Payment processor pays the price for unauthorized debits

It may be tempting for a payment processor to look the other way about a client’s business practices, figuring it’s the merchant’s job to get proper consumer authorization for charges submitted for processing.  But donning blinders can lead to regrettable results, as an FTC action against a payment processor shows.

Following a settlement in federal court in Texas, Landmark Clearing and its principals are banned for life from offering certain types of payment processing services and will operate under an order requiring them to monitor their remaining clients closely.  They’re also subject to a $1.5 million judgment for fees earned from what the FTC says was unauthorized debiting of bank accounts.  Subject to an avalanche clause, some of the judgment was suspended due to their inability to pay, but they’ll turn over roughly $260,000 in cash and property.

So how did things wind up like this for Landmark?

Payment processors provide merchants with a link to the banking system and consumer accounts, so businesses can get payments from customers in a form other than cash.  Processors control how money is debited from bank accounts and transmit the funds to the merchant.

According to the FTC, Landmark focused primarily on processing Remotely Created Payment Orders — a newer kind of payment method where a consumer’s account info is entered into an electronic check template, which is then sent through the clearing system much like any other check.  When the consumer’s bank gets the payment order, it debits the consumer’s account just like it would for a regular check.

But in some instances, the bank rejects the payment order and returns it to the processor.   Why?   Maybe there wasn’t enough money in the account, the account number was incorrect, or the consumer disputes the charge as unauthorized.   A high number of returns can be a tell-tale sign the merchant didn’t get valid consumer authorization for the charges.

In Landmark’s case, according to the FTC, it continued processing for merchants even though an astounding percentage of the transactions were rejected and returned by consumers’ banks for one reason or another.  For one merchant, more than 83% of total attempted debits were sent back.  For another, the return rate topped 70%.  With rates like that, “Landmark knew, or should have known, that its client merchants routinely fail to obtain the consumers’ authorization for such debits,” according to the FTC complaint.

So what should payment processors do to ensure they don’t find themselves in a similar situation?

Be accountable with accounts.  Processors shouldn’t stick their heads in the sand and claim they don’t know what their clients are up to.  As the Landmark case and other FTC law enforcement actions make clear, processors have a role to play in making sure debits are authorized.

Pay attention to return rates.  High return rates for payments you process — whether it’s the total number, the percentage returned for insufficient funds or account number problems, or the percentage designated by a consumer as unauthorized or “stop payment” — should trigger warning bells, signaling a need to take a closer look at what’s going on with the merchant.

Know your clients.  Familiarize yourself with your merchants and monitor their practices.  This may include periodically reviewing clients’ businesses or websites, checking consumer complaint sites, and doing other routine diligence into their products and practices.  Legitimate businesses don’t mind your interest.  But if something appears amiss, take direct and immediate action to protect consumers — which in turn, could protect your company.

0 Comments

| Comment Policy

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.