Payment Processors are Essential Participants in Telemarketing Fraud
According to the National Consumer League's National Fraud Information Center, bank debits were the second most common method of payment by victims to fraudulent telemarketers. A telemarketer who obtains information on a victim's bank account can arrange to have that account debited, whether or not the victim actually agreed to have his or her account charged.
The success of telemarketing fraud, and in particular cross-border telemarketing fraud, is dependent upon entities known as third-party payment processors (hereinafter referred to as "payment processor") to facilitate the banking procedures by which money is taken from victims' bank accounts and transferred to the perpetrators of fraud.
The schemes require telemarketers, also known as merchants or originators, to contract with payment processors, like the Defendants, to collect and transmit money. A payment processor establishes an account with a bank. The telemarketer provides the payment processor with the consumers' bank account information and other information, such as the amount of the purported "sale."
The payment processors use the consumers' information to debit the consumers' account through one of two methods, a remotely created check (sometimes also known as a "demand draft") or an Automated Clearing House (hereinafter, "ACH") debit, (collectively referred to as "bank debits".)
An ACH debit refers to an electronic withdrawal of funds, without the use of any paper check, from a consumer's bank account. ACH transactions are subject to the interbank rules of the National Automated Clearing House Association (hereinafter, "NACHA"). Those rules prohibit processing ACH transactions on behalf of businesses engaged in outbound telemarketing calls to consumers with whom they have no existing business relationship.
As a result of NACHA's prohibition on using ACH transaction with outbound telemarketing solicitations to persons with which they have no existing business relationship, many telemarketers have migrated to the use of remotely created checks to debit consumer accounts.
By contrast, a remotely created check ("RCC") is an unsigned paper check. In place of a signature, an RCC will state "Authorized by Account Holder," "Signature Not Required," or "This payment has been authorized by the above-named depositor and is guaranteed by the payee" or something similar. RCCs can be printed using readily available computer hardware and software and are handled (and optically scanned) by the banking system in the United States as normal personal checks.
Both ACH debits and demand drafts can be initiated using two pieces of information (other than the amount of the funds to be debited): the number of the drawee's bank account, and the routing number that identifies the bank where the account is located. These two numbers, sometimes referred to as the "MICR [Magnetic Ink Character Recognition] Code," appear at the bottom of regular bank checks.
The draft or debit is payable to the telemarketer, but is deposited into the bank account of the payment processor. Typically, a payment processor will then forward the funds received as a result of the bank transaction to the telemarketer, less a fee for the payment processor.
When a large number of bank debits—whether ACH or demand draft—are "returned" by account holders for a credit on similar transactions—that typically indicates a problem with the transactions between the merchant and its customer.
A bank draft or ACH debit "return" refers to a transaction refused or reversed by the payor's bank due to any number of reasons, such as the transaction was not authorized by the payor, invalid bank account number, insufficient funds in the payor's account, the account was closed, or other similar reasons. Return rates that deviate substantially from normative rates are often indicia of fraud. In many cases, high returns rates reflect a lack of payor authorization for bank drafts.
Specifically, a high "return rate" (the percentage of attempted debits that are returned out of the total number of attempted debits) for a specific merchant commonly indicates the lack of consumer authorization, either where the consumer never authorized the debit, or where the consumer authorized the debit, but the authorization is based on deceptive misrepresentations or omissions about the offer that is the subject of the transaction.
For ACH transactions, NACHA has rules that set forth more than sixty (60) different "return reason codes" that consumers' banks must use to classify the reason they are returning the ACH transactions. 2006 ACH Rules, pp. OR 92-98. For example, the current return code RIO stands for "consumer advises not authorized."
NACHA publishes on a quarterly basis detailed statistics on average return rates experienced by the ACH network as a whole ("industry average return rates"). These statistics include both the total return rates (the percentage of all ACH transactions that are returned out of the total number of attempted debits, regardless of the return reason provided by the consumers' banks), as well as return rates for specific return reasons (the percentage of ACH transactions that are returned for identified reasons under certain return codes, such as "R02"- "account closed", out of the total number of attempted debits.)
NACHA's statistics on industry average return rates include not only return rates for all ACH transactions (averaged across all type of ACH transactions), but also for certain specific types of ACH transactions, such as "PPD" transactions ("pre-arranged payment and deposit entry"), "WEB" transactions (Internet-initiated transactions), and "TEL" transactions (one-time telephone-initiated transactions to consumers with whom the merchant had an existing relationship). These detailed industry average return rates provide multiple baseline measures with which to compare and monitor merchant return rates.
For example, out of the four quarters in 2005, the highest quarterly industry average total return rate for all ACH debit transactions was 2.3 percent, for PPD transactions was 2.96 percent, and for WEB transactions was 1.95 percent. During that same time period, for the specific return code R10 (customer advises not authorized), the highest quarterly industry average return rate for all ACH transactions was 0.02 percent, for PPD transactions was 0.04 percent, and for WEB transactions was 0.07 percent. NACHA Risk Management News, Winter 2006, Volume 2, Issue 1; NACHA Risk Management News, December 2005, Volume 1, Issue 6.
NACHA rules and guidelines emphasize the responsibility of all ACH participants, including payment processors such as the Defendants, to monitor merchant return rates and other suspicious activity to detect and prevent fraud in the ACH Network.
In contrast to ACH transactions, there is no entity within the banking industry, such as NACHA, that collects industry average return rates for RCCs. RCCs are not coded or tracked separately from regular bank checks through the check-clearing system.
However, with respect to bank checks (which include RCCs and other types of checks), the Federal Reserve Board has published a Payment Study, in which it estimates that the average rate for checks returned as uncollected in the United States is one-half of one percent. See Federal Reserve Bank, Trends in the use of Payment Instruments in the United States (2005) at 194, A. 1121.
Unlike in the ACH network, in the check-clearing system, there are no industry average return rate statistics available for specific return reasons, such as "unauthorized" or "invalid" account numbers. Also unlike the ACH network, the return of checks (including both RCCs and other types of checks) is not subject to a uniform national body of rules governing the classifications employed by different banks to characterize the return reasons for checks. Some of the return reason classifications used for checks are similar to those used by the ACH Network, while others are not.
Despite the absence of a uniform classification system used by banks to characterize the return reason for bank checks (which includes RCCs), banks and payment processors can monitor merchant return rates and other signs of suspicious activity to detect and prevent fraud through the banking system. For example, they can monitor the total return rates of their clients' RCC transactions, analyze the percentage of returned RCCs that are returned for specific reasons, compare their clients' return rates to industry average return rates for other existing comparable payment mechanisms, and watch closely for other signs of suspicious or fraudulent merchant activity.
The Bank Secrecy Act/Anti-Money Laundering Examination Manual (2006), published by the Federal Reserve and Office of the Controller of the Currency, includes an entire chapter devoted to "Third Party Payment Processors." It highlights return rates as a key indicator of illicit transactions by third party payment processors such as what occured at Capital Payment Systems.
Also referred to as factoring in terms of money laundering.
Capital Payment Systems LLC was sued in May 2008 by the State of Ohio along with BANCTECH PROCESSORS, INC., ELECTRONIC CHECK CORPORATION, BRUCE C. WOODS, ALI NAKHAI for dealing with telemarketing fraud operations as their key business model.
Federal Trade Commission, State of Illinois, State of Iowa, State of Nevada, State of North Carolina, State of North Dakota, State of Ohio, and State of Vermont, Plaintiffs, v. Your Money Access, LLC, et. al., Defendants