The Federal Trade Commission has fined Paddle $5 million over charges that the UK-based payment processor facilitated access to the U.S. credit card system for fraudulent foreign tech support operations. These schemes allegedly defrauded U.S. consumers out of millions of dollars.
The FTC alleges that Paddle used its position as “merchant of record” and a purported “reseller” to process credit card payments on behalf of unrelated third-party entities, obscuring their identities from card networks and banks.
According to the FTC, Paddle enabled pop-up-based tech support scams that used fake virus alerts—sometimes using brands like Microsoft or McAfee—to trick consumers into purchasing unnecessary software or services. Paddle was also charged with processing recurring subscription payments without clearly disclosing renewal terms or obtaining informed consent. The complaint further noted that the company continued processing payments even after clear warning signs about its clients’ fraudulent activities.
A Shift in Responsibility
In previous cases of online fraud, payment processors were often viewed as neutral third-parties. Having a processor identified as a responsible party in preventing this type of risk could have ramifications for the entire industry.
“We are now seeing a shift in accountability in preventing fraudulent transactions, in the name of protecting consumers from this kind of deceptive activity,” said Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research. “Not only are we seeing a payout to affected victims of Paddle’s practices, but we are also seeing a requirement and, hopefully, strict enforcement of much more robust transaction and risk monitoring as well as required reporting of suspicious activity.”
The fine will go toward recouping losses for some of the fraud victims. Going forward, Paddle is required to obtain consumers’ explicit consent for subscriptions and provide a simple cancellation process. The company is also permanently banned from processing payments for tech support businesses that use telemarketing or using pop-up security alerts.
“I’m cautiously optimistic that this is a good sign of more consumer protections to come,” said Sando. “We have a serious problem with fraud and scams affecting U.S. consumers, and we need more action like this to significantly reduce suspicious activity.”
Downplaying the Charges
For its part, Paddle downplayed the charges, emphasizing that only a small fraction of its client base was invovled in illegal activity. The company also noted that the final FTC charges involved just two of its telemarketing clients.
“Paddle serves over 6,000 digital product companies, whose innovative technology collectively brings incredible value to consumers all around the world,” Paddle CEO Jimmy Fitzgerald said in a statement. “And whilst we believe that almost all digital product companies are ‘forces for good,’ it is sadly a reality that there are some bad faith actors out there.”
