May 26, 2020 | Consumer Protection, Employment & Technology Archive
Data Breach Exposed Personally Identifiable Information Of Clients Contained on PaperlessPay’s Servers and Systems – Payroll Service Clients Acknowledge Being Affected by Data Breach
Kehoe Law Firm, P.C. is making consumers aware that in a “Notice of Data Breach“ filed with the State of California Department of Justice, Office of the Attorney General, Marshall Medical Center (“MMC”) stated that “[o]n March 20, 2020 PaperlessPay contacted MMC that . . . the Department of Homeland Security . . . contacted PaperlessPay [about] an unknown person . . . purporting to sell ‘access’ to PaperlessPay’s client database on the dark web.”
MMC’s data breach notice stated that through a joint FBI and DHS investigation, as well as MMC’s own internal investigation, “. . . PaperlessPay confirmed that an unknown person . . . on February 18, 2020 accessed PaperlessPay’s database where MMC employees’ data was stored.” According to MMC’s breach notification, “[t]he information stored in PaperlessPay’s database regarding MMC employees consists of the data elements that appear on employee pay stubs and tax forms, including name, address, pay and withholdings, and Social Security number.” [Emphasis added.]
In another “Notice of Data Breach” filed with the State of California Department of Justice, Office of the Attorney General, Community Memorial Health System (“CMHS”) stated that they ” . . . were notified by PaperlessPay Corporation . . . in a letter dated March 20, 2020, that on February 19, 2020, they were contacted by the Department of Homeland Security . . . regarding a possible breach of their systems. PaperlessPay is a vendor hired by CMHS to house pay stubs and assist with W-2 forms. DHS notified PaperlessPay that there was an unknown person purporting to sell ‘access’ to their client database on the dark web.” CMHS’s data breach notice also stated that
[t]he impacted server stored pay stub and tax forms that contain name, address, pay and withholdings information, bank account number information (if this appears on [one’s] paystub), and Social Security number. With respect to bank account information, note that bank information for employees who receive a single deposit was not provided to Paperless Pay. Bank account information is, however, provided for those employees who receive multiple deposits. Specifically, for multiple deposit employees, PaperlessPay would have had access to a full bank account number for each account that is being deposited, but not to bank account routing numbers or bank names. [Emphasis added.]
The Orlandosentinel.com reported (“OUC pay stubs, W2s for 2,100 workers target of possible ‘data attack'”) that “[a] data breach may have occurred with payroll information for 2,100 current and former Orlando Utilities Commission employees, according to a warning letter to workers distributed by OUC management.” Reportedly, “. . . in [a] warning email . . . OUC management said that PaperlessPay Corp., after cooperating with federal law enforcement, ‘cannot definitively rule out the possibility’ that employee pay information was taken in a data breach.” [Emphasis added.]
A class action complaint, filed on May 22, 2020 in United States District Court, Middle District of Florida, against PaperlessPay Corporation, Fareway Stores, Inc., Mark Broughton, and Reynolds Cramer, alleged that “PaperlessPay only notified [e]mployers of the Data Breach on approximately March 20, 2020, over a month after the breach was first discovered[,]” and “[w]hile PaperlessPay ultimately notified [e]mployers of the [d]ata [b]reach, PaperlessPay made the deliberate decision not to notify individuals whose data was impacted by the [d]ata [b]reach.”
According to the class action complaint:
[t]he stolen PII [Personally Identifiable Information] has great value to hackers due to the sheer number of individuals affected and the fact that bank account information and Social Security numbers were compromised.
For example, PaperlessPay currently states on its website that it has 2,272,690 users (who are the employees of the affected Employers), thus making it possible that millions of individuals had their PII stolen.
Additionally, although Defendant Fareway Stores, Inc. is just one of PaperlessPay’s customers, Fareway has notified 30,519 individuals in the state of Iowa alone that their PII was compromised.
Based on disclosures made by [e]mployers to certain states, only a handful of [e]mployers have notified their employees that their PII was compromised in the [d]ata [b]reach. These [e]mployers include: Fareway Stores, Inc.; Marshall Medical Center (El Dorado, California); Community Memorial Health System (Claysburg, Pennsylvania); Orlando Utilities Commission (Orlando, Florida); City of Fort Lauderdale; Lee Auto Malls (Auburn, Maine); Spencer Municipal Hospital (Spencer, Iowa); MP Environmental Services, Inc. (Bakersfield, California); Riverwood Healthcare Center (Minneapolis, Minnesota); and PCL Construction, Inc. (Denver, Colorado).
Given the fact that PaperlessPay states it has 1,500 clients, it is likely that hundreds of employers have not yet notified at least tens of thousands of employees that their PII was compromised. [Emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
May 22, 2020 | Consumer Protection, Employment & Technology Archive
Numerous Marketers Warned by FTC To Stop Making Unsupported Claims That Their Products and Therapies Can Effectively Prevent or Treat COVID-19
Kehoe Law Firm, P.C. is making consumers aware that on May 21, 2020, the Federal Trade Commission announced that it has sent letters warning 50 more marketers nationwide to stop making unsubstantiated claims that their products and therapies can treat or prevent COVID-19, the disease caused by the novel coronavirus. This is the fifth set of warning letters the FTC has announced as part of its ongoing efforts to protect consumers from health-related COVID-19 scams. In total, the FTC has sent similar letters to more than 120 companies and individuals.
Several of the letters announced today target “treatments,” including Chinese herbal medications, music therapy, ozone therapy, and shields claimed to boost the immune system by protecting the wearer from electromagnetic fields. Currently, however, according to the FTC, there is no scientific evidence that these, or any, products or services can treat or cure COVID-19.
The Marketing Companies To Which The FTC Sent Warning Letters
Acupuncture Healing Center. The Chicago company claimed in marketing materials that its treatments can “facilitate the body’s immune response to expel the pathogen (coronavirus) depending on what stage and location of infection.”
AcuIntegra. To promote its traditional Chinese medicine (TCM) treatments, the Tennessee company claimed, “In the Guangdong province in south of China, TCM proved effective in 89% of the 1,245 confirmed COVID-19 patients . . . .”
American Chinese Medicine Association Clinic. The Illinois clinic advertised its ACMA Cold/Flu treatment on a webpage titled On Coronavirus by claiming “ . . . we are confident that the coronavirus can be effectively treated, patients’ lives can be saved, and the coronavirus epidemic or pandemic can and will be stopped soon.”
Art of Wellness Acupuncture. In promoting its treatments, the California company claimed that for COVID-19 patients in Beijing, “Acupuncture experts are documenting cases where acupuncture brings down fever significantly, and herbs have been shown to help resolve the severe cough.”
Ashland Natural Medicine. On a webpage titled COVID-19 Update, the Oregon company promoted its services by claiming, “Chinese medicine, homeopathy and western herbs appear to be helping many people with this infection[,] so our intention is to use them to treat ill people.”
Beatty Acupuncture. The Oklahoma company’s website offered “a number of Coronavirus treatment options for both Coronavirus prevention and COVID-19 positive treatment,” including gummies and sprays.
Biogetica. Under a Coronavirus tab on its site, the California company offered “evidence based natural remedies & advanced bio energetic therapies,” claiming that “the proof of our methods is evident in the unparalleled results seen in clinical trials . . . .”
Carlin Creative Concepts LLC. In pitches for “Antiviral Mushrooms to Prevent Getting the Coronavirus.” the company claimed, “Since we know that there is currently no treatment or vaccine to assist your body in fighting off this virus what can you do? The cool thing is there are tons of studies that have been done with mushrooms as a potential antiviral treatment . . . .”
Crescent Moon Herbals, LLC. In marketing its “Core Formulations,” the Philadelphia company advertised them “For Corona Virus or SARS.”
Dr. Adrian Hohenwarter. Next to a graphic that said “CORONAVIRUS PROTECTION,” the Pennsylvania office described its “d-Lenolate Olive Leaf 60 caps” as an “all-natural herbal supplement that provides the protection you need from invading microorganisms that weaken the immune system.”
Dr. Alan Christianson. In marketing materials titled Special Alert: Coronavirus and What You Need to Know, the Arizona office touted its products as “Natural Solutions.” For example, “In living animal and test-tube studies,” Astragalus “has been shown to kill other coronaviruses.”
Dr. Brownstein’s Holistic Medicine. The Michigan office recommended its iodine, hydrogen peroxide, and vitamin treatments with the headline, “85 COVID Patients at The Center for Holistic Medicine: Zero Hospitalizations and No Deaths.”
Dr. Dale’s Wellness Center. On a podcast, the California business claimed, “BioFilm Detox is the thing pathogens hate because if you have symptoms of any virus, any flu, any bacteria . . . the BioFilm Detox will pull it out. . . . You just take BioFilm Detox 20-30 minutes before you use ALLFLU or anything that you’re using to get rid of the COVID-19, but ALLFLU is the best thing to use, it’s the most effective, you feel a difference after using it once.”
Dr. Jill Carnahan. On its website, the Colorado office answered the question “How Can You Protect Yourself From Coronavirus?” by recommending products it sells. According to the company, “[S]tudies are also finding that high doses of antioxidants – in particular, vitamin C – can help not only prevent, but also treat coronavirus.”
Dr. Nuzum’s Nutraceuticals. In marketing materials titled Coronavirus, COVID-19, the Idaho business promoted its products as “natural methods to combat this virus . . . .”
Dr. Ronald Hoffman. On a website with the heading Coronavirus treatment and prevention strategies, the New York office described products it sells – including melatonin, nitric oxide, and Beta glucans – as “the most plausible natural therapies for COVID-19.”
Energy Wellness Products. Under the title Natural Virus Remedies – Coronavirus – Support and Prevention, the Indiana company listed “natural virus remedies” it sells as having “strong scientific evidence to support their efficacy.”
Feelin 02 Good. The New York company promoted its treatments by claiming, “Ozone Therapy is now becoming an effective treatment for COVID-19.”
Gordon Medical. Among other therapies, the California business advertised its in-office “Nebulized Hydrogen Peroxide (H2O2) as a Preventative and Treatment for Covid-19.”
Hansen Clinic of Natural Medicine. In marketing materials titled Coronavirus Fears & Prevention, the Arizona clinic said its PhytoBiotic product contains an ingredient that works “by blocking the release and spread of the virus within the body.”
Health Remedies. The Florida business promoted an array of products on its website under the heading Coronavirus and Your Immune System: How to Reduce Your Risk.
Herbs Rosalee. Under the heading Herbs to Consider for Coronavirus, the Washington-based affiliate marketer included links where consumers could buy Astragalus root, Codonopsis root, elderberry, and mushrooms.
Holgistic Personalized Healthcare / Natural Care Institute. In a Facebook post, the Michigan office offered a discount on Vitamin C infusions for healthcare workers and first responders, and linked to an article that described high-dose intravenous Vitamin C as a regimen that “should be included in the treatment of COVID-19 and used as a preventative measure for susceptible populations such as healthcare workers with higher exposure risks.”
Hunter’s Natural Health. The Maryland company promoted its iodine and quercetin product as a way to “Boost your immune system in response to the coronavirus” and “deactivate viruses, bacterias and other microbes . . . .”
iCRYO. Citing what’s being done “to tackle COVID-19 in China and other infected places around the world,” the Houston company promoted its Vitamin C and Zinc intravenous infusions with the statement “This method is so potent that it is being used to tackle COVID-19 as a recommended measure.”
iMRS2000 and Bryant Meyers. In YouTube videos, the Florida business promoted the sale of pulsed electromagnetic field devices by touting “nine ways how PEMF therapy can help you fight the Coronavirus.”
Jill’s Home Remedies. In marketing materials titled Natural Prevention for Coronavirus, the Missouri business promoted its products by claiming, “When encountering any illness, such a COVID 19, it’s important to strengthen your immune system. . . . Does this guarantee that you won’t get sick? No. But there’s a greater chance that you won’t, and that if you do, the sickness will be much less severe.”
Lemus Natural. When consumers clicked a “Beat the Coronavirus” button on the Florida company’s website, they were taken to a page titled COVID-19: Prevention Tips that promotes a product called Immun-I-Can.
Lilac Corp. In promoting products called Gene-Eden-VIR and Novirin, the New York company said on its website, “Lilac Corp specializes in natural, broad-spectrum treatments that target viruses, including the Coronaviruses, and specifically COVID-19.”
LotusRain Naturopathic Clinic. The San Diego clinic promoted “In-Clinic Preventative Options” for preventing COVID-19, including “High Dose Vitamin C IV’s,” “Hydrogen Peroxide IV’s” and “AVACEN – Advanced Vascular Circulation Enhancement.”
Meta-Labs, Inc. On a webpage labeled COVID 19 – DEFENSE PRODUCT, the Georgia business stated “With the coronavirus spreading across the world, we need to know effective natural anti-viral herbs and dietary supplements.” The company claims the compound Curcumin “has antiviral properties that help block viruses and acts at an early step in virus infection.”
Mind & Body Acupuncture. Among other treatments, the California business promoted “a powerful herb – Tiger Cane,” claiming that experts in China have found it “has strongest effect for Anti coronavirus.”
Mulberry Leaf Acupuncture and Herbs. Based in California, the company claimed to offer “Chinese Medicine to help defeat COVID-19.”
Nature’s Best Relief, Inc. In a Facebook post, the Colorado company claimed, “Viral infections, like Coronavirus / COVID19, influenza, and colds can result in days of downtime, or even worse. Help your body fight viral infections and strengthen your immune system with our ULTRA Viral Resist. . . . #virus #socialdistancing #coronavirus #COVID #COVID19 #naturalhealth #CBD #anitviral #wuhanvirus”
Naturopathic European Medical Centre LLC. On its The COVID-19 Virus: What You Need to Know page, the Wisconsin office claimed that “using high doses of vitamin C to both prevent and combat virus-caused illnesses is well-established science” and “[z]inc is known to inhibit the replication (growth) of viruses, including coronavirus.”
Naturopathic Health Care. In offering “COVID-19 Thoughts and Recommendations,” the Connecticut office claimed that products it sells – including homeopathic remedies and ones containing zinc, elderberry, and Echinacea – can or treat prevent the illness.
Nicole Apelian. On a webpage selling “Turkey Tail” tincture, the marketer recommended that consumers combine the product with other items sold on the site “to stay healthy while the Corona Virus is emerging.”
NutrientCures.com. In marketing materials titled What Supplements Can Fight Coronavirus, the company listed a number of products it sells, including lauricidin, colloidal silver, and an elderberry derivative called sambucus.
OrganyLife. The Texas company claimed on Instagram that “HORSE MILK can help to recover from RESPIRATORY INFECTIONS such as COVID-19 & increases IMMUNE SYSTEM quicker . . . . ”
Plum Dragon Herbs. The Maryland company claimed that its “Wen Bing Defense formula, Huang Qin Extract and Wildcrafted Osha Root Extract may continue to provide beneficial support against COVID-19.”
Premilife. On the Israel-based company’s site, the link “Click Here For the Coronavirus Treatment” took consumers to a page that said “Based on the individual homeopathic constituents of Umabaxin, therapeutical possibilities result for the treatment of Coronavirus Infections.”
Puredia. In promoting its products, the California company cited the example of “a family of 7 in Spain who were all diagnosed with COVID-19. The mother has been taking CyanthOx™ for 6 months and remains the only one free of symptoms.”
Spooky2Scalar. The Chinese company promoted its scalar treatment device by claiming “You can also protect yourself and your family members from COVID-19 by applying the COVID-19 frequencies to scalar field with Spooky2 Scalar.”
StuphCorp. In promoting a nebulizer that could be used for a “Hydrogen Peroxide At-Home Treatment Against Coronavirus,” the Nevada company claimed that “Hydrogen peroxide (H2O2) is known for its bactericidal, virucidal, sporicidal, and fungicidal properties” and has recommended “nebulizing hydrogen peroxide during this pandemic.”
The Raw Food World. In a YouTube video, the California company promoted its Angstrom Silver product by claiming that “many people are actually using it for Coronavirus.” The company also cited a clinical study purporting to show “it is actually very effective against the SARs virus which is actually a component of the Coronavirus.”
The Stern Method. In advertising ozone therapy, the Utah company claimed, “Ozone gas has been proven to kill the SARS coronavirus, and since the structure of the new 2019-nCoV coronavirus is almost identical to that of the SARS coronavirus, it is relatively safe to say that it will also work on the new coronavirus.”
Traditional Chinese Medicine Clinic. In promoting its products and services, the Colorado clinic stated, “Early Large Dose Intravenous Vitamin C is the Treatment Choice of 2019-nCov.” In addition, the clinic claimed, “Of the natural compounds screened, 13 that exist in traditional Chinese medicines were found to have potential anti-2019-nCoV activity.”
Vidl Wellness. For consumers who want to “Boost Your Immune System to Help Avoid Coronavirus COVID-19,” the Virginia business advised them to “stock up on immune-boosting plant-based supplements” it sold, including a blend of honeysuckle, Chinese skullcap, forsythia, and shuanghuanglian advertised to “inhibit” the virus.
Vital Source Natural Medicine. Under the heading Coronavirus/COVID-19 information, the Washington company advised people who “become sick” that it uses “homeopathy, herbal medicine, hydrotherapy, and nutrition” to treat “viruses in general, flu-like viruses in particular, fevers, as well as lung infections and cough.”
Viva Healthy Life-Philadelphia Holistic/Homeopathic Clinic. The clinic claimed to offer “Chinese Herbal Remedies” that are “Scientifically Proved natural remedies for coronavirus,” citing the herbs Fructus forsythia, Lonicerae Japonicae Flos, Rhizoma Atractylodis, and Macrocephalae “for prevention or treatment for Coronavirus 2020.”
The warning letters, according to the FTC, remind recipients that because no study is currently known to exist that substantiates their COVID-19 representations, they “must immediately cease making all such claims.” FTC staff also expects to hear from recipients within 48 hours, describing the actions they’ve taken to address the FTC’s concerns. The letters also note that if the false claims do not cease, the FTC may seek a federal court injunction and an order requiring money to be refunded to consumers.
Last month, the FTC announced its first case against a marketer of such products, Marc Ching, doing business as Whole Leaf Organics. The FTC previously sent warning letters to sellers of vitamins, herbs, colloidal silver, teas, essential oils, and other products pitched as scientifically proven COVID-19 treatments or preventatives. The FTC also recently announced letters targeting general therapy products, supplements, and herbal treatments. The latest round of letters went to the marketers of more esoteric products and services, including nebulizers, naturopathic and homeopathic treatments, hydrotherapy, and freeze-dried horse milk.
Warning Letter Recipients Grouped By Type Of Therapy, Product Or Service “Pitched” As Preventing Or Treating COVID-19
Supplements and Chinese Herbal Treatments
- AcuIntegra, Inc. (Clarksville, Tennessee)
- American Chinese Medicine Association Clinic (Aurora, Illinois)
- Ashland Natural Medicine (Ashland, Oregon)
- Beatty Acupuncture (Tulsa, Oklahoma)
- Biogetica (Culver City, California)
- Carlin Creative Concepts LLC (Virginia Beach, Virginia)
- Crescent Moon Herbals, LLC (Philadelphia, Pennsylvania)
- Dr. Jill Carnahan (Louisville, Colorado)
- Dr. Adrian Hohenwarter (Palmyra, Pennsylvania)
- Dr. Alan Christianson (Scottsdale, Arizona)
- Dr. Ronald Hoffman (New York, New York)
- Dr. Nuzum’s Neutraceuticals (Meridian, Idaho)
- Energy Wellness Products (Decatur, Indiana)
- Hansen Clinic of Natural Medicine (Scottsdale, Arizona)
- Health Remedies (Sarasota, Florida)
- Herbs Rosalee (Carlton, Washington)
- Hunter’s Natural Health (Upper Marlboro, Maryland)
- Jill’s Home Remedies (Online only)
- Lemus Natural (Miami, Florida)
- Lilac Corp. (Rochester, New York)
- Meta-Labs, Inc. (Roswell, Georgia)
- Mind & Body Acupuncture (Los Angeles, California)
- Mulberry Leaf Acupuncture and Herbs (Studio City, California)
- Nature’s Best Relief, Inc. (Littleton, Colorado)
- Naturopathic European Medical Centre LLC (Stevens Point, Wisconsin)
- Nicole Apelian (online only)
- NutrientCures.com (Anchorage, Alaska)
- OrganyLife (The Colony, Texas)
- Plum Dragon Herbs (Chester, Maryland)
- Puredia (Irvine, California)
- The Raw Food World (Camarillo, California)
- The Stern Method (online only)
- Traditional Chinese Medicine Clinic (Fort Collins, Colorado)
- Vidl Wellness (Gloucester, Virginia)
Acupuncture
Homeopathic Treatments
Nebulizers
Ozone and Intravenous (IV) Therapies/Hydrotherapy
Pulsed Electromagnetic Field Therapy and Scalar Frequencies
Source: Federal Trade Commission – FTC.gov
May 22, 2020 | Consumer Protection, Employment & Technology Archive
Bank of America Discloses That PPP Loan Application Data May Have Been Exposed During Preparation of Submission of Financial Relief Loan Applications To The SBA
Kehoe Law Firm, P.C. is making consumers aware that Bank of America (“BOA” or the “Bank”) filed a “Notice of Data Breach” with the State of California Department of Justice, Office of the Attorney General, which, among other things, stated that BOA,
. . . in preparation for submission of loan applications to the SBA, Bank of America . . . uploaded some clients’ loan applications to a limited access, controlled SBA test application platform. This platform was designed to allow authorized lenders to test the process for submitting [Paycheck Protection Program] applications to the SBA prior to the actual submission process.
During testing, we discovered information included in your application may have been visible for a limited time period to a limited number of other lenders and their vendors authorized by the SBA to participate in the program. There is no indication that your information was viewed or misused by these lenders or their vendors. And your information was not visible to other business clients applying for loans, or to the public, at any time. This did not affect the actual submission of PPP loan applications to the SBA. [Emphasis in original.]
According to Bank of America,
[t]he information that may have been briefly visible to limited authorized lenders and their vendors included business contact and business information about the company of which you are a principal owner, such as business address and tax identification number (TIN). As a principal owner, personal information about you, such as your name, address, Social Security Number, phone number, email address and citizenship may have been involved. [Emphasis added.]
Bankinfosecurity.com reported (“Bank of America: COVID-19 Loan Data May Have Leaked”) that “[i]t’s not clear if the incident involving Bank of America was related to the possible data breach at the SBA” regarding “a flaw in an online application portal for its Economic Injury Disaster Loan program [which] exposed the personal data of approximately 8,000 loan applicants.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
May 19, 2020 | Consumer Protection, Employment & Technology Archive
Defendants, Allegedly, Processed Payments For Numerous Scams, Harming Hundreds of Thousands of Consumers
Kehoe Law Firm, P.C. is making consumers aware that on May 19, 2020, the FTC announced that one of the biggest payment processing companies and its former executive will pay more than $40.2 million to settle Federal Trade Commission charges that they knowingly processed payments and laundered, or assisted laundering of, credit card transactions for scams that targeted hundreds of thousands of consumers.
According to the FTC’s complaint, Atlanta-based First Data Merchant Services, LLC (First Data) allegedly ignored repeated warnings from employees, banks, and others that Chi “Vincent” Ko (“Ko”), through his company that served as an independent sales agent (“ISO”) for First Data, was laundering, and First Data was assisting and facilitating laundering, payments for companies that were breaking the law over a number of years. Ko was later hired as an executive at First Data.
According to the FTC’s complaint, Ko, through his prior company, First Pay Solutions LLC (“First Pay”), opened hundreds of merchant accounts for at least four scams – three that were the subject of FTC actions, and one that was the subject of a U.S. Department of Justice criminal prosecution. The FTC alleges that, from 2012 to 2014, Ko opened accounts under false names, provided Wells Fargo Bank with deceptive information to open the accounts, and ignored evidence that his clients were engaged in fraud. The $40.2 million to be paid in the settlements will be used to provide refunds to consumers harmed by these scams.
The FTC’s complaint alleges that First Data ignored numerous warnings about Ko and First Pay’s activity. Among the warnings was a 2014 e-mail from Wells Fargo’s executive vice president, saying “Why is First Data signing ISOs like [First Pay]? They are going to get First Data and Wells Fargo in trouble with the FTC and CFPB due to consumer deceptive practices…” In addition, a 2014 Visa investigation required First Data to pay back $18.7 million in charges processed by Ko and temporarily banned First Data from bringing on high-risk merchants. A 2015 forensic audit conducted as part of Visa’s investigation indicated that First Data had “no controls” on how the company managed high-risk merchants.
In addition to paying more than $40 million, under the terms of its proposed settlement, First Data, which was acquired by Fiserv, Inc. in 2019, will be prohibited from assisting or facilitating FTC Act violations related to payment processing and evading fraud and risk oversight programs. In addition, the company will be required to screen and monitor certain high-risk merchant-clients, as well as establish and implement an oversight program to monitor its wholesale ISOs. The settlement also requires First Data to hire an independent assessor to oversee the company’s compliance with the settlement’s oversight program for the next three years.
Under the terms of his proposed settlement, Ko will be required to pay $270,373.70. He will be banned from payment processing for certain types of high-risk merchants, credit card laundering activities, making or assisting others in making false or misleading statements, and assisting or facilitating violations of the FTC Act.
Source: Federal Trade Commission – FTC.gov
