
UK-based payment processor Paddle will pay $5 million in settlement fines for knowingly enabling foreign tech support scams that defrauded American consumers through fake virus alerts and unauthorized subscription charges.
Key Takeaways
- Paddle processed over $37 million in payments for deceptive tech support schemes targeting vulnerable consumers, particularly older Americans.
- Despite high complaint rates and internal awareness of fraud, Paddle continued processing payments and sought revenue-sharing deals with high-risk processors.
- The settlement bans Paddle from processing payments for tech support businesses using telemarketing or pop-up security alerts.
- This case marks a shift in regulatory approach, holding payment processors directly accountable for preventing fraudulent transactions.
- The FTC is increasingly targeting payment systems as a strategy to combat scams more effectively.
Enabling Foreign Scammers to Access American Wallets
The Federal Trade Commission has hit payment processor Paddle with a $5 million fine for facilitating access to the U.S. credit card system for fraudulent overseas tech support operations. According to the FTC’s complaint, Paddle processed payments for scams using fake virus alerts to trick consumers into purchasing unnecessary software or services, often targeting older adults. These schemes typically displayed alarming pop-up messages impersonating reputable companies like Microsoft or McAfee, creating false urgency about supposed computer infections or security threats.
“Paddle provided foreign-based tech-support schemes with access to the U.S. payment system, allowing these companies to harm consumers,” said Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection.
The company’s problematic business practices included charging consumers for auto-renewing subscriptions without clear disclosure or informed consent, violating the FTC Act, the Telemarketing Sales Rule, and the Restore Online Shoppers’ Confidence Act. In the most egregious cases, Paddle processed $12.5 million for a company called PC Vark and over $37 million for entities operating as Restoro and Reimage, despite consistently high complaint and chargeback rates that should have raised immediate red flags.
Deliberate Disregard of Warning Signs
Perhaps most damning are revelations that Paddle was fully aware of the fraudulent nature of these operations yet continued processing their payments. Internal communications uncovered during the FTC investigation showed that company executives acknowledged the scams and their particular impact on older consumers. Rather than terminate these relationships, Paddle allegedly implemented chargeback prevention tools specifically designed to mask the true fraud rates and allowed merchants to charge consumers before completing required Know Your Customer (KYC) verification checks.
“From April 2020 to at least June 2023, Paddle processed over $37 million in credit and debit card charges for a pair of affiliated deceptive tech support software merchants, ‘Restoro Limited’ and ‘Reimage Limited’ (collectively, ‘Reimage’). These Reimage entities were registered in the Isle of Man and later re-domiciled in Cyprus,” FTC complaint.
The FTC further alleges that Paddle violated Visa and Mastercard rules by acting as an unregistered payment facilitator. Despite warnings about the deceptive practices of their clients, Paddle not only continued the relationships but sought revenue-sharing deals with high-risk processors and special indemnity agreements with PC Vark to protect themselves while continuing to profit from the fraud. This calculated approach suggests Paddle was actively working to maintain these lucrative relationships while attempting to insulate itself from consequences.
Shifting Accountability in Payment Processing
This case represents a significant shift in regulatory strategy, as the FTC increasingly holds payment processors directly accountable for enabling fraudulent schemes. Previously, enforcement actions typically targeted only the front-facing scammers while allowing the financial infrastructure that made their operations possible to continue operating relatively untouched. FTC Chairman Andrew N. Ferguson has emphasized that focusing on payment systems may prove a more effective approach to combating widespread consumer fraud.
“We are now seeing a shift in accountability in preventing fraudulent transactions, in the name of protecting consumers from this kind of deceptive activity,” said Suzanne Sando. “I’m cautiously optimistic that this is a good sign of more consumer protections to come.”
Under the terms of the settlement, beyond the $5 million penalty, Paddle is now banned from processing payments for any tech support business that uses telemarketing or pop-up security alerts. The company must also implement significantly stronger monitoring systems for high-risk merchants and ensure clear disclosures for subscription-based billing. This action follows a related case where the FTC sent over $610,000 in refunds to consumers affected by a similar tech support scam facilitated by another processor, Nexway.
Paddle’s Response and Broader Implications
For its part, Paddle has attempted to minimize the significance of the case, noting that the charges involved only two of its telemarketing clients out of over 6,000 digital product companies it serves. The company published a statement describing deceptive practices as “abhorrent” and claiming the settlement confirms its policy against working with companies accused of such behavior. Paddle President Rob Fletcher expressed gratitude for the FTC’s engagement and suggested the settlement recognizes the company’s risk processes and governance.
“Paddle serves over 6,000 digital product companies, whose innovative technology collectively brings incredible value to consumers all around the world,” said Paddle CEO Jimmy Fitzgerald.
However, this defense rings hollow given the evidence that Paddle continued processing payments despite clear warning signs of fraud. The settlement sends a clear message to payment processors and financial service providers: enabling fraud, even indirectly, will result in significant penalties. For American consumers, particularly vulnerable seniors who are disproportionately targeted by tech support scams, this regulatory approach offers new protection against sophisticated international fraud schemes that have previously operated with relative impunity.