June 27, 2023

ACI Worldwide and its subsidiary, ACI Payments, will pay a $25 million civil penalty for improperly initiating around $2.3 billion in unlawful mortgage payment transactions, impacting nearly 500,000 homeowners with mortgages serviced by Mr. Cooper f/k/a Nationstar. ACI offers payment processing services across a wide range of industries. ACI conducted tests of its electronic payments platform on April 23, 2021. Rather than using deidentified, dummy data, ACI used client data files from Mr. Cooper instead, causing massive overdraft fees and other negative financial consequences to the unsuspecting borrowers. The CFPB found ACI in violation of the Consumer Financial Protection Act and the Electronic Fund Transfer Act, for illegally initiating withdrawals from borrower bank accounts, and improperly handling sensitive consumer data. ACI must pay the $25 million as well as adopt and enforce reasonable information security practices, and is prohibited from processing payments without obtaining proper authorization. CFPB

Tagged in: Cybersecurity and Data Breaches,