The Non-Financial Ledger: What $93 Million Looks Like in Real Life

There is a consumer somewhere who bought a $97 online kit because they believed they could build a small business. Maybe they lost their job. Maybe they had a sick kid and needed a second income. A telemarketer called them, enthusiastic and rehearsed, and told them they were about to change their life. The coaching program would cost a few thousand dollars. The results would come fast. They’d recoup it in months. So they put it on a credit card.

That coaching program never delivered. After three years of the FTC’s litigation, the telemarketers who funneled customers to Apply Knowledge could not identify a single one of the more than 10,000 customers who had turned a profit, or even gotten their money back. Not one. The business coaching was the product. The product did not work. The whole structure existed to extract the credit card number and disappear into a tangle of LLCs.

Then there were the USFIA investors. Steve Chen’s scheme sold packages with names designed to sound like legitimate financial products. One of them was a virtual currency called “gem coins.” The SEC later found that more than 90% of everything the Amauction and Amkey accounts processed was not antiques, not nutraceuticals, not art. It was investment money going into a pyramid. The people at the bottom of that pyramid lost real money. The court-ordered judgment against Chen alone came to $71.7 million. That is the size of the hole he dug.

And then there were the Tarr customers. They clicked on what looked like a news article. They were told they could try a weight-loss supplement or skin cream for free, just pay shipping. Fourteen days later they were enrolled in a subscription they didn’t knowingly agree to. The charges kept appearing on their statements. Getting them stopped was a fight. The FTC said Tarr deceived consumers out of hundreds of millions of dollars in total. CMS processed $15 million of that through 15 accounts spread across 10 shell corporations.

These were ordinary people navigating a financial system they were told was regulated and safe. Visa and Mastercard have rules. Banks have rules. Payment processors are supposed to enforce those rules. CMS knew the rules, documented the rules in its own internal policies, and then helped its merchant-clients engineer around every single one of them. The people who lost money in these schemes had no way of knowing that the company sitting in the middle of their credit card transaction had already been told, in writing, that it was “too obvious” the merchant was engaged in load balancing to avoid detection. They had no way of knowing that a CMS employee had suggested putting accounts in a spouse’s name specifically so the connection couldn’t be traced. They just saw a charge on a statement and had to fight to get their money back, one chargeback at a time.

Legal Receipts: What They Said When They Thought No One Was Watching

The FTC complaint contains verbatim email exchanges that are extraordinary in their directness. These are not ambiguous corporate communications. These are people who understood exactly what was happening and chose to proceed.

“It is too obvious that [the merchant] has several accounts and is load balancing the accounts among as many as processors as he can to avoid the card associations [chargeback] programs. If we get an examiner, auditor or card association reviewing this file, there will be a significant issue if we approved a business where we know the client has engineered his card acceptance to avoid chargeback penalties. My main issue with this is there is no way we could play dumb with this file.”

Vince Lombardo, CBCal Bank Card Division, email to Jack Wilson, August 6–7, 2014

• This statement proves that the acquiring bank’s own representative told Wilson directly that the load balancing was “too obvious,” that approving the account would create legal exposure, and that they could not later claim ignorance.
• Lombardo explicitly named the VISA best practices guidebook and stated the merchant “trigger[ed] all of the indicators listed” in it, meaning the red flags were not subtle. They were textbook.
• The phrase “there is no way we could play dumb with this file” is the bank’s employee acknowledging, in advance, that approval of this account would be indefensible to regulators. Wilson approved it anyway.

“If it is picked up, which it probably won’t be then we close it down. If they don’t manage their chargebacks we also shut them down.”

“We have a lot of this type of account and picking it out of our portfolio would be difficult… VISA isn’t going to say we are aiding and abetting nor will the regulators. So we just need to move forward.”

Jack Wilson, CEO of CMS, email to CBCal’s Vince Lombardo, August 6–7, 2014

• Wilson’s first statement reveals the company’s actual risk management strategy: wait to be caught, then close the account. There was no proactive compliance framework. There was a bet on not being detected.
• Wilson’s second statement reveals that the scale of the fraud was a feature. Having “a lot of this type of account” meant no single account would be distinctive enough to trigger focused review. Volume provided cover.
• The explicit prediction that “VISA isn’t going to say we are aiding and abetting nor will the regulators” is Wilson’s own liability assessment, delivered in writing. The FTC complaint is the direct answer to that prediction.

• This quote proves that the benefit to Sonnenberg of CMS’s arrangement was specifically that he could keep fraudulent accounts in family names rather than exposing employees to legal risk. The “risks” he describes are regulatory and legal exposure for running a fraudulent operation.
• This is the fraudster explaining to the payment processor why the payment processor’s services were uniquely valuable: CMS allowed him to protect himself from accountability while continuing to operate.

“CMS had ‘protected’ the Apply Knowledge enterprise’s accounts from the bank on numerous occasions, and that without Decker’s protection the accounts ‘would have been cutoff, mid-month, without warning, as per the Bank’s recommendations.'”

Kyle Hall, CMS co-founder, email to David Decker, April 25, 2012 (as described in FTC Complaint, Paragraph 68)

• This is one CMS co-founder telling another that the company was actively intervening to keep a fraud operation’s bank accounts open against the explicit recommendations of the acquiring bank.
• The word “protected” is used without any apparent irony. CMS viewed shielding fraud operations from the bank’s oversight as a service it provided to its merchant-clients.

“BSA is all over these two accounts.”

Vince Lombardo, CBCal, email to David Decker and Jack Wilson, January 14, 2015 (regarding the USFIA enterprise’s Amkey and Amauction accounts)

• The Bank Secrecy Act (BSA) department is responsible for flagging transactions that may involve money laundering or financial crimes. When a bank’s BSA analysts are scrutinizing two accounts, it is a serious warning signal that the accounts may be processing illegal transactions.
• CMS’s response to this warning was to provide the bank with a memo containing false information about the merchant’s auction activity, invented business relationships, and fabricated explanations for the processing spikes.

Societal Impact Mapping: Who Actually Paid for This

Public Health

The Tarr scheme operated directly in the consumer health space, making unsubstantiated medical claims to sell dietary supplements and skin products.

• Tarr marketed weight-loss, muscle-building, and skin cream products using false and unsubstantiated claims about their effectiveness, according to the FTC’s complaint against Tarr. Consumers purchased products based on lies, spending money on items that did not deliver the health outcomes they were promised.
• Tarr’s free trial model enrolled consumers in monthly subscriptions without meaningful disclosure of the auto-billing terms. The Better Business Bureau had already flagged Garcinia Cambogia Slim Fast’s unsubstantiated health claims and 14-day trial structure in January 2014. CMS submitted the account for approval anyway.
• CMS’s own underwriting policy listed “free trials with subsequent billing” as a “disqualifying item.” CMS submitted three Tarr applications that explicitly described this exact model on the same day it received them, August 2014.

Economic Inequality

Every one of these fraud operations targeted people who were looking for a financial lifeline. The payment infrastructure CMS provided extended these schemes’ operating lifetimes by months and years, maximizing the economic damage to working-class consumers.

• The Apply Knowledge enterprise specifically targeted people who had purchased a low-cost online business kit, typically for less than $100. Telemarketers then upsold them on business coaching that cost thousands of dollars with promises of rapid returns. After three years of litigation, not one of the more than 10,000 customers could be identified as having made a profit.
• The USFIA pyramid scheme operated as an investment fraud targeting predominantly immigrant communities drawn to Chen’s presentation of gem coins as a legitimate financial vehicle. The court found the scheme took in more than $66 million, with the court-ordered judgment against Chen set at $71.7 million. Money at the bottom of a pyramid structure is structurally unreachable once the scheme collapses.
• Tarr’s subscription trap model is economically predatory by design. Consumers who clicked what appeared to be an independent news report, paid for shipping on a “free” sample, and then faced months of recurring charges had to either absorb the loss or fight through the chargeback process, a process that is itself time-consuming and not guaranteed to succeed. CMS processed $15 million through 15 accounts for this operation.
• When Jack Wilson was finally removed from CMS after the damaging emails surfaced, he received a $250,000-per-year payment for ten years, plus health insurance and continued sales commissions. The consumers who lost money to the schemes he enabled received nothing from CMS at that moment.
• CMS earned a fee on every transaction processed through its merchant accounts. The more fraud that flowed through, the more CMS earned. The company’s own co-founder explained the business model in 2014: high-risk merchants carry “a lot larger margin in those deals.”
• The chargeback system, which is the main consumer recourse mechanism documented in this case, costs consumers time and effort with no guarantee of recovery. Chargebacks also generate fees that acquiring banks and ISOs may ultimately pass down to compliant, legitimate merchants, distributing the cost of fraud across the entire merchant ecosystem.

The “Cost of a Life” Metric

What Now: Pressure Points, Watchlists, and Action

The FTC filed this complaint in December 2020 seeking permanent injunction and disgorgement. The individuals and entities named in the complaint have not been convicted of a crime by this filing alone; the complaint is the FTC’s statement of allegations. Here is what you can do with this information.

Who Is Named

• Complete Merchant Solutions, LLC — 727 N 1550 E, Third Floor, Orem, UT 84097. Defendant in FTC Case No. 2:20-cv-00864-HCN.
• Jack Wilson — Former CEO (2009–2016). Individual defendant. Continues to receive $250,000/year from CMS and earns sales commissions as an ongoing agent of the company per the complaint.
• David M. Decker, Jr. — Co-founder and president of CMS. Named extensively in the complaint’s factual allegations. Not listed as a defendant in the caption but described as formulating and participating in the alleged conduct.
• Kyle Hall and Trever Hansen — CMS co-founders. Named in complaint. Kyle Hall described CMS’s core industry as “high risk nature… there’s a lot larger margin” in a 2009 SEC deposition.

Regulatory Watchlist

• Federal Trade Commission (FTC) — Plaintiff in this case. You can file consumer complaints at ftc.gov/complaint. If you were charged by any of the entities named in this complaint (Apply Knowledge, Supplier Source, Amauction, Amkey, Tarr, or related companies), document your experience and report it.
• Securities and Exchange Commission (SEC) — Already obtained a $71.7 million judgment against USFIA’s Steve Chen (SEC v. Chen, No. 2:15-cv-07425). The SEC’s investor complaint system is at sec.gov/tcr.
• Consumer Financial Protection Bureau (CFPB) — Tracks complaints against financial service providers, including payment processors. File at consumerfinance.gov/complaint.
• Visa and Mastercard — Both card networks maintain fraud compliance programs and the MATCH list for terminated merchants. Their compliance departments have the authority to sanction acquiring banks and ISOs. Consumer escalation is through your issuing bank’s chargeback process.
• Utah Division of Consumer Protection — CMS is a Utah LLC. State-level consumer protection complaints: consumerprotection.utah.gov.

Mutual Aid, Local Organizing, and Direct Action

• If you were charged by Apply Knowledge, Supplier Source, USFIA, Amauction, Amkey, or any Tarr-affiliated subscription service: contact the court-appointed receivers in the relevant federal cases and file a claim. Receiver contact information should be in the public court docket for each case. The FTC’s website maintains consumer resources for victims of cases it has prosecuted.
• Share the primary source document with anyone who works in payment processing, banking compliance, or fintech. The mechanics of load balancing to evade chargeback monitoring are described in explicit detail in this complaint. Workers inside these industries who see these patterns have whistleblower protections.
• Organize around the chargeback system itself. The complaint repeatedly shows that chargebacks are the primary consumer recourse, but the system is designed around protecting banks and networks, not consumers. Local consumer protection organizations and credit unions are more responsive to grassroots pressure than Visa or Mastercard will ever be.
• Demand your bank disclose its ISO relationships. Your acquiring bank has contractual relationships with ISOs like CMS. Under the Bank Secrecy Act, banks are required to maintain anti-money-laundering programs. Asking your bank who their payment processing partners are and what their audit standards look like is a legitimate inquiry, and enough people asking creates accountability pressure.