Prepaid Card Rule update

The CFPB finalized changes to its rule on prepaid cards (Prepaid Card Rule) in January 2018 and delayed its compliance date to April 2019. The amended rule preserves significant restrictions on credit features and detailed disclosure requirements, while some burdens on industry participants have been alleviated. Notably, the rule now includes: (1) an exception for error resolution and limited liability requirements for unregistered prepaid accounts; (2) more flexibility for credit cards that are linked to digital wallets; (3) an exclusion from the rule for loyalty, award or promotional gift cards; (4) flexibility regarding the pre-acquisition disclosures for certain prepaid accounts; and (5) flexibility in submitting prepaid account agreements to the CFPB.2

Pursuant to the Congressional Review Act (CRA),3 the CFPB is expected to submit a report to Congress containing the rule and any modifications prior to its effective date.4 Because the Prepaid Card Rule does not qualify as a “major rule” under the CRA5 and its original version survived a prior Senate challenge,6 we do not anticipate a push against the amended rule. It remains unclear, however, whether the CFPB’s new leadership will leave the rule intact, or instead seek to further delay or alter the rule’s requirements7 as part of the Bureau’s ongoing review of CFPB regulations.8

Deceptive practices by credit card companies

The CFPB has dedicated a significant portion of its supervisory efforts to address various consumer credit violations, including:9

  • Inadequate account-opening disclosures
  • Misrepresentations to consumers as to the availability of free pay-by-phone options10
  • Misrepresentations to consumers concerning benefits and terms of credit card add-on products, such as the cost and coverage of optional debt cancellation add-on products
  • Failure to comply with billing error resolution and unauthorized transactions
  • Charging overdraft fees on ATM and one-time debit card transactions by misrepresenting to consumers opt-in deposit overdraft protection products

The CFPB also reached out to top retail credit card companies in June 2017 to encourage improved disclosure and transparency in their promotions, especially deferred-interest promotions.11 Moving forward, the CFPB will likely continue to closely monitor unfair and deceptive practices by credit card companies and address deficiencies through rulemaking rather than enforcement.

Fair access to credit

In recent years, the CFPB has devoted substantial attention to underserved communities’ fair access to credit. In 2017, the Bureau identified redlining as a primary concern12 and focused on the fair treatment of underserved communities regarding marketing and lending practices, which may also impact payment processors and card companies. The new CFPB leadership recently reaffirmed its commitment to protecting subprime consumers lacking access to credit markets.13 Furthermore, the repeal of the arbitration rule in November 2017 could lead the CFPB to search for other venues to protect consumers, and especially exercise enhanced scrutiny regarding practices affecting vulnerable populations.

Data security

The CFPB will likely continue to focus on payment processors’ data security practices. In October 2017, the CFPB issued its principles for protecting consumers who authorize third-party companies to access their financial data to provide a variety of financial products and services.14 Acting Director Mulvaney’s freeze of CFPB’s data collection until the Bureau resolves its own data security deficiencies may indicate a future interest in this topic.

Remittance rule

Although not likely a priority,15 the CFPB had noted in its last supervisory report that it would continue to examine both large banks and nonbanks for compliance with Regulation E concerning remittances.16 In March 2017, the CFPB sought public comments in order to assess the effectiveness of the remittance rule.17 No further developments have been announced in this area under the Bureau’s new leadership, and it remains unclear whether the rule will be reconsidered as part of the Bureau’s review of previously issued regulations.18


In 2017, the Bureau sanctioned two major payment processors that failed to effectively administer and transfer their customers’ accounts, resulting in thousands of consumers left without access to funds stored on their cards for days (or weeks), as well as paychecks or government benefits.19 In addition, the CFPB imposed a US$95 million fine on a leading credit card company that provided consumers in Puerto Rico, the US Virgin Islands, and other US territories with products and services that were inferior to those available in the continental US. Consumers in those territories were charged higher fees and interest rates, offered less advantageous promotional offers, denied credit and required to disburse more money to settle debts.

Notably, the CFPB imposed a US$100 million fine—its largest fine so far—on a major financial institution, whose employees illegally opened more than two million unauthorized deposit and credit card accounts to boost sales figures and reach compensation incentives.20 Initiated in 2016, this enforcement action prompted the Bureau to release a compliance bulletin that same year, which described compliance management steps that supervised entities should take to mitigate risks posed by compensation incentives.20

The FTC has also been an active player in policing industry participants:

  • In June 2017, the FTC and the Florida Attorney General announced a nearly US$5 million settlement regarding an illegal robocall ring in which defendants promised to help consumers lower their credit card interest rates through worthless credit card interest rate reduction programs21
  • In March 2017, the FTC agreed to settle charges with a prepaid card provider for US$53 million,22 in connection with alleged deceptive statements to consumers regarding immediate access to funds stored on their prepaid cards when, in fact, the consumers were subject to substantial delays (e.g., weeks or indefinitely)23


In December 2017, the US Court of Appeals for the Eleventh Circuit found a payment processor jointly and severally liable for providing substantial assistance to another entity that violated a federal ban on improper telemarking practices. This decision followed a suit filed by the FTC in October 2012 and leaves the payment processor responsible for paying a US$1.7 million judgment with its co-defendants.24

In September 2017, the Attorney General’s Office for the Eastern District of Pennsylvania reached a US$3.6 million settlement with a major national bank and its affiliated payment processor to settle allegations that they illegally debited money for specific telemarketing and internet marketing merchants.25

Fintech outlook and payment processing

  • Fintech companies have developed AI-based regtech tools to improve fraud detection, identity theft, compliance with anti-money laundering laws, as well as with Know-Your-Customer requirements
  • Regulators, however, have yet to accept AI technology as a legally sufficient method of detecting fraud and money laundering
  • Faster payments developments and the use of blockchain technology, still budding, and fintechs that develop around such changes could significantly change this market segment moving forward. Their challenge will also be to assimilate into a highly regulated space