Oregon AG, agency announce settlement with mortgage payment processor ACI over unauthorized withdrawals
(Update: Adding settlement with state financial agencies)
SALEM, Ore. (KTVZ) – Oregon Attorney General Ellen Rosenblum joined 50 attorneys general Tuesday in announcing a $20 million settlement with payment processor ACI Worldwide. Oregon will receive approximately $200,000 from the settlement, which resolves a 2021 testing error that led to processing $2.3 billion in unauthorized mortgage payments.
Nationstar Mortgage, known publicly as Mr. Cooper, offered ACI’s Speedpay product to its customers so they could schedule and electronically pay their monthly mortgage payments through the Automated Clearing House system.
A test of their system led to unauthorized withdrawals from the accounts of hundreds of thousands of mortgage-holders. The error affected 4,888 consumer accounts in Oregon.
“Our investigation showed that significant defects in ACI’s privacy and data security procedures and technical infrastructure related to the Speedpay platform were responsible for this devastating incident. ACI must do better by putting a higher value on their customers’ data privacy,” said AG Rosenblum.
All affected consumers have been or will be fully restored through other means. Oregonians affected by ACI’s testing error may also wish to submit claim forms in connection with a class-action settlement and must do so by November 13, 2023. More information on the class action settlement is available at https://achloanpaymentlitigation.com/.
While ACI took corrective steps to minimize the impact of the testing error, in some cases consumers were not able to access the money at issue and were forced to incur overdraft or insufficient funds fees. In addition to the financial settlement with the states and territories, today’s settlement requires ACI to take steps to avoid any future incidents, including requiring ACI to use artificially created data rather than real consumer data when testing systems or software; and requiring ACI to segregate any testing or development work from its consumer payment systems.
--
DFR enters multistate settlement with ACI Payments Inc. for unauthorized transactions (Photo)
Oregon Dept. of Consumer & Business Services - 10/18/23 12:09 PM
Salem – The Oregon Division of Financial Regulation (DFR) joined 43 other state financial agencies in reaching a settlement with ACI Payments Inc. (ACI), for erroneously initiating electronic transactions totaling $2.3 billion from the accounts of 480,000 mortgage-holders nationwide.
State regulators levied $10 million in fines through a multistate enforcement action. In Oregon, there were over 13,000 erroneous ACH entries affecting nearly 5,000 accounts. The dollar value of transaction in Oregon alone was over $23 million. Additionally, 50 state attorneys general, including the Oregon Attorney General Ellen Rosenblum, levied an additional $10 million in fines to ACI, in coordination with state regulators.
Before the settlement, the erroneous charges were corrected by ACI.
ACI Payments, a subsidiary of ACI Worldwide Corp., is a state-regulated money transmission business licensed in Oregon and nearly all other U.S. states (Nationwide Mortgage Licensing System ID 936777). ACI acts as a vendor for mortgage servicing companies by processing borrowers’ mortgage payments through its Speedpay platform. State regulators determined that ACI erroneously used live customer data in a test of its Speedpay platform, causing unauthorized mortgage payments to be processed from customer accounts. State regulators commenced a multistate money transmission investigation reviewing all aspects of the event. The state regulators believe the error was due to defects in ACI’s privacy and data security procedures and technical infrastructure.
“DFR will use its enforcement authority against companies that fail to have sufficient data security and internal controls in place to protect Oregon consumers,” DFR Administrator TK Keen said. “This settlement demonstrates how state regulators and state attorneys general can work together to hold companies accountable, and to ensure consumers can confidently and securely pay their loans online without fear of unauthorized payments being made on their behalf.”
This enforcement action orders the following of ACI Payments Inc.:
- Risk and compliance programs – Maintain a comprehensive enterprise risk management program and a third-party risk management program tailored to the nature, size, complexity, and risk profile of ACI.
- Agreement monitoring – Regular reporting (for two years) to a state regulator monitoring committee to ensure both the adequacy of the risk management programs and compliance with the order.
- Administrative costs and penalties – Payment of $10 million in fines for administrative costs and penalties.
Here is the settlement agreement and order: https://tinyurl.com/5dcb6z3n.
###
About Oregon DFR: The Division of Financial Regulation is part of the Department of Consumer and Business Services, Oregon’s largest business regulatory and consumer protection agency. Visit dfr.oregon.gov and www.dcbs.oregon.gov.