Regulatory ISSUE NINE I MAY 2026 Litigation
ISSUE 9 | 3 REGULATORY OCC Issues Interim Final Actions to Preempt Illinois Interchange Fee Law On April 24, 2026, the Office of the Comptroller of the Currency (OCC) announced an interim final rule and an interim final order aimed at shielding national banks and federal savings associations from the Illinois Interchange Fee Prohibition Act (IFPA)—the first state law to prohibit interchange fees on the sales tax and gratuity portions of credit and debit card transactions—before its July 1, 2026 effective date. The interim final rule clarifies the longstanding powers under federal law for national banks to charge certain fees, regardless of whether those fees are set by the bank or a third party. The interim final order goes further, expressly concluding that federal law preempts the IFPA and that national banks and federal savings associations are “neither subject to nor required to comply” with the state law. The OCC characterized the IFPA as creating a “complex, potentially unworkable, and destabilizing standard” for national banks and the nation’s payment card systems, warning that the negative effects could be exacerbated if other states imposed similar standards. The agency emphasized that its actions do not affect the applicability of other federal laws governing payment card activities, including any future congressional action on interchange fees. The banking industry plaintiffs—including the American Bankers Association, Illinois Bankers Association, Illinois Credit Union League, and America’s Credit Unions—signaled their support, stating that the OCC’s actions “should also send a strong signal to other states to follow the law and not repeat Illinois’ mistake.” The groups also urged the National Credit Union Administration to issue similar protections for federal credit unions. Comments on the interim final rule and order are due 30 days after publication in the Federal Register. D.C. District Court Holds CFPB Cannot Decide to Not Fund Itself On December 30, 2025, Judge Amy Berman Jackson of the U.S. District Court for the District of Columbia held that her prior injunction of the Consumer Financial Protection Bureau (CFPB) prohibited it from failing to seek funding from the U.S. Federal Reserve under its own interpretation of its authorizing statute. Judge Jackson’s order follows a tortured procedural history. She first issued a preliminary injunction on March 28, 2025, which both she and the D.C. Circuit partially stayed pending appeal of her preliminary injunction. On the merits, the case remained on appeal. In the meantime, on November 10, 2025, the CFPB informed the court that it interpreted its own authorizing statute in a way that prevented it from seeking further funding; in short, it believed the law required it to close down. The plaintiffs disagreed and filed a motion for clarification, seeking a ruling that the CFPB’s interpretation violated the preliminary injunction, which primarily served to prevent the CFPB from closing entirely. Judge Jackson obliged, holding that the parts of her original injunction that survived appellate stays prevented the CFPB’s actions. Effectively, Judge Jackson’s order prevents the CFPB from closing by deciding not to ask for funding. The CFPB has not contested Judge Jackson’s ruling and sought funding via a letter dated January 9, 2026. The ruling means that what remains of the CFPB’s regulatory and enforcement work, diminished after more than a year of reductions in force, will continue for now. In briefing filed this spring, the CFPB laid out a restructuring plan to reduce its employees to just over 500. In the plan, the operations division and research monitoring and regulations division will be the largest. The enforcement division would be reduced to 50 persons, and supervision to 77 persons. These reductions indicate a fundamental change in the CFPB’s approach to examinations and enforcement actions. FTC Seeks Contempt Ruling Against Payment Processor for Violating Decade-Old Settlement The FTC has moved to hold payments company CardFlex (now known as Cliq) and two of its high-ranking executives in contempt for alleged violations of a stipulated injunction entered by the District of Nevada in 2015. The FTC’s motion seeks more than $50 million in compensatory relief for consumers, the appointment of a receiver, and a permanent ban of the executives from the payments processing business. The case originated in 2014, when the FTC alleged that CardFlex illegally processed more than $26 million in unauthorized consumer charges. Under the resulting stipulated injunction, the defendants agreed not to process payments for certain categories of merchants, not to facilitate evasion of credit card risk-monitoring programs, to screen high-risk clients, and to monitor clients’ transactional and sales activity. Now, more than 10 years later, the FTC alleges the defendants have processed hundreds of millions of dollars in payments for prohibited merchants on Mastercard’s MATCH list in direct contravention of the settlement. The defendants counter that the FTC seeks sanctions that would “effectively kill” the company for conduct tied to a “minute fraction” of its merchants and that they “substantially complied” with the prior agreement. The court heard argument on the FTC’s motion in April 2026 but has yet to issue a ruling. OCC Proposes Stablecoin Regulatory Framework On February 25, 2026, the OCC sought comment on proposed regulations that would govern stablecoin issuers, both dollar and foreign-currency denominated. The regulations seek to implement the GENIUS Act, passed in 2025, which created the first statutory framework for the regulation of stablecoins and their issuers. The OCC’s proposal creates a licensing regime for prospective issuers to file an application and obtain OCC approval before issuing stablecoins. Foreign stablecoin issuers would need to meet financial requirements in U.S. financial institutions, consent to jurisdiction for enforcement purposes, and demonstrate that they are subject to adequate regulation in their home country. Consistent with the GENIUS Act, the proposal would also transition state-chartered stablecoin issuers to OCC supervision if they have issued more than $10 billion in outstanding payment stablecoins. Importantly, the proposal would require stablecoin issuers to maintain reserves at fair market value equal to or greater than the outstanding issuance value of their coins. They would also
ISSUE 9 | 5 be required to maintain reserves largely in highly liquid assets such as U.S. currency, federally insured bank accounts, and short-term Treasuries. The proposal would allow some reserves to be held in tokens and seeks comment on how to implement that portion of the proposal. Credit Card Competition Act Gets Presidential Backing After several prior attempts stalled out in Congress, a bipartisan group of Senators has reintroduced the Credit Card Competition Act—this time with President Trump’s stamp of approval. The bill, which is also backed by merchants and consumer advocates, takes aim at so-called “swipe fees” by requiring each covered card issuer to enable at least two unaffiliated payment card networks on every credit card it issues, which supposedly increases competition and lowers consumer costs. In a late-night post on Truth Social, President Trump called on Congress to pass the legislation and “stop the out of control Swipe Fee ripoff.” Banks, credit unions, and payment network trade groups have come out strongly against the Credit Card Competition Act, claiming that it would “make credit card transactions less secure and … take away the credit card reward programs that make life more affordable for millions of Americans.” So far, the legislation has failed to gain the necessary traction to move toward congressional approval, but it remains a priority for both its supporters and opponents and is sure to be closely monitored in the weeks and months ahead. New York Considers Legislation to Criminalize Unlicensed Cryptocurrency Businesses With the support of Manhattan District Attorney Alvin Bragg, the State of New York is considering sweeping new legislation that takes aim at unlicensed virtual currency businesses operating in the state. Known as the Cryptocurrency Regulation Yields Protections, Trust, and Oversight (CRYPTO) Act, the law would impose criminal liability—including the possibility of a felony conviction and potential prison sentences—on any businesses that exchange, transmit, or trade cryptocurrency in the state without registering for a license. Already considered one of the most aggressive regulators of the cryptocurrency market, New York is showing no signs of slowing down on its oversight of the industry, and while the CRYPTO Act has not yet become law, it is certain to receive ongoing attention in the months to come. Crypto-Backed Loan Provider Penalized $500,000 by California DFPI On January 14, 2026, the California Department of Financial Protection & Innovation (DFPI) announced that Nexo Capital Inc., a crypto-backed lender, would pay $500,000 in penalties for alleged violations of the California Financing Law and California Consumer Financial Protection Law. The 13-page consent order resolves all of Nexo’s alleged violations, and Nexo neither admits nor denies the findings of the DFPI. According to the agency’s investigation, Nexo Capital operated its “Crypto Credit Lines” lending program for over four years without obtaining the requisite license. Under this program, borrowers provided cryptocurrency assets as collateral and received either crypto assets or fiat currency as loans. The DFPI, however, found that Nexo lacked basic underwriting policies—generally not evaluating borrowers’ credit history, debt, expenses, or documents for borrowers’ overall financial condition and ability make payments—to determine whether or not to make a loan. Instead, Nexo required borrowers to overcollateralize their loans, a practice common in crypto-backed lending. The DFPI determined that overcollateralization was not a substitute for evaluating a borrower’s ability to repay. In addition to the $500,000 fine, the consent order requires Nexo to notify all California consumers that their funds will be transferred to Nexo Financial LLC, an affiliate company that holds the necessary license. Thirty days after issuing the transfer notice, Nexo must transfer all consumer funds—including crypto assets pledged as collateral, crypto assets in consumer wallets, and fiat money in consumer accounts—to Nexo Financial. Online Payments System Settles Unfair and Deceptive Trade Practices Action with New Hampshire On December 22, 2025, New Hampshire Attorney General John M. Formella announced that his office reached a settlement with PayPal Inc. and PayPal Holdings Inc. resolving claims of unfair and deceptive trade practices in advertising, privacy disclosures, and consumer protection practices. The settlement requires PayPal to pay $1.75 million and implement significant injunctive relief measures affecting its popular e-payment platforms, PayPal and Venmo. New Hampshire claimed that PayPal violated consumer protections laws by (1) advertising that its “Purchase Protection” program would refund customers for goods or services that were not received in full, but then making it difficult for them to actually use this protection; (2) wrongfully placing holds on customers’ accounts, despite advertising that they could access funds at any time; and (3) inadequately disclosing the privacy of users’ financial information. Without any admission of wrongdoing, the settlement agreement includes comprehensive requirements for PayPal’s Purchase Protection program, including softening guarantees of refunds, providing clearer explanations for where Purchase Protection applies, and updating PayPal’s scam warning system. PayPal must also make additional disclosures to customers about their access to funds and restrictions to that access, and update its customer support apparatus to streamline the unfreezing of accounts, including by having “live, human customer support during dedicated hours.” PayPal also must better communicate how customers can change their privacy settings.
ISSUE 9 | 7 LITIGATION Seventh Circuit Vacates and Remands Illinois Interchange Fee Ruling Illinois Bankers Association v. Raoul, No. 1:24-cv-07307 (N.D. Ill. / 7th Cir.). On May 8, 2026, the Seventh Circuit vacated a district court ruling that had largely upheld the Illinois Interchange Fee Prohibition Act (IFPA) and remanded the case for further proceedings. The appeals court directed the Northern District of Illinois to evaluate the impact of the OCC’s interim final actions issued in April 2026, which concluded that federal law preempts the IFPA as applied to national banks and federal savings associations. The Seventh Circuit canceled oral arguments that had been scheduled for May 13, 2026, stating that “the district court should address these matters, and any related issues, before this court attempts to do so.” The remand follows the February 2026 summary judgment decision, which held that the IFPA’s interchange fee provision is not preempted by federal banking law because payment card networks—not issuing banks—set interchange rates. The district court had permanently enjoined the IFPA’s data usage limitation, finding it preempted as applied to national banks, federal savings associations, federal credit unions, and certain out-of-state banks because restricting the use of transaction-level data to payment processing conflicts with federal authority permitting those institutions to use that data for fraud prevention, rewards programs, and other finance-related activities. Banking and credit union trade groups then appealed the interchange fee ruling, while the Illinois attorney general cross-appealed the data usage injunction. After the appeal was filed, the OCC amended a rule to clarify that national banks may receive interchange fees through “intermediaries, partners, payment networks, interchanges, or other third parties,” and issued two interim final rules affirming banks’ authority to charge fees set by third parties and explicitly preempting the IFPA. It was these intervening regulatory actions that prompted the Seventh Circuit to vacate the district court’s ruling and return the case for reassessment against the changed regulatory backdrop. The IFPA remains scheduled to take effect on July 1, 2026. Class Action and Shareholder Derivative Lawsuits Against Payment Company Continue Gonsalves v. Block Inc., No. 5:25-cv-00642 (N.D. Cal.); In re Block Inc. Shareholder Derivative Litigation, No. 5:25-cv-01262 (N.D. Cal.). In January 2026, a California federal judge declined to dismiss both a securities class action and a shareholder derivative suit alleging that Block Inc. (the parent company of Square and Cash App), along with certain executives and directors—including Jack Dorsey—failed to properly oversee and disclose compliance deficiencies tied primarily to Cash App’s operations. The securities class action, which was filed in January 2025, alleges that Block’s representations that it maintained robust anti-money laundering and other compliance protocols and procedures were false and misleading because Block failed to implement basic due diligence and know your customer protocols. The judge ruled that the plaintiffs plausibly alleged that Block and its executives made materially misleading statements about Cash App’s compliance program and user metrics and that those misstatements caused investor losses when the truth was revealed. The derivative suit, which was filed in February 2025, claims that Block’s executives and board members breached their fiduciary duties to investors by concealing Block’s allegedly lax customer due diligence practices, leaving the company vulnerable to regulatory scrutiny and litigation. The court ruled that at this stage of the litigation, the investors have pleaded sufficient factual allegations to support their claims, particularly their claim for breach of fiduciary duty. Both cases have proceeded into discovery. Payment Processor Moves to Dismiss Lawsuit over Alleged Lax Security FiCare Federal Credit Union v. Fiserv Solutions LLC, No. 8:26-cv-00231 (M.D. Fla.). On January 27, 2026, FiCare Federal Credit Union filed a lawsuit against Fiserv alleging that the payment processor failed to adequately secure its Virtual Branch Next online‑banking platform, allowing hackers to take over customer accounts and steal hundreds of thousands of dollars. The complaint asserts that cyber intrusions began in 2024 and that FiCare reimbursed affected customers but was not reimbursed by Fiserv for the resulting losses. According to the suit, Fiserv’s systems lacked basic security controls and exposed sensitive customer information while the company allegedly charged FiCare additional fees for a security “upgrade” that should have been included under its existing contract. FiCare seeks monetary damages and recovery of lost funds and argues that Fiserv billed for cybersecurity protections it failed to provide. On April 24, 2026, Fiserv filed a motion to dismiss FiCare’s amended complaint with prejudice, arguing that it relies on rhetoric, media reports, and generalized “cybersecurity standards,” but fails to identify any contractual obligation requiring the specific security measures that FiCare now demands. The motion remains pending. Court Denies Cryptocurrency’s Bid to Halt Nevada Gaming Enforcement Coinbase Financial Markets Inc. v. Ford, No. 2:26-cv-00256 (D. Nev.). On February 7, 2026, a federal judge in Nevada denied Coinbase Financial Markets’ emergency motion to block Nevada’s regulators from enforcing the state’s gaming laws against Coinbase’s event contract trading platform. Coinbase’s federal lawsuit arose out of a state court enforcement action brought by the Nevada Gaming Control Board, alleging that Coinbase unlawfully offered “event-based contracts” that pay out based on the result of future events (e.g., sporting events or elections) to Nevada residents without obtaining required gaming licenses. Coinbase argues that its events contracts are derivatives subject to the exclusive jurisdiction of the Commodity Futures Trading Commission and that Nevada’s attempt to regulate them
ISSUE 9 | 9 is preempted by federal law. The court denied Coinbase’s motion for a temporary restraining order and preliminary injunction, ruling that the Younger abstention doctrine and the AntiInjunction Act precluded the relief sought, and dismissed the federal action without reaching the merits of the preemption arguments. The state court proceeding has continued, and on March 26, the state court issued a preliminary injunction barring Coinbase from offering its events contracts in Nevada. Other states, including New York, Wisconsin, and Illinois, have made similar moves. Federal Judge Dismisses Indictment Against Fintech Exec, Citing Double Jeopardy USA v. Khawaja, No. 1:21-cr-10250 (D. Mass.). On February 4, 2026, a Massachusetts federal judge dismissed criminal charges against former Allied Wallet executive Mohammed “Moe” Diab, ruling that the government is barred from retrying him after a mistrial was declared. Diab had been charged with conspiracy to commit bank and wire fraud based on allegations that Allied Wallet concealed high-risk merchants to secure bank approvals. During trial last fall, Judge William G. Young abruptly canceled two trial days, citing a family emergency, and later declared a mistrial by text without consulting the parties. Diab moved to dismiss, arguing he did not consent to the mistrial and retrial was barred without “manifest necessity.” Judge Allison D. Burroughs agreed, holding that the Double Jeopardy Clause prohibited a new trial because the parties were not heard and the court failed to consider alternatives such as a brief continuance or reassignment. Payment Processor and Sponsor Banks Sued by California Merchants over Alleged Fee Practices Red Granite Media LLC v. Paysafe Direct LLC, No. 2026-01542882 (Cal. Super. Ct., Orange Cnty.). Red Granite Media LLC and Tumbleweed Fortress LLC have filed a class action in California Superior Court against Paysafe Direct LLC and its sponsoring banks, PNC Bank and Citizens Bank. The plaintiffs are former merchants alleging that the defendants breached merchant payment processing agreements by charging both chargeback fees and Visa Rapid Dispute Resolution (RDR) fees for the same disputed transactions. The plaintiffs argue that RDR is intended to resolve certain cardholder disputes before they escalate into formal chargebacks, and merchants should not be assessed both fees for a single transaction. The plaintiffs contend that when both fees were imposed, the RDR fee was passed through to a third party while Paysafe retained the chargeback fee, allegedly creating an improper financial incentive. The plaintiffs claim the practice caused repeated account debits, overdraft fees, collection activity, credit damage, and in some cases, forced business closures. On April 14, 2026, Paysafe and the banks moved to compel arbitration based on arbitration clauses and class action waivers in the merchant agreements and filed a demurrer challenging the legal sufficiency of all claims. The court is scheduled to hear both motions in May 2026. Class Action Challenges Cashback Rewards Program McNichols v. Capital One Bank N.A., No. 1:26-cv-00145 (E.D. Va.). A nationwide class action alleges that Capital One’s “Capital One Offers” program routinely failed to deliver advertised cashback rewards. According to the complaint, Capital One promoted elevated cashback rates for purchases made through its online offers portal, representing that rewards would be issued within approximately 45 days. The plaintiff alleges that despite properly activating offers and making qualifying purchases, Capital One failed to credit the promised payouts. The plaintiff seeks relief for breach of contract, breach of the covenant of good faith and fair dealing, unjust enrichment, and violations of state consumer protection laws. Capital One moved to dismiss all claims, arguing that the plaintiff does not plausibly allege entitlement to any cash back because cash back is earned only after a “qualifying offer purchase,” which requires compliance with specific offer-level terms, including technical and transactional requirements. According to Capital One, without pleading compliance, the plaintiff cannot establish a contractual right to any payout. Overdraft Fee Class Action Challenges Bank’s Posting Practices Lamb v. Lamar Bank and Trust Company, No. 26B4-CV00011 (Mo. Cir. Ct.). A Missouri class action alleges that Lamar Bank and Trust Company improperly charged overdraft fees on debit card transactions that were authorized when sufficient funds were available but later settled when the customer’s account reflected a negative balance—socalled “authorize positive, settle negative” (APSN) transactions. The plaintiff alleges that despite placing a hold for the transaction amount at authorization, the bank later posts the transaction in a manner that triggers an overdraft fee at settlement. The complaint contends this “secret” posting process allows the bank to assess overdraft fees that customers could not reasonably anticipate or avoid, in breach of the bank’s account agreements and the implied covenant of good faith and fair dealing. Lamar Bank filed a partial motion to dismiss the implied covenant and unjust enrichment claims as duplicative of the breach of contract claim, arguing that Missouri law does not permit the covenant to create duties beyond the express contract and that unjust enrichment is unavailable when a valid contract governs. Bank Settles $240 Million Overdraft Fee Class Action Bickerstaff v. SunTrust Bank, No. 10EV010485 (State Court of Fulton Cnty., Ga.). In January 2026, Truist Financial agreed to pay up to $240 million to settle a class action involving overdraft fees, finally resolving litigation that began more than 15 years ago against its predecessor, SunTrust Bank. Truist has not admitted any wrongdoing in entering the settlement agreement to resolve these allegations. The settlement stemmed from allegations that overdraft fees constituted interest under Georgia law and therefore violated state usury limits. After the Georgia Supreme Court ruled
ISSUE 9 | 11 against Truist on class certification issues and the U.S. Supreme Court declined review, the bank moved to finalize the settlement. Under the terms of the settlement, class members may receive a cash payment based on the amount they paid in overdraft fees. The final approval hearing for the settlement is scheduled for May 26, 2026. Bank Inks $425 Million Deal over Low Interest Rates In re Capital One 360 Savings Account Interest Rate Litigation, No. 1:24-md-03111 (E.D. Va.). On April 20, 2026, Judge David J. Novak of the Eastern District of Virginia approved a revised settlement agreement between Capital One N.A., Capital One Financial Corporation, and a class of accountholders over claims that the bank deceptively advertised its 360 Savings accounts. The new deal more than doubles the value of an earlier proposed settlement that Judge Novak refused to approve in November 2025 after state attorneys general, led by New York Attorney General Letitia James, filed amicus briefing opposing the deal. The accountholders alleged that Capital One “cheated” 360 Savings account holders out of interest payments by creating a newer, higher-interest savings account—the 360 Performance Savings account—and then concealing that the new account would earn higher interest than the original. The state attorneys general filed separate suits alleging that Capital One used bait-and-switch tactics by marketing the 360 Savings account as the bank’s flagship highinterest savings product paying one of the best available rates. Under the revised settlement, Capital One will provide $425 million in restitution and, critically, will match the interest rates for its 360 Savings accounts to those of its 360 Performance Savings accounts. Judge Novak valued the new deal at approximately $1 billion when accounting for both the settlement fund and the updated interest rates. The initial proposal, offered in May 2025, would have provided $425 million total, but Judge Novak found it failed to provide “meaningful relief” to the three-quarters of the class who still maintain 360 Savings accounts. The revised settlement effectively eliminates the two-tiered account system and provides approximately $530 million to consumers nationwide in future additional interest. Fintech Firm Faces Class Action over Home Equity Investment Product Greenidge v. Hometap Equity Partners LLC, No. 3:26-cv-01431 (D.N.J.). A New Jersey federal court is considering a class action brought by homeowners alleging that Hometap Equity Partners’ home equity investment product is, in substance, a high-cost mortgage loan that violates federal and state consumer lending laws. The plaintiffs contend that although Hometap markets the product as an “option purchase agreement” and expressly disclaims that it is a loan, the transaction involves an upfront cash advance secured by a mortgage on the borrower’s primary residence, followed by a required lump-sum payment within a fixed term tied to the home’s value. According to the complaint, Hometap’s insistence that the product is neither a loan nor a reverse mortgage allows it to avoid providing the consumer protections typically required for regulated mortgage products. The complaint asserts claims under the Truth in Lending Act and several New Jersey statutes, alleging that Hometap failed to provide required disclosures, imposed mandatory arbitration provisions prohibited for residential mortgages, and originated mortgage loans without required state licensing or ability-to-repay determinations. The plaintiffs seek to represent a nationwide class of homeowners who entered into Hometap’s option purchase agreements within the limitations period, as well as several New Jersey–specific subclasses. For relief, the plaintiffs seek rescission or voiding of the agreements, monetary damages, and injunctive relief barring enforcement of the contracts. Buy Now, Pay Later Lender Sued over Military Lending Act Violations Beverly v. WebBank, No. 2:25-cv-01142 (D. Utah). An active-duty U.S. Navy servicemember filed a class action against WebBank, alleging that the bank violated the Military Lending Act (MLA) through “buy now, pay later” loans offered through the Zip platform. The complaint alleges that WebBank originated short-term installment loans branded as Zip “Pay in 4” and “Pay in 8” transactions and imposed finance charges that resulted in annualized rates exceeding the MLA’s 36% cap that applies to covered servicemembers. The plaintiff further alleges that the loans failed to include required MLA disclosures, improperly required automated repayment access to borrowers’ bank accounts, and contained class-action and jury-trial waiver provisions prohibited by the statute. The plaintiff seeks to represent a nationwide class of active-duty servicemembers and their dependents. On March 13, 2026, the parties notified the court that they had reached a settlement agreement in principle resolving the plaintiff’s claims and anticipate filing a stipulation of dismissal in the near future. UK Tribunal Rules Against Interchange Fee Pass-On Defense Merchant Interchange Fee Umbrella Proceedings, 1517/11/7/22 (UM). The UK Competition Appeal Tribunal (CAT) ruled that Mastercard and Visa failed to prove that merchant-retailers had passed on unlawful multilateral interchange fees (MIFs) to consumers, allowing the retailers’ class actions for damages to proceed. The ruling is the latest development in the Merchant Umbrella Proceedings, which consolidated cases brought by thousands of United Kingdom and Irish merchants challenging Mastercard’s and Visa’s MIFs. In June 2025, the CAT determined that the MIFs constituted an unlawful restriction of competition in violation of Article 101(1) of the Treaty on the Functioning of the European Union (TFEU) and concluded that Mastercard and Visa are liable for damages. In assessing damages, Mastercard and Visa invoked the pass-on defense, arguing that the merchants mitigated losses by passing fees on to customers through higher prices. The CAT found that Mastercard and Visa failed to prove the necessary direct causative link for all but three of the merchant-retailers, opening the door for the merchants to recover the complete amount of the alleged MIF overcharge without any reduction for pass-on.
ISSUE 9 | 13 Trial 3, set to begin in October 2027, will determine whether the Article 101(3) TFEU exemption for pro-competitive practices applies. Remaining issues, including potential violations of Article 102 TFEU and Section 18 of the Competition Act 1998, will be tried in a trial that has yet to be scheduled. Federal Court Approves Settlement in Consumer Debt Collection Class Action Chapman v. TD Bank N.A., No. 3:24-cv-00536 (S.D. W. Va.). T.D. Bank agreed to pay $2,575,000 to settle a consumer class action alleging that it violated West Virginia law by using a name other than T.D. Bank N.A. to collect consumer debts on T.D. Bank–issued store credit cards. The plaintiff asserted a claim under the West Virginia Consumer Credit and Protection Act (WVCCPA), alleging that T.D. Bank’s use of the name “T.D. Retail Card Services” on debt collection letters constituted a fraudulent or deceptive means of collecting a consumer debt. After exchanging informal individual and class discovery and one mediation session, the parties reached an agreement. Under its terms, T.D. Bank would establish a fund to pay settlement payments to class members, attorneys’ fees and expenses, and an incentive award to the class representative. The court noted that given that the class consisted of approximately 4,536 West Virginia consumers, the recovery to class members was “significant” relative to the maximum potential statutory recovery per class member of $1,000 per WVCCPA violation. The class settlement agreement received final approval by the district court on February 23, 2026. BaaS Provider Faces Class Action for Payment Card Information Data Breach Financial Horizons Credit Union v. Evolve Bank & Trust, No. 4:26-cv-00206 (E.D. Ark.). Nevada-based credit union Financial Horizons Credit Union filed a class action complaint against Evolve Bank & Trust on behalf of itself and other financial institutions for alleged damages resulting from a data breach of payment card data that Evolve had processed and stored. According to the complaint, although Evolve publicly acknowledged on July 1, 2024 that its systems were compromised in a ransomware attack that exposed consumer information between February and May 2024, hackers had access to this information from November 2021 to May 2024. Financial Horizons is suing Evolve for negligence, unjust enrichment, and negligence per se based on violations of Section 5 of the FTC Act. The complaint alleges that Evolve failed to implement certain data security measures, including strong encryption for stored cardholder data, multi-factor authentication for sensitive system access, continuous logging and intrusion detection, and routine data-retention purges. Financial Horizons claims that as a result of the breach, it and other financial institutions suffered significant financial harm, including costs to cancel and reissue compromised payment cards, expenses for increased customer service and fraud detection and monitoring, and lost interest and transaction fees due to reduced card usage. Class Action Alleges Payment Processor Charged Hidden and Unauthorized Fees Valley Healthcare LLC v. OpenEdge Payments LLC, No. 1:26-cv-00827 (N.D. Ga.). In February 2026, a family-owned pharmacy operator filed a class action against Global Payments and its affiliated entities in the Northern District of Georgia, alleging that the company routinely overbilled merchants through undisclosed fees and unauthorized rate hikes. According to the complaint, Global Payments attracted merchants with a seemingly transparent “Merchant Application” that set out clear, flat pricing terms, but after merchants entered agreements and invested in required equipment, Global Payments allegedly raised existing fees and added new undisclosed charges without merchant approval. The lawsuit further alleged that Global Payments intentionally structured its billing statements to obscure unauthorized charges by combining them with legitimate processing costs, making it difficult for smaller merchants to detect overcharges. Fees were also allegedly withdrawn directly from merchants’ bank accounts before billing statements were received. Although the plaintiff voluntarily dismissed the action without prejudice the next month, the complaint underscores broader concerns about transparency in the payment processing industry, where card processing fees represent the fourthhighest expense for most merchants. Class Action Challenges Auto Lender’s Pay-to-Pay Fees as Illegal Under Pennsylvania Law Young v. Santander Consumer USA Inc., No. GD-26-002211 (Pa. Ct. Com. Pl., Allegheny Cnty.). In February 2026, a Pennsylvania borrower filed a class action against Santander Consumer USA in the Allegheny County Court of Common Pleas, alleging that the auto lender unlawfully charged “pay-to-pay” fees in violation of Pennsylvania consumer credit and debt collection laws. The complaint alleges that Santander routinely assessed payment processing fees despite statutory provisions prohibiting such charges. The plaintiff alleges that after financing a used 2016 Nissan Frontier through Santander in 2022, he was charged a $3.28 fee each time he made a monthly payment through Santander’s mobile app. The complaint further asserts that the fee was not authorized by the loan agreement and was barred by Pennsylvania’s Consumer Credit Code, which sets forth an exclusive list of permissible charges for motor vehicle installment contracts and does not include payment processing fees. As always, the class action plaintiffs’ bar is keeping financial services companies and other business defendants busy in 2026. There has been no downturn in the alphabet soup of class actions that financial institutions are used to seeing, from TILA to FCRA to FACTA to the FDCPA. And class actions under the Telephone Consumer Protection Act and California trap and trace law are continuing to be filed at an increasing rate, with attorneys seeking quick hits under punitive statutes. But the bread and butter for sophisticated plaintiffs’ attorneys remain state consumer protection and deceptive trade practices cases, focusing on purported misrepresentations, hidden fees, and other alleged fraud claims that pervade across industry. With the proliferation of AI, we can only expect the number of cases to increase. Smaller plaintiff shops now have access to tools allowing them to discover new theories of recovery and to handle a much higher volume of cases than they were previously able to.
ISSUE 9 | 15 The lawsuit further alleges that Santander’s practices violated 18 Pa. C.S. § 7311, which prohibits the collection of any amounts not expressly authorized by contract or law, and contends that Santander imposed the fees pursuant to a uniform policy despite knowing they were impermissible. The plaintiff asserts claims under Pennsylvania’s consumer protection and usury statutes, seeking unjust enrichment, damages, restitution, attorneys’ fees, and injunctive relief. Class Action Targets Fintech over $85 Million in Missing Customer Funds Felton v. Synapse Brokerage LLC, No. 2:26-cv-02385 (C.D. Cal.). In March 2026, a class action was filed in the Central District of California against Synapse Financial Technologies, its subsidiary Synapse Brokerage, and three current or former executives, alleging that misconduct and mismanagement of customer funds left more than 100,000 users unable to access approximately $85 million in deposits. The lawsuit followed the dismissal of Synapse’s Chapter 11 bankruptcy case in November 2025 after the trustee concluded that the estate was administratively insolvent. The complaint alleged that Synapse operated as a banking-as-a-service (BaaS) intermediary connecting fintech companies with FDIC-insured banks. Beginning in 2022, significant discrepancies allegedly arose between Synapse’s internal ledgers and the balances reported by partner banks, with Synapse’s records reflecting substantially more customer funds than the banks acknowledged. Despite knowledge of these discrepancies, Synapse allegedly expanded operations and continued onboarding customers. The complaint also asserted claims against senior executives, alleging that leadership approved the opening of new customer accounts without proper authorization, failed to maintain books and records, directed commingling of customer deposits with operational funds, and extracted personal loans as the company approached insolvency. On April 15, 2026, the action was removed to the Western District of Pennsylvania under the Class Action Fairness Act. The lawsuit highlights ongoing concerns with the BaaS model, particularly the risks posed when fintech platforms rely on intermediaries to manage customer funds. Class Action Filed Against Blockchain Lender After Data Breach Patschull v. Figure Lending Corp., No. 3:26-cv-00181 (W.D.N.C.). In March 2026, a class action was filed against Figure Lending Corp. and its affiliate in the Western District of North Carolina following a January 2026 data breach that allegedly exposed the personal and financial information of approximately 1 million borrowers and loan applicants. The complaint alleged that Figure failed to implement reasonable data security safeguards, enabling unauthorized access to highly sensitive customer data. According to the lawsuit, the breach occurred on January 28, 2026 after a Figure employee was deceived through a social-engineering attack. The compromised data purportedly included names, Social Security numbers, dates of birth, contact information, loan account numbers, and detailed loan information. After Figure declined to pay a ransom, the hackers allegedly released approximately 2.5 gigabytes of customer data on the dark web. The complaint asserted that the breach resulted from multiple security failures, including inadequate encryption, insufficient employee training, and reliance on a single sign-on system. The plaintiff asserted claims for negligence, breach of implied contract, unjust enrichment, and violations of Section 5 of the FTC Act. The case underscores the cybersecurity risks facing fintech companies that store large volumes of sensitive consumer information. Second Circuit Finds Gas Stations and Payment-Facilitator Sellers Are Bound by Swipe-Fee Settlement Old Jericho Enterprise Inc. v. Visa Inc., No. 24-2678 (2nd Cir.); In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, Nos. 24-1653, 24-1808 (2nd Cir.). On May 4, 2026, the Second Circuit affirmed orders from the Eastern District of New York enforcing the 2019 $5.6 billion Rule 23(b)(3) damages settlement against a class of gasoline retailers and a group of merchants that process card payments through Square, holding that both sets of merchants are members of the settlement class and that their separate state-law antitrust damages claims are released. The court rejected arguments that class membership must turn on identifying the “direct payor” of interchange, explaining instead that the settlement’s class definition hinges on who “accepted” cards and that the district court did not clearly err in concluding the settling parties intended to include gas-station operators themselves. Consistent with that framework, the court likewise refused to “second-guess” the district court’s finding that the settling parties intended to include Square’s merchant customers, rather than Square, in the settlement class. The court instead affirmed that Square’s merchant-customers are the appropriate class members and noted the many bases for the district court’s decision, including that extrinsic evidence—including Square’s merchant agreements, network rules distinguishing payment facilitators from “merchants,” and the realities of point-of-sale acceptance—showed that the sellers, not the payment facilitator, “accepted” cards. As a result, the Second Circuit held that “[b]ased on this record, the district court’s findings as to the settling parties’ intent regarding which entities should be deemed part of the settlement class were not clearly erroneous.”
ISSUE 9 | 17 Kelley Connolly Barnaby Partner +1 202 239 3687 kelley.barnaby@alston.com Milly Bartolome Senior Associate +1 404 881 7253 milly.bartolome@alston.com Ryan Martin-Patterson Senior Associate +1 202 239 3038 ryan.martin-patterson@alston.com John Evan Laughter Associate +1 404 881 7354 johnevan.laughter@alston.com Contributing Authors Alexandra S. Peurach Partner +1 404 881 7974 alex.peurach@alston.com Christopher Kelleher Senior Associate +1 404 881 7435 chris.kelleher@alston.com Kaylan Meaza Senior Associate +1 404 881 7412 kaylan.meaza@alston.com Learn more about the Payments & Fintech Litigation Team
Atlanta | Brussels | Century City | Charlotte | Chicago | Dallas | London | Los Angeles | New York | Raleigh | San Francisco | Silicon Valley | Washington, D.C.
www.alston.comRkJQdWJsaXNoZXIy MzI4MjIwNg==