawals of roughly $5 million and $40 million, respectively. The Defendant, along with other high-ranking members of the conspiracy, received the funds from the fraudulent operations via wire transfer, electronic currency, and personal delivery of U.S. and foreign currency. The Defendant was arrested in Germany on December 18, 2013, and was extradited to the United States on June 23, 2015. The charges against the Defendant follow previous charges against members of the conspiracy, including the arrest of a member of the New York cashing crew.
The Department of Education is set to propose new regulations which could change how financial institutions provide services on college campuses, according to a NPRM to be published in the Federal Register on May 18. The new rules, part of a nearly 300-page “Program Integrity and Improvement” package, are intended to among other things (i) ensure that students have convenient access on their Title IV funds, (ii) do not incur unreasonable and uncommon financial account fees, and (iii) are not led to believe they must open a particular account from a financial institution to receive Federal student aid. The proposed regulations also update other provisions in the cash management regulations, clarify how previously passed coursework is treated with respect to Title IV funds eligibility, and streamline the requirements for converting clock hours to credit hours. Public comments on the proposed rulemaking will be due 45 days after date of publication in the Federal Register.
Tennessee Enacts Legislation Requiring Payment Service Providers to Provide Adequate Disclosures to Merchants
On April 17, the Tennessee Governor Bill Haslem signed H.B. 547, which requires the disclosure of fees and other details in contracts entered into by payment service providers with merchants located within the state. The legislation requires the payment service providers to provide merchants with information detailing where the merchant can obtain access to operating rules, regulations, and bylaws under the agreement. In addition, the law requires payment service providers to disclose (i) the effective date of the agreement; (ii) terms of the agreement; (iii) any provisions relating to early termination or cancellation of the agreement; and (iv) a full schedule of all payment services fees with respect to the credit card, debit card, or other payment services under the agreement. The law also requires payment service providers to supply merchants with a monthly statement of fees, total value of transactions, and in some cases the aggregate fee percentage.
On August 6, the CFPB’s Student Loan Ombudsman, Rohit Chopra, published a blog post addressing the financial arrangements between financial institutions and institutions of higher education that market financial products to students. Last year, the CFPB urged banks to disclose any agreements with colleges and universities to market debit, prepaid, and other products to students and warned that “[t]he CFPB prioritizes its supervisory examinations based on the risks posed to consumers” and “[failing to make] college financial product arrangements transparent to students and their families . . . increase[s] such risks.” In this latest review, the CFPB assessed the Big Ten schools and found that at least 11 have established banking partners to market financial products to students. Of those 11, the CFPB found only four contracts on the bank websites, and it characterized three of those four contracts as “partial”—i.e. in the CFPB’s view, the disclosed agreements “did not contain important information, such as how much they pay schools to gain access to students in order to market and sell them financial products and services.” Concurrent with the blog post, the CFPB sent letters to schools asserting that “their bank partner has not yet committed to transparency when it comes to student financial products.”