The Federal Trade Commission (FTC) has levied a $5 million fine against Paddle, a UK-based payment processor, for allegedly facilitating access to the U.S. credit card system for fraudulent foreign tech support operations.

A Shift in Responsibility

The FTC alleges that Paddle utilized its position as merchant of record” and a purported reseller” to process credit card payments on behalf of unrelated third-party entities, thus obscuring their identities from card networks and banks. This practice is said to have enabled pop-up-based tech support scams that employed fake virus alerts—sometimes masquerading under brands like Microsoft or McAfee—to trick consumers into purchasing unnecessary software or services.

Paddle was also charged with processing recurring subscription payments without clearly disclosing renewal terms or obtaining informed consent from customers. Additionally, the company continued to process payments despite clear warning signs about its clients’ fraudulent activities.

This case marks a significant shift in accountability for payment processors in preventing fraudulent transactions,” noted Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research. It’s not just about compensating fraud victims but also setting stricter standards and enhancing transaction monitoring, along with mandatory reporting of suspicious activities.”

The funds from this fine will be used to recoup losses for some affected consumers. Moving forward, Paddle is required to obtain explicit consent from customers before subscribing them and must provide a straightforward cancellation process. The company is also barred from processing payments for tech support businesses that use telemarketing or employ pop-up security alerts.

This development offers cautious optimism for more stringent consumer protections,” stated Sando. With the growing issue of fraud and scams impacting U.S. consumers, such measures could substantially reduce suspicious activity.”

Downplaying the Charges

In response to these allegations, Paddle downplayed its involvement, asserting that only a small portion of its client base was engaged in illegal activities. The company pointed out that the final FTC charges pertained to just two of its telemarketing clients.

Paddle serves over 6,000 digital product companies whose innovative technology brings immense value to consumers worldwide,” commented Paddle CEO Jimmy Fitzgerald in a statement. While we believe almost all digital product companies are ‘forces for good,’ it is unfortunately true that some bad actors exist.”