"Rush" to judgment?
Can tech breakdown be abusive and deceptive? CFPB says so
- |
- Written by Melanie Scarborough
When systems go blooey, CFPB believes that can be a legal offense.
When hip-hop legend Russell Simmons co-founded the prepaid RushCard in 2003, his aim was to provide a safe financial-services alternative for the millions of Americans shut out of traditional banking. The result was a first-of-its-kind product in the prepaid card market, offering direct deposit, check-writing capabilities, and cash-loading at more than 35,000 locations, as well as money-management tools.
The operation enjoyed 12 years of success before things went awry in October 2015. That eventually led to a settlement with the Consumer Financial Protection Bureau, announced on Feb. 1.
Prelude to a settlement
A year before the breakdown, RushCard’s parent company, UniRush, had selected Mastercard as its new payment processor, and the two companies spent 13 months preparing for RushCard’s switch to Mastercard’s processing platform.
True to the adage about best-laid plans, a computer glitch occurred during the course of the transfer, leaving some RushCard users without access to their funds. Worsening the situation, the deluge of calls and emails to RushCard’s offices brought down its website and phone system, so card holders could not reach anyone to find out what was happening.
Yet the company was working round the clock to fix the problems. It hired more customer service agents to answer the calls of distressed card-holders. Fees were waived during the time the cards were unusable; and for customers who incurred late fees because they couldn’t pay bills with their RushCard, Simmons established a multi-million dollar fund to compensate them for those losses. [See “Rushing ahead, with care.”]
Rushing to find fault
Nonetheless, CFPB announced this week that it was bringing enforcement action against Mastercard and UniRush for the snafu, which it characterized as “a rash of preventable failures” by both parties. Specifically, the bureau said that the companies:
• Denied consumers access to their own money. Because UniRush did not accurately transfer all accounts to Mastercard, thousands of consumers were unable to access funds stored on their cards.
• Botched the processing of deposits and payments. UniRush delayed processing direct deposits for more than 45,000 consumers and did not process or improperly returned deposits of 2,000 others, the bureau said. Transaction errors also falsely inflated some RushCard holders’ account balances, allowing them to accidently spend more money than they had on their cards.
• Gave consumers inaccurate account information. Because Mastercard mistakenly sent inaccurate information about consumers’ account balances to UniRush, some consumers were told their account balances were zero when they actually had funds on their cards.
• Failed to provide customer service to consumers impacted by the breakdowns. CFPB Director Richard Cordray acknowledged that UniRush hired additional customer service agents to help handle the surge in customer complaints during the crisis, but said that wasn’t good enough because the additional staff “often were unable to resolve people’s questions and complaints.”
CFPB ordered the companies to pay a combined $10 million in restitution to harmed customers, as well as $3 million in civil penalties to the bureau. Affected consumers are to receive anywhere from $25 to $250, depending on the applicable infraction, and if the total is less than $10 million after all parties are paid, CFPB gets the rest of the restitution money as well.
“Mastercard and UniRush’s failures cut off tens of thousands of vulnerable consumers from their own money, and threw some into a personal financial crisis,” Cordray said. “The companies must set things right for consumers and make sure such devastating service disruptions are not repeated.”
When tech crashes: no rush to provide answers
That may be difficult since the Bureau provides little guidance on how to avoid such mistakes. In a Feb. 1 conference call with journalists, Cordray said he was taking action against the companies because the “meltdown” that occurred in 2015 “should have been anticipated and prevented”—but could not specify what preventative steps the companies should have taken.
When one reporter asked what an adequate plan would look like, CFPB’s Deborah Morris, deputy enforcement director, said only that companies “must take all steps necessary to prevent this kind of harm from happening.”
Noting that CFPB has brought a rash of enforcement actions since November’s elections, another reporter asked whether that was an effort to move quickly before the Trump administration relaxes regulation. Morris said that “January is a historically busy month for us,” although a review of CFPB’s records shows that only one action was filed in January 2016. Since the election in November, the Bureau has filed 24 enforcement actions, compared to eight in the same time period last year.
Another aspect that was questioned but not explained is how a mechanical glitch can qualify as a UDAAP offense (Unfair, Deceptive, and Abusive Acts and Practices).
When a reporter asked whether the bureau had used UDAAP against any other companies for a technology failure, the spokesperson said there had been one other occasion – against the online payment platform Dwolla.
However, it’s unclear why those cases would be comparable, since Dwolla deceived clients by telling them their information was encrypted when it was not, while UniRush and Mastercard simply made mistakes. [See “CFPB issues first data security penalty”]
Companies will pay up—and move on
RushCard’s customers seem willing to accept that accidents happen. “This incident was one of the most challenging periods in my professional career,” Simmons said. “I cannot thank our customers enough for believing in us, remaining loyal and allowing us to continue to serve their needs.”
A RushCard spokesperson said that while the company welcomes the settlement, it maintains that it engaged in no wrongdoing and admitted to none in the Consent Order.
“Since the event in 2015, we believe we have fully compensated all of our customers for any inconvenience they may have suffered through thousands of courtesy credits, a four-month fee-free holiday and millions of dollars in compensation,” said the spokesperson.
“The vast majority of our customers are incredibly loyal and have either remained with us or returned to RushCard,” according to the spokesperson. “In fact, the last quarter of 2016 marked the largest number of new customer sign-ups in our company’s history. With this settlement behind us, we are eager to focus all of our energy now on serving our customers and providing them with the best services available in the prepaid industry.”
Seth Eisen, SVP of external communications for Mastercard, said his company also understands the critical role prepaid cards play in how people manage their money.
“We’ve developed these products and worked with our customers and partners to ensure consumers can maximize the payments choices and benefits available to them,” he said.
The agreement with CFPB “provides RushCard customers adversely affected by the October 2015 event with an opportunity to be further compensated for inconveniences caused during the service disruption,” Eisen said. “We are pleased to bring this matter to a close, allowing us to further enhance the best practices, policies and procedures for prepaid cards at our Payments Transactions Services business.”
Tagged under Payments, Compliance, Risk Management, Cards, CFPB, Operational Risk, Feature, Feature3,
