Payment Processing & Cards

On May 14, the Supreme Court struck down the Professional and Amateur Sports Protection Act (“PAPSA”), a federal law that prohibited most states from allowing sports-related gambling.  The ruling now clears the way for any state to legalize gambling on sports.

PAPSA made it “unlawful” for a state to “authorize” any gambling operation based on competitive sports events. (A few states, including Nevada, were grandfathered in at the time of the law’s passage in the 1990s.  New Jersey, the petitioner, had been given a one-year window to avoid PAPSA, but it failed to act in time.)  In Murphy v. National Collegiate Athletic Association, the Supreme Court ruled that the federal law violated the anti-commandeering principle—a Constitutional rule that prohibits the federal government from “issu[ing] orders directly to the States”—because PAPSA “unequivocally dictates what a state legislature may and may not do.”

The case pitted the state of New Jersey against the NCAA and the major professional sports leagues.  New Jersey, given the large draw of Atlantic City, wanted to allow for sports-related gambling.  So, in 2011, New Jersey voters approved a constitutional amendment to allow it.  A state law followed in 2012 and was quickly challenged by the sports associations.  Initially, the state law was struck down by the Third Circuit as a violation of PAPSA, and the Supreme Court declined to review the case.  New Jersey then modified the law in 2014 to try to avoid the federal restrictions.  The modified approach was framed as a partial repeal of prior state prohibitions rather than an express authorization of gambling.  Again, the sports associations sued.  The Third Circuit, sitting en banc, held that PAPSA still prohibited the new state law and that PAPSA did not violate anti-commandeering principles because it did not command states to take affirmative action.  This time, the Supreme Court granted certiorari on the constitutional issue and reversed the decision.

In dissent, Justice Ginsburg argued that (1) Congress could undoubtedly regulate gambling under the Commerce Clause, and (2) the problematic provision should be severed from the remainder of the statute.  “Deleting the alleged ‘commandeering’ directions would free the statute to accomplish just what Congress legitimately sought to achieve: stopping sports gambling regimes while making it clear that the stoppage is attributable to federal, not state, action.”  Accordingly, she wrote, the Court should “salvage” the statute rather than “destroy” it.

The majority disagreed with the latter contention.  It held instead that the separate provisions were not severable because they worked together to form a “coherent federal policy.”  Notably, the majority agreed that Congress could directly regulate gambling.  Thus, the decision leaves open the possibility that Congress could prohibit sports gambling by passing different legislation.

Unless and until Congress passes such a law, however, “each State is free to act on its own.”

Even though both parties agreed the plaintiffs lacked standing to bring suit under the Fair and Accurate Credit Transaction Act (“FACTA”), the Seventh Circuit recently reversed the district court’s dismissal for lack of standing, and instead ordered the district court to remand the case to state court.

The FACTA putative class action, originally filed in the Circuit Court of Cook County, Illinois, arose out of receipts for the use of parking facilities operated by SP Plus at Dayton International Airport.  Plaintiffs Kathryn Collier and Benjamin Seitz alleged that the receipts included the expiration date of their credit and debit cards, in violation of FACTA.  Collier and Seitz brought a putative class action, claiming statutory damages and actual damages in excess of $25,000.  However, the complaint did not substantiate the actual damages and failed to describe any concrete harm suffered by either plaintiff.

SP Plus removed the case to federal court in the Northern District of Illinois based on federal question jurisdiction.  A week later, it moved to dismiss the suit for lack of subject matter jurisdiction, claiming the lack of concrete harm deprived the court of Article III jurisdiction.  Collier and Speitz responded with a motion to remand.  The district court sided with SP Plus, ultimately dismissing the case with prejudice.  Collier and Seitz appealed.

In reversing the district court, the Seventh Circuit explained that SP Plus, as the party invoking the federal court’s jurisdiction, had to establish all elements of jurisdiction, including Article III standing.  Because a “mere reference to actual damages in the complaint’s prayer for relief does not establish Article III standing,” it was clear the complaint had not sufficiently alleged an injury.  Thus, the court lacked subject matter jurisdiction.

The Court rejected SP Plus’s argument that once removal based on a federal question is accomplished, a defendant may challenge jurisdiction.  The slate was not wiped clean.  Instead, the removal statute mandates that a court remand a case if “at any time before final judgment it appears that the district court lacks subject matter jurisdiction.”  On the other side of the coin, if Collier and Speitz amended their complaint in state court to allege an actual injury, SP Plus then could remove the case to federal court.

The Court expressed disapproval of SP Plus’s “dubious strategy” because it “resulted in a significant waste of federal judicial resources, much of which was avoidable.”  However, it declined to award Collier and Speitz attorneys’ fees under the removal statute.

This case demonstrates the problems that continue to arise when plaintiffs who have suffered no injury file lawsuits seeking relief in court.  Although plaintiffs may successfully avoid removal to federal court by not alleging an injury, they may run into problems in state court.  Many states, including Illinois, also require a plaintiff to show a concrete injury in order to sue in state court.

The case is Collier et al. v. SP Plus Corp., No. 17-2431 (7th Cir. May 14, 2018).  A copy of the opinion can be found here.

As newspaper articles, academic studies, and politicians’ speeches have repeated, statistics suggest that a student loan crisis may be building. The share of students graduating with more than $50,000 in student loan debt has more than tripled since 2000, increasing from 5% in 2000 to 17% in 2014. As a result, this group of “large-balance borrowers” now holds the majority (58%) of the outstanding student debt owed to the federal government, approximately $790 billion of the $1.4 trillion accumulated by December 31, 2017. 

In recent days, the idea of “risk-sharing plans,commonly referred to as “RSPs,” has gathered momentum. In general, these arrangements compel educational institutions to repay taxpayers for some of the loans taken out by their defaulting graduates. One iteration, created by Tiffany Chou from the Office of Economic Policy at the Department of Treasury, Adam Looney from the Brookings Institution, and Tara Watson of Williams College and endorsed by Brookings itself, uses a purportedly hard-to-manipulate repayment rate—the amount each institution’s students have repaid after five years—to set minimum thresholds below which institutions would have to contribute. These scholars currently propose a rate of 20%. Thus, if the repayment rate falls below 20%, the college would be required to pay part of the difference to the federal government, with differing obligations as the rate decreases. According to its defenders, such an RSP would correct for the distortion in the student loan market created by federal guarantees of student loans. 

Significantly, this idea received a boost from favorable mention in a white paper released on February 1 by the staff of the Senate’s Committee on Health, Education, Labor and Pensions (or “HELP Committee), the very committee presently considering various reforms of the federal government’s student loan system. It even earned a reference on page 41 of the President’s Fiscal Year 2019 budget proposal. As of March 26, whether the HELP Committee will include such a program in a future bill and what form it would take remain unknown.


The Ninth Circuit Court of Appeals recently held that an agreement between a district attorney and private law firms to litigate actions in the name of the district attorney based on a contingency fee agreement does not violate due process.

The decision came after Eric Heryford, District Attorney for Trinity County, California, filed a suit against American Bankers Management Company and other corporations alleging the corporations violated California’s Unfair Competition Law (“UCL”) by allegedly enrolling customers in services without obtaining explicit customer approval.  The complaint listed as counsel for the state both the district attorney and attorneys from two law firms – Baron & Budd PC and Carter Wolden Curtis, LLP.  The attorneys from the law firms were listed as “Special Assistant District Attorneys” and had been retained by Heryford on a contingency fee basis.  Under the contingency agreement between Heryford and the law firms, the firms would assist with the investigation, research, filing, and prosecution of the suit against the defendants, but Heryford would retain sole and final authority over all aspects of litigation, including the sole authority to decide if the suit should be initiated or settled.

American Bankers subsequently filed an action alleging that the arrangement with the law firms was improper because it gave the firms a financial incentive to seek as much in civil penalties as possible, and that the arrangement between the DA and the firms violated American Bankers’ due process rights.

Judges Sharon Gleason, Michelle Friedland, and Richard Clifton of the Ninth Circuit Court of Appeals disagreed with American Bankers.  Citing United States ex. Rel v. Boeing Co., the Court found that the financial incentive to the firms was no different than the financial incentive provided to individual citizens who assist the government in bringing suits under the False Claims Act, and the Court had previously held that suits brought under the act by individuals does not violate due process.

The Court stated that “nothing meaningfully distinguishes the Law Firms’ pursuit of civil penalties under the UCL from private (citizens’) pursuit of civil penalties under the qui tam provisions of the False Claims Act.”

The UCL suit against American Bankers is still pending.

On February 27, the Federal Trade Commission filed an Agreement Containing Consent Order (“Agreement”) with respect to an administrative Complaint that the FTC had filed against PayPal, Inc.  The Agreement requires PayPal to correct the issues that the FTC alleged in the Complaint as violations of the Gramm-Leach-Bliley Act, the Privacy Rule and Regulation P, the Safeguards Rule, and the FTC Act through PayPal’s ownership and operation of Venmo, a peer-to-peer payment service.

Some peer-to-peer payment applications state that they are not “financial institutions” under the GLB Act because they are not traditional brick-and-mortar banks or lenders.  The FTC’s Complaint, however, stated that PayPal is a “financial institution” under the GLB Act because PayPal “is significantly engaged in ‘transferring money,’ one of the activities listed as financial in nature under the Bank Holding Company Act of 1956, 12 U.S.C. § 1843(k)(A), … and … in data processing and transmission, financial activities listed by the Consumer Financial Protection Bureau (“CFPB”) in Regulation Y, 12 C.F.R. § 225.28(b)(14), as covered by GLB.”

The conclusion that PayPal is a “financial institution” allowed the FTC to further allege that PayPal violated the Privacy Rule and Reg P by allegedly failing to provide a clear and conspicuous initial privacy notice to its customers, failing to provide an accurate privacy notice, and failing to deliver the initial privacy notice so that each customer could reasonably be expected to receive actual notice.  For instance, the mobile app did not require customers to acknowledge receipt of an initial privacy notice as a necessary step to obtaining a particular financial product or service.

The Complaint also alleges that PayPal violated the Safeguards Rule until approximately March 2015 by failing “to have a written information security program,” failing “to assess reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information,” and failing “to implement basic safeguards to protect the security, confidentiality, and integrity of consumer information,” including failing “to provide security notifications to consumers … and … to maintain adequate customer support to timely investigate and respond to users’ reports concerning account compromise or unauthorized transactions.”

The Complaint alleges that PayPal violated the FTC Act by telling its users that money credited to their Venmo balances could be transferred to their external bank accounts, but Venmo failed to disclose that the transactions were still subject to review and that the funds could be frozen or removed.  Venmo allegedly waited until users attempted to transfer funds to review the transactions for fraud, insufficient funds, and other problems.  Many users experienced a delay in transfer or reversal of the transaction once the final review took place.  This practice allegedly led to significant financial hardship for many consumers.  The Complaint also alleges that PayPal violated the FTC Act by allegedly misrepresenting the extent to which users could control the privacy of their transactions, and the extent to which users’ financial accounts were protected by “bank grade security systems.”

In the Agreement Containing Consent Order, PayPal neither admitted nor denied the allegations in the Complaint.  The key parts of the Agreement are the following:

  • PayPal is prohibited from misrepresenting any material restrictions on the use of its service, the extent of control provided by any privacy settings, and the extent to which Venmo implements or adheres to a particular level of security.
  • PayPal is required to disclose to consumers, clearly and conspicuously, that when transferring or withdrawing funds to a bank account such funds could be frozen or removed as a result of transaction reviews performed during the bank transfer or withdrawal process.  PayPal must issue a notice to users that when a user attempts to withdraw funds to a bank account, PayPal will perform transaction reviews, and based on such review, may block or delay the transfer or withdrawal, and/or reverse a payment transaction. PayPal is further required to disclose, clearly and conspicuously, how a user’s transaction information will be shared with other users and how the user can use privacy settings to limit or restrict the visibility or sharing of the user’s transaction information.
  • PayPal is also required to “obtain initial and biennial assessments and reports … of the Venmo Payment and Social Networking Service from a qualified, objective, independent third-party professional, using procedures and standards generally accepted in the profession.”

The Complaint and Agreement Containing Consent Order reveal that the FTC is continuing to pay close attention to privacy and data issues and the representations that a company makes about its security systems and data integrity.  The Complaint and Agreement also reveal that the FTC is scrutinizing the payments industry to make sure that a company’s representations about the availability of funds is clear, conspicuous, and accurate.

On February 21, the Ninth Circuit affirmed a district court’s dismissal of an action brought under the Fair and Accurate Credit Transactions Act (“FACTA”), finding that the plaintiff had not demonstrated Article III standing.  Plaintiff Steven Bassett alleged that ABM Parking Services and its affiliated businesses repeatedly printed the expiration date of his credit card on sales receipts.  Bassett argued that the failure to withhold this information from the credit card receipt could lead to identity theft, but the Western District of Washington dismissed his case for failure to plead injury.

In an opinion that included a step-by-step analysis of the Supreme Court’s reasoning in the landmark Spokeo decision, the Ninth Circuit affirmed the district court’s finding that Bassett had not alleged a concrete injury-in-fact to confer standing.  “We need not answer whether a tree falling in the forest makes a sound when no one is there to hear it,” wrote Judge M. Margaret McKeown for the panel.  “But when this receipt fell into Bassett’s hands in a parking garage and no identity thief was there to snatch it, it did not make an injury.”  Bassett’s credit card information was not disclosed to anyone but Bassett himself, the panel concluded, and his complaint failed to allege a risk of harm, “given that he could shred the offending receipt along with any remaining risk of disclosure.”

The court contrasted Bassett’s claims to those recently before the court in a Telephone Consumer Protection Act (“TCPA”) case.  In Van Patten v. Vertical Fitness Group, LLC, the Ninth Circuit held that a consumer who received unsolicited text messages in violation of the TCPA alleged an injury because “unrestricted telemarketing can be an intrusive invasion of privacy and is a nuisance.”  While a credit card receipt that has not been divulged to anyone but the credit card’s holder may not cause harm or present the material risk of harm, “unconsented text messages and consumer reports divulged to one’s employer necessarily infringe privacy interests and present harm.”

The decision unites the Ninth Circuit with the Second and Seventh circuits, which both affirmed dismissals of similar FACTA cases in Crupar-Weinmann v. Paris Baguette America, Inc. and Meyers v. Nicolet Restaurant of De Pere, LLC, which we covered here.

A district judge in the Southern District of Florida recently dismissed a FACTA class action on Spokeo grounds even though he had previously approved a near-$600,000 settlement in the same case.  In 2016, lead plaintiff Eric Kirchein filed suit against Pet Supermarket, Inc, contending that the retailer violated the Fair and Accurate Credit Transactions Act (“FACTA”) when it printed more than five digits of his and other consumers’ credit card numbers on sales receipts.  The parties reached a preliminary settlement agreement later that year, with Pet Supermarket agreeing to pay $580,000 to a class of almost 30,000 consumers.

The deal ran into trouble soon thereafter, as the parties had difficulty finding and locating individual class members.  Further complicating matters, the size of the class increased, as Pet Supermarket discovered the class was approximately ten percent larger than initially thought.  Plaintiffs’ counsel requested additional settlement funds to compensate for the additional class members, leading the parties to try to renegotiate the settlement.  Despite these issues, the court declined requests to vacate the settlement agreement.

Even though the parties had an agreement in principal, Pet Supermarket later challenged the court’s subject matter jurisdiction based on Spokeo grounds.  The court agreed with the retailer that Kirchein could not show he had suffered concrete harm resulting from the alleged FACTA violation.  Judge Robert N. Scola, Jr. chiefly relied on his own previous decisions in similar FACTA cases – specifically Gesten v. Burger King, which found that the plaintiff failed to allege that any disclosure of his private information actually occurred – to reach a similar conclusion regarding Kirchein’s claims.  Without any allegation that his private data had been divulged, the court found that Kirchein could not establish standing.

Though the court acknowledged that there was “substantive work that remains to be done” in the case, the absence of subject matter jurisdiction prevented further activity by the court, including a fairness hearing or issuing an order approving the proposed settlement agreement.

The case is Kirchein v. Pet Supermarket, Inc., Case No. 0:16-cv-60090.

On February 6, the Conference of State Bank Supervisors (“CSBS”) announced that seven states have entered into a compact that should streamline the process of applying for state money transmitter licenses.

Moving forward, the participating states– Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas, and Washington – will accept each other’s findings regarding certain “key elements of state licensing.”  The “key elements” include IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act.

If the compact works as planned, a company that has obtained a money transmitter license from one of the compact states will be able to obtain a license from any other compact state without the delay and expense of duplicative review and approval requirements, at least as to the “key elements” outlined above.

“This MSB licensing agreement will minimize the burden of regulatory licensing, use state resources more efficiently, and allow for broader participation by other states across the country,” said John Ryan, CSBS president and chief executive officer.

The CSBS’s announcement also noted that more states are expected to join the compact, which is only the “first step among state regulators in moving towards an integrated, 50-state system of licensing and supervision for fintechs.”

A copy of the CSBS’s announcement is available here.

On January 3, the Ninth Circuit Court of Appeals found that Section 1748.1 of the California Civil Code – which bars sellers from imposing surcharges for credit card payments, while still permitting discounts for payment by cash or other means – was an impermissible content-based restriction under the First Amendment of the United States Constitution as specifically applied to the plaintiffs.

The plaintiffs in Italian Colors Restaurant et al. v. Becerra, No. 15-15873, 2018 WL 266332 (9th Cir. Jan. 3, 2018) were five California businesses and their owners or managers that “pay thousands of dollars annually in credit card fees.” Although it is in their interest to collect cash payments to avoid credit card fees, Section 1748.1 prevented them from imposing credit card surcharges, which they contended would be more effective than discounts to encourage buyers to use cash. Despite there being no apparent measurable difference between consumers’ response to the two approaches, research indicates that surcharges may be more effective because “economic actors are more likely to change their behavior if they are presented with a potential loss than with a potential gain.”

The Ninth Circuit deferred to the recent Supreme Court decision in Expressions Hair Design v. Schneiderman, 137 S. Ct. 1144 (2017), in which the Court held that New York’s surcharge ban tells merchants nothing about the amount they are allowed to collect from a cash or credit card payer, but does regulate how sellers may communicate their prices. The Ninth Circuit reasoned that Section 1748.1 regulates commercial speech because it regulates how sellers can communicate their prices rather than how much sellers can charge. As a result, the restriction implicated the First Amendment. The Court conducted a two-prong intermediate scrutiny test, finding that: (1) the regulated speech (namely, imposing credit card surcharges) was not misleading or related to unlawful activity; and (2) the law did not further the state’s interest in protecting consumers from deceptive price increases and was not narrowly tailored to achieve the state’s interest.

For these reasons, the Court found the law violated the First Amendment only as applied to the plaintiffs, with respect to the specific pricing practice that the plaintiffs wanted to use. This ruling is the latest in a series of other appellate decisions analyzing state law surcharge bans under the First Amendment, indicating that such restrictions may continue to be challenged in court.

Earlier this month, the New York State Department of Financial Services fined The Western Union Company $60 million for allegedly violating the New York Bank Secrecy Act and anti-money laundering laws.

According to DFS, Western Union was aware of improper conduct involving its “NY-China Corridor” agents – small businesses that offered services for Western Union in Manhattan, Brooklyn, and Queens which, despite their size, had some of the largest volumes of transactions in the world, and were some of the most profitable locations for the company.  For instance, a small travel agency in Lower Manhattan which was a Western Union agent processed transactions totaling $1.14 billion from 2004 to 2011.  It is alleged that some of the money transfers from this business and other NY-China Corridor agents were actually intended to launder money and included payments that may have aided in human trafficking.

An investigation by DFS revealed that Western Union conducted compliance investigations of several agents and had evidence that indicated there appeared to be illegal and improper activities occurring at these locations.  However, when disciplinary actions against these agents were suggested, senior managers within the company allegedly intervened, going as far as to pay the owner of the Lower Manhattan location a bonus of $250,000 to renew his contract with the company, even though the agent had several compliance violations.

Maria T. Vullo, Superintendent of the DFS, said in a statement, “Western Union executives put profits ahead of the company’s responsibilities to detect and prevent money laundering and fraud by choosing to maintain relationships with, and failing to discipline, obviously suspect, but highly profitable, agents.”

As part of the consent order reached between DFS and Western Union, the company must pay the $60 million fine and must also submit to the DFS its plan to ensure that its anti-money laundering programs and anti-fraud programs are complied with in the future.