By Bradley O. Cebeci
Rome & Associates
Despite the DOJ's abandonment of Operation Choke Point in 2017, the Federal Trade Commission has continued to treat ISOs as gatekeepers to the payments system, threatening them with liability where they fail to adequately police their merchants – while denying this policy publicly. Thus, one ISO took the offensive and initiated a groundbreaking, preemptive strike against the FTC rather than allowing itself to fall victim to the FTC's tactics.
On Dec. 5, 2019, Complete Merchant Solutions LLC filed suit against the FTC in the federal district court of Utah. The complaint seeks a declaration and injunction to stop the FTC from engaging in conduct CMS alleges "is not only unfair and harassing but also far beyond the express limitations of its jurisdiction and enforcement powers."
CMS is an ISO for acquirers Commercial Bank of California, Chesapeake Bank, Deutsche Bank, Merrick Bank and Wells Fargo. From soon after its founding in 2008, CMS focused on serving ecommerce businesses and other startup technology companies. CMS has grown from a tiny startup to a highly successful company. CMS has won several awards, been recognized nationally and regionally, and attracted investment from blue-chip equity funds. It provides work for nearly 300 employees and independent contractors, while serving more than 5,500 merchant accounts that produce over $3 billion in payments annually.
According to its complaint, CMS has, since 2013, maintained a chargeback rate well below the 1 percent mark. In 2018, CMS' chargeback rates were just .58 percent by dollar and .23 percent by count. CMS employs rigorous underwriting practices, which have led it to decline approximately 16 percent of merchant applications since 2013. CMS also subscribes to costly merchant-monitoring tools, including G2 and TSYS Fraud, to identify suspicious payment activity, fraud and other red flags; it also monitors the Mastercard Merchant Online Status Tracking system.
Nonetheless, CMS alleges, that for the past two years, the FTC has directed numerous civil investigative demands (CIDs) to CMS "seeking vast amounts of information relating almost entirely to a handful of business which CMS and its sponsoring banks ceased working with years ago." In response, CMS has produced over 45,000 documents – totaling over 475,000 pages – responded to numerous interrogatories, and produced multiple employees for depositions.
CMS contends the evidence produced to the FTC shows: CMS declined applications for 21 merchants responsive to the CID (responsive merchants); responsive merchants were 3 percent of CMS' total merchants in 2011, declining to only 0.5 percent in 2016 and 0.08 percent in 2017; by 2016 and 2017, less than 0.1 percent of CMS' processing volume was for responsive merchants; CMS terminated the overwhelming majority of responsive merchants before any regulator filed a complaint or subpoenaed CMS; and, of the 37 responsive merchants later involved in FTC enforcement actions, CMS had terminated 34 prior to the time of suit. Nonetheless, the FTC was not satisfied.
CMS alleges that, on Feb. 4, 2019, FTC staff informed CMS they planned to recommend enforcement action and sent CMS' lawyers a proposed complaint and consent order. The proposed complaint's theory is that CMS "failed to adequately screen and monitor its merchant-clients," and thereby misled its sponsoring banks. CMS stated the FTC's proposed consent order directed CMS to:
CMS argues that, under the FTC's first proposal, CMS wouldn't be able to solicit Amazon as a merchant, because it sells books by Princeton Review about how to get scholarships for college. CMS wouldn't be able to solicit Brigham Young University as a merchant because its business school represents that its services can assist students in starting or running a business. CMS would have to subject CVS or Walmart to heightened scrutiny, because they sell multivitamins. And CMS would have to subject Best Buy or Apple to heightened scrutiny, because the Geek Squad and the Genius Bar provide computer technical support services.
CMS further alleges that, while the FTC narrowed some categories in response to comments from CMS' attorneys, the FTC indicated it would insist on a ban on serving businesses that fall into certain categories, including any company (like Amazon) that sells nutraceuticals with an option to purchase via subscription (like Amazon's "Subscribe and Save" program).
The FTC also kept the list of suspect categories requiring heightened scrutiny and monitoring virtually identical, apart from moving subscriptions (for all products other than nutraceuticals, which would still be subject to the outright ban), business-related education and grants categories, and businesses that use telephones to induce sales from the categories subject to an outright ban to one requiring heightened scrutiny. The FTC rejected any further proposal to narrow these categories.
And the FTC sought to set the threshold for chargebacks (which would trigger a duty to "immediately" investigate) at 55 chargebacks per month, a level well below the "early warning" threshold set by the card brands. Additionally, the FTC's various draft orders all sought to impose a "strict liability" standard – meaning CMS could be in violation of the order's terms without having any knowledge of the facts giving rise to that liability.
CMS argues this is not what the law intends and is far beyond reasonable bounds of the FTC's authority. The FTC Act empowers the FTC to police unfair business practices. According to CMS, however, the vague term "unfair" doesn't confer upon the FTC the power to make banks' ISOs vicariously liable for failing to prevent merchants from committing fraud. And, the FTC has no authority to eject thousands of law-abiding merchants – which themselves are not the subject of any legal action – from the payment systems on which they depend, based on nothing more than the FTC staff's biases against particular industries.
CMS also noted that the FTC is prohibited from regulating banks, whose relationships with ISOs are regulated by the FDIC and other banking regulators. Thus, CMS argues the FTC is seeking an end-run around this limitation of its authority by going after the ISOs, which act as a sales arm for the acquiring banks, and are there to simply facilitate the connections between merchants and banks, the entities responsible for the processing of merchant transactions.
Accordingly, the complaint asks the court to end the FTC's overreach and threatened legal claims by granting CMS' request for declaratory relief, and issuing an injunction prohibiting the FTC from bringing (or threatening to bring) any action against CMS in connection with the provision of its ISO services as described herein, premised on a violation of 15 U.S.C. § 45(a) or § 53(b), as such statutes give the FTC no authority to bring such actions.
This is a bold move by CMS. By filing suit against the FTC rather than waiting for the commission to commence an enforcement action, CMS has taken the initiative and framed the argument on its own terms as a champion of ISOs throughout the payments industry. This challenge is also set against the backdrop of a split among the federal circuit courts as to whether 15 U.S.C. § 53(b), which codifies section 13(b) of the FTC Act, empowers the FTC to seek monetary relief, including restitution – an issue that has recently put the FTC on its heels in enforcement actions. This lawsuit may represent a blow to the FTC's ability to police ISOs and hold them liable for their merchants' actions absent strong evidence of complicity.
Also take note that – as evidenced by the FTC's proposed consent order to CMS – all nutraceutical, tech support and negative continuity merchants, along with the ISOs that extend services to them, remain very much within the FTC's crosshairs. 
Bradley O. Cebeci is a senior attorney with Rome & Associates, APC. Brad focuses on Payments Law, Digital Marketing and FTC Issues. Contact him at bcebeci@romeandassociates.com.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
