FTC Acts on Major Payment Processor’s Alleged Tech Support Scams

UPDATED 11:55 AM 4/20/2023

In 2022, tech support scams resulted in approximately $806 million in victim losses, according to the Federal Bureau of Investigation (FBI) Internet Crime Report 2022. Nexway, an ecommerce and payment software and service company, is facing a Federal Trade Commission (FTC) complaint and proposed court orders filed to stop the company from credit card laundering for tech support scammers.

The defendants in the FTC case have agreed to the court orders, filed by the US Department of Justice on behalf of the FTC, which prohibit them from credit card laundering. The court orders also include a requirement to monitor high-risk clients for any involvement in illegal activity.

“In my opinion, and the FTC complaint so alleges, Nexway was at best willfully blind to the scam being perpetrated by its ‘customers,’ if not worse,” Jay Hack, a banking and financial services attorney and partner at full-service law firm Gallet Dreyer & Berkey, tells InformationWeek.

The complaint alleges that Nexway and associated company Asknet, as well as the company’s CEO Victor Iezuitov and Chief Strategy Officer Casey Potenzone, were involved in giving tech scammers access to the US credit card network, allowing tens of millions of dollars to be processed. The complaint alleges that the company processed payments for tech support scammers beginning in at least 2016.

“Companies like Nexway that knowingly launder charges for scammers are breaking the law and helping scammers cheat money from consumers,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in the FTC’s press release. “The FTC will not hesitate to use its law enforcement powers to stop them.” 

Hack and another expert talk to InformationWeek about what the complaint and court orders could mean for Nexway and its customers.

The Consequences

The restrictions outlined in the court orders prohibit the case’s defendants from credit card laundering and assisting tech support scammers. The orders also include a total monetary judgment of $16.5 million. The monetary judgment has been partially suspended because the defendants are unable to pay the full amount, according to the FTC. Nexway and its subsidiaries are required to pay $350,000. Asknet and its subsidiaries must pay $150,000, while Iezuitov’s obligation is $100,000 and Potenzone’s is $50,000.

Beyond these monetary judgments, the company will likely need to invest resources to meet requirements set out in the court orders and avoid future run-ins with the FTC, Sara Sharp, an attorney and founder of business law firm SK&S Law Group, points out. “This could include hiring new staff, implementing new policies and procedures, and engaging in ongoing monitoring and reporting to the FTC,” she says.

If the company disregards the court orders or continues to participate in tech support scams, it will likely face more penalties and potentially consumer lawsuits, according to Sharp.

Nexway has issued a response to news coverage of this case.

“To date, Nexway company have moved on from the FTC complaint allegations and has already cooperated with the FTC in reaching today's resolution. The Nexway employees responsible for the conduct described in the FTC complaint are no longer with the company,” a Nexway spokesperson told InformationWeek via email.

Nexway’s Customers

Nexway is a multinational company with many high-profile companies among its customers. Its customers and partners page lists Adobe, Amazon, Intel, and Microsoft, as well as cybersecurity companies Avast, Bitdefender, ESET, and Kaspersky. The company’s involvement in facilitating tech support scams is a consideration for all of its customers.

Any of the company’s clients at high risk for illegal activity face heightened scrutiny, as outlined by the court orders. Even if Nexway customers are not considered high-risk, they are associated with a company that has faced regulatory scrutiny.

With security conference RSA coming up next week, cybersecurity companies working with Nexway are faced with the question of what that association will mean during a major industry tradeshow and beyond.

“The case's effect on businesses employing Nexway's services at the RSA Conference will ultimately depend on perception. Businesses employing Nexway's services might find it more difficult to conduct business at the conference if the case is perceived as harming the company's reputation or representative of more widespread problems in the cybersecurity sector,” says Sharp. “The case might not have much of an effect, though, if it is viewed as an isolated incident or is not pertinent to the conference.”

It is possible customers will end their relationship with Nexway. “Any of Nexway’s customers who are themselves heavily regulated should probably look for a substitute company ASAP. In my experience, which involves all sorts of regulated industries, you do not want your company to be doing business with someone who the regulators think is tainted,” says Hack. “There are a lot of companies in the credit-card clearing business, so why choose one that is under a microscope because of bad past acts?”

How customers react to Nexway’s regulatory obligations remains to be seen, but if they begin to end their relationships with the company, it could impact Nexway’s overall business and the service its remaining customers receive, according to Hack. “You do not want to be the last one out the door. The quality of service that you are getting will decline as other customers jump ship,” he says.

Continued Scrutiny

Enterprises operate in a complex ecosystem with multiple supply chain partners. Regulatory compliance is vital within and beyond a company’s four walls. The FTC’s case against Nexway serves as a reminder of the importance of knowing your partners and your customers. “Companies should thoroughly investigate the payment processing service providers they use, including looking into their reputation, looking into any legal or regulatory activities, and looking over their rules and processes,” Sharp urges. “Companies that put a high priority on morality and legality, as well as transparency, in their interactions with clients and partners, are less likely to come under scrutiny from regulatory bodies like the FTC.”

Hack recommends implementing a KYC (know your customer) program to avoid dealing with partners involved in illegal activity. “Be very careful when the crooks are abusing consumers because you risk the wrath of the FTC or the CFPB [Consumer Financial Protection Bureau],” he cautions.

UPDATED 11:55 AM 4/20/2023 to include submitted statements from Nexway.

What to Read Next:

Training New Hires on Security: Strategies for Success

Microsoft Teams Up to Take Legal Action Against Cybercriminals

6 Ways Cybersecurity Can Boost Revenue