Mortgage Nightmare: Firm Made $2.3B in Illegal Home Payments, Affecting 500K Customers

The CFPB fined ACI millions of dollars for harming mortgage customers during a failed payments test.

House on pile of money representing mortgage payment
(Image credit: Getty Images)

For many Americans, a home mortgage is the biggest, most important debt they'll ever carry. So it's crucial for everything from your credit score to your basic liquidity that monthly mortgage payments be handled correctly. The Consumer Financial Protection Bureau's (CFPB) latest enforcement action highlights a nightmare scenario, where a major payment processor illegally made unscheduled mortgage payments from half a million customers, causing untold stress and financial pain.

ACI's mortgage payment fiasco

ACI is a payment processing company that offers services across industries including healthcare, student loans, telecommunications, and mortgage servicing. ACI claims to process more than 225 billion transactions every year across more than 6,000 companies. The payments firm reported net income of $142 million against revenue of $1.422 billion last year.

Mortgage servicer Mr. Cooper handles mortgage payments for more than four million customers. The company offered ACI's Speedway payment product to its mortgage loan customers until at least 2021. The product created an instant bridge for the transferring of funds between clients' bank accounts and Mr. Cooper. 

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

ACI tested its electronic payments platform on Friday, April 23, 2021. During the test, ACI's employees somehow used extensive real data obtained from Mr. Cooper, rather than dummy data. The Speedway software inadvertently sent customer data containing real names, bank account numbers and more through the ACH payment network. 

The result? ACI illegally submitted $2.3 billion in electronic mortgage payments from nearly 500,000 homeowners’ accounts. 

Affected customers noticed bank errors and financial consequences as early as Saturday, April 24. More than 60,000 customers at one bank had more than $330 million illegally leave their accounts. Over 7,300 customers saw their balances drop by more than $10,000 unexpectedly.

The CFPB's findings

Fast forward to June 27, 2023, when the CFPB reported that ACI’s actions violated several consumer financial protection laws. The federal agency catalogued distinct violations of the Electronic Fund Transfer Act and its implementing rule, Regulation E, as well as the Consumer Financial Protection Act.

Illegal account withdrawals

CFPB held that "ACI initiated approximately 1.4 million ACH withdrawals on behalf of Mr. Cooper from homeowners’ accounts on April 23, 2021, without a valid written authorization. This included initiating electronic fund transfers on days when they were not scheduled and initiating multiple transfers from the same accounts on the same day."

Improper handling of consumer data: 

CFPB also found that ACI's illegal transactions and the resulting harms stemmed from the company’s improper use of consumer data during its payment test. The agency contends that ACI dropped the ball on creating reasonable data security practices, which could have stopped real customer data from slipping into a live payment system test.

The CFPB's enforcement action

The CFPB invoked the Consumer Financial Protection Act and Electronic Fund Transfer Act to enact the following punishments:

  • ACI ordered to pay $25 million in civil penalties:
    • The fine will be paid to the CFPB for inclusion in the CFPB victims relief fund, which compensates victims of shady company practices broadly.
  • ACI ordered to stop illegal payment practices: 
    • ACI is ordered to adopt stronger info security rules. CFPB further prohibits the company from processing payments without customer authorization, and from using real customer data in software development and testing without consumer consent.

The bottom line

It's a fact of life that major institutions charged with protecting your money and personal information will inevitably experience fraud, breaches, and even honest yet damaging mistakes. There are a few things customers can do to protect themselves. 

Sign up for free credit monitoring from services like Capital One’s CreditWise or Chase’s Credit Journey credit score and monitoring services. Set alerts that inform you whenever your bank account or credit card registers large transactions above a certain threshold. 

Get to know your money personality by writing down income, expenses, and regular financial behaviors. Check on your major accounts a few times a month at least, so you can catch erroneous charges and payments and maintain financial peace of mind. And if you see bad or careless corporate behavior, file a complaint with the CFPB.  

Related Content

Ben Demers
Audience Engagement Manager,

Ben Demers manages digital content and engagement at Kiplinger, informing readers through a range of personal finance articles, e-newsletters, social media, syndicated content, and videos. He is passionate about helping people lead their best lives through sound financial behavior, particularly saving money at home and avoiding scams and identity theft. Ben graduated with an M.P.S. from Georgetown University and a B.A. from Vassar College. He joined Kiplinger in May 2017.