Alleged Ringleader of Global Cybercrimes Extradited to United States to Face Charges

Today, the DOJ unsealed an eighteen-count indictment in Brooklyn, New York charging a Turkish citizen (Defendant) with organizing worldwide cyberattacks against at least three U.S. payment processors’ computer networks. The Defendant’s organization allegedly used “sophisticated intrusion techniques” to hack the computer systems, stealing prepaid debit card data and subsequently using the stolen data to make ATM withdrawals in which standard withdrawal limits were manipulated to allow for greater withdrawals. According to the indictment, the Defendant managed a group of co-conspirators responsible for distributing the stolen card information to “cashing crews” around the world, who then used the information to conduct tens of thousands of fraudulent ATM withdrawals and fraudulent purchases. Within two days – February 27 and 28, 2011 – the DOJ alleges that the “cashing crews withdrew approximately $10 million through approximately 15,000 fraudulent ATM withdrawals in at least 18 countries.” The remaining two operations, occurring in late 2012 and early 2013, resulted in ATM withdrawals of roughly $5 million and $40 million, respectively. The Defendant, along with other high-ranking members of the conspiracy, received the funds from the fraudulent operations via wire transfer, electronic currency, and personal delivery of U.S. and foreign currency. The Defendant was arrested in Germany on December 18, 2013, and was extradited to the United States on June 23, 2015. The charges against the Defendant follow previous charges against members of the conspiracy, including the arrest of a member of the New York cashing crew.


NY Issues Proposed Rules to Manage How Employers Pay Workers Using Debit Cards

On May 27, the Governor of New York State announced that the state Department of Labor published new proposed rules intended to better regulate employers who pay their employees using debit cards.  The proposed regulations detail the responsibilities of employers that use debit cards to pay employees, and prohibit employers from profiting from or passing along costs to employees. In addition, the proposed rules prohibit employers from imposing fees (such as those for customer service, account maintenance, overdraft, and inactivity), and require employers to (i) obtain advance consent, which must be documented and kept on record for six years; (ii) make known to employees the local locations where their wages can be accessed for free; and (iii) provide unlimited free ATM withdrawals within a local network, including a method to withdraw the full amount of wages each pay period without penalty. The regulations will take effect following a 45-day notice and comment period.


Department of Education Proposes Rules to Reign In Fees on Student Financial Accounts

The Department of Education is set to propose new regulations which could change how financial institutions provide services on college campuses, according to a NPRM to be published in the Federal Register on May 18. The new rules, part of a nearly 300-page “Program Integrity and Improvement” package, are intended to among other things (i) ensure that students have convenient access on their Title IV funds, (ii) do not incur unreasonable and uncommon financial account fees, and (iii) are not led to believe they must open a particular account from a financial institution to receive Federal student aid. The proposed regulations also update other provisions in the cash management regulations, clarify how previously passed coursework is treated with respect to Title IV funds eligibility, and streamline the requirements for converting clock hours to credit hours. Public comments on the proposed rulemaking will be due 45 days after date of publication in the Federal Register.


Tennessee Enacts Legislation Requiring Payment Service Providers to Provide Adequate Disclosures to Merchants

On April 17, the Tennessee Governor Bill Haslem signed H.B. 547, which requires the disclosure of fees and other details in contracts entered into by payment service providers with merchants located within the state. The legislation requires the payment service providers to provide merchants with information detailing where the merchant can obtain access to operating rules, regulations, and bylaws under the agreement. In addition, the law requires payment service providers to disclose (i) the effective date of the agreement; (ii) terms of the agreement; (iii) any provisions relating to early termination or cancellation of the agreement; and (iv) a full schedule of all payment services fees with respect to the credit card, debit card, or other payment services under the agreement. The law also requires payment service providers to supply merchants with a monthly statement of fees, total value of transactions, and in some cases the aggregate fee percentage.


CFPB Pressures Banks To Disclose Campus Marketing Agreements

On August 6, the CFPB’s Student Loan Ombudsman, Rohit Chopra, published a blog post addressing the financial arrangements between financial institutions and institutions of higher education that market financial products to students. Last year, the CFPB urged banks to disclose any agreements with colleges and universities to market debit, prepaid, and other products to students and warned that “[t]he CFPB prioritizes its supervisory examinations based on the risks posed to consumers” and “[failing to make] college financial product arrangements transparent to students and their families . . . increase[s] such risks.” In this latest review, the CFPB assessed the  Big Ten schools and found that at least 11 have established banking partners to market financial products to students. Of those 11, the CFPB found only four contracts on the bank websites, and it characterized three of those four contracts as “partial”—i.e. in the CFPB’s view, the disclosed agreements “did not contain important information, such as how much they pay schools to gain access to students in order to market and sell them financial products and services.” Concurrent with the blog post, the CFPB sent letters to schools asserting that “their bank partner has not yet committed to transparency when it comes to student financial products.”


New York Targets Online Lenders Through Debit Card Networks

On April 30, the New York State Department of Financial Services (DFS) again expanded the scope of its activities targeting online payday lenders by announcing that two major debit card network operators agreed to halt the processing of payday loan deductions from bank accounts owned by New York consumers who allegedly obtained illegal online payday loans. The DFS asserts that in response to increased regulatory pressure on online lenders’ use of the ACH network—known as Operation Choke Point—those lenders are using debit card transactions to collect on payday loans originated online to New York residents. The DFS believes such loans violate the state’s usury laws. The DFS also sent cease-and-desist letters to 20 companies it believes are “illegally promoting, making, or collecting on payday loans to New York consumers.” The DFS’s assault on online lenders publicly began in February 2013 when it warned third-party debt collectors about collecting on allegedly illegal payday loans, and was first expanded in August 2013 when the DFS sent letters to 35 online lenders, including lenders affiliated with Native American Tribes, demanding that they cease and desist offering allegedly illegal payday loans to New York borrowers. At the same time, the DFS asked banks and NACHA to limit such lenders’ access to the payment system. DFS subsequently expanded its effort in December 2013 when it began targeting payday loan lead generation companies.


Democratic Lawmakers Urge Education Department To Alter School-Sponsored Debit Card Rules

On April 22, Senator Elizabeth Warren (D-MA), Congressman George Miller (D-CA) and 22 other lawmakers sent a letter to Department of Education (DOE) Secretary Arne Duncan, supporting the DOE’s ongoing efforts to revise its rules that govern the ways higher education institutions request, maintain, disburse, and otherwise manage federal student aid disbursements. The DOE is considering changes that would, among other things, clarify permissible disbursement practices and agreements between education institutions and entities that assist in disbursing student aid, and increase consumer protections governing the use of prepaid cards and other financial instruments. The lawmakers specifically called on the DOE to “mandate contract transparency, prohibit aggressive marketing, and ban high fees when colleges partner with banks to sponsor debit cards, prepaid cards, or other financial products used to disburse student aid” through rulemaking that would, among other things, (i) prohibit colleges from entering into preferred relationships with financial institutions to offer debit cards or other financial products that charge fees associated with the disbursement and use of federal student aid; (ii) ban revenue sharing deals between colleges and financial institutions; and (iii) require colleges to post agreements with banks on their websites and report them to the CFPB and other government agencies annually.


D.C. Circuit Rejects Merchant Challenge To Higher Cap On Debit Card Transaction Fees

On March 21, the U.S. Court of Appeals for the D.C. Circuit held that the Federal Reserve Board’s final rule imposing a 21-cent per transaction limit on debit card interchange fees (up from a 12-cent per transaction limit in its proposed rule) was based on a reasonable construction of a “poorly drafted” provision of the Dodd-Frank Act and that the Board acted reasonably in issuing a final rule requiring debit card issuers to process debit card transactions on at least two unaffiliated networks. NACS v. Bd. of Governors of the Fed. Reserve Sys., No. 13-5270, 2014 WL 1099633 (D.C. Cir. Mar. 21, 2014). The action was brought by a group of merchants challenging the increase to the interchange fee cap and implementation of anti-exclusivity rule for processing debit transactions that was less restrictive than other options. In support of their challenge, the merchants argued that in setting the cap at 21 cents the Board ignored Dodd-Frank’s command against consideration of “other costs incurred by an issuer which are not specific to a particular electronic debit transaction.” The court held, in a decision that hinged on discerning statutory intent from the omission of a comma, that when setting the fee cap the Board could consider both the incremental costs associated with the authorization, clearance, and settlement of debit card transactions (ACS costs) and other, additional, non-ACS costs associated with a particular transaction (such as software and equipment). The court further concluded that the Board could consider all ACS costs, network processing fees, and fraud losses. The court, however, remanded the question of whether the Board could also consider transaction-monitoring costs when setting the fee cap, given that monitoring costs are already accounted for in another portion of the statute. Finally, the court rejected the merchants’ argument that the Board’s final rule should have required the card issuers to allow their cards to be processed on at least two unaffiliated networks per method of authentication (i.e., PIN authentication or signature authentication) holding that the statute goes no further than preventing card issuers or networks from requiring the exclusive use of a particular network.


CFPB Student Loan Ombudsman Questions Marketing Of Student Financial Products; GAO Recommends More Transparency

On February 13, CFPB Student Loan Ombudsman Rohit Chopra published on the CFPB’s blog an update on the CFPB’s review of student financial products and raised concerns about certain marketing arrangements between financial institutions and colleges and universities, and the level of transparency associated with those agreements and the products marketed under them. He specifically questioned financial institutions that “generate a significant amount of their revenue on these products while students are currently in school.” On the same day, the GAO published a report on student debit and prepaid cards and marketing agreements, which recommends that Congress take steps to increase transparency. Read more…


N.D. Cal. Holds Debit Cards Are “Services” For Purposes Of The CRLA

On October 25, the United States District Court for the Northern District of California partially denied a bank’s motion for judgment on the pleadings seeking to dispose of class claims under California’s Unfair Competition Law (UCL) based on allegations that the bank reordered debit card transactions in order to maximize overdraft fees collected in connection with such transactions and misled customers regarding this practice in account agreements and monthly checking account statements. Hawthorne v. Umpqua Bank, No. 11-06700, 2013 WL 5781608 (N.D. Cal. Oct. 25, 2013). Departing from the conclusion reached by two other district courts, the court held that the bank’s debit cards constituted a “service” for purposes of the Consumer Legal Remedies Act (CRLA), which prohibits unfair methods of competition and unfair or deceptive acts and practices so long as the challenged conduct is part of a transaction involving the intended sale or lease of goods or services to a consumer. Two prior district courts had concluded that overdrafts and overdraft fees were not services sold or leased under the CLRA, but the Hawthorne court reached the opposite conclusion relying on the fact that (i) the CLRA is liberally construed and generally applicable to financial institutions and (ii) its determination that classifying debt cards as a service for consumers was consistent with the convenience benefits consumers receive from such cards. The court granted the bank’s motion for judgment on the pleadings with respect to a number of plaintiffs’ other claims, including violation of the unfair prong of the UCL, breach of the implied covenant good faith and fair dealing, breach of contract, and unjust enrichment.


CFPB Event Focuses on Student Banking

On September 30, the CFPB (or the Bureau) hosted a “Banking on Campus” forum, an event it described as a continuation of its February 2013 request for information about financial products and services marketed to college students. The event featured remarks from government officials, including the CFPB and the U.S. Department of Education, as well as presentations from students, school officials, financial institution representatives, and consumer advocacy groups. Generally, the discussion centered on the potential financial impact of exclusive marketing arrangements between schools and financial service providers on students, particularly with regard to financial aid disbursement products.

Director Cordray provided opening remarks in which he stated the Bureau’s concern that colleges and universities may be encouraging or even requiring students to use financial products that do not offer the best deals, while the schools are “secretly making money” from marketing agreements with financial service providers.

CFPB Student Loan Ombudsman, Rohit Chopra followed with a presentation that summarized the findings from the Bureau’s request for information, which may indicate the direction the CFPB will take in further scrutinizing student banking products and services.  According to Mr. Chopra, the CFPB received 162 responses to its request for information and reviewed publicly available information. The Bureau’s initial observations include, among others, that: (i) financial product marketing partnerships have shifted to student checking, debit and prepaid card products (particularly student ID card accounts and financial aid disbursement cards/accounts); (ii) college affinity products generally do not appear to have more attractive features compared to other student checking products; and (iii) marketing arrangements between financial institutions and institutions of higher education for many student banking products are not well understood. Read more…


Congressional Democrats Seek Information on Student Debit Cards; CFPB Plans “Banking on Campus” Event

On September 26, several Democratic Members of Congress, including Assistant Senate Majority Leader Dick Durbin (D-IL), House Financial Services Ranking Member Maxine Waters (D-CA), House Education Committee Ranking Member George Miller (D-CA), and Senate Banking Committee members Sherrod Brown (D-OH) and Elizabeth Warren (D-MA), sent letters to the CEOs of numerous financial institutions asking that the institutions explain their student debit card deals with colleges and universities. The letters ask each financial institution for: (i) a list of colleges/universities where the institution has an agreement to enroll students in any deposit account or prepaid debit account and where the marketing, materials or financial instruments used to access such accounts are co-branded with a college or university logo, symbol, mascot or name; (ii) the number of accounts opened through agreements at each institution of higher education listed from the previous question, and the total fees collected from such accounts over the last three academic years; (iii) the total value of monetary and non-monetary remuneration provided to such institutions of higher education for the marketing of these products over each of the last three academic years; and (iv) whether any of the institution’s employees or agents have ever provided any monetary or non-monetary gift to an employee or agent of an institution of higher education, including meals, entertainment, gift cards, or compensation for an advisory committee above a $10 value as part of the institution’s marketing strategy over the past three academic years.

Earlier this year the CFPB initiated a review of campus affinity relationships, and on Monday, September 30, the CFPB is hosting an event regarding financial products offered at colleges.


D.C. Federal District Court Vacates Federal Reserve Board’s Interchange Fee Rule

On July 31, the U.S. District Court for the District of Columbia held that the Federal Reserve Board’s 2011 final rule implementing the so-called Durbin Amendment is invalid under the Administrative Procedures Act (APA). NACS v. Bd. of Govs. Of the Fed. Res. Syst., No. 11-2075, slip op. (D.D.C. Jul. 31, 2013). Several retailers and their trade associations filed suit to challenge the Federal Reserve Board’s rule that set a 21-cent cap on interchange fees – the fees payment networks charge merchants on each debit card transaction to compensate the card issuer – and required that only two unaffiliated networks be available for each debit card. The court found that the Board exceeded its authority under the Durbin Amendment by adjusting the fee cap in the Final Rule to include costs (such as network processing fees and fraud losses) that were not permitted to be considered.  The court also concluded that the Board violated the APA by not requiring that all debit transactions be able to run over at least two unaffiliated networks, regardless of authorization method (i.e., signature or PIN). The court further noted that the Board did not provide merchants the ability to choose the network on which they would process transactions.  The court vacated the Board’s interchange transaction fee and network non-exclusivity regulations as arbitrary, capricious or otherwise not in accordance with law and remanded them to the Board for further action. However, in order to avoid disrupting commerce, the court allowed the current regulations to remain in place temporarily. The court invited further briefing on the appropriate length of the stay and whether the current standards should remain in place until they are replaced or the Board should develop interim standards sufficient to allow the court to lift the stay.

COMMENTS: Comments Off
POSTED IN: Banking, Courts

Federal Reserve Board Report Finds Interchange Fee Exemption Benefiting Small Issuers

On May 23, the Federal Reserve Board issued a report showing that the exemption designed to protect small debit card issuers from interchange fee standards applied to large issuers is working as intended. The report indicates that depository institutions with consolidated assets of less than $10 billion, which are exempt from the interchange fee standard in Regulation II, received fee revenue of 43 cents per transaction in 2012 – roughly the same as the average received before Regulation II took effect. While the Dodd-Frank Act exempted small issuers from the interchange fee standard set in the regulation, it did not provide an exemption from the statute’s prohibition on network exclusivity. As a result, Regulation II requires every debit card issuer, regardless of size, to have at least two unaffiliated networks on every debit card. According to the report, most small issuers that responded to a survey about the effect of the network exclusivity provisions of the rule indicated that significant compliance costs were not incurred.


Florida AG Announces Settlement with Prepaid Debit Card Companies

On January 16, Florida Attorney General Pam Bondi announced that she obtained “first of their kind” settlements from the state’s five largest prepaid debit card companies. The settlements resolve claims that the companies failed to properly disclose information about fees and misled consumers with claims that use of the cards would improve credit history. While the agreements are not identical, they each require enhanced compliance measures, which generally relate to fee disclosures, use of comparison charts, and use of claims about credit improvements. Each company also agreed to make a donation to the Central Florida Chapter of Junior Achievement and pay the cost and fees for the matters investigated to the Office of the Attorney General.