GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
Skyscraper Ad

Friday, May 26, 2017

D.C. Court revisits case against CFPB

T he Consumer Financial Protection Bureau has been closely scrutinized since its inception as part of the 2010 Dodd-Frank Act. Advocates say the government agency protects consumers from unfair lending and predatory credit practices. Opponents claim the agency is too powerful and autonomous. Both sides had their day in court May 24, 2017, when the U.S. Court of Appeals for the D.C. Circuit reopened PHH v. CFPB, a legal action challenging the CFPB’s constitutionality and powers.

As reported March 13, 2017, in issue 17:03:01 of The Green Sheet, PHH Corp. and concerned parties sued the CFPB in April 2016. Plaintiff alleged the bureau belonged to a group of government agencies such as the Federal Communications Commission that “constitute a headless fourth branch of government." Mortgage provider PHH Corp. was also contesting a $109 million penalty imposed by the CFPB for deceptive practices; PHH called the penalty executive overreach.

Presidents, precedents

Circuit Court Judges Kavanaugh, Randolph and Henderson ruled in favor of plaintiffs Oct. 11, 2016, but agreed to reconsider the ruling in February 2017, following the CFPB’s appeal. The original opinion was based on a series of historical precedents set by previous administrations that stipulated levels of authority in legislative, executive and judicial branches of government.

Arguments invoked the following Supreme Court cases concerning separation of powers:

Joseph Lynyak III, Partner at international law firm Dorsey & Whitney, observed that numerous questions and arguments in the reopened case focused on the Humphrey’s Executor and the Free Enterprise decisions. Plaintiff PHH “argued strongly that the degree of independence given to the CFPB falls far outside of the limits announced in Humphrey’s Executor and approved of in the Free Enterprise decision," he stated.

Divided political interests

As an eleven-judge panel reviews the reopened case against the CFPB, advocates cite the agency’s accomplishments while critics question its structure, legitimacy and authority. CFPB spokesperson Sam Gifford said the agency is unavailable for comment during active litigation.

PHH continues to assert the CFPB’s authority violates separation of power. “Because the CFPB is an independent agency headed by a single Director and not by a multi-member commission, the Director of the CFPB possesses more unilateral authority – that is, authority to take action on one’s own, subject to no check – than any single commissioner or board member in any other independent agency in the U.S. Government,” the company stated.

Rachel Weintraub, Legislative Director and General Counsel at the Consumer Federation of America disagreed, stating, “The CFPB has returned $12 billion to 29 million consumers. The American people need the CFPB to stand up for them. This case is about pulling the agency down.”

Pamela Banks, Senior Policy Counsel for Consumers Union, Consumer Reports, added, “The CFPB director needs to be independent from potential political pressure in order to be able to stand up for protecting the interests of consumers against the immense power of the financial industry. The structure designed by Congress ensures that the director will be both independent and accountable.”

Lawsuit alleges USR technology at core of Apple Pay
Thursday, May 25, 2017

O n May 22, 2017, Universal Secure Registry LLC filed a complaint in the U.S. District Court for the District of Delaware alleging that Apple Inc., Visa Inc. and its subsidiary Visa U.S.A. Inc. infringed seminal patents for electronic payments and identity authentication integral in developing their mobile payment platforms.

Represented by Quinn Emmanuel Urquhart & Sullivan LLP, the same law firm that represented Samsung Electronics Co. Ltd. in a design patent dispute with Apple, USR holds 13 of the more than 30 U.S. patents authored by USR founder and Chief Executive Officer Kenneth Weiss, inventor of SecurID token and former CEO of Security Dynamics Technologies Inc., now RSA Security LLC.

Weiss apparently met with Apple executives in 2010, years before Apple Pay’s 2014 launch, as well as Visa executives, to develop and license commercial implementation of USR's patented technology. The patents at issue in the infringement suit include authentication systems that use a smartphone, biometric identification and secure one-time tokens to conduct transactions.

In its complaint, USR stated that "during the meeting with Visa, USR made detailed presentations of the patented technology under protection of a non-disclosure agreement." And after several attempts to strike partnerships with all parties failed, "Apple and Visa began working together on Apple Pay at least as early as January 2013, and Visa dedicated approximately 1,000 people towards the development project with Apple."

Price tag unknown

While the suit seeks unspecified damages, the scope of the infringement was outlined. In addition, the plaintiff stated that since 2014, "Apple's backend servers and Visa's payment processing network VisaNet, including Visa Token Service, have supported and processed transactions made using Apple Pay, including billions of Apple Pay transactions made in the United States."

According to the complaint, Apple CEO Tim Cook stated at the iPhone 6 launch in September 2014 that payments “is a huge business. Every day between credit and debit we spend $12 billion. That's over $4 trillion a year and that's just in the United States. And this business is comprised of over 200 million transactions a day.''

USR believes that if a jury finds that Apple and Visa's infringements were willful, up to triple damages could be awarded. The median damages award for patent infringements in 2016 hovered at $6.1 million, according to the PwC 2017 Patent Litigation Study. "USR has set forth facts in the complaint which we believe will lead to discovery that will support claims of willful infringement against both Apple and Visa," Weiss said.

DocuSign warns against phishing scam
Tuesday, May 23, 2017

S an Francisco-based DocuSign Inc., global provider of electronic signature and digital transaction management solutions, warned of a phishing campaign with malicious code that began circulating May 16, 2017. Company representatives recommend deleting and not opening suspicious emails that contain non-PDF attachments, suspicious URLs and spelling errors. The trending phishing attack from "" misspells DocuSign and contains a macro-enabled Microsoft Word document, they noted.

Preliminary reports from forensic investigators indicated no names, physical addresses, passwords or sensitive data were stolen. DocuSign customer privacy and documents remain intact, and the company has asked users to forward suspicious emails to

Phishing attacks proliferate

Security analysts say DocuSign's use of push notifications makes the company attractive to email scammers. "The DocuSign business model relies on a DocuSign branding push via their notification emails, and that makes them and their customers more vulnerable to attacks such as this," said John Gunn, Chief Marketing Officer at VASCO Data Security International Inc. "No one is immune to the threat of attacks, but we believe that our twenty years of experience in the IT security segment is a real asset for us and our customers."

Doron Davidson, co-founder, Vice President Business Development and Customer Success at SecBI Ltd., noted the email scheme is a continuation of phishing trends designed to lure users to open malware-laden documents. "This illustrates that, time and again, cyber criminals manage to breach the trust between users and security vendors, and penetrate organizations," he said. "Even more worrying is the fact that the documents were weaponized with the Hancitor downloader. Hancitor downloads either the credential-stealing Pony, EvilPony or ZLoader malware."

Detection, containment

Davidson said it is fortunate that DocuSign detected and contained the breach before sensitive information was ex-filtrated across the company's 250,000 business accounts and 100 million end users. "We see this as another failure of prevention mechanisms and hope that many more organizations will assume a breach at one point or another and proactively seek to hunt these threats," he added.

The DocuSign security team posted the following additional recommendations on the company's website for protecting against phishing attacks:

Learning to properly detect and avoid online and email scams is the best protection against fraud, the company stated. "The Internet is a critical component to your business and to conducting business on the DocuSign Global Network," DocuSign analysts wrote. "Those committing fraud seek to take advantage of this trusted relationship for illegal purposes. DocuSign continuously monitors for such activity in order to help safeguard our customers' information, documents and data."

Google, PayPal to deliver mobile pay by fingerprint
Monday, May 22, 2017

D uring the Google I/O 2017 developer conference held May 17 to 19 in Mountain View., Calif., Google Inc. revealed that building upon a nearly three-year partnership with PayPal Inc., Android Pay users on Chrome mobile web will soon be able to pay at millions of online merchants that accept PayPal using their PayPal account and a fingerprint; no username or password required.

Addressing the importance of a seamless mobile checkout experience, Google Vice President of Payments Products Pali Bhat stated, "Mobile checkout remains one of the biggest sources of friction in the commerce experience, and we're excited to collaborate with PayPal on enabling streamlined checkout experiences for all Android Pay and PayPal users."

The news comes one month after the partners agreed to enable U.S. consumers to use PayPal as a payment method in the Android Pay wallet wherever Android Pay is accepted, both in apps and in stores. With the new service, Android Pay users that have linked their PayPal accounts should expect a more simplified payment experience online.

PayPal builds out mobile strategy

The latest development is part of an ongoing strategy for PayPal. "As more and more shopping moves to mobile and as we deliver great mobile customer experiences through our unique two-sided platform of over 200 million users and 16 million merchants, PayPal's mobile-first strategy is paying off," said Bill Ready, Chief Operating Officer at PayPal. Major card brands and other key stakeholders have also aligned with PayPal.

In addition to being able to pay with PayPal on Chrome mobile web via Android devices, PayPal's other initiatives are gaining momentum. "PayPal's One Touch is another way, and enables consumers to securely check out across platforms and devices without having to type in any payment information once logged in," Ready said, noting that over 53 million people globally have opted into One Touch, which is available at over 5 million merchants.

First Data named top U.S. employer for veterans
Friday, May 19, 2017

F irst Data Corp. placed first in the overall rankings on Military Times' "Best for Vets: Employers 2017" list, which this year recognized 84 companies nationwide. To make the grade, companies were evaluated based on military service member recruitment policies, company culture and reservist accommodations. Military Times provides news related to the military and defense targeted to current and former military personnel.

"This is a tremendous honor for First Data and reflects the significant commitment we have made to support our nation's service members and military families," said First Data Chairman and CEO Frank Bisignano. "Our hiring efforts have placed veterans and military spouses at every level of the company, and we work tirelessly to support veteran-owned businesses through innovative tools to help these business owners thrive long after returning home from service."

First Data recently appointed former NASA astronaut Scott Kelly to its Military Advisory Council. The council advises the company on employment, experience and entrepreneurship program strategies to increase engagement with military members.

"The companies on the Military Times Best for Vets list earned their rankings through determined efforts to recruit and support service members, veterans and military families," noted George Altman, the editor in charge of the rankings. Annual lists of honorees dating back to 2014 can be referenced on the website .

First Data Salutes

First Data launched First Data Salutes in October 2014, an enterprise-wide military engagement initiative to recruit and hire military veterans and spouses. The onboarding and training program assists with transitioning military members to the civilian workforce, and offers company-wide awareness training. First Data said the program has boosted military hires within the company by more than 10 percent since its inception.

The initiative also supports veteran-owned businesses, with free Clover Mini or Clover Mobile POS systems. In partnership with the Institute for Veterans and Military Families at Syracuse University, First Data helped launch the Coalition for Veteran Owned Business and Center of Excellence for Veteran Entrepreneurship. And it sponsors the Entrepreneurship Bootcamp for Veterans with Disabilities mentorship and grant program.

Beginning with the 2016 Major League Baseball season, First Data entered a partnership with the New York Mets to sponsor the "veteran of the game." At each home game, a Mets player presents a veteran with an American flag previously displayed in the stadium as a video showcasing the service member's achievements is played.

View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | Super G Capital LLC | IRISCRM.COM | Humboldt Merchant Services