This is Not a Drill: Payment Software Testing Inadvertently Led to $2.3 Billion in Real Account Withdrawals

  • A coalition of fifty AGs settled with payment processor ACI Payments, Inc. and its parent company (collectively, ACI) to resolve allegations that ACI violated state consumer protection laws and regulations when a testing error led to the attempted unauthorized withdrawal of $2.3 billion from the accounts of almost half a million mortgage borrowers.
  • According to the settlement, during a payment processing optimization test, alleged defects in the privacy and data security procedures and technical infrastructure of Speedpay—an ACI electronic bill payment platform—caused the erroneous submission of Automatic Clearing House (ACH) system information of consumers whose mortgages were being serviced by an ACI client, resulting in the attempted unauthorized withdrawals.
  • Under the terms of the settlement, ACI must pay $10 million to the settling states, D.C., and Puerto Rico; and when conducting future testing only use “synthetic data”—data that is artificially manufactured, rather than generated by real-world transactions or traceable to specific consumer information—among other relief.
  • To hear our deep dive into how this story showcases the power and influence of AGs and how it could reverberate through the debt servicing industry, listen to our podcast here.