The poet Henry Wadsworth Longfellow famously wrote that “Into each life some rain must fall,” a reminder that not every day can be a perfect day, or even good one. Sometime it rains.
And last week in payments and commerce was particularly drizzly — between real money launderers making use of fake video game funds, regulatory fines and earning fumbles, all kinds of players were reaching for their umbrellas over the course of the week.
Fortnite’s Money Laundering Problem
While there aren’t a lot of positive things to be said about cybercriminals or money launderers, they can be inventive.
And using Fortnite in-game funds to launder real stolen money is certainly creative.
It is also, according to reports, a favored new method by thieves, who will access someone else’s credit card information, use it to create a Fortnite account and then buy V-bucks, the game’s currency. Once the account fills up with V-bucks, it is then sold through a legitimate vendor like eBay, or on the dark web, for lower rates than the $10 for 1,000 gamers will get in the game or through an authorized online store.
According to an investigation by Sixgill, $250,000 of Fortnite items were sold on eBay in the last 60 days, with operations being conducted around the globe in Chinese, Russian, Spanish, Arabic and English. Annually Fortnite brings in about $3 billion through legitimate means.
“Criminals are executing carding fraud and getting money in and out of the Fortnite system with relative impunity,” said Benjamin Preminger, a senior intelligence analyst at Sixgill.
In addition, separate research by IT security firm ZeroFOX found 53,000 occurrences of online scams related to Fortnite between early September and early October of last year. And an estimated 86 percent of the scams were shared via social media platforms such as Facebook, Instagram and Twitter.
“Epic Games doesn’t seem to clamp down in any serious way on criminal activity surrounding Fortnite, money laundering or otherwise,” Preminger said. “While completely stopping such criminal activity is extremely difficult, several steps could be taken to mitigate the phenomenon, including monitoring the transfer of high-value goods in the game, identifying players with large stockpiles of V-bucks, and sharing data with relevant law enforcement agencies.”
As of yet, Fortnite maker Epic Games has made no official comment on the problem.
Capital One’s Earnings Flub
Though Capital One had lots of positive forward-looking statements to make after releasing its Q4 earnings information last week, its stock sank as what investors and analysts most noted was that the bank missed on both earnings and revenue. Revenue was up 1 percent year over year to $7 billion, but Wall Street had been looking for $7.08 billion expected by analysts. EPS came in at $1.87, not including non-recurring gains, well below analyst expectations of $2.41.
Capital One’s further reprots domestic card loans increased 8 percent or $5.8 billion in the fourth quarter of 2018, with an ending balance of $107.4 billion. Credit card loans increased 5 percent to $116.4 billion, an increase of $5.7 billion. The net charge-off rate decreased to 2.67 percent, down from 2.89 percent in the fourth quarter of 2017.
For Q4, the bank said provision for credit losses increased 29 percent to $1.6 billion.
Capital One CEO Richard Fairbank had more to say about its recently reached “definitive agreement” with Walmart to acquire its co-branded, private-label credit card receivables “at an attractive price and terms” than he did about the earnings misses.
He did not detail the price or the terms, but said the deal included “$9 billion” worth of receivables.
Fairbank noted the portfolio has “high credit losses,” but added that, under the deal, “our share of credit losses is fixed at a low percentage throughout our partnership, [and] our share of revenue steps up after one year.”
After the step-ups, he said, the bank’s share of revenue will be around “three times our share of credit losses.” During the Tuesday earnings call, Fairbank also said the “impact of onboarding will be a modest benefit to the charge-off rate of our domestic card business.”
Mastercard and Google Fend Off Fines
Mastercard got tagged with a $648.3 million fine by the European Union over charges it had raised the costs of card payments artificially.
According to a reports, the antitrust-regulating European Commission has been working for some time to stamp out fees that U.S. credit card companies charge. According to the report, the European Commission complained that Mastercard has long stopped retailers from looking for lower bank fees that are available outside of their country. That, in turn, has led to increased prices levied on retailers and consumers. The European Commission further contends the fees and policy around them limits the competition across borders.
As it stands, the interchange fees can vary from one country to the next within in the EU — presenting an opportunity, in theory, for retailers to shop around for a lower fee. Reuters noted that Mastercard received a 10 percent reduction in the fine for cooperating with the inquiry and accepting that it had run afoul of European Union competition rules.
Mastercard and Visa, in negotiations with the European Commission, had offered to put a cap on the fees applied to card payments by tourists in the EU to end the antitrust investigation. The two payment companies have proposed a 0.2 percent fee on non-EU debit card payments done in shops, and a 0.3 percent fee on credit card payments. This would bring them down to the level of EU cards.
And Mastercard wasn’t the only big brand feeling the sting of European regulators wrath. Alphabet Inc.’s Google was hit with a $57 million fine Monday (Jan. 21) by a French regulator, in what the Wall Street Journal reported is the largest penalty to date under the new European General Data Protection Regulation (GDPR) privacy law.
France’s National Data Protection Commission fined Google on the grounds that it didn’t do enough to get the consent of users when gathering data used for targeted advertising.
Under the law, Google is required to to explain to consumers how their data is being collected and used before seeking the consent of the consumer to collect said data. While the fine won’t have a large impact on Google, it is the biggest penalty to be dealt to the firm by any of the European regulators that have authority to use GDPR to go after companies they don’t think are doing enough to protect the data or privacy of consumers.
“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps,” a Google spokesman told the Wall Street Journal a week ago.
A few days later, Google had decided how it would respond to the fine — it will be disputing it.
Google stated that its consent process “is as transparent and straightforward as possible, based on regulatory guidance and user experience testing,” according to The Financial Times.
“We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond,” the company added.
While Google declined to reveal its precise grounds for its appeal, one argument could be that under the GDPR companies can select which country’s data protection regulator leads cases against them. In the case of Google, that would be Ireland, which is the legal base of its European operations. However, French regulators said their case was built before Google made that decision.
So what did we learn this week? While some bad things can be argued or mitigated, in general one can always be certain that rain clouds will eventually appear.
Best to always have an umbrella handy.
Until next Monday.