On July 28, the Federal Trade Commission filed a lawsuit in the United States District Court for the District of Arizona against several merchants, an Independent Sales Organization (“ISO”), and their affiliated companies (a total of twelve defendants) alleging that they had engaged in credit card laundering in violation of Sec. 13(b) of the FTC Act, the Telemarketing Sales Rule, and the Telemarketing and Consumer Fraud and Abuse Prevention Act.  The complaint alleges that the merchant created 23 fictitious companies that charged “thousands of consumers more than $7 million for worthless business opportunities and related upsells” in order to avoid triggering the card networks’ chargeback monitoring programs and attracting the scrutiny of the acquirer.  The merchant opened 23 accounts at Chase under the name “Dynasty Merchants, LLC.”  The merchant filled out 23 merchant applications with the ISO and attached phony checks that made it appear that the companies each had their own account at Chase.

The FTC alleged that the ISO, which appears to have been affiliated with the merchant defendants, engaged in the underwriting and approval of the fictitious companies and helped set up merchant accounts with its acquirer for the fictitious companies.  The complaint alleges that the ISO used the services of two payment processors to process almost $6 million in credit card charges through merchant accounts established in the names of the fictitious companies.  According to the complaint, the ISO: (1) knew that one of the principals of the merchant had a criminal record; (2) knowingly opened merchant accounts in the names of numerous fictitious companies for the same underlying merchant, and thereby falsely represented the true identity of the fictitious companies to the bank; (3) received notification from the bank that one of the merchants’ companies had a high chargeback ratio, but the ISO did nothing but try to further conceal the identity of the merchant and otherwise help the merchant; (4) approved new applications using different names from the merchant although the bank instructed the ISO to terminate the merchant’s accounts and the ISO knew that the merchant was submitting applications with fictitious names; (5) failed to inform the bank that the merchants were telemarketers although the bank’s rules required the ISO to inform the bank when a merchant was a telemarketer; and (6) falsely told the Oregon Department of Justice that it was not doing business with the merchant although it was doing business with the merchant.

The FTC also alleged that the ISO ignored several red flags, including the following:

  • Almost all of the merchants were located in the same area and the business descriptions were vague, almost always identical (i.e. “marketing and advertising”), and provided no specific description of the product or service being sold.
  • The 23 supposedly separate merchants attached facially suspect checks that appeared almost identical in form.
  • The ISO obtained credit reports for each of the 23 fictitious companies.  The credit reports indicated that the principals or owners of the businesses had low credit scores, poor credit ratings, and owed substantial outstanding debts.
  • The 23 merchant applications failed to include copies of the merchants’ marketing materials although the bank required a review of the materials as a part of the due diligence process.
  • Although the bank’s policy required the ISO to obtain screen shots of the relevant web pages of the merchant’s website for “high risk” merchants, some of the merchants did not have a valid website.
  • The address listed on some merchant applications did not match the address listed on the credit report.
  • Many of the merchant applications listed the same owner.
  • The checks attached to the applications often did not correspond with the bank account listed in the applications.
  • Although many of the merchant applications contained clear indications that the merchants were engaged in telemarketing, and Visa rules require telemarketers to be classified and coded as “High Brand Risk Merchants,” the ISO failed to assign to these entities the correct MCC number required for telemarketers.
  • In some cases, the chargeback requests sent by customers indicated the name of a merchant that was a different name than the merchant with the account, “obvious evidence of credit card laundering.”

This case demonstrates that the FTC will not only sue merchants that engage in alleged unlawful conduct, but also payment processors and ISOs who allegedly aid and abet the conduct.  The case is FTC v. Electronic Payment Solutions of America, Inc. et al., 2:17-cv-02535 (U.S.D.C., D. Ariz.).