CardConnect’s Secret Tax on Small Business

EvilCorporations.com • Case No. 2:24-cv-03034, E.D. Pa. • 23 min read

What It Actually Costs to Be Robbed Slowly

Richard Obringer is a licensed physician assistant who is partially retired. He built a small staffing company, Advanced Surgical Associates, that places physician assistants in surgical practices. His income fluctuates month to month. He is not a Wall Street firm with a legal department on retainer. He is exactly the kind of person CardConnect built its business model to exploit.

In 2018, a CardConnect sales representative came to him. Not the other way around. CardConnect sent someone to pitch him. The rep showed him a fee schedule. Obringer looked at the numbers, decided he could afford them, and signed. He felt he was entering a fair deal. He was not.

For six years he was a customer. At some point between signing up and 2024, CardConnect started reaching into his business bank account and pulling out money he had never authorized. Not once. Not twice. Repeatedly, across multiple years, under multiple invented fee names. A $119 “Annual Compliance SVC Fee.” Then $199.99 for the same label. Then $215 for a “Security Bundle.” Then $200 for an “Annual Membership Fee.” Then a PCI compliance fee billed at $29.95 instead of the $19.95 he actually agreed to.

He did not find out about most of these charges when they happened. He found out after. CardConnect’s system is designed so that the money is taken first and the statement arrives later. By the time the paper shows up in your mailbox or your inbox, your account has already been drained. If you are a small business owner watching cash flow carefully, that timing is not incidental; it is the mechanism.

On October 10, 2018, just months after signing, Obringer asked CardConnect for a copy of the contract he had signed. CardConnect did not respond. He had to wait until June 2024, six years later, before CardConnect finally gave him his own contract. When he got it, he could see that neither CardConnect nor Wells Fargo had ever signed it. He had been operating without an enforceable written agreement, and so had CardConnect, except CardConnect was the one withdrawing money.

He tried to get refunds. CardConnect gave him partial refunds and stopped there. He tried to cancel the service entirely in May 2024, sending an email explicitly revoking authorization for CardConnect to debit his account. CardConnect read that email and charged him $25 anyway. He had to call his bank and place a stop-payment order, treating a payment processor like a creditor you are trying to escape. That is what the end of this business relationship looked like: a small business owner having to block a vendor from his own bank account because asking nicely did not work and the company had already demonstrated it would ignore him.

CardConnect’s conduct is not an accident of broken billing systems. A 2016 class action lawsuit, Kao v. CardConnect, brought these exact practices to a federal court. The court ruled in 2018 that CardConnect cannot charge fees beyond what the Merchant Agreement says. The court upheld that ruling in 2019. CardConnect’s response was to keep charging unauthorized fees to a new generation of merchants. Richard Obringer signed his contract in 2018, the same year the court told CardConnect to stop. It did not stop.

What the Court Documents Actually Say

The following quotes come directly from the class action complaint filed July 11, 2024, case number 2:24-cv-03034 in the Eastern District of Pennsylvania, and from referenced prior court orders. No paraphrasing.

“CardConnect deceives merchants like Plaintiff into paying much more than agreed upon by sneaking unauthorized junk fees into customers’ billing statements each month.”

• This is the plaintiff’s plain-language summary of the scheme. The word “sneaking” is the complaint’s own word, not an editorial addition. The complaint alleges this is not a billing error but a deliberate practice of inserting unauthorized charges into statements.
• The mechanism described is access: CardConnect has direct debit authority over merchants’ bank accounts and withdraws money before statements are issued, meaning the theft happens before the victim can see it.

“CardConnect agreed to provide its services for the fees and rates set forth in [the Merchant Agreement] and is limited to those terms absent a mutual modification of the implied contract.” — Kao v. CardConnect Corp., No. 16-cv-5707 (E.D. Pa. Sept. 26, 2018), Dkt. 69

• This is a federal court order, not an allegation. Judge Ditter ruled in 2018 that CardConnect’s authority to charge fees is capped at what appears in the signed Merchant Agreement.
• The phrase “absent a mutual modification” is critical: both parties must agree to any change. CardConnect’s practice of inserting notices of new fees into billing statements does not constitute mutual agreement; the court already said so.
• The court confirmed this ruling on reconsideration in June 2019 (Dkt. 98, Judge Pappert). CardConnect had two separate opportunities to have this ruling reversed. It was not.

“The Program Guide includes nearly 50 pages of small-print legalese, so it is widely understood that no merchant (and many of the individuals that sell this product) would ever read or understand it completely.”

• The complaint acknowledges that even CardConnect’s own salespeople do not fully understand or carry the Program Guide. This is the document CardConnect uses to justify every unauthorized fee it charges.
• The document was never given to merchants before they signed. Merchants signed the Merchant Agreement, which references the Program Guide without providing it. This is the definition of a hidden contract term.

“CardConnect often includes unilateral notices in customer billing statements announcing that it will be adding new charges in the following months. CardConnect apparently takes the view that the Program Guide gives it the right to change its agreements with merchants in this manner, even if the merchants never previously agreed to the new charges.”

• This describes the operational loop: CardConnect sends a notice inside a statement that a new fee is coming, then charges it. It treats this as consent. A federal court has already ruled this is not valid consent.
• The complaint further notes that by the time merchants receive statements, the money is already gone. The “notice” arrives after the fact in practice because CardConnect debits first.

“If CardConnect disclosed all of its fees in the Merchant Agreement, much less that it intends to give itself the right to charge whatever fees it wants whenever it wants, merchants would be less likely to do business with CardConnect.”

• This is the complaint stating plainly that the concealment of fees is the reason small businesses sign with CardConnect at all. The lower headline price is the hook; the Program Guide is the trap.
• The complaint connects this to lock-in: merchants who discover unauthorized fees and want to leave face “hefty early termination penalties,” making exit expensive.

“Upon information and belief, CardConnect never amended its agreement to reflect this requirement.” — Referencing the Kao settlement requirement that merchants receive 50-day termination windows after fee changes.

• As part of settling the 2016 Kao lawsuit, CardConnect agreed in writing to give merchants a 50-day window to cancel without penalty after any new fee or rate increase. The complaint alleges CardConnect never implemented this change.
• This means CardConnect made a promise to a federal court as part of a settlement and, according to the current complaint, broke it. This is not a company that made a billing mistake. This is a company that agreed to stop doing something and then kept doing it.

How CardConnect Built a Machine to Rob Small Businesses

This scheme works because payment processing is genuinely complicated. When you swipe a card, there are potentially six separate parties involved: the card-issuing bank, the card network (Visa or Mastercard), the network’s member bank, the hardware company, the actual processor, and the payment processor managing the merchant relationship. CardConnect exists at the end of that chain, closest to the small business owner, which gives it something incredibly valuable: direct debit access to the merchant’s bank account. That access is the weapon.

• CardConnect’s salespeople approached merchants with a standard Merchant Agreement that displayed a clear, specific fee schedule: a Chargeback Fee of $25, a Retrieval Fee of $15, a Minimum Processing Fee of $15, a PCI Non-Compliance Monthly Fee of $19.95, and a handful of smaller transaction fees. These numbers were visible, agreed-to, and signed.
• Buried in the Merchant Agreement was a reference to a separate document called the Program Guide. CardConnect salespeople did not have the Program Guide. They did not give it to merchants. The Program Guide is nearly 50 pages of dense legal language. It purports to give CardConnect unlimited, unilateral authority to add new fees or raise existing ones with just 30 days’ notice.
• Neither CardConnect nor Wells Fargo (the named member bank on the contract) ever signed these Merchant Agreements. The contract itself says the agreement “shall not take effect” until both parties sign. They never signed. The complaint argues this means no enforceable written contract ever existed, which in turn means the Program Guide, which is only binding if the Merchant Agreement is binding, has no legal force either.
• Each month, CardConnect debits its fees directly from the merchant’s account before issuing a billing statement. The merchant learns what was taken only after the account has already been drained. This sequencing is not accidental: it makes it harder to stop the charge before it happens and easier to frame the fee as an established practice rather than a surprise deduction.
• Merchants who want to leave after discovering unauthorized fees face a second trap: early termination penalties. The cost of exiting can exceed the cost of absorbing the unauthorized fees, so many merchants stay locked in and keep paying.

Who Gets Hurt and How Much

Public Health

When the target is a medical staffing company, the economic damage does not stay inside a spreadsheet.

• Advanced Surgical Associates supplies physician assistants to surgical practices. When unauthorized fees compress the company’s margins without warning, the financial pressure does not stay abstract. It affects staffing decisions, operational capacity, and the availability of mid-level surgical support in the practices ASA serves.
• Richard Obringer is partially retired. His income from ASA is not a side revenue stream; it is his income. Draining money from a small, fluctuating-revenue medical staffing company via unauthorized bank debits creates real cash-flow crises, particularly for a business that has no predictable monthly income floor beyond its $25 processing minimum.
• The class is defined as all merchants in the United States charged unauthorized fees after July 8, 2020. The complaint does not specify industries, meaning the class almost certainly includes pharmacies, dental practices, therapy providers, and other healthcare-adjacent businesses where unexpected financial shocks translate directly into healthcare access and staffing decisions.

Economic Inequality

CardConnect’s fee structure is a regressive tax. The smaller your business, the harder each unauthorized charge hits.

• The complaint identifies merchant processing costs as one of the highest expenses small businesses face, trailing only labor and production. When a processor adds hundreds of dollars in unauthorized annual fees to that burden, it is a proportionally larger hit for a solo practitioner running a medical staffing company than for a mid-size retailer with a legal department that reviews vendor statements line by line.
• The class action structure was necessary precisely because the individual damages are too small to justify individual litigation. The complaint states that “most Class members likely could not afford to seek legal redress.” This is by design: CardConnect takes amounts small enough that litigation is irrational for any single business owner, while aggregating enough across thousands of merchants to generate significant revenue.
• The early termination penalty structure locks merchants in after they discover the overcharges. A small business owner who spots unauthorized fees and wants to leave faces an exit fee that can outweigh months of unauthorized charges. This creates a period during which the merchant is financially trapped with a company that has already proven it will take money without authorization.
• The complaint notes that by the time a merchant receives a billing statement, the money has already been seized. For businesses operating on thin margins with low cash reserves, a surprise debit of $200 or $215 can trigger overdraft fees, missed payroll, or delayed supplier payments, creating a cascade that extends far beyond the original unauthorized charge.
• The aggregate amount in controversy is estimated at over $5 million for a class of thousands of merchants. That figure is a floor, not a ceiling. It represents money extracted from small businesses and transferred to a corporation headquartered in a suburban Philadelphia office park, with no service delivered in exchange.
• CardConnect’s salespeople were the ones who approached merchants like Obringer. The company sent representatives to solicit small business owners, built trust through a face-to-face pitch with a clear fee schedule, and then leveraged that trust to gain bank account access it would later use to extract unauthorized funds. The initial contact was the predatory act; everything after was collection.

What the Numbers Actually Mean

Who Is Responsible and What You Can Do

CardConnect Corporation is headquartered at 1000 Continental Drive, Suite 600, King of Prussia, Pennsylvania 19406. The class action was filed against the corporation directly. The complaint does not name individual executives by title or name in the source document, so those names cannot be verified here. Below are the regulatory bodies with jurisdiction over CardConnect’s conduct and concrete actions you can take.

Watchlist: Regulatory Bodies

• The Federal Trade Commission (FTC) has jurisdiction over deceptive trade practices by payment processors. CardConnect’s practice of advertising one fee structure while charging another falls squarely within the FTC Act’s prohibition on unfair or deceptive acts and practices.
• The Consumer Financial Protection Bureau (CFPB) regulates entities involved in payment processing that affect consumers and small businesses. The CFPB has authority to investigate and sanction processors that engage in deceptive billing practices.
• The Department of Justice (DOJ) Civil Division handles civil fraud cases at the federal level. If CardConnect’s conduct is found to constitute systematic fraud against a class of thousands, federal civil enforcement is within scope.
• The Pennsylvania Attorney General’s Office has jurisdiction because CardConnect is incorporated and headquartered in Pennsylvania, and because the conduct alleged involves deceptive business practices originating from that state.
• The Nevada Attorney General’s Office has jurisdiction over the Nevada Subclass claims under the Nevada Deceptive Trade Practices Act (Nev. Rev. Stat. § 598.0915 et seq.), as Obringer and ASA are Nevada citizens.

If You Are a CardConnect Merchant

• Pull every billing statement from the past four years. Compare each line item against the fee schedule in the Merchant Agreement you signed. Any fee not explicitly listed in that document is potentially unauthorized and recoverable.
• Contact the law firms prosecuting this case: Kopelowitz Ostrow P.A. (ostrow@kolawyers.com, grunfeld@kolawyers.com) and Tycko and Zavareei LLP (hzavareei@tzlegal.com, kaizpuru@tzlegal.com). The class period starts July 8, 2020. If you were charged unauthorized fees after that date, you may qualify as a class member.
• File a complaint with the CFPB at consumerfinance.gov/complaint. Document the specific fee names, amounts, and dates. Pattern complaints from multiple merchants accelerate regulatory attention.
• Contact your state attorney general’s consumer protection division. For Nevada merchants: the NDTPA claim in this lawsuit specifically covers you as a subclass member.
• If you want to terminate your CardConnect contract, consult with an attorney before signing anything or paying an early termination fee. The lawsuit’s core argument is that no enforceable written contract exists. You may have more leverage than CardConnect claims.

Mutual Aid and Grassroots Resistance

• Small business associations in your city or region are the fastest organizing layer. Raise CardConnect’s practices at your local chamber of commerce or merchant guild. Other business owners in your network may not know they can compare statements and join this class action.
• Share billing statements (with sensitive account numbers redacted) in small business owner forums and Facebook groups. Concrete documentation spreads awareness faster than abstract warnings. If merchants can see the specific fee names (Annual Compliance SVC Fee, Annual Fee Security Bundle, Annual Membership Fee) in their own statements, recognition is immediate.
• Pressure your local city council to require payment processors operating in your city to provide plain-language fee disclosures and obtain affirmative consent before adding new fees. Municipal-level consumer protection ordinances have precedent and can move faster than federal regulation.
• ClassAction.org maintains a searchable database of active class action lawsuits. This case is listed there. Share the direct link to this case with any merchant you know who uses CardConnect.