Cut the Purse Strings USING A NOTICE OF INFRINGEMENT TO CREDIT CARD COMPANIES AND PAYMENT PROCESSORS AS AN ENFORCEMENT TOOL About the Presenters

 Gerald C. Pia, Jr., and Brian C. Roche

 Roche Pia LLC

 Roche Pia LLC is a boutique Cyberlaw firm representing clients in the areas of Intellectual Property (Copyright, Trademark), Internet Piracy/Counterfeiting, Domain Name Disputes, Computer Crimes, Trade Secrets and Non-Competes, Internet Business Consulting, and Litigation.

 Representative clients in the Testing Industry include: Cisco Systems, Inc., Microsoft Corporation, Project Management Institute, Inc., Graduate Management Admission Council (GMAC), and Alpine Testing Solutions. About the Presenters (continued)

 Brent Hill and Brent Morris  Cisco Systems, Inc.  Cisco Systems, Inc. is the worldwide leader in networking for the Internet. Cisco's networking solutions connect people, computing devices and computer networks. Cisco develops, manufactures and sells networking hardware, telecommunications equipment, and high-technology services, and provides high level IT certifications other high-technology services and products.  Cisco certifications validate your ability to use the best-in-class networking and business communications devices from Cisco Systems. Brent Hill and Brent Morris manage Cisco’s Exam Security team to protect the integrity and the brand of the entire Cisco Certification program. Cisco’s Certification Program

 Cisco’s Certification Landscape  Cisco’s Certification Exam Security

 Program Size: Methodology

 200+ Exams

 3 Million + Certified Candidates  1. Prevention

 5000+ global testing centers delivering Cisco  2. Detection exams  3. Enforcements Cisco’s Enforcement Strategies

 Reduce the volume of compromised content on the internet

 Mitigation using enforcement actions against candidates, test centers and websites.

 Enforcements may include:

 Warning letters

 6 month, 1 year, 3 year or lifetime bans

 Revocation of certification credentials

 Legal strategies against infringing websites (DMCA; Cease & Desist; UDRP)

 Closing colluding testing centers for Cisco delivery Test Piracy/Fraud Enforcement Options

Tier 1 Tier 2 Tier 3 • C&D Letter • “Knock & Talk” • Traditional Litigation • Registrar Letter • Notice of • Digital Freeze Litigation • WHOIS Privacy Letter Infringement to Credit Card • Freeze & Seize • Notice of Claimed Companies and Litigation Copyright Payment Infringement (to Processors Host/ISP) • “Takedowns” Test Piracy/Fraud Enforcement Options

Tier 1 Tier 2 Tier 3 • C&D Letter • “Knock & Talk” • Traditional Litigation • Registrar Letter • Notice of • Digital Freeze Litigation • WHOIS Privacy Letter Infringement to Credit Card • Freeze & Seize • Notice of Claimed Companies and Litigation Copyright Payment Infringement (to Processors Host/ISP) • “Takedowns” History / Current System

• EARLY Case law

• Perfect 10 vs. Gucci • Proposed legislation

• SOPA / PIPA • Registrar of copyrights /ABA

• “Follow the Money”

• Account Freezes • THE PAYMENT PROCESSOR AGREEMENT

• AmEx, Discover, MC, PayPal, Visa and 31 others

• A “Best Practices” system Case law: No valid claim vs. cc co. Case law: VALID claim vs. cc co. The Gucci rationale

 “…If cards don't process payments, pirates don't deliver booty.” Perfect 10, 494 F.3d at 818 (Kozinski, J., dissenting). If, as Gucci alleges, the Laurette website was functionally dependent upon Woodforest and Frontline's credit card processing services to sell counterfeit Gucci products, it would be sufficient to demonstrate the control needed for liability.

Gucci Am., Inc. v. Frontline Processing Corp., 721 F. Supp. 2d 228, 253 (S.D.N.Y. 2010) History / Current System (continued)

• EARLY Case law

• Perfect 10 vs. Gucci • Proposed legislation

• SOPA / PIPA • Registrar of copyrights /ABA

• “Follow the Money”

• Account Freezes • THE PAYMENT PROCESSOR AGREEMENT

• AmEx, Discover, MC, PayPal, Visa and 31 others

• A “Best Practices” system Multiple Companies, Multiple Policies

 Each service provider – whether Visa, MasterCard, American Express, PayPal, or another provider – will have its own policy, and its own submission guidelines

 Several are similar to court submissions, in which you must prove infringement, and a basis for the company to take action  Support provided by the client / test provider Client Involvement

 Cisco has used outside counsel for credit card/payment processor takedowns  But it is the test provider that must confirm infringement  Typically, test provider (itself or through an investigator) arranges a purchase of the suspected product  Test provider analyzes it (or a sufficient sample)  Test provider confirms to outside counsel that the product is infringing Visa: “Report Brand Abuse” MasterCard: “Anti-Piracy Referral Form” What can you hope to obtain?

It Differs: MasterCard/ Visa American Express PayPal MasterCard / Visa Acquiring Banks

Acquirer vs. Issuer Acquiring Banks:  An acquiring bank works as the Part of a Larger Puzzle middleman in payment card transactions. They link merchants with  The label “acquiring bank” — or in issuing banks (those that issue credit some cases merchant bank or simply and debit cards to consumers). acquirer — indicates a financial institution which accepts and  While issuing banks work directly with processes credit and debit cards cardholders, acquiring banks provide transactions on behalf of merchants. the financial backing and infrastructure for merchants to accept credit cards.

 Note: American Express is both the Issuer and the Acquirer for its brand MC/Visa : Info about Acquirer MC/Visa: Info about Acquirer (cont’d) MC/Visa: Info about Acquirer (cont’d) MC/Visa: Info about Acquirer (cont’d)

 Sometimes the first step (discovering the name of the acquiring bank) is avoided because the acquirer takes action after reviewing the subject account following the complaint. For example:  “MasterCard has identified the merchant associated with the financial institution processing for XYZ.com. The financial institution terminated the merchant.” or  “MasterCard has identified the merchant associated with the financial institution processing for XYZ.com. The financial institution informs us that the merchant removed all violating products from its site.” American Express: “Notice Form Regarding Sales Over the Internet of Illegitimate Products” AmEx: Merchant Termination PayPal: “Infringement Report” PayPal: “Serious Consequences” Indemnification PayPal Account Limitation PayPal Account Limitation Cisco’s Successful Use of this Process

• As discussed earlier, Cisco utilizes a variety of enforcement processes

• Range: from Letters to Litigation • Cisco has successfully utilized the payment processor process as a middle tier enforcement option, when the circumstances are appropriate

• Example: In 2015-2016, Cisco litigated against several families of sites, including Testking.com, Pass4sure.com, and Test-Inside.com and their affiliate sites.

• 460+ websites in total

• However, defendants disclaimed any involvement with a certain family of websites that seemed related (based on the domain name).

• Standalone litigation not justified for that one family of sites

• Pursued pirates by way of their credit card/payment processors Cisco’s Successful Use of this Process Cisco’s Successful Use of this Process

• Using litigation, Cisco successfully shut down the infringers’ ability to sell pirated exams on their websites and any affiliated websites.

• In litigation, Cisco was also able to seek other relief (money, injunction, etc.) • A payment processor takedown will not get you the other kinds of relief one can obtain in litigation (e.g., money, injunction), but it equally stopped the conduct occurring on the subject sites, and does not carry with it the same kind of initial investment (time, money) as litigation.

Roche Pia LLC Cisco Systems, Inc.