Payments Docket-July 2025

• Regulatory/Enforcement ISSUE SEVEN I JULY 2025 • Litigation

ISSUE 7 | 3 REGULATORY/ENFORCEMENT Federal Regulatory Activity Justice Department Disbands National Cryptocurrency Enforcement Team On April 7, 2025, in a memorandum authored by Deputy Attorney General Todd Blanche, the U.S. Department of Justice (DOJ) disbanded the National Cryptocurrency Enforcement Team (NCET) and instructed the Market Integrity and Major Frauds Unit to cease enforcement of cryptocurrency-related fraud. The DOJ established NCET in February 2022 to address challenges and prosecute the criminal misuse of cryptocurrencies and other digital assets. The DOJ memorandum also instructed prosecutors not to charge violations of the Securities Act of 1933 or the Exchange Act of 1934 if the charge would require litigation of whether a cryptocurrency or digital asset was a “security” and when an alternative charge, like mail or wire fraud, is available. Finally, the DOJ memorandum instructed prosecutors to close ongoing investigations consistent with the instructions in the memorandum. The memorandum will significantly ratchet down DOJ enforcement of cryptocurrency-related fraud, which was a large focus of the prior Administration following the bankruptcy of FTX, among other cryptocurrency-related incidents. FDIC Will Seek to Eradicate Its Use of Reputational Risk in Supervision On March 24, 2025, Travis Hill, the acting chairman of the Federal Deposit Insurance Corporation (FDIC) told the U.S. House of Representatives Committee on Financial Services Subcommittee on Oversight and Investigations that the FDIC should not use “reputational risk” as a basis for supervisory criticism of regulated financial entities. Hill also stated that he believes the FDIC should “focus more on core financial risks and less on process, administration, and documentation.” Consistent with that approach, Hill further stated that the FDIC is working to create pathways for regulated financial entities to engage in digital asset and blockchain activities without violating the FDIC’s safety and soundness principles. These new regulatory initiatives could ease partnerships between traditional FDIC-regulated banks and fintechs engaged in digital-asset-related businesses, which had previously been looked on skeptically by the FDIC and other regulators. Senate and House Back Nullification of CFPB Overdraft Rule On May 9, 2025, President Donald Trump signed into law a bill overturning a rule promulgated by the Consumer Financial Protection Bureau (CFPB) that sought to limit overdraft fees at certain large banks to $5. The Senate had previously voted to overturn the rule largely along party lines, with only Sen. Josh Hawley (R-Mo) crossing the aisle. The rule, which the CFPB adopted in December 2024, had drawn widespread condemnation from banks and credit card companies, and the American Bankers Association had sued to block the rule. Banking industry groups argued that the rule deprived low-income consumers of a key source of emergency credit. CFPB Indicates It May Rescind Buy Now, Pay Later Rule The CFPB announced on March 26, 2025 that it was rescinding its prior interpretation of Regulation Z that sought to regulate buy now, pay later programs as if they were credit cards. The prior interpretation, issued in May 2024, would have required the operators of buy now, pay later programs to investigate when consumers disputed a transaction, issue refunds when consumers return a product or cancel a service, and provide billing statements similar to those provided by credit cards. A trade group, consisting of several of the largest buy now, pay later companies, sued the CFPB in October 2024.That suit was dismissed by agreement of the parties on June 2, 2025. Credit Card Company Settles with DOJ over Sales Practices A major credit card company entered into a civil settlement with the DOJ and a nonprosecution agreement (NPA) with the U.S. Attorney’s Office for the Eastern District of New York, agreeing to pay total fines and settlement payments of $230 million to avoid parallel civil and criminal actions involving the company’s telemarketing sales practices from 2014 to 2021. The settlement agreement and NPA allege that the company marketed certain products to small- and medium-sized businesses as a way to generate tax savings, including through purportedly tax-deductible wiring fees. However, the tax advice proved inaccurate because the wiring fees were not ordinary or necessary business expenses, according to the DOJ and EDNY. Company employees also entered “dummy” employer identification numbers for customers on tax forms. Following an internal investigation, the company fired approximately 200 employees and discontinued the products. The settlement and NPA include a criminal fine of $78 million, a forfeiture of $61 million, and a civil settlement of $109 million. D.C. Circuit Continues Halt on CFPB Downsizing On April 28, 2025, a panel of the D.C. Circuit lifted its partial stay on a district court’s preliminary injunction, preventing the CFPB from moving forward with a reduction in force that would likely involve the termination of more than 90% of the CFPB’s current employees. The preliminary injunction was entered to permit an analysis of whether the CFPB could continue fulfilling its statutorily required functions without 90% of its workforce. Judge Naomi Rao dissented, largely on separation of powers grounds, writing that the district court effectively set up a “temporary judicial receivership of the CFPB.”

ISSUE 7 | 5 State Regulatory Activity Massachusetts Partially Adopts Model Money Transmission Modernization Act On January 2, 2025, Massachusetts Governor Maura Healey signed legislation based on the Model Money Transmission Modernization Act (MMTMA), a set of nationwide standards for the supervision and regulation of money transmitters created by industry experts and approved by the Conference of State Bank Supervisors. Massachusetts joins a list of 30 states that have enacted similar reforms, largely in response to the widespread use of peer-to-peer payment applications like Venmo, PayPal, and Cash App. The new law, which takes effect January 1, 2026, broadens the scope of state regulatory coverage and applies to any entity that provides transfers of money between individuals or entities within the United States, subject to certain exemptions. The act defines “money transmission”as: (1) the sale or issuance of payment instruments to a person in Massachusetts; (2) the sale or issuance of stored value to a person in Massachusetts; or (3) the receipt of money for transmission from a person in Massachusetts. Differing from the MMTMA, the Massachusetts law will regulate only “transactions engaged in by a person for personal, family or household purposes,” while the MMTMA applies to both consumer and commercial transactions. Like some other partially adopting states, Massachusetts also declined to expressly cover “payroll processing services,” a term included in the MMTMA. However, it did not expressly exempt payroll services, as is the case in other states, such as California. The state’s Division of Banks has indicated that omitting that term from the law may by default subject payroll services to regulation unless payroll processing transactions are more broadly deemed commercial by state regulators. Anticipating CFPB Void, California Looks to Expand Powers of DFPI In response to a perceived shift in priorities at the federal Consumer Financial Protection Bureau (CFPB) following the change in administration, California legislators have introduced a bill that would expand the reach of the state’s Department of Financial Protection and Innovation (DFPI). The legislation, Senate Bill 825, incorporates many recommendations of outgoing CFPB officials under the Biden Administration who advised states to bolster their arsenals of consumer protection laws. The proposals in the bill include broadening the scope of regulated practices to include activities such as debt collection, doing away with current requirements that the DFPI consult with the CFPB before taking enforcement action, and increasing regulation of “abusive” practices in addition to practices that are “unfair and deceptive.” Currently, licensed entities are technically exempt from many provisions of the California Consumer Financial Protection Law (CCFPL) when acting within the scope of their license, and it has been unclear whether the DFPI could overcome these exemptions to bring enforcement actions. If passed, SB 825 would definitively state that these companies are liable for CCFPL misconduct—regardless of licensing status. New York Legislature Considers AG’s Bill to Bolster Consumer Protection On March 13, 2025, the Fostering Affordability and Integrity Through Reasonable Business Practices (FAIR) Act was introduced in the New York state legislature, aiming to revamp the Empire State’s consumer protection laws. The bill, which was promoted by New York Attorney General Letitia James, parallels similar measures in other states to ramp up consumer protection enforcement in response to the perceived reduction in financial services regulation by the Trump Administration. James has also stated that the bill is meant to address practices related to high-cost loans, subscription cancellations, student loan repayment, junk fees, automotive sales, obscure pricing information, and debt collection. In an attempt to keep up with modern financial products and practices, the FAIR Act would broaden the scope of current state law to regulate not only “deceptive” business practices but also those that are “unfair” and “abusive” as well. The bill would also overturn previous judicial rulings that limited regulations to practices that were “consumer-oriented,” had a “public impact,” or were part of a “broader pattern of conduct,” and would instead extend the reach of regulation to business practices regardless of those considerations. The legislation also proposes increased damages for private rights of action, as well as civil penalties for violations. These penalties increase for practices targeting “vulnerable persons,” defined to include those younger than 18 or older than 65 years old, active-duty military and veterans, people with physical or mental impairments, and persons who are not proficient in English. Notably, the FAIR Act also specifically authorizes class action lawsuits.

ISSUE 7 | 7 LITIGATION Federal Regulator Litigation The Consumer Financial Protection Bureau (CFPB) has abandoned a series of Biden-era enforcement actions involving payments issues. And the agency has now dropped more than a dozen enforcement cases, representing a significant retreat from the aggressive enforcement posture adopted under the previous Administration. This enforcement retreat follows CFPB Chief Legal Officer Mark Paoletta’s internal memo outlining a broad shift away from policing nonbanks toward focusing on “actual fraud” rather than perceived consumer choice issues. CFPB Withdraws from Enforcement Suit Against International Money Transfer Company Consumer Financial Protection Bureau v. MoneyGram International Inc., No. 1:22-cv-03256 (S.D.N.Y.). The CFPB moved on April 7, to withdraw from an enforcement suit against a major international money transfer company, which would leave the New York attorney general (NY AG) as the only remaining plaintiff. In the suit, which was originally filed in August 2022, the CFPB and NY AG allege that the company held up customer funds and violated certain compliance requirements found in CFPB rules and New York state law by incorrectly telling users their transfers could face deductions due to fees and taxes that did not apply. The suit was stayed for almost 18 months, until May 2024, while the Supreme Court considered a constitutional challenge to the CFPB’s funding method. The suit is one of many the CFPB is seeking to withdraw from, following new enforcement priorities under Acting Director Russell Vought. The international money transfer company settled with the NY AG on June 16, 2025, agreeing to a $250,000 fine. CFPB Dismisses Biden-Era Enforcement Action over Distribution of Government Benefit Payments Consumer Financial Protection Bureau v. Comerica Bank, No. 3:24-cv-03054 (N.D. Tex.). On April 11, the CFPB dismissed without prejudice a lawsuit against Comerica Bank in Texas federal court alleging that Comerica mismanaged the Direct Express government benefit card program, which distributes billions of dollars in federal government benefit payments to 3.4 million cardholders annually. The dismissal came one day after the court issued an order to show cause why the CFPB had failed to respond to Comerica’s motion to dismiss. After the CFPB’s request for a stay was denied, the CFPB amended its complaint—merely dropping five of its 13 causes of action—to buy itself more time. After Comerica filed another motion to dismiss, this time for the CFPB’s amended complaint, the CFPB simply failed to respond. CFPB Dismisses Biden-Era Enforcement Action over Alleged Deceptive and Abusive Credit Card Program Consumer Financial Protection Bureau v. Reliant Holdings Inc., et al., No. 2:24-cv-01301 (W.D. Pa.). On April 23, the CFPB voluntarily dismissed with prejudice its Pennsylvania federal court action against Reliant Holdings Inc. and CEO Robert Kane. The suit accused the defendants of operating a membership credit card program that deceptively and abusively took in tens of millions of dollars in consumer fees. CFPB Abandons Defense of Digital Wallet Fee Disclosure Rule PayPal Inc. v. Consumer Financial Protection Bureau, et al., No. 24-5146 (D.C. Cir.). The CFPB has abandoned its D.C. Circuit appeal defending a rule that subjected digital wallets like Venmo to the same fee disclosure requirements as traditional prepaid cards. In a brief joint stipulation, the CFPB and PayPal Inc. voluntarily dismissed the appeal with prejudice. The dismissal ends the agency’s effort to overturn a March 2024 federal court decision that struck down the disclosure requirements for digital wallets. The dispute centered on the CFPB’s prepaid rule, which extended consumer protections to digital wallets. PayPal challenged a provision requiring these wallets to display the same “short form” fee disclosures as prepaid debit cards, arguing the format was “fundamentally ill-suited” for digital products and confused customers by forcing disclosure of often-inapplicable fees. The district court had ruled in PayPal’s favor, finding that digital wallets are “different in kind” from regular prepaid cards. The court found that the CFPB’s justification for the rule was based on the idea that digital wallets might charge fees in the future but that the business model of digital wallets relies on merchant fees rather than consumer fees. The CFPB had initially appealed, arguing that digital wallets and prepaid cards held the same basic function and thus warranted similar consumer protections. But now the CFPB’s decision to abandon the appeal leaves the lower court’s ruling intact, effectively exempting digital wallets from the prepaid card disclosure requirements that the CFPB previously had sought to impose. Federal Court Vacates CFPB’s $8 Credit Card Late Fee Rule U.S. Chamber of Commerce, et al. v. Consumer Financial Protection Bureau, et al., No. 4:24-cv00213 (N.D. Tex.). A Texas federal judge vacated the CFPB’s $8 credit card late fee rule on April 15 after the agency reached a settlement with the U.S. Chamber of Commerce and other trade groups challenging the regulation. The rule would have capped most credit card late fees at $8, down from an average of more than $30. The court vacated the rule “for failure to allow card issuers to ‘charge penalty fees reasonable and proportional to violations,’ in violation of the Credit Card Accountability and Disclosure Act … and the Administrative Procedure Act.” And as part of the parties’ settlement, the CFPB admitted that it violated federal law. The CARD

ISSUE 7 | 9 Act requires that penalty fees be “reasonable and proportional” to the underlying violation. And the CFPB agreed in a joint motion that it “violated the CARD ACT by failing to allow card issuers to ‘charge penalty fees reasonable and proportional to violations.’” Cryptocurrency Exchange Pays $504 Million in Money Laundering Settlement U.S. v. Aux Cayes Fintech Co., No. 1:25-cr-00069 (S.D.N.Y.). A common complaint by the federal government against cryptocurrency exchanges is that they allow suspicious transactions that could be money laundering because they fail to implement proper know-your-customer, or KYC, procedures. A typical end result is a plea to the charge of operating an unlicensed money transmitting business combined with a hefty forfeiture and fine. Federal prosecutors came after cryptocurrency exchange OKX, alleging that it had facilitated over $5 billion in suspicious transactions by allowing users to bypass anti-money laundering controls. Specifically, they alleged the exchange knowingly circumvented U.S. regulations for over seven years. Despite maintaining an official ban on U.S. customers, the exchange allowed U.S. traders to access the platform using VPNs and failed to implement proper KYC procedures until 2023. The exchange pleaded guilty to one count of operating an unlicensed money transmitting business and agreed to pay $504 million ($420 in forfeiture and $84 in fine). OKX also faces a proposed class action in California federal court alleging the platform enabled money laundering of stolen cryptocurrency. New York AG in Removal Battle with Fintech Companies over Alleged CFPA Violations New York v. MoneyLion Inc., et al., No. 1:25-cv-04093 (S.D.N.Y.). New York v. DailyPay Inc., No. 1:25-cv-03439 (S.D.N.Y.). DailyPay LLC v. James, No. 1:25-cv-02849 (S.D.N.Y.). As state attorneys general pick up the slack left by a less-aggressive CFPB, they find themselves fighting to stay out of federal court. In April, the New York attorney general sued two fintech companies over their earned wage access products. The NY AG alleges that both companies’ products are disguised payday loans that violate state usury laws with predatory interest rates exceeding 350%. Consequently, the NY AG alleges these companies have violated the Consumer Financial Protection Act (a federal statute under the CFPB’s purview), so as a result, they have violated New York’s Executive Law (a New York statute), which authorizes injunctive relief against a business engaging in repeated and persistent illegal conduct through its business in the state of New York. Based on the allegations that they have violated the CFPA, both companies have removed their cases to federal court. And in the week before the NY AG sued, DailyPay brought a separate suit for declaratory judgment that it had not violated the CFPA. In all three cases, the fintech companies argue that the claims at issue turn on a substantial question of federal law—namely, whether the CFPA has actually been violated—resulting in federal subject-matter jurisdiction. The NY AG has opposed. In a brief filed in one of the DailyPay actions, the NY AG argues that because the claims are brought under state law, even though they implicate federal law, there is no actual question of federal law. The NY AG goes on to argue that there is no legal dispute over the meaning of the CFPA’s prohibitions, their scope or meaning, or the CFPA’s application to DailyPay, so DailyPay has not identified any disputed issue of federal law, even though DailyPay specifically notes in its notice of removal that no federal or state court has ruled on whether any earned wage access provider violates the CFPA by offering an earned wage access product. Federal District Court Dismisses Bank Shareholder Lawsuit over FDIC Standing AP-Fonden v. DePaolo, et al., No. 1:23-cv-01921 (E.D.N.Y.). A federal judge in the Eastern District of New York dismissed a shareholder class action against Signature Bank’s former directors and auditor KPMG, ruling that shareholders lack standing to sue because the FDIC, as the bank’s receiver, holds the stockholders’rights to sue. In the litigation, the FDIC moved to dismiss on the ground that the Financial Institutions Reform, Recovery, and Enforcement Act’s (FIRREA) succession clause transfers all stockholder rights of a failed bank to the FDIC as conservator or receiver. And the court agreed. It found that only the FDIC can bring the claims at issue, but that shareholders are still able to recover because the FDIC would distribute any amounts recovered to satisfy the bank’s outstanding obligations to shareholders. In its ruling, the court acknowledged a circuit split over whether courts should apply FIRREA’s succession clause as written or by differentiating between direct and derivative claims, but ultimately followed the plain language of the statutory text. SEC Files Suit for Securities Fraud Arising from Payment Processing Platform Securities and Exchange Commission v. Jordan-Jones, No. 1:25-cv-04297 (S.D.N.Y.). In May 2025, the Securities and Exchange Commission (SEC) filed a civil suit against an individual for allegedly violating federal securities laws related to a payment processing platform. According to the complaint, the defendant made multiple material misrepresentations to a venture capital firm to induce the firm to invest $500,000 in the defendant’s startup company. Among other things, the defendant allegedly misrepresented that his company was launching a blockchain-based point-of-sale and payment-processing platform called Zeo. The SEC alleges that, instead of using the funds to launch Zeo, the defendant used the funds to pay personal expenses, including “payments to a luxury car dealership, department

ISSUE 7 | 11 stores, luxury clothing and accessory brands, and to purchase art.”The SEC seeks to enjoin the defendant, disgorge the defendant’s profits, recover civil penalties, and bar the defendant from acting as an officer or director of any public company under the Exchange Act. State Regulator Litigation Bank Appeals Decision Allowing NY AG’s Lawsuit to Proceed The People of the State of New York v. Citibank N.A., No. 1:24-cv-00659 (S.D.N.Y.). In January 2025, a federal judge granted in part and denied in part Citibank’s motion to dismiss a lawsuit filed by New York’s attorney general accusing Citibank of failing to protect and reimburse customers who have lost money to online wire fraud. Specifically, New York’s lawsuit alleges that Citibank has improperly denied reimbursement and failed to comply with other Electronic Fund Transfer Act (EFTA) protections when customers reported scammers infiltrating their online accounts and wiring out their funds. According to the bank, wire transfers are carved out from the EFTA under a long-standing exemption in the statute and are instead governed by the Uniform Commercial Code, which has less strict fraud reimbursement rules. The court disagreed, ruling that this exemption cited by Citibank is aimed at bank-to-bank transfers, so it “does not preclude EFTA liability for a fraudulent payment order resulting in a debit from a consumer account in connection with a wire transfer.” While the federal judge allowed claims tied to the EFTA to proceed, it did narrow or throw out the state’s other claims, which focused largely on the bank’s online security protocols. In February 2025, Citibank asked the New York federal judge for permission to appeal his decision, stating that wire transfers are exempt from the EFTA, and that the court’s decision would “force tremendous changes” for financial institutions, which will have to reexamine “even whether to offer consumer wire-transfer services going forward.” Mobile Service Enters Consent Orders over Alleged Violations of Bank Secrecy Act and Anti-Money Laundering Laws In January 2025, Block entered into a settlement agreement and consent order with 48 state financial regulators for alleged violations of the Bank Secrecy Act (BSA) and antimoney laundering (AML) laws, which are a set of regulations designed to prevent financial institutions from being used to launder money, finance terrorism, and engage in other illicit activities. State regulators in Arkansas, California, Florida, Maine, Massachusetts, Texas, and Washington led the multistate enforcement effort. Block agreed to pay an $80 million fine to the state agencies, hire an independent consultant to review the comprehensiveness and effectiveness of its BSA/AML program, and submit a report to the states within nine months. Block then will have 12 months to correct any deficiencies found in the review after the report is filed. In April 2025, Block agreed to pay a $40 million civil monetary fine as part of an agreement to resolve claims brought by the New York State Department of Financial Services. New York claimed that Block’s Cash App payments tool was not satisfying state requirements for antimoney laundering, bank secrecy, and know-your-customer compliance programs. In addition to the monetary penalty, the settlement requires Block to hire an independent monitor to ensure the company“builds a successful and effective compliance program capable of identifying and preventing illicit activity, protecting the integrity of New York’s financial system.” General Litigation Court Denies Bank’s Motion to Dismiss Despite Issuing Refund Wirtes v. MountainOne Bank, No. 2484CV01577-BLS1 (Mass. Sup. Ct.). In June 2024, a plaintiff filed a putative class action challenging MountainOne Bank’s assessment of a type of non-sufficient funds (NSF) fee. The plaintiff alleges that MountainOne charged the fee each time a merchant or the merchant’s bank resubmitted a request for payment on a single transaction from an overdrawn account. MountainOne moved to dismiss the complaint on the basis that, in pertinent part, the plaintiff lacked standing as a named plaintiff to pursue the class action because MountainOne refunded her account all charged NSF fees. In January 2025, a state court judge in Massachusetts denied MountainOne’s motion to dismiss, holding that MountainOne’s apparent attempt to “pick off” the main plaintiff by refunding the fees that are the basis for the complaint does not defeat standing in a putative class action. The judge stated that the bank’s unsolicited decision to refund the plaintiff’s more than $12,000 in fees after being put on notice of her intent to sue does not resolve the plaintiff’s requests for declaratory and injunctive relief over the bank’s policy, given that the bank still “expressly denies liability.” Bankruptcy Spawns Class Action and FOIA Litigation Espinola v. Evolve Bank & Trust, et al., No. 1:25-cv-00075 (D. Colo.). Mikula v. Board of Governors of the Federal Reserve System, No. 1:25-cv-01198 (D.D.C.). In January 2025, a plaintiff filed a putative class action complaint against multiple banks that partnered with Synapse over the loss of $85 million on the heels of Synapse’s April 2024 bankruptcy, which resulted in frozen funds for over 200,000 accounts. The plaintiff accused these banks of negligence, theft, and breach of contract over purported losses allegedly affecting roughly 100,000 fintech platform users whose funds had been deposited at those banks via the now-bankrupt intermediary Synapse Financial. The plaintiff claimed that she saw her money deposited at Evolve Bank & Trust after signing up for an account for the fintech company Juno go from $34,000 to $0 after Synapse’s collapse and Evolve’s reconciliation. She seeks to represent a class of all those who were denied access to funds Synapse had deposited with one of the defendant partner banks since the company’s April 2024 Chapter 11 filing.

ISSUE 7 | 13 In April 2025, a plaintiff filed a complaint for declaratory and injunctive relief to compel the Governors of the Federal Reserve System (FRB) to comply with the plaintiff’s Freedom of Information Act (FOIA) request for documents pertaining to the Synapse’s bankruptcy and the related freezing of funds. The complaint alleges that given the “Synapse bankruptcy’s ripple effects, which are felt to this day, the public has a significant interest in knowing what FRB knew about Synapse’s financial problems; when it learned of them; whether FRB took any action to prevent Synapse’s bankruptcy; and if so, what those actions were.” Class Action Complaint Filed over Additional Payment Processing Fees Galloso Inc. v. 5967 Ventures LLC, No. 2:25-cv-11096 (E.D. Mich.). In April 2025, two merchants filed suit against 5967 Ventures LLC, d/b/a Humboldt Merchant Services (HMS) and BMO Bank for allegedly charging additional fees in connection with their payment processing services. According to the complaint, the merchants applied for merchant accounts with HMS and BMO and entered into an agreement that permitted HMS and BMO to charge certain fees. However, HMS and BMO allegedly assessed additional “(Manual) ETF – VIRP Closure” fees against the merchants’ reserves that were held by HMS and BMO, purportedly “consuming the entirety of the merchant’s reserves in most if not all cases.” The merchants assert that “[n]o such fee is communicated in the Fee Disclosure.” The merchants bring claims for breach of contract and unjust enrichment, and they seek to represent a nationwide class. HMS and BMO have not yet responded to the complaint. Securities Class Action Brought over AML Protocols Gonsalves v. Block Inc., et al., No. 3:25-cv-00642 (N.D. Cal). On January 17, 2025, a shareholder of Block Inc. filed suit in California federal court alleging Block failed to implement basic anti-money laundering protocols to prevent criminals from using its payment platforms, Square and Cash App, for illegal activity. The proposed class action complaint alleges that Block failed to implement basic due diligence and KYC protocols while also failing to report suspicious transactions to regulatory authorities. The proposed class alleges violations of the Securities Exchange Act and seeks compensatory damages and litigation costs and attorneys’ fees. This lawsuit against Block comes on the heels of a CFPB consent order in January 2025 requiring Block to pay $175 million for alleged consumer protection violations related to Cash App, as well as an $80 million settlement between Block and state banking regulators in January 2025 related to allegations of antimoney laundering compliance failures involving Cash App. Block’s executives and directors are also facing derivative claims brought by other shareholders in California federal court alleging similar misconduct. Customer Suit Alleges Bank Fell Short on Fraud Kazemier v. Wells Fargo Bank NA, et al., No. 3:25-cv-00727 (S.D. Cal.). On March 28, 2025, consumers brought a proposed class action against Wells Fargo in California federal court alleging the bank failed to adequately investigate and reimburse customers who fell victim to unauthorized wire transfers. The complaint alleges that Wells Fargo failed to implement reasonable security measures and verification procedures despite being aware that its customers were losing money through fraudulent wire transfers. The proposed class includes Wells Fargo customers within the United States who notified Wells Fargo of an unauthorized wire transfer from their account within 60 days of the transfer and were not fully reimbursed. The complaint asserts claims for violations of the Uniform Commercial Code, California state law, and the EFTA—which imposes requirements on banks addressing disputed and unauthorized payments. Wells Fargo compelled arbitration of similar claims brought last June in the Eastern District of Pennsylvania by a similar proposed class of plaintiffs. In May 2025, Wells Fargo settled the proposed class action before it was due to respond to the operative complaint. Consumers Allege Mobile App’s User Terms Impermissibly Silence Consumer Speech Mora v. Block Inc., No. CGC-25-623356 (San Francisco Cty. Super. Ct.). Several plaintiffs have filed a proposed class action in California state court against Block Inc. on behalf of California consumers who visited or completed transactions using Block’s Cash App product. The plaintiffs allege that Block violated California Civil Code Section 1670.8 by purportedly including terms of service in the Cash App product that bar users from publicly making any “objectionable” or “harmful” statements about the company or its partners or products. According to the plaintiffs, Block’s user terms for Cash App seek to force plaintiffs and the proposed class to waive their right as consumers to make statements about the company and its products and therefore impermissibly silence consumer speech under California law. After the lawsuit was originally filed in Los Angeles County in December 2023, Block removed the action to federal court. In March 2024, the federal court remanded the case back to the Los Angeles County state court, and on January 14, 2025, the case was transferred to a state court in San Francisco County, where it currently remains pending. Class Certification Denied in Ponzi Scheme Case In re Telexfree Securities Litigation, No. 4:14-md-02566 (D. Mass). On April 8, 2025, a proposed class of investors lost their bid for class certification in a multidistrict litigation brought against multiple financial institutions involving TelexFree, a billion-dollar Ponzi and pyramid scheme that operated from 2012 to April 2014. TelexFree held itself out as a mid-level marketing company and generated revenue by selling packages

ISSUE 7 | 15 of Voice over Internet Protocol calling plans to “promoters,” who paid membership fees in exchange for purported commissions. The fraud scheme involved 2 million people worldwide, and the victims of the scheme lost a collective $3 billion. After TelexFree went bankrupt and underwent investigation by the DOJ and SEC, investors brought claims against several financial institutions, alleging the banks continued to service TelexFree accounts after being made aware that the Brazilian government had shut down the scheme and that the SEC had launched its investigation into TelexFree. According to the investors, the financial institutions allowed millions in ill-gotten gains to be transferred out of TelexFree bank accounts in the United States. The Massachusetts federal court denied class certification, finding several individualized factual and legal issues would overwhelm common questions at every stage of adjudication, including determinations of which state’s law should be applied and which investors were, in fact, damaged. Bank Seeks Dismissal of Class Action Brought by Former Inmates Who Were Charged Fees on Their Prepaid Debit Cards Rutherford v. Central Bank of Kansas City, No. 3:24-cv-05299 (W.D. Wash.). On April 11, 2025, Central Bank of Kansas City brought a motion in Washington federal court seeking to dismiss a class action brought by former inmates and detainees who allege they were charged illegal fees on prepaid debit cards issued to them after being released from jail. The plaintiff alleges that cash was confiscated from him during his arrest, and when he was released from jail, he received his confiscated funds on a prepaid debit card issued by Central Bank of Kansas City. The plaintiff alleges that he was then charged a series of fees when he tried to access his funds despite never agreeing to pay those fees. The lawsuit accuses the bank of violating CFPB regulations and the EFTA by engaging in a pattern of unlawful, deceptive, unfair, and unconscionable profiteering. Earlier this year, the court certified a class of all persons in the United States who, at any time between April 17, 2023 and September 29, 2024, were taken into custody at a jail, correctional facility, detainment center, or any other law enforcement facility, entitled to the return of money either confiscated from them or remaining in their inmate accounts when released, and issued a prepaid debit card from Central Bank of Kansas City that was subject to fees, charges, and restrictions. Central Bank of Kansas City argued the lawsuit should be dismissed because the plaintiff signed four written receipts, indicating that he requested the return of his funds on the prepaid debit card. The bank also contends the case should be dismissed because it disclosed the fees to the plaintiff in a cardholder agreement when he received his card. Cash Advance Company Agrees to Pay $17 Million to Settle Charges Brought by FTC FTC v. Cleo AI Inc., No. 1:25-cv-02594 (S.D.N.Y.). On March 27, 2025, cash advance company Cleo AI agreed to pay $17 million to settle charges brought by the Federal Trade Commission (FTC) alleging the company deceived consumers about how much money they could get and how fast that money could be available. The FTC alleged that Cleo’s ads promised consumers (1) access to hundreds of dollars in cash advances, but almost no one received close to those advertised amounts; and (2) access to same-day or instant advances, but subscribers had to pay an additional fee for this service. The FTC also alleged Cleo made it difficult for consumers to cancel their subscriptions. The settlement prohibits Cleo from misleading consumers about its advances, including the amount of money available to a consumer and the fees that the consumer would be charged. The settlement also requires Cleo to clearly and conspicuously disclose the terms of any subscription, provide a simple way for consumers to cancel, and obtain the consumers’ express, informed consent before charging them for a subscription. Fight for Buy Now, Pay Later Market Share Reaches Federal Court Sezzle Inc. v. Shopify Inc., No. 0:25-cv-02395 (D. Minn.). On June 9, 2025, Sezzle, a buy now, pay later (BNPL) provider, sued Shopify for allegedly engaging in monopolistic and anticompetitive practices by limiting competition for BNPL options on its platform. Sezzle alleges that the Canadian e-commerce platform improperly wielded its market share to favor its own BNPL service for merchants, Shop Pay Installments, which allegedly crowded out competitors. The lawsuit claims that Shopify used its power to “force” merchants into contracts that penalized them by charging a small fee for using thirdparty, non-Shopify BNPL providers. The lawsuit further alleges that Shopify violated the Sherman Act and Minnesota antitrust law by manipulating consumers’ checkout process to make it more difficult to select competitor BNPLs. Specifically, the complaint states that even if consumers selected Sezzle upon checkout, Shopify would redirect them to a form not associated with Sezzle, allowing it to “intercept” consumers and have them pay through Shop Pay Installments instead. According to the complaint, within three years of introducing Shop Pay Installments, it was processing 75% of all BNPL transactions for Shopify merchants. The complaint also states that before Shopify launched its own BNPL, Sezzle transactions had grown 1,200% over a twoyear period. Since that time, however, Sezzle claims its business has been cut in half. Sezzle is seeking an injunction to block Shopify from continuing this allegedly anticompetitive conduct, as well as asking for damages and attorneys’ fees.

ISSUE 7 | 17 Outrage over Outage Leads to Lawsuits Ferrell v. Capital One N.A., No. 1:25-cv-00091 (E.D. Va.). Zepeda v. Capital One Financial Corp., No. 1:25-cv-00114 (E.D. Va.). Wild Fundraising LLC v. Capital One, National Association, No. 2:25-cv-00135 (E.D. La.). For three days in January 2025, Capital One’s third-party vendor experienced an outage that allegedly left thousands of banking customers unable to access their accounts, process payments, and receive direct deposits. As a result of that vendor’s outage, multiple lawsuits were filed against Capital One. In Ferrell and Zepeda, which have been consolidated, Capital One customers assert claims for breach of contract, negligence, conversion, unjust enrichment, and violations of California’s Consumers Legal Remedies Act and Unfair Competition Law, and they seek to represent nationwide and California classes of individuals who held a Capital One account and were denied access to their accounts or funds. Capital One originally moved to dismiss the Ferrell complaint and argued that the plaintiff lacked Article III standing, that his claims were moot because Capital One had already sought to redress any alleged injuries, and that his claims failed on the merits. In response, the plaintiffs in Ferrell and Zepeda filed a consolidated amended complaint, which Capital One moved to dismiss for lack of subject-matter jurisdiction; the court granted Capital One’s motion to dismiss. Separately, in Wild Fundraising, a small business customer of Capital One alleged that it was unable to access its funds to pay its employees. The plaintiff brought claims for breach of contract, negligence, and unjust enrichment, and it sought to represent a nationwide class of persons and entities with small business accounts that were unable to access their funds. On March 24, 2025, Capital One moved to dismiss the complaint for many of the same reasons as in Ferrell. Before the court could rule on Capital One’s motion to dismiss, the parties filed a joint motion to dismiss with prejudice on April 28, 2025, which was granted the following day. Payment Companies Accused of Misusing Coupon Browser Extensions to Divert Affiliate Marketing Commissions from Online Influencers In re Capital One Financial Corporation, Affiliate Marketing Litigation, No. 1:25-cv-00023 (E.D. Va.). A sweeping class action consolidated in the Eastern District of Virginia accuses Capital One Financial Corporation of misusing a popular browser extension to divert affiliate marketing commissions from online “content creators.” According to the newly filed complaint, Capital One markets a Capital One Shopping browser extension to online shoppers that purports to test and apply available discount, promotional, and coupon codes to items already in consumers’online shopping carts. In reality, however, Capital One is alleged to use its browser extension to replace “affiliate links”—unique promotional codes used by online content creators to drive business to certain retailers in exchange for commission payments—and insert Capital One’s own unique tracking codes in their place, even though the consumers used the creators’ specific affiliate links, not Capital One’s, to visit the retailers’ websites and make purchases. As a result, the plaintiffs claim that Capital One wrongly diverted affiliate marketing commissions away from the content creators and retained those funds for itself. For its part, Capital One accuses the content creators of wrongly claiming credit for consumers’ independent purchasing decisions, including their decision to use the Capital One Shopping browser extension to search for available discount codes. In a recent motion to dismiss, Capital One claims that the plaintiffs lack standing to bring their lawsuit because they failed to identify “a single sale where they claim they earned a commission but did not receive one, or a single commission that Capital One purportedly ‘diverted.’” Capital One also argues that, even if the plaintiffs were properly before the court, their claims would fail anyway because the consumer-protection statutes under which their claims are brought do not apply to competitors in the affiliate marketing commission industry. On June 2, 2025, the court partially granted Capital One’s motion to dismiss; Capital One must still face the plaintiffs’ claims for unjust enrichment, interference with prospective economic advantage, intentional interference with contractual relations, and computer abuse under the Federal Computer Fraud and Abuse Act. Additionally, between Capital One’s motion to dismiss and the court’s order, over 20 individual plaintiffs voluntarily dismissed themselves from the case. On June 16, 2025, Capital One answered the complaint, and the case is now proceeding to discovery. In the interim, similar lawsuits against other companies providing coupon browser extensions have begun to surface across the country, accusing them of likewise diverting commissions away from online content creators. Consumers Allege that Bank Misused “Cash Sweep” Program to Deprive Account Holders of Significant Interest Payments Dehner v. PNC Financial Services Group Inc., et al., No. 2:25-cv-00127 (W.D. Pa.). PNC Bank was on the receiving end of a class action complaint accusing the bank of failing to uphold its fiduciary and contractual obligations to its account holders. The complaint alleges that PNC Bank’s “cash sweep” accounts—accounts that automatically transfer unused cash deposits to an interest-bearing investment account—wrongly “swept” account holders’ unused cash into PNC-affiliated investment accounts that paid far less than the prevailing market interest rates. The consumers allege that they were deprived of the opportunity to earn additional interest payments, while other banks were sweeping cash into independent, unaffiliated banks that paid substantially higher interest rates on swept cash. The putative class action, which seeks damages exceeding $5 million, has brought claims against PNC Bank for breach of fiduciary duty, breach of contract, breach of the implied covenant of good faith and fair dealing, and unjust enrichment. In February 2025, the Dehner case was consolidated with several other consumer class actions against PNC Bank alleging similar claims arising out of the “cash sweep” program. To date, PNC Bank has not yet formally responded to the allegations in the consolidated class action complaints.

ISSUE 7 | 19 Interchange Fee Litigation Court Denies Reconsideration Bid by Cardholders in Credit Card Litigation Palladino v. JPMorgan Chase & Co., No. 1:23-cv-01215 (E.D.N.Y.). The court overseeing the interchange fee litigation denied certain cardholders’ request to revive their related lawsuit against Visa, Mastercard, and various member banks for allegedly conspiring to fix the interchange fees they charged. The California cardholders brought suit back in December 2022 and asserted claims for violation of California’s Cartwright Act (California’s antitrust statute) and California’s Unfair Competition Law, but the court dismissed their claims for failure to state a claim in December 2024. Most relevant for the motion for reconsideration, the court held that the cardholders did “not sufficiently allege ‘that they participated in the relevant market where anticompetitive behavior occurred,’ therefore failing California’s ‘market participant rule.’” Specifically, although Visa and Mastercard allegedly “establish[ed] the interchange amounts that card-issuing member banks must charge in the‘General Purpose Card Network Services market,’”the cardholders“participate[d] in the markets for ‘Merchant Acceptance of General Purpose Credit Cards’ and ‘Merchant Acceptance of Debit Cards.’”In denying the cardholders’motion for reconsideration, the court reasoned that they did “not identify any facts or controlling law that the Court overlooked.” The court separately rejected certain jurisdictional arguments by the cardholders and their request for leave to amend. Big-Box Retailers Settle Opt-Out Litigation in Credit Card Litigation Target Corp. v. Visa Inc., No. 1:13-cv-03477 (S.D.N.Y.). In January 2025, Staples settled its interchange fee claims against Visa and Mastercard, which was followed by Target settling its own claims in March. Staples, Target, and other merchants opted out of the interchange fee class action settlement back in 2013 and pursued their own claims against Visa and Mastercard. The settlement amounts were not disclosed. The settlements come just a few months before a scheduled trial date in October. Parties Reach New Settlement in Credit Card Litigation Capp Inc. v. Discover Financial Services, No. 1:23-cv-04676 (N.D. Ill.). Lemmo’s Pizzeria LLC v. Discover Financial Services, No. 1:23-cv-14250 (N.D. Ill.). Support Animal Holdings LLC v. Discover Financial Services, No. 1:23-cv-15297 (N.D. Ill.). In these lawsuits, the plaintiffs allege that, beginning in 2007, Discover classified certain consumer credit cards as commercial credit cards, which caused merchants to incur higher interchange fees. In October 2024, the court preliminarily approved a class action settlement, but the plaintiffs came back to the court in January to request preliminary approval of a modified class action settlement that allegedly “represents an even better result for the Settlement Class.” According to the plaintiffs’ motion, the original settlement estimated the alleged overcharges for each merchant identification number (MID) during 2007–2015, which was due to the absence of MID-level transaction data for those years. But Discover was able to identify the data for that time period, and the parties reached a new settlement based on the newly discovered data. The new settlement includes the new data for those years, which has led to an “increase to the total funds available,” and it includes a provision whereby MIDs that would have received more under the original methodology will still receive payments based on that methodology. In addition, the new settlement includes a higher minimum total class payout of $540 million (up from $500 million) and a simplified claim form, among other things. Credit Card Settles with 1,800+ Merchants in United Kingdom Merchant Interchange Fees Umbrella Proceedings, No. 1517/11/7/22 (U.K. Competition Appeal Tribunal). In addition to the sprawling interchange fee litigation in the United States, Visa and Mastercard also face similar litigation in the United Kingdom’s Competition Appeal Tribunal. Mastercard settled with a group of almost 2,000 merchants last year, and Visa reached a similar deal for an undisclosed sum in April. Visa’s settlement comes on the heels of a trial on the issue of liability in which the court has not yet issued a ruling. Although Visa was able to settle with more than 1,800 merchants, there are other merchants in the litigation, and their claims will continue.

ISSUE 7 | 21 Kelley Connolly Barnaby Partner +1 202 239 3687 kelley.barnaby@alston.com Christopher Riley Partner +1 404 881 4790 chris.riley@alston.com Ryan Martin-Patterson Senior Associate +1 202 239 3038 ryan.martin-patterson@alston.com Andrew Roberts Senior Associate +1 404 881 7268 andrew.roberts@alston.com Christopher Kelleher Associate +1 404 881 7435 chris.kelleher@alston.com Contributing Authors Alexandra S. Peurach Partner +1 404 881 7974 alex.peurach@alston.com Sam Bragg Senior Associate +1 214 922 3437 sam.bragg@alston.com Kaylan Meaza Senior Associate +1 404 881 7412 kaylan.meaza@alston.com Blake M. Simon Senior Associate +1 404 881 7760 blake.simon@alston.com Learn more about the Payments & Fintech Litigation Team

RkJQdWJsaXNoZXIy Njk5MDg5