EvilCorporations.com · Corporate Misconduct Accountability Project
Enforcement Action · Banking · Consumer Fraud
American Express Centurion Bank Defrauded 239,000 Cardholders Out of $40.9 Million
The company sold phantom credit protection, fake identity monitoring, and deceptive debt relief, then billed customers who never received what they paid for.
■ Critical Severity
TL;DR
American Express Centurion Bank spent nearly a decade operating three predatory add-on products that were sold through deceptive telemarketing scripts, promises that were never honored, and enrollment processes deliberately designed to obscure what consumers were actually paying for. More than 239,000 cardholders were charged fees for benefits they never fully received. Identity monitoring services billed customers even when those customers had never completed enrollment. Debt protection benefits were described as covering minimum payments, but the actual benefit frequently fell short of that promise. Puerto Rico cardholders were enrolled in Spanish over the phone but given all follow-up materials in English only. The Consumer Financial Protection Bureau ordered $40.9 million in restitution and a $3.6 million civil penalty in December 2013.
This is what predatory corporate behavior looks like: 239,000 families billed for products they never fully received. Demand better. Share this. Stay informed.
$40.9M
Minimum restitution ordered by the CFPB
239K+
Total cardholders harmed across all three products
$3.6M
Civil money penalty paid to the CFPB
85%
ID Protection enrollees who never received full benefits
$15.1M
Account Protector fees collected through deception
97%
Lost Wallet PR customers enrolled via Spanish calls with no Spanish materials
▲ Core Allegations
Core Allegations
What American Express Centurion Bank did · 7 points
| 01 | Telemarketers falsely told cardholders that Account Protector would cover their full minimum monthly payment. The actual benefit was capped at the lesser of $500 or 2.5% of the account balance, which routinely fell below the minimum payment due. | High |
| 02 | Callers implied benefits lasted up to 24 months. In reality, only 2 of 13 qualifying life events carried a 24-month benefit period; the other 11 lasted one, two, or three months. | High |
| 03 | The bank billed 85% of ID Protection enrollees the full monthly fee for credit monitoring services those customers never received, because the bank concealed that enrollment required a separate second step. | High |
| 04 | Account Protector was sold with the false claim that it would improve or maintain cardholder credit scores. This was a fabricated product feature with no basis in fact. | High |
| 05 | Telemarketers failed to disclose that Account Protector was optional and not required to activate or use the credit card, a material omission that misled consumers about the true nature of their enrollment. | High |
| 06 | Puerto Rico cardholders were enrolled in the Lost Wallet PR product through Spanish-language phone calls, but all follow-up written materials were provided in English only, denying those customers the ability to understand what they had purchased. | High |
| 07 | The bank told customers there would be no Account Protector fee if their balance was paid off, but concealed that the balance had to be paid before the billing cycle end date, not the statement due date, a distinction that routinely triggered unexpected fees. | Medium |
Profit Over People
How revenue was placed above honest dealing · 5 points
| 01 | American Express Centurion Bank collected at least $15.1 million in Account Protector fees and over-limit charges from more than 83,000 cardholders who received deceptive or incomplete product representations. | High |
| 02 | At least $11.3 million in ID Protection fees were collected from over 77,000 cardholders while the bank failed to deliver the credit monitoring services those customers paid for. | High |
| 03 | Lost Wallet PR generated at least $12.4 million in fees from over 79,000 Puerto Rico cardholders, the majority of whom were enrolled through Spanish calls but given no Spanish-language documentation to understand the product. | High |
| 04 | When Account Protector benefit payments fell short of covering minimum payments, cardholders were then exposed to late fees, over-limit fees, and penalty APR increases. The bank profited from the cascading financial harm its own underpayments caused. | High |
| 05 | The bank charged cardholders the full ID Protection fee at enrollment, before those customers could possibly have received any services, and continued charging them regardless of whether they completed the second enrollment step required to actually activate the benefits. | High |
Regulatory Failures
How oversight collapsed · 4 points
| 01 | The bank’s own compliance monitoring, service provider oversight, and quality assurance processes were so ineffective that they failed to prevent, identify, or correct any of the deceptive practices detailed in this order over a period spanning nearly a decade. | High |
| 02 | The bank violated Regulation V and the Fair Credit Reporting Act by failing to include required disclosures about consumers’ right to free credit reports when making telemarketing calls that referenced free credit report offers. | High |
| 03 | The bank used third-party service providers to conduct telemarketing without providing those providers with approved scripts or adequate oversight, allowing improper sales pitches to persist without detection. | Medium |
| 04 | This was not the bank’s first federal enforcement action: the CFPB and FDIC had issued a joint consent order against American Express Centurion Bank in October 2012, just 14 months before this second order was issued in December 2013. | High |
Economic Fallout
Financial harm to ordinary consumers · 4 points
| 01 | Cardholders who believed Account Protector would cover their minimum payment during hardships like unemployment or disability instead found themselves still short on payments, triggering late fees and penalty interest rates that compounded their financial distress. | High |
| 02 | Over-limit fees and penalty APR rate increases were directly caused by Account Protector benefit payments that were inadequate to cover the minimum payment due; the bank was ordered to reverse these charges as part of restitution. | High |
| 03 | Cardholders who were unemployed or disabled at the time of Account Protector enrollment were ineligible to claim the very benefits the product was marketed to provide, making the product worthless for the people most likely to need it. | High |
| 04 | Only 40% of Lost Wallet PR customers registered any item beyond their American Express card, strongly indicating that the majority of cardholders never understood the product they had purchased and paid for. | Medium |
Community Impact
Who was harmed, and how · 3 points
| 01 | Puerto Rico cardholders were specifically targeted for the Lost Wallet PR product through Spanish telemarketing calls, yet received all written product information exclusively in English. This denied a Spanish-dominant consumer community the ability to make informed decisions about their own financial products. | High |
| 02 | Cardholders facing genuine hardship events such as job loss, disability, hospitalization, or divorce enrolled in Account Protector expecting meaningful financial relief and instead received inadequate payments that still left them liable for late fees and credit damage. | High |
| 03 | Consumers who were already experiencing unemployment or disability at the time of enrollment in Account Protector were denied any benefit, despite being the demographic most urgently in need of the financial protection the product was sold as providing. | High |
Corporate Accountability Failures
Weak penalties, no executive liability · 4 points
| 01 | American Express Centurion Bank signed the consent order without admitting or denying any findings of fact or violations of law. No executives were named. No individuals were held personally liable for a decade of deceptive consumer practices. | High |
| 02 | The $3.6 million civil penalty represents a fraction of the at least $38.8 million in documented fees collected through deception. The penalty was structured so that the bank could not deduct it as a business expense, but no mechanism punished the individuals who designed or approved these practices. | Medium |
| 03 | A prior joint FDIC and CFPB consent order had already been issued against American Express Centurion Bank in October 2012. The bank continued operating the deceptive products flagged in that action until at least the issuance of this second order in December 2013. | High |
| 04 | Consumers harmed by these practices had no reason to know they had been deceived: the deception was embedded in the telemarketing call itself, in the welcome materials sent after enrollment, and in the billing statements that appeared on their accounts each month. | High |
⏰ Timeline of Events
2004
American Express Centurion Bank begins marketing and selling Account Protector, a debt cancellation add-on product, to cardholders.
Nov 2009
The bank begins selling ID Protect and ID Protect Premium identity monitoring add-on products to cardholders.
Nov 2011
Lost Wallet Protector (including its Puerto Rico variant, Lost Wallet PR) is introduced and marketed to cardholders.
Jun 2012
ID Protection Products are discontinued.
Jul 2012
Account Protector is discontinued.
Sep 2012
Lost Wallet PR (Puerto Rico product) is discontinued.
Oct 2012
The FDIC and CFPB jointly issue a prior consent order against American Express Centurion Bank for related consumer protection violations.
Dec 24, 2013
The CFPB issues this second consent order: $40.9 million in restitution to 239,000+ harmed cardholders and a $3.6 million civil penalty. The bank signs without admitting wrongdoing.
💬 Direct Quotes from the Legal Record
Quote 1
Benefit payments fell short of minimum payments
Core Allegations
“For a significant percentage of Card Members enrolled in Account Protector who received benefits, the benefit payment did not always cover the minimum payment due on the Card Member’s account.”
💡 This is the core fraud: cardholders paid monthly fees for a product marketed as covering their minimum payment, then discovered the payment was often inadequate, leaving them liable for late fees and penalty rates on top of the fees they had already paid.
Quote 2
85% of ID Protection customers never received full benefits
Profit Over People
“Approximately 85 percent of Card Members who enrolled in the ID Protection Products did not complete the second step of the two-step process and paid the full product fee without receiving all of the advertised benefits.”
💡 The bank knew about its two-step enrollment requirement. It chose not to disclose it during the sales call. It then billed customers who never completed step two the full monthly fee anyway. That is not an oversight; it is a deliberate extraction of money for services not rendered.
Quote 3
Deception about benefit duration
Core Allegations
“Implying that benefits would last up to 24 months when, in fact, only two of the thirteen qualifying events with a benefit period covered by Account Protector included benefit periods of 24 months, and the other eleven qualifying events had benefit periods of only one, two, or three months.”
💡 Telemarketers led with the best-case scenario to close the sale and buried the reality: nearly all qualifying events triggered a benefit period of just one to three months, not the two years implied in the pitch.
Quote 4
Over 77,000 customers injured by ID Protection billing
Profit Over People
“AECB’s acceptance of monthly payments while failing to provide credit monitoring services has resulted in substantial injury to over 77,000 Card Members in the amount of at least $11.3 million in fees and over-limit charges, as well as associated interest fees.”
💡 The CFPB explicitly found this harm was not reasonably avoidable by consumers: the bank concealed the information that would have allowed customers to protect themselves.
Quote 5
Spanish-language enrollment, English-only materials
Community Impact
“Ninety-seven percent of Card Members enrolled in Lost Wallet PR enrolled via telemarketing calls conducted in Spanish… all written materials provided to Card Members by AECB related to Lost Wallet PR were provided in English.”
💡 The bank was comfortable enough with Spanish-speaking Puerto Rico cardholders to sell them a product in their language. It was not willing to provide follow-up documentation in that language. This is not an administrative oversight; it is a structural barrier to informed consent.
Quote 6
Compliance monitoring utterly failed
Regulatory Failures
“AECB’s compliance monitoring, Service Provider management, and quality assurance resulted in ineffective oversight, which failed to prevent, identify, or correct certain improper practices.”
💡 American Express Centurion Bank had compliance systems in place. Those systems did not stop the fraud from continuing for nearly a decade. That is not a compliance failure; it is an organizational culture that tolerated deception as a business practice.
Quote 7
Credit score claim was fabricated
Core Allegations
“Representing that Account Protector would improve or maintain a Card Member’s credit score.”
💡 This claim had no basis in the product’s actual terms or features. Telemarketers invented a benefit to close sales. The bank either authorized or failed to detect this fabricated selling point for years.
Quote 8
$40.9M restitution floor ordered
Corporate Accountability Failures
“AECB shall provide restitution in an amount not less than $40,900,000… for the purpose of providing restitution as required by this Section.”
💡 $40.9 million is the legally ordered floor, not a negotiated settlement figure. The actual restitution could exceed this amount once all eligible consumers are identified and compensated, with interest.
💬 Commentary
What exactly did American Express Centurion Bank do wrong?
▼
The bank sold three credit card add-on products through telemarketing calls that contained false statements and critical omissions. Callers described benefits that the products did not actually deliver, hid enrollment requirements that prevented customers from receiving full services, and enrolled Spanish-speaking Puerto Rico cardholders without providing any Spanish-language documentation. The bank then charged cardholders the full monthly fee regardless of whether those customers ever received what was promised. Over a period spanning nearly a decade, more than 239,000 people paid a combined total of at least $38.8 million in fees for products that were misrepresented to them.
How serious was this misconduct?
▼
This was serious enough that the federal government ordered one of the largest financial institutions in the United States to pay $40.9 million in restitution to harmed consumers and an additional $3.6 million civil penalty. The CFPB found violations of federal consumer protection law across all three products. This was also not the bank’s first federal enforcement action: a prior joint CFPB and FDIC consent order had been issued just 14 months earlier in October 2012. The bank continued operating these products after that earlier enforcement action. That pattern of continued misconduct despite prior regulatory intervention reflects an institution that treated fines as a cost of doing business rather than a reason to change.
Why were Spanish-speaking Puerto Rico cardholders particularly harmed?
▼
Almost all Puerto Rico cardholders enrolled in the Lost Wallet PR product through Spanish-language phone calls conducted by customer service representatives who were translating English scripts on the fly, without any approved Spanish-language scripts. After enrollment, every written document the bank sent to those customers, including product terms, benefit instructions, and registration guidance, was in English only. This meant that cardholders who had agreed to a product based on a phone explanation in Spanish had no written record in their language to consult. The inevitable result was that only 40% of these cardholders ever registered any item beyond their own American Express card, strongly indicating that the majority never understood what they had purchased.
Why did the ID Protection product harm so many people?
▼
The ID Protection product had a two-step enrollment process. Step one happened during the telemarketing call. Step two required customers to provide additional information to activate the credit monitoring features. The bank never disclosed during the sales call that step two was required. Customers received the first notice about step two only after enrollment, buried inside a welcome kit. The bank charged the full monthly fee immediately upon enrollment, before customers could have completed step two, and continued charging the fee for customers who never returned to complete it. Eight-five percent of enrolled customers never completed step two. That means 85% of customers paid full price for partial service, and the bank knew this was happening because the two-step structure was a deliberate design choice.
Were any executives held accountable?
▼
No. The consent order was issued against the bank as an institution. No individual officers, directors, or executives were named as respondents, charged with violations, or ordered to pay personal penalties. The bank itself signed the order without admitting or denying the factual findings or violations of law. This is a structural failure of corporate accountability: the institution pays a fine calibrated as a fraction of its profits, no person responsible for authorizing or ignoring the deceptive practices faces personal consequences, and the bank moves on. The workers who were instructed to use deceptive scripts, and the customers who were deceived, bear all the real-world consequences of conduct that benefited the institution’s senior leadership most directly.
What made the Account Protector benefit promises so deceptive?
▼
The product was sold as a safety net for people facing unemployment, disability, hospitalization, or other life crises. The telemarketing pitch implied that if something went wrong, the product would cover the monthly payment. This was the core appeal: financial protection during the moments when people are most vulnerable. The reality was that benefits were capped at the lesser of $500 or 2.5% of the account balance, which routinely fell below the actual minimum payment due. For cardholders with higher balances or higher minimum payments, the shortfall meant they still owed money, and the remaining unpaid amount triggered late fees and penalty interest. A person in the middle of a disability or job loss who expected full payment coverage instead found themselves still in arrears, paying fees on top of fees, with their credit at risk.
What connects this case to broader patterns of corporate wrongdoing?
▼
Credit card add-on product fraud was not unique to American Express Centurion Bank. The CFPB took similar enforcement actions against JPMorgan Chase, Bank of America, Citibank, Capital One, and Discover Financial during the same period. In every case, the pattern was identical: high-volume telemarketing, misleading benefit descriptions, billing for services not delivered, and institutional compliance systems that failed to detect or stop the practices. This is the predictable output of a financial system in which consumer protection regulations are enforced after the fact by underfunded regulators, penalties are treated as operational costs rather than deterrents, and no individual executives face personal liability for institutional fraud. American Express Centurion Bank was caught, penalized, and allowed to continue operating. The structural incentives that made this fraud profitable were not addressed.
What can I do to prevent this from happening again?
▼
Several concrete actions are available. First: file a complaint with the CFPB at consumerfinance.gov/complaint whenever a financial company misrepresents a product or bills for services not received. Every complaint is a data point regulators use to identify patterns. Second: opt out of telemarketing calls by registering at donotcall.gov and by asking your bank directly to stop calling you with product offers. Third: contact your congressional representatives to demand stronger individual executive liability in financial fraud cases. Settlements paid by institutions without admission of wrongdoing and without personal penalties for responsible executives are not deterrents. Fourth: support organizations like the National Consumer Law Center and Americans for Financial Reform that advocate for stronger consumer protection rules. Finally: share documented cases of corporate misconduct. Public accountability, not just regulatory enforcement, changes corporate behavior.
The CFPB’s source on this controversy involving American Express can be found here: https://www.consumerfinance.gov/about-us/newsroom/cfpb-and-american-express-reach-resolution-address-discriminatory-card-terms-puerto-rico-and-us-territories/
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
