On June 27, 2023, the CFPB announced that it had entered into a consent order with a company that offers payment processing services across a wide range of industries including utilities, student loan servicing, healthcare, education, insurance, telecommunications, and mortgage servicing. The order resolves allegations that the company improperly initiated approximately $2.3 billion in unlawful mortgage payment transactions. The CFPB alleged that the transactions were unlawful because they had not been authorized by account holders, in volation of Sections 5531(a), 5531(a)(1), and 5564 of the Consumer Financial Protection Act (CFPA), Section 1693e(a) of the Electronic Fund Transfer Act (EFTA), and its implementing Regulation E, 12 C.F.R. § 1005.10(b).
The payment processor is alleged to have initiated the erroneous debits during the course of testing new technology. The payment process allegedly used actual consumer account information in its testing environment, without sufficient controls to ensure that initiating mock payments in its testing environment would not result in the actual debiting of those accounts. The CFPB alleged that this one-time event was discovered within hours of its occurence, and that the company immediately set about to reverse the erroneous debits.
As part of the settlement, the company agreed to pay a civil money penalty of $25 million to the CFPB, and agreed to a prohibition on using actual consumer account information in its testing environment.