On January 18, the Consumer Financial Protection Bureau (CFPB) filed a proposed final judgment and order in its March 2021 lawsuit against BrightSpeed Solutions, a third-party payment processor, and its founder, Kevin Howard. If the court enters the final judgment and order, both BrightSpeed and Howard will be permanently barred from multiple consumer financial industries, and Howard will be required to pay a $500,000 civil monetary penalty to the CFPB.

Allegations Summary

In its lawsuit, the CFPB alleged that BrightSpeed and Howard violated the Consumer Financial Protection Act (CFPA) and the Telemarketing and Consumer Fraud and Abuse Prevention Act and its implementing rule, the Telemarketing Sales Rule (TSR).

The CFPB alleged that BrightSpeed positioned itself as a third-party payment processor for “high-risk” telemarketing and subsequently processed remotely created check payments (RCCs) for entities that telemarketed antivirus software and technical support services. (An RCC is typically created when the holder of a checking account authorizes a payee to draw a check on the account but does not actually sign the check.)

The complaint alleged that BrightSpeed processed RCC payments for over 100 merchant-clients who purported to provide valuable virus software and technical support services, but who instead scammed consumers into purchasing unnecessary and over-priced computer software. The merchant-clients utilized pop-up advertisements, stating that a consumer’s computer was running slowly or was infected with a virus and prompted the consumer to call a number for assistance. Upon calling, the merchant-clients would persuade consumers, often older Americans, to purchase antivirus software or technical support services, some of which were available for free or little to no cost to the public, for prices as high as $2,000. For payment, merchant-clients would have a consumer verbally authorize an RCC that BrightSpeed would process.

The complaint alleged that BrightSpeed and Howard knew about the fraudulent practices of its merchant-clients, but continued to do business with them anyway. Indeed, between 2016 and 2018, nearly 1,000 consumer complaints were lodged about BrightSpeed’s merchant-clients, with many of those complaints being submitted to BrightSpeed along with a request for a refund. Moreover, the originating banks through which BrightSpeed processed the RCCs expressed concerns to BrightSpeed about consumer complaints. Per the CFPB, BrightSpeed failed to implement reasonable controls to vet merchant-clients, and allegedly made false statements to the banks about the degree to which they vetted the merchant-clients and monitored their transactions.

Our Take

This enforcement action and settlement signals the CFPB’s continued Operation Choke Point-like focus on companies that process payments for industries that the CFPB believes present more risks for consumers and the CFPB’s continued commitment to crack down on those who take advantage of populations considered to be vulnerable.

CFPB Director Rohit Chopra said that “BrightSpeed and Kevin Howard profited by helping bad actors scam older adults,” and that “[w]e must do more to ensure our nation’s payments systems are not used to defraud older adults.”

For payment processors, this matter is emblematic of why it is imperative to vet clients, monitor their activity, and take complaints seriously. Key in CFPB’s case that BrightSpeed and Howard continued to process RCCs notwithstanding consumer complaints, concerns expressed by two banks, inquiries from police departments across the country, and a high-payment return rate.