Articles

January 20, 2026

CFS Bites of the Month - 2025 Annual Review - Payments

Ryan S. Stinneford, Eric L. Johnson, Justin B. Hosie and Kristen Yarows

In this article, we share a timeline of monthly "bites" for the past year applicable to Payments.

CFPB Sues Banks and Peer-to-Peer Payment Network

On December 20, 2024, the CFPB filed a lawsuit in the U.S. District Court for the District of Arizona against the operator of a peer-to-peer payment network and three of its owner national banks for allegedly failing to protect consumers from fraud on network, after claiming they received hundreds of thousands of fraud complaints. The CFPB alleged that the operator and the banks rushed the peer-to-peer payment network to market to compete against other payment apps without implementing effective consumer safeguards to protect against fraud. The CFPB claimed that customers lost more than $870 million over the network's 7-year existence due to these safeguarding failures. The CFPB also alleged that the defendants violated the Consumer Financial Protection Act's ("CFPA") prohibition on unfairness by allegedly failing to take timely, appropriate, and effective measures to prevent, detect, limit, and address fraud on the peer-to-peer payment network. The CFPB also alleged that the three banks violated the Electronic Fund Transfer Act ("EFTA") and Regulation E for failing to conduct reasonable investigations of consumer error notices, and for failing to treat incorrect and unauthorized transfers as errors under the law. The CFPB sought to halt unlawful conduct, obtain consumer redress, and obtain a civil money penalty.

CFPB Solicits Comments on Digital Payment Privacy

On January 10, 2025, the CFPB issued a Request for Information and a Proposed Interpretive Rule on digital payment privacy. The CFPB claimed it was requesting comments to better understand how companies collect, use, share, and protect consumer financial data, including data from consumer payments. The Request for Information ("RFI") sought comments about the effectiveness of current regulations, including the existing model privacy form, privacy notices, and opt-out mechanisms. Comments on the RFI were due by April 11, 2025. The CFPB also proposed an interpretive rule on how the EFTA and Regulation E would apply to new and emerging digital payment mechanisms. The proposed interpretive rule provided a framework for determining when the EFTA protections apply to emerging digital payment mechanisms. Comments on the proposed were due by March 31, 2025.

CFPB Takes Action Against Peer-to-Peer Payment App

On January 16, 2025, the CFPB announced an action against a peer-to-peer payment app, claiming it failed to address fraud. The CFPB's consent order resolved alleged violations of the CFPA, EFTA, and Regulation E. The CFPB claimed that the Company violated the CFPA's unfairness prohibition by failing to provide effective consumer service and failing to address fraud on the platform. The CFPB also claimed that the Company's terms of service led consumers to believe that disputes must be addressed by the consumer's bank and not the Company, when the EFTA required the platform to investigate disputed unauthorized transactions. The consent order required the Company to pay refunds ranging between a minimum of $75 million up to $120 million along with other redress to consumers. The consent order also requires the company to pay a $55 million penalty and create a 24-hour, live consumer service line.

Federal Court Rules Wire Transfers are Covered by Regulation E

On January 21, 2025, the United Stated District Court for the Southern District of New York ruled that wire transfers initiated by consumers are covered by the federal Electronic Fund Transfer Act and CFPB Regulation E, notwithstanding that the definition of "electronic fund transfer" in Regulation E expressly excludes wires or other similar transfers of funds through Fedwire or through a similar wire transfer system that is used primarily for transfers between financial institutions or between businesses (see 12 C.F.R. § 1005.3(c)(3)). As a result, the court found that a bank may be liable under the EFTA and Regulation E for unauthorized wire transfers initiated by consumers using the bank's electronic banking platform. See New York v. Citibank, N.A., Case No. 24-CV-659, 2025 WL 251302 (S.D.N.Y. Jan. 21, 2025). The case has been appealed to the Second Circuit Court of Appeals.

Congress Votes to Overturn CFPB Payment Rule

On March 5, 2025, the Senate voted (51-47) to approve the joint resolution (S.J. Res. 28) disapproving the CFPB's rule "Defining Participants of a Market for General-Use Digital Consumer Payments Applications." The CFPB had finalized the rule in November 2024, and it gave the CFPB the authority to supervise nonbank companies that offer digital funds transfer and payment wallet apps with over 50 million annual transactions. Trade groups that represent large technology companies sued to block the rule in January 2025. On April 9, the House of Representatives passed a Congressional Review Act resolution (H.J. Res. 64) that disapproved the rule. The House vote was along party lines with 219 Republicans voting in favor and 211 Democrats voting against. Three representatives did not vote. Representative Mike Flood (R-Neb.) and Senator Pete Rickets (R-Neb.) lead the repeal efforts. As noted below, the measure was approved by President Trump on May 9, 2025.

CFPB Withdraws Regulation E Guidance in Litigation

On March 25, 2025, the CFPB filed a motion to withdraw its statement of interest in a lawsuit involving application of the EFTA and Regulation E to wire transfers. In 2024, the prior administration had filed a Statement of Interest in that suit against a bank (discussed above). The statement of interest claimed that wire transfers initiated online may be covered by the EFTA and Regulation E when they are consumer facing transfers, rather than bank to bank transfers. In filing this motion to withdraw the Statement of Interest, the new CFPB reversed course. According to the new administration, the prior interpretation was not supported by case law and the CFPB's longstanding position. The new administration also noted that procedurally, the new interpretation did not involve notice and comment process under the Administrative Procedures Act.

CFPB Requests Withdrawal in Case Against Money Transfer Company

On April 7, 2025, it was reported that the CFPB filed a motion to withdraw from its case against a nonbank remittance transfer company, but that the New York Attorney General intended to continue pursuing the litigation. Back in 2022, the CFPB and the Attorney General of New York filed a lawsuit in the U.S. District Court for the Southern District of New York against a nonbank remittance transfer company. The lawsuit alleged that the company failed to promptly send payments or make refunds. The lawsuit also alleged violations of the Remittance Transfer Rule and Regulation E, which implements the EFTA, as well as unfairness in violation of the CFPA. The CFPB did not seek a dismissal since the Attorney General of New York is also suing the company. A representative from the New York AG's office said that the agency intends to continue pursuing the litigation in the CFPB's absence.

President Trump Signs Repeal of Overdraft and Digital Payment Rules

On May 9, 2025, President Trump signed a repeal of overdraft and digital payment rules pursuant to the Congressional Review Act. Congress passed the measures under the CRA, allowing the administration and Congress to repeal rules finalized at the end of a previous administration. The overdraft rule would have generally required banks and credit unions with at least $10 billion in assets to cap fees at $5 when customers overdraw their accounts. The digital payment oversight rule would have allowed CFPB examiners to determine whether digital payment providers processing at least 50 million transactions each year complied with federal consumer protection laws. Both rules were the subject of ongoing litigation by trade groups.

CFPB Amends Consent Order with Remittance Company

On May 15, 2025, the CFPB announced it had amended a consent order with a remittance company, significantly reducing the Company's fine. Back in January of 2025, the CFPB entered into a consent order with an international remittance company over claims that it allegedly advertised inaccurate fees and failed to disclose exchange rates and other costs. The January 2025 consent order required the company to: (1) pay approximately $450,000 to allegedly harmed consumers to resolve claims, including that the company's prepaid card violations resulted in at least 16,000 consumers being overcharged; and (2) pay a $2.025 million fine. On May 15, the CFPB amended the consent order that lowers the company's fine to $45,000. The May 15 amended consent order supersedes the previous one.

NY AG Settles Lawsuit with Remittance Provider

On June 16, 2025, New York Attorney General Letitia James settled a lawsuit against an international money transfer provider. The CFPB and the New York AG sued this company in April 2022, alleging that the company failed to make funds available to its customers on time, failed to efficiently resolve errors, and failed to provide accurate information to its customers. In April 2025, the CFPB withdrew from the lawsuit, leaving just the NY AG in as plaintiff. The NY AG's settlement requires the company to pay a $250,000 penalty and comply with all relevant consumer protection laws. The settlement provides that the company must provide accurate disclosures and investigate errors in a timely fashion. The New York AG's press release said, the settlement with OAG ensures that the company "does not escape accountability for its illegal actions impacting New Yorkers, despite CFPB's decision to withdraw from the lawsuit."

FTC Takes Action Against UK-Based Payment Processor

On June 16, 2025, the FTC settled its lawsuit with a UK-based payment processor and its subsidiary over allegations that the company processed payments for deceptive tech-support telemarketers that targeted American consumers. The FTC had alleged that the company and its subsidiary violated the FTC Act, the Telemarketing Sales Rule ("TSR"), and the Restore Online Shoppers' Confidence Act. In 2024, the same company's client paid the FTC $26 million to settle allegations that it violated the FTC Act and the TSR. The FTC alleged that the company facilitated schemes that allegedly used fake virus alerts and pop-up messages to impersonate familiar brands like Microsoft or McAfee. The FTC also alleged that the company charged consumers for automatically renewing subscriptions without disclosing that consumers would incur recurring charges. The proposed settlement permanently bans the company from engaging in telemarketing or using pop-up messages about computer security and requires the company to pay $5 million. The proposed settlement also prohibits the company from assisting merchants or engaging in tactics to avoid fraud or risk-monitoring programs established by banks or the card networks.

FTC Takes Action Against International Retail Store

On June 20, 2025, the FTC settled its lawsuit with an international retail store. The FTC filed the lawsuit in June 2022, and the lawsuit alleged that the company failed to stop fraud in its money transfer services. The complaint alleged that the company failed to implement effective anti-fraud policies and procedures, failed to properly train its employees, and failed to warn customers about potential fraud-related money transfers. In 2023, the FTC amended the complaint to add in details related to the TSR allegations. A district court dismissed the TSR claim in July 2024. This presented the FTC with a significant hurdle to obtain monetary relief for consumers through the litigation. In November 2024, the 7th Circuit granted the company permission to appeal certain rulings. The stipulated order imposed a $10 million judgment and prevented the company from providing money transfer services without fraud detection.

CFPB Lifts Consent Order Against Credit Union

On July 21, 2025, the CFPB terminated its consent order against a credit union and waived any alleged non-compliance pursuant to its authority under 12 U.S.C. § 5563(b)(3), which addresses how orders involving the CFPB can be modified, terminated, or set aside. The CFPB announced that the credit union fulfilled certain obligations under the order, including paying a $1.5 million civil money penalty and verifying that mandatory refunds were made. The consent order resolved allegations that the credit union's online and mobile banking platforms were implemented in violation of the CFPA because it disrupted consumers' access to their accounts.

View all of the 2025 CFS Bites of the Month year-end recaps by topic on the 2025 Year-End Recap page.

Still hungry? Please join us for our next CFS Bites of the Month. Here is our lineup for 2026. If you missed any of our prior Bites, request a replay on our website.

Hudson Cook, LLP provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.