State AG Updates: Florida, New York, Arkansas, Multistate Settlements and the FTC

In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:

• A joint FTC and Florida AG action against a chargeback servicing company for allegedly submitting false information to banks
• The New York AG’s guidance regarding consumer data security
• An online “telehealth” company’s $500,000 multistate settlement for allegedly improperly marketing its online vision test
• The Arkansas AG’s $1.1 million state False Claims Act settlement with a hospital system
• Juul Labs’ $462 million multistate settlement for alleged marketing to minors
• The Illinois AG’s suit against a salvage yard for releases during a fire
• The Arizona AG’s settlement with two restaurants for undisclosed fees

Florida AG and the FTC Sue Chargeback Mitigation Business for Unfair and Deceptive Trade Practices

The Florida AG and the Federal Trade Commission jointly filed a complaint against Global E-Trading, LCC, a Florida company doing business as Chargebacks911. The complaint alleges violations of the FTC Act, Section 5, and the Florida Unfair and Deceptive Trade Practices Act. Chargebacks911 assists merchants responding to consumer-initiated chargebacks disputing a merchant’s credit card charge. It submits documentation to banks on behalf of merchants disputing a chargeback’s validity. The complaint alleges that Chargebacks911 submitted misleading information to banks for years, ignored “red flags” that should have caused it to question the information, and in some cases affirmatively edited documentation in ways that made the documentation misleading. The AG alleges that these practices resulted in the denial of valid chargeback requests. The complaint further alleges that Chargebacks911 offered a service that enabled its clients to run “microtransactions” to artificially inflate a merchant’s total transaction count in order to lower its chargeback rate and help it avoid being subject to additional monitoring requirements, penalties or termination. In response to the suit, Chargebacks911 issued a statement asserting that the complaint sets “a dangerous precedent for all SaaS companies that could interrupt the roles, rights and obligations of stakeholders industrywide,” and arguing that the suit imposes an unreasonable duty to ensure the accuracy of data traversing a SaaS platform.

The AG seeks a permanent injunction, civil penalties and restitution. A copy of the AG’s press release is available here and the company’s statement and a link to the complaint are available here.

New York AG Releases Guide for Businesses to Secure Consumer Data

The New York AG released a guide to help businesses improve their data security practices to better protect consumers’ personal information. The guide’s recommendations are drawn from the AG’s experience investigating data breaches and entering settlements for allegedly inadequate data security practices and resulting breaches, such as an August 2022 settlement with a grocery chain, a November 2022 settlement for e-commerce data breaches, a January 2023 settlement with a cap and gown provider, and an April 2023 settlement with a law firm.

The guide focuses on controls for secure authentication, encryption of sensitive information, diligence in selecting and monitoring third-party vendors that are given access to customer information, data asset inventories, technologically current data security programs, and accurate and timely notification in the event of a breach. Businesses should view the guide as a baseline in their data security efforts, as the AG will certainly be considering whether businesses have met their standards in the event a breach occurs. Copies of the AG’s press release and the guide are available here.

Visibly Enters a $500,000 Multistate Settlement Relating to Its Marketing of Online Vision Tests

Visibly, Inc., a Chicago-based provider of online vision tests, entered a settlement with 11 states relating to allegedly deceptive business practices. The AGs alleged that Visibly made unsubstantiated claims relating to the accuracy and safety of its online tests and improperly implied that the tests were equivalent to in-person eye exams. While the AGs were investigating, Visibly sought FDA clearance for its visual acuity test, which was granted in August 2022.

The company will pay $500,000 to 11 participating states and agree to a set of conditions on how it may market its products to consumers. The Illinois AG’s press release regarding the settlement is available here.

Arkansas AG Enters $1.1 Million Settlement With Northwest Arkansas Hospitals

The Arkansas AG announced that Northwest Arkansas Hospitals (Northwest) will repay the state’s Medicaid program over $1 million after an audit by the Arkansas Foundation for Medical Care determined that there was insufficient documentation to support 246 Medicaid claims. The AG alleged the claims were made in violation of the Arkansas Medicaid False Claims Act (AMFCA). All of the challenged claims originated with medical services and documentation from one subcontracted physician and those working under his supervision. Northwest denied any knowing violation of the AMFCA, and the AG acknowledged that the company cooperated fully with the investigation. Copies of the AG’s press release and the settlement agreement are available here.

Juul Agrees to $462 Million Multistate Settlement for Alleged Marketing to Minors

Juul Labs, the e-cigarette manufacturer, agreed to a $462 million settlement with the states of California, New York, Illinois, Massachusetts, Colorado, and New Mexico as well as the District of Columbia to resolve lawsuits alleging that the company improperly marketed its e-cigarettes to young people and caused a vaping crisis. In addition to the monetary settlement, the agreement: prohibits the company from targeting youth in its advertising and promotion, including barring it from portraying anyone under the age of 35 in its promotional materials; requires the company to ensure retailers are complying with restrictions on selling to minors; requires the company to establish minimum price requirements; and requires the company to make certain internal documents open and accessible to the public.

A copy of the Colorado AG’s press release regarding the settlement is available here.

Illinois AG Sues Salvage Yard for Alleged Environmental Releases Associated With a Fire

The Illinois AG sued the owner of a salvage business — Crossroads Metals Inc. d/b/a Mowery Auto Parts (Mowery) — and the owner of the property where Mowery operated — Outlaw TBO LLC (Outlaw) — for various water and air discharges associated with a fire that occurred on the site. The AG alleges that emissions during the fire, and water runoff resulting from fire departments’ efforts to extinguish it, resulted in violations of various state environmental laws and created a substantial danger to the environment, public health and welfare. An Office of the Illinois State Fire Marshall investigation concluded that the fire resulted from human error. The AG is seeking: an injunction to enjoin further violations; $50,000 in penalties per violation; $10,000 for each day of a violation; an order directing Mowery and Outlaw to undertake a full and permanent abatement of the environmental damage caused by the fire; and the costs of the AG’s suit and of oversight of abatement efforts. Mowery and Outlaw consented to a preliminary injunction requiring them to take certain steps relating to abatement. Copies of the AG’s press release and complaint are available here.

Arizona AG Enters Settlement With Restaurants Over Allegedly Undisclosed Fees

The Arizona AG entered a $20,000 settlement to resolve allegations that the restaurants violated the state’s Consumer Fraud Act by not disclosing certain fees. Specifically, the restaurants charged a 3.5% employee benefit fee to pay the costs of employee benefits, but did not disclose that charge until a customer received their bill. The AG does not allege that the description of the fee was inaccurate, but rather that the restaurants should have disclosed the fee on their menus — both online and in person. Copies of the AG’s press release, complaint and consent judgment are available here.