Keith Barnett and Carlin McCrory examine the recent $5 million settlement between the Federal Trade Commission and Paddle.com, a UK-based payment processor.
In this episode of Payments Pros, hosts Keith Barnett and Carlin McCrory examine the recent $5 million settlement between the Federal Trade Commission (FTC) and Paddle.com, a UK-based payment processor. The discussion centers on the FTC's allegations against Paddle for violating the Restore Online Shoppers' Confidence Act (ROSCA) and the Telemarketing Sales Rule (TSR). Paddle's practice of aggregating merchant transactions under its own name led to significant compliance issues with card network rules and masked chargeback levels and disputes. The settlement imposes strict prohibitions on Paddle, including barring it from processing payments for tech support merchants and requiring enhanced client screening and monitoring.
Keith and Carlin highlight the critical need for businesses to comply with card network rules. The FTC held Paddle responsible as the merchant of record for the noncompliant negative option billing practices of the merchants whose transactions it processed. The hosts stress the FTC's ongoing vigilance in the payments industry and urge companies to ensure adherence to all regulatory standards.
Payments Pros – The Payments Law Podcast — Paddle's Payment Predicament: Unpacking FTC's Compliance Crackdown
Hosts: Keith Barnett and Carlin McCrory
Aired: September 2, 2025
Keith Barnett:
Welcome to another episode of Payments Pros, a Troutman Pepper Locke Podcast, focusing on the highly regulated and ever-evolving payment processing industry. This podcast features insights from members of our FinTech and payments practice, as well as guest commentary from business leaders and regulatory experts in the payments industry. My name is Keith Barnett and I’m one of the hosts of the podcast.
Before we jump into today's episode, let me remind you to visit and subscribe to our blog, TroutmanFinancialServices.com. And don't forget to check out our other podcasts on troutman.com/podcasts. We have episodes that focus on trends that drive enforcement activity, digital assets, consumer financial services, and more. Make sure to subscribe to hear the latest episodes.
Today, I'm joined by my co-host, Carlin McCrory, to discuss the recent $5 million settlement agreement between the Federal Trade Commission and Paddle.com. Carlin, I'm just going to kick this over to you. What is Paddle and why are we talking about it today?
Carlin McCrory:
Yes, thanks, Keith. So, Paddle is a UK-based payment processor/PayFac that settled with the FTC for $5 million, arising out of allegations that Paddle violated the FTC at ROSCA and the telemarketing sales rule. Paddle is also banned from processing payments for tech support telemarketers. So ultimately, some background here. Paddle operates as a PayFac in the card industry.
According to the complaint, Paddle contracts with acquirers, other paybacks and merchants in order to process payments. In doing so, Paddle processed in aggregation and cardholder payments for many unaffiliated merchants and distributed the proceeds minus its processing fee to those merchants who sold the products or services. So, instead of onboarding and running these payments individually for each specific merchant, Paddle aggregated all of the merchant processing under Paddle's name and ran it through other PayFacs
So, under the proposed settlement, Paddle is going to be required to do a few different things. First, it's going to permanently be prohibited from processing payments for those tech support merchants. It'll be prohibited from assisting deceptive merchants, engaging in any tactic to avoid fraud or risk monitoring programs established by banks or other card networks. Paddle will also be required to implement effective client screening and monitoring and providing periodic reporting about merchant clients transactions to Paddle's payment service providers. And then lastly, Paddle will be required to clearly and conspicuously disclose the terms of any subscription that it processes and ensure that it gets consumers express informed consent to the subscription and provide consumers with a simple way to cancel and prevent recurring charges.
Ultimately, there are five categories of issues that the FTC complain addressed that caught our attention. They're allegations concerning Paddle's non-compliance with card network rules, Paddle’s merchant services contracts, Paddle’s responses to warnings that received about specific merchants, Paddle’s non-compliance with acquirer or PayFac rules, and then a merchant's use of negative options in its agreement with consumers.
So, Keith, let's start talking about some of those.
Keith Barnett:
Thanks, Carlin. Yes, let's start off by talking about the compliance or alleged lack of compliance with the card network rules. According to the complaint, Paddle had never been registered or approved by an acquirer or the card networks to operate as a PayFac, and for a PayFac to onboard and process for merchants that the card networks considered to be high risks such as the ones that Paddle was allegedly processing payments for like outbound telemarketers or merchants in industries with traditionally high levels of refunds and chargeback rates.
The card networks require the PayFacs to register with both the networks and the acquirers as a high-risk PayFac. One of the things that the FTC complaint pointed out, as I just said, was that Paddle never registered as a high-risk PayFac. So, even though it’s not against any federal or state law to not register as a PayFac, be it regular PayFac or high-risk PayFac, the FTC found that that was important enough to add to the complaint.
The other thing that the FTC stated in its complaint was that Paddle acted as a sub-merchant for other PayFacs, and according to the MasterCard rules, a PayFac may not be a sub-merchant of another PayFac, nor may a PayFac be a PayFac for another PayFac. So, those are pulled straight from the MasterCard rules. So, once again, this is an example of the FTC alleging in its complaint, a violation of card network rules in connection with its complaint.
Also, the card network rules require PayFac to contract only with a sponsored merchant located in the same country as the acquirer. According to the complaint, Paddle contracted with a merchant that was not located in the same country as the acquirer on at least one occasion. And another thing that the complaint alleged was violation of card rules, it was inadequate onboarding due diligence and inadequate ongoing due diligence under the card rules. The complaint alleged that that Paddle was deficient with respect to KYC verification, including but not limited to screening and monitoring websites and products of the potential merchants that they would onboard.
The bottom line here is that the FTC alleged that these failures to comply with the card network rules were significant because the failures significantly impeded the card's networks ability and also the acquirer's ability to detect bad conduct, such as consumer fraud by merchants. Among other problems, according to the complaint, such arrangements of placing multiple layers between the merchant and the acquirer, prevented the card networks and the acquirers from identifying high chargeback and refund rates and complaints associated with a particular merchant because everything was aggregated.
With that, Carlin, I noticed that you noticed some things about the merchant services contracts generally, but in particular, the merchant of record.
Carlin McCrory:
Yes. So, Paddle was technically the merchant of record on these transactions, and Keith, as you mentioned, because it was aggregating all of the transactions and presenting those charges under Paddle's own name, instead of the actual seller's name, this impeded the banks and card networks' ability to detect and monitor the seller's transactions. So, the complaint specifically mentions, for example, that when Paddle was processing these transactions, a consumer, for example, on their statement, would see something like paddle.net, even though Paddle is not the actual merchant in the transaction that was providing the goods or services specifically related to these software or tech support transactions.
So, it's not really clear to the consumers who was actually providing the goods and services because it wasn't actually Paddle. So, I think ultimately this ties back a little bit to some of the negative option offer things that we'll discuss in a little bit, because the consumers didn't know who Paddle was in this situation because they weren't receiving goods and services from Paddle and that created complaints.
Keith, I know you wanted to discuss some things about Paddle not following the rules of the PayFacs and acquirers, right?
Keith Barnett:
Yes, Carlin. And actually, and continuing along my theme of the lack of allegations concerning violations of alleged state or federal law, I just want to talk about one other thing. Once again, the theme, at least in my part of this presentation. The complaint alleged that Paddle had not even followed the rules of the PayFacs for whom they were processing payments, nor have they registered or did anything with the acquirers, like I mentioned before. What I mean by that is, according to the complaint, some of the registered PayFacs that Paddle had contracted with had policies either restricting or prohibiting their clients from processing charges for transactions involving certain goods or services.
The example that the complaint gave was remote technical support services, counterfeit goods, or goods sold through negative option marketing like what Carlin just mentioned and will mention later, or through other telemarketing that might fall within the telemarketing sales rule. According to the complaint, Paddle nonetheless onboarded merchants that fell within those restricted categories.
So, once again, one of the things lessoned learned here is that a complaint, even though it is alleging, oh, it was at least supposed to elect violations of federal law because of the FTC, they’re also going to bring up alleged violations of related card rules, acquirer rules in this instance as well.
Carlin, let me turn it over to you to talk about pre-chargeback alerts that they received.
Carlin McCrory:
Yes. Again, because Paddle used its own merchant account to process and aggregate these transactions for thousands of separate merchants, selling discrete products and services, the card networks and acquirers didn't have visibility into the specific chargeback rates associated with the specific sellers onboarded by Paddle. One of the things that the complaint alleges is that because Paddle is posing as the merchant and Paddle also engaged chargeback prevention companies directly, that Paddle would receive these pre-chargeback alerts arising from chargebacks initiated by consumers who purchase products from sellers that Paddle had onboarded. Once Paddle received these pre-chargeback alerts, Paddle would immediately issue a refund to the disputing cardholder to resolve the dispute and prevent the dispute from getting logged with the card networks as a chargeback. Then the refunds that Paddle issued to consumers would then be deducted from the sales proceeds that Paddle collected and remitted to the seller.
So basically, all of this activity was going on without any notice or detection by the credit card networks or the acquirers. So, Paddle's constant use of these chargeback prevention services, sitting atop of its aggregation practices with the merchants, basically allowed Paddle to mask the true chargeback dispute rates of specific sellers, including these tech support sellers engaged in deception, such that the card networks and acquirers didn't actually know what was really going on.
Keith, were there some other ignored warning signs here?
Keith Barnett:
Yes. Just to follow up on one of the things you said about the complaint alleging that paddle in response to a lot of these complaints just issued refunds. Now, you would think intuitively, well, what's wrong with that? You are making the person whole. But I think the FTC's point there in bringing that up in the complaint was, look, instead of investigating the core root of the problem or at least having evidence of investigating the core root of the problem, you pretty much just issued a refund and said, “Okay, go away. Not our problem anymore.” That's the way I read the complaint. That is something that the FTC, even though we have a more conservative FTC, something that they are looking out for, at least as evidenced by these allegations, are don't just issue a refund. It looks like they want something more than just issuing a refund, like some form of investigation.
The other things that were alleged in the complaint as things that caught the eye of the FTC that Paddle should have paid more attention to, first, that there were internal discussions within Paddle about alleged deceptive conduct, that they were hearing either on their own or through others. Another thing that the FTC brought up was that there was one merchant that was constantly changing its name, and according to the FTC, that was an indication that there may have been some wrongdoing within that company. Like, I just mentioned, there were warnings from other companies that there were merchants that were allegedly defrauding consumers that the FTC felt were either ignored or Paddle waited too long to do something about it. In one instance, the FTC alleged that after a bunch of warnings from third parties, also due to internal knowledge, there was evidence of some form of merchant fraud, but Paddle waited too long to close the merchant's accounts. Even though those merchants were effectively terminated for cause, Paddle failed to add those merchants to the Visa and MasterCard screening database for such merchants.
Once again, getting back with my theme, at least my part of the theme of this podcast is, are you following the Visa rules? Are you following the MasterCard rules? Are you following the other PayFac rules? Are you following the acquirer rules? That is something that it appears that the FTC is going to make a big deal of because they're looking at it during their investigations and their enforcement actions. But speaking of federal law or state law, let's actually start talking about a federal law and ROSCA, negative options. Carlin, what did you notice about that?
Carlin McCrory:
Yes. In the complaint, the FTC alleges that in many instances, Paddle harmed consumers by enrolling them and charging them for automatically renewing subscription plans for some of these tech support products and services without clearly disclosing to and informing consumers that they will incur recurring charges. The first thing I want to note about this and why it's interesting is that I think Paddle was on the hook for this because it was technically the merchant of record, even though Paddle was not the company that was actually providing the products and services directly to these customers.
So, the FTC notes that at the very bottom of one of the merchant's initial product plan page was an inconspicuous terms of use hyperlink, and only in that hyperlink, if clicked, would lead to a web page with relatively long terms, apparently. In the middle, there was a section related to auto renewals that merely stated that some of the packages incurred yearly recurring payments, and the FTC noted that not only was this disclaimer buried in fine print and hard to find, it also didn't specify what products or packages were subject to the auto renewals or the prices or any amount of any renewal charges.
The FTC did note that at times, renewal reminders were emailed approximately two weeks before the annual renewal date. For many consumers, that was the first time that they were made aware of the automatic annual charges and that they had even been enrolled in a negative option billing plan in the first place.
The complaint also notes that back in 2022, Paddle conducted an annual review performance for one of the specific merchant accounts and found that there were over 80,000 customer support tickets opened in the prior year, so in 2021, for all of these accounts. And of the support tickets, customer cancellations accounted for about 46% of the tickets and refunds accounted for nearly 22% of all of the tickets. This was significant enough that Paddle's founder and CEO at the time, circulated an internal report to its board of directors, noting that for these merchants, generally about 50% to 60% of the fraud comes from recurring payments. These merchant-initiated subscriptions rather than customer-present card transactions.
Ultimately, in numerous instances, Paddle had charged customers for these text support products or services sold online with this negative option feature, while, one, failing to disclose clearly and conspicuously all of the material terms of the transaction before obtaining the consumer's billing information, it failed to obtain the consumer's express informed consent before making the charge, and that it failed to provide a simple mechanism to stop the recurring charges.
Tying into this, on July 8th, a panel for the U.S. Court of Appeals for the Eighth Circuit issued a decision which vacated the FTC's negative option rule for procedural violations. So, we are basically waiting in the wings to see what will happen with the negative option rule moving forward. But there are current mechanisms in place for the FTC to monitor negative option plans. Keith, any final thoughts before we wrap it up?
Keith Barnett:
Well, you would think that this enforcement action occurred a year ago or two years ago as opposed to 2025. I mean, we've seen, obviously, the CFPB has been inactive, and that's an understatement, but it's very clear here, right? The FTC is still active in the payments world, and they're not taking it easier than their predecessor FTC board with respect to payments. Because, I mean, look what we've just seen here. We have alleged violations of the FTC Act, but what were these alleged violations of the FTC Act? Failure to comply with card network rules, failure to comply with PayFac rules, failure to comply with acquirer rules, right? No federal or state law linked in within that. Then on top of that, you have things that they were looking at like, who was the merchant of record? What warnings were ignored and things of that nature. So, even though they tied in ROSCA and the telemarketing sales rule, at the end of the day, we're looking at an FTC that is looking at the payments world the same way it looked at the payments world a year or two ago under the Biden administration. Just be careful and make sure you stay on your P's and Q's.
Carlin McCrory:
Well, Keith, thank you so much for joining me today, and thank you to our audience for listening to today's episode. Don't forget to visit our blog, TroutmanFinancialServices.com, and subscribe so you can get the latest updates. Please make sure to also subscribe to this podcast via Apple Podcasts, Google Play, Stitcher, or whatever platform you use. We look forward to next time.
Copyright, Troutman Pepper Locke LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper Locke. If you have any questions, please contact us at troutman.com.