First Data Merchant Services LLC (First Data), part of one of the US financial services technology provider Fiserv Inc., and one of its executives agreed to pay more than $40 million to settle allegations that they laundered credit card transactions for scams, the US Federal Trade Commission (FTC) announced. The agreement between First Data and FTC was released this week and comes at a time when law enforcement agencies, lawyers, and victims are beginning to understand the decisive role of payment processors in facilitating scams.
First Data was acquired by Fiserv Inc. in 2019 for $22 billion, one of the largest acquisitions in the financial technology sector. First Data is a global merchant services acquirer and payment processor that processes over $2 trillion dollars in annual payment volume in the United States through a variety of distribution channels and partnerships, including through independent sales organizations (“ISOs”).
In its complaint, the US FTC alleged that First Data ignored repeated warnings from employees, lenders, and others that Chi Ko (aka Vincent Ko), founder and executive of First Pay Solutions LLC (FPS or First Pay), a then independent sales organization (ISO) of First Data, was laundering payments for clients from 2012 to 2014.
The Federal Trade Commission (FTC) is an independent US government agency whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection.
First Data “repeatedly looked the other way” as First Pay Solutions LLC opened hundreds of accounts for scam merchants. Ko would open accounts under false names, let merchants process payments through hundreds of shell companies, and provide Wells Fargo Bank with false and deceptive information to open the accounts, FTC alleged. Sounds familiar to European scam victims, doesn’t it?
Why is First Data signing ISOs like [First Pay]? They are going to get First Data and Wells Fargo in trouble with the FTC and CFPB due to consumer deceptive practices…”Among the warnings was a 2014 e-mail from Wells Fargo’s executive vice president
In addition, a 2014 Visa investigation required First Data to pay back $18.7 million in charges processed by Ko and temporarily banned First Data from onboarding high-risk merchants. A 2015 forensic audit conducted as part of Visa’s investigation indicated that First Data had “no controls” on how the company managed high-risk merchants.
Cleaning-up and restart
A few months after the Visa investigation, First Data took over First Pay‘s clients, assets and employees, shutting down the rogue company. Question: Are the similar names a coincidence or were the companies perhaps connected before?
In May 2015, First Data acquired FPS’s merchant accounts, took over its office space, and hired most of its employees. Ko joined First Fata as Vice President of strategic partnerships. In September 2015, First Data asked Wells Fargo to allow former FPS employees employed at First Data to resume soliciting high-risk merchants. Wells Fargo granted the request on the condition that the former FPS employees were not “associated with or related to Vincent Ko” and that First Data could confirm that “Vincent Ko has no influence.”
The Agreement with FTC
First Data agreed to pay $40 million, while its executive Chi Ko will pay $270,374. First Data also agreed to improve its screening of “high-risk” merchant clients, and hire a monitor for three years.
First Data is paying $40 million because it repeatedly looked the other way while its payment processing services were being used to commit fraud. When companies fail to screen out fraudsters exploiting the payment processing system to steal people’s money, they’re breaking the law and injuring consumers.Daniel Kaufman, deputy director of the FTC’s Bureau of Consumer Protection
First Data also agreed to screen high-risk clients in the future and implement an oversight program. The company said in a statement that “we remain committed to ensuring that our business partners and merchants operate with integrity, and our enhanced practices will enable us to continue to lead the industry in fraud prevention and business and consumer protection.”
Neither First Data nor Ko admitted or denied wrongdoing. The settlements require approval by a Manhattan federal judge.
The way First Data facilitated scams by processing and thus laundering stolen client funds is also well known in Europe. As a result, the payment processors have generated high margins and high profits. This “looking the other way ISO” approach used to be exactly the way of Payvision under its former CEO and co-founder Rudolph Booker. Like First Data, Payvision was acquired based on the high profits stemming from illegally acting clients. The German Wirecard, too, has applied this approach. As usual, the US authorities are ahead of the European authorities and work much more strictly.
Both the lawsuit and the agreement between the FTC and First Data show that EFRI’s allegations against Wirecard and Payvision are consistent with the facts and reality. We will continue to pursue our course consistently and hold the payment processors involved responsible for the purposes of refunding. With all the means at our disposal in the interest of the aggrieved investors and to improve compliance.Elfriede Sixt, Principal and co-founder of EFRI
Currently, regulators and law enforcement agencies in various jurisdictions are taking action against evil payment processors and their people. The First Data case is creating public awareness.