(COLUMBUS, Ohio) — Ohio Attorney General Dave Yost and 49 other attorneys general have negotiated a $10 million settlement with payment processor ACI Worldwide stemming from a testing error in 2021 that led to the attempted unauthorized withdrawal of $2.3 billion from the accounts of 477,000 mortgage-holders.
Ohio will receive $342,803 from the settlement.
“The ACI error jeopardized Ohioans’ financial stability and caused undue stress,” Yost said. “This settlement ensures that this company is held responsible for committing an error of this magnitude and that safeguards are put in place to prevent similar incidents in the future.”
The attorneys general investigated and negotiated this case in partnership with the states’ financial regulators, who have reached a separate $10 million settlement with ACI.
ACI Payments, a subsidiary of ACI Worldwide Corp., serves as a payment processor for various third-party clients, including mortgage servicers. Nationstar Mortgage, known publicly as Mr. Cooper, offered ACI’s Speedpay product to its customers so they could electronically schedule and pay a monthly mortgage through the Automated Clearing House (ACH) system.
On April 23, 2021, ACI was conducting a test on the Speedpay platform when it inadvertently submitted live Mr. Cooper consumer data into the ACH system, which prompted ACI to mistakenly attempt to withdraw mortgage payments from hundreds of thousands of Mr. Cooper customers on a day that was neither authorized nor expected.
In many instances, consumers experienced the attempted withdrawal of multiple mortgage payments from their personal bank accounts. Although most of the withdrawals were unsuccessful or later reversed, 1.4 million transactions totaling $2.3 billion were processed, affecting an estimated 477,000 Mr. Cooper customers, including over 13,000 in Ohio.
Some consumers couldn’t access the funds in question, leading to fees for overdrafts or insufficient funds. The affected consumers have received restitution from ACI as part of other related settlements.
The investigation of ACI blamed the 2021 incident on significant deficiencies in the company’s privacy and data-security procedures and the technical infrastructure of the Speedpay platform.
Also, as part of the settlement agreement, ACI is required to take steps to avoid any similar incidents, including using artificially generated data for testing purposes instead of real consumer data. The company must also segregate its testing or development work from its consumer payment systems.