On March 3, the Consumer Financial Protection Bureau (CFPB) filed a complaint in the Northern District of Illinois against a third-party payment processor, BrightSpeed Solutions, Inc., and its founder and former CEO Kevin Howard. The CFPB’s complaint alleges that the defendants violated the Consumer Financial Protection Act (CFPA) and the Telemarketing and Consumer Fraud and Abuse Prevention Act and its implementing rule, the Telemarketing Sales Rule (TSR).

BrightSpeed processed remotely created check payments (RCCs) for entities that telemarketed antivirus software and technical support services. An RCC is typically created when the holder of a checking account authorizes a payee to draw a check on the account but does not actually sign the check.

The complaint alleges from 2016 to 2018, BrightSpeed processed RCC payments for over 100 merchant-clients who purported to provide valuable virus software and technical support services, but who instead scammed consumers into purchasing unnecessary and over-priced computer software. The merchant-clients utilized pop-up advertisements stating that a consumer’s computer was running slowly or infected with a virus and for the consumer to call a number for assistance. Upon calling, the merchant-clients would offer antivirus software or technical support services that were sometimes available for free or little to no cost to the public. However, the merchant-clients were charging up to $2,000 for these services. The merchant-clients would have a consumer verbally authorize an RCC and provide his/her name, address, bank account number, and bank routing number.

Nearly 1,000 consumers lodged complaints about the service, with many of those complaints submitted to BrightSpeed along with a request for a refund. The originating banks that processed the RCCs also expressed concerns to BrightSpeed. The complaint also alleges that BrightSpeed failed to implement reasonable controls to vet clients, and they allegedly made false statements to the banks about the degree to which they vetted and monitored the transactions of the merchant-clients.

The TSR prohibits any seller or telemarketer from creating RCC payments for goods or services offered or sold via telemarketing. The TSR also prohibits a person from providing substantial assistance to any seller or telemarketer when that person “knows or consciously avoids knowing” that the seller or telemarketer is engage in a prohibited practice. The CFPB’s complaint alleges that BrightSpeed knew or consciously avoided knowing that its merchant-clients were creating RCC payments for goods or services offered or sold via telemarketing.

The CFPA prohibits unfair acts and practices. An act or practice is unfair when (1) it causes or is likely to cause substantial injury to consumers; (2) which is not reasonably avoidable by consumers; and (3) such substantial injury is not outweighed by countervailing benefits to the consumers or to competition. The CFPB’s complaint alleges that BrightSpeed’s acts and practices caused substantial injury because it processed payments for consumers who were defrauded, and also alleges that BrightSpeed knew its merchant-clients were violating the TSR.

The CFPB asked the court to prohibit BrightSpeed from participating in the business of payment processing, and also asked the court to award damages, restitution, disgorgement of ill-gotten gains, and a civil penalty.