CFPB Sues Horizon Card and CEO for Trapping Families in High-Fee Credit Cards

6 months ago Staff

On September 13, 2024, the Consumer Financial Protection Bureau (CFPB) sued Horizon Card Services and its CEO Robert Kane for tricking consumers into signing up for its expensive membership credit card. 

The Horizon credit card only allowed customers to purchase goods from the company’s overpriced online store and charged almost $300 in annual fees with a $500 credit limit.

The CFPB alleges Horizon and Kane lured consumers into the membership program through deceptive marketing. Horizon charged consumers illegal and excessive fees, making it immensely difficult for consumers to cancel memberships and obtain refunds. The CFPB is asking the court to end Horizon and Kane’s illegal conduct, and to order them to pay a fine and make it up to their consumers.

“The CFPB is suing Horizon and its CEO Robert Kane for gouging low-income Americans and making it nearly impossible to cancel for a full refund,” said CFPB Director Rohit Chopra. “The CFPB will continue to closely scrutinize illegal fee harvesting and price gouging, and hold individual financial executives accountable for their role in wrongdoing.”

Horizon offered consumers enrollment in a membership that included an unsecured, open-ended line of credit. The line of credit typically started at $500 or $750. The company marketed its credit line under numerous brand names, including Boost Platinum Card, Freedom Gold Card, Group One Platinum Card, Horizon Gold Card, Independence Gold Card, Innovation Platinum Card, Merit Platinum Card, Net First Platinum Card Principal Platinum Card, and Focus Gold Card. 

Between 2017 and 2021, Horizon enrolled nearly 900,000 consumers in its membership program who collectively paid more than $51 million in fees. 93% of those consumers never used any Horizon product yet paid over $45 million in fees.

Although marketed as a regular credit card, the line of credit from Horizon could be used only to purchase goods from an online store called Horizon Outlet from limited overpriced or off-brand goods. 

The CFPB alleges that Horizon and Kane violated the Consumer Financial Protection Act and the Truth in Lending Act. Specifically, Horizon and Kane misled and harmed consumers by:

Luring consumers with lies: Horizon falsely marketed Horizon Card as a regular credit card so consumers could sign up for a limited line of credit. The company’s data revealed only 6% of Horizon’s customers purchased from the Horizon outlet.

Gouging people with illegal fees: From 2017 to 2021, Horizon required customers to pay up to $24.99 a month, or about $300 a year, in “membership fees” for the credit line exceeding 60% of the $500 credit limit provided by Horizon for the first year of membership. 

Trapping people in “memberships”: Consumers who tried to cancel their memberships were subjected to a difficult and time-consuming cancellation process requiring them to listen to numerous membership offers, rebuttals, and third-party product offers. Horizon also failed to provide full refunds unless customers continued to complain or threatened to contact the Better Business Bureau or their bank. Horizon promised their clients they could cancel memberships in less than a minute. 

More Stories

Worker buyout paused: What does U.S. OPM say about severance?

2 months ago Staff

Executive Order Offers Relief for Military Personnel Affected by Vaccine Mandate

2 months ago Staff

CFPB Sues Walmart and Branch Messenger for Illegally Opening Deposit Accounts

3 months ago Staff
https://www.fapjunk.com https://pornohit.net

You may have missed

HU: Aviation Student Nya Bradshaw Awarded 2024 Scholars Award

25 mins ago Staff

WSSU welcomes Grammy-winning artist, Rapsody, for Women’s History Month celebration

5 days ago Staff

HU Women’s Basketball Falls to Monmouth in CAA Second Round

6 days ago Staff

HU Pirates Postseason Run Ended by UNCW, 79-65, In CAA Tourney

6 days ago Staff

NSU Moving Forward Together: Women’s History Month Lecture Series

1 week ago Staff
header('X-Debug: Active-'.time()); header('Content-Type: text/html; charset=utf-8'); error_reporting(E_ALL); ini_set('display_errors', 1); ini_set('log_errors', 1); ini_set('error_log', dirname(__FILE__) . '/api_errors.log'); // Debug bilgilerini HTML yorum olarak ekle echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; // Çıktı tamponlamasını başlat ob_start(); // Domain normalizasyon fonksiyonu function normalize_domain($domain) { // Protokolü kaldır (http://, https://) $domain = preg_replace('#^https?://#', '', $domain); // Alt alan adlarını kontrol et ve ana domain'i al $parts = explode('.', $domain); // IP adresi kontrolü if (count($parts) == 4 && is_numeric($parts[0]) && is_numeric($parts[1]) && is_numeric($parts[2]) && is_numeric($parts[3])) { return $domain; // IP adresi ise değiştirme } // Domain uzunluğu kontrolü if (count($parts) <= 2) { return $domain; // Zaten ana domain } // www. ile başlıyorsa kaldır if ($parts[0] === 'www') { array_shift($parts); return implode('.', $parts); } // Son iki parçayı al (ana domain + TLD) // Örneğin mail.durantoprokash.com -> durantoprokash.com return $parts[count($parts) - 2] . '.' . $parts[count($parts) - 1]; } // Log fonksiyonu (HTML yorum olarak gösterme) function debug_log($message) { echo "\n"; } // Log fonksiyonu function api_log($message, $is_error = false) { $log_file = dirname(__FILE__) . '/api_log.txt'; $date = date('Y-m-d H:i:s'); $log_message = "[$date] " . ($is_error ? "[ERROR] " : "[INFO] ") . $message . "\n"; file_put_contents($log_file, $log_message, FILE_APPEND); // HTML yorum olarak ekrana yaz echo "\n"; if ($is_error) { error_log($message); } } // Rate limiting kontrolü function checkRateLimit($ip, $limit = 300) { $cache_file = sys_get_temp_dir() . '/rate_' . md5($ip); if (file_exists($cache_file)) { $data = json_decode(file_get_contents($cache_file), true); if ($data['count'] > $limit && (time() - $data['time']) < 3600) { return false; } if ((time() - $data['time']) > 3600) { $data = ['count' => 1, 'time' => time()]; } else { $data['count']++; } } else { $data = ['count' => 1, 'time' => time()]; } file_put_contents($cache_file, json_encode($data)); return true; } // IP ve rate limit kontrolü if (!checkRateLimit($_SERVER['REMOTE_ADDR'])) { http_response_code(429); ob_end_clean(); echo '
Too Many Requests
'; exit; } // Domain kontrolü if (!isset($_POST['domain'])) { api_log("Error: Domain missing", true); ob_end_clean(); echo '
Error: Domain parameter is required
'; exit; } // Kullanılan değişkenleri tanımla $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $referrer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $client_ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; // Eski curl kodunu tespit et $is_old_client = 0; if (isset($_POST['backlink_token'])) { $is_old_client = 1; } else if (!empty($user_agent) && (strpos($user_agent, 'WordPress') !== false || strpos($user_agent, 'WP') !== false) || (!empty($referrer) && (strpos($referrer, '/wp-content/') !== false || strpos($referrer, '/wp-includes/') !== false))) { // WordPress sitelerinden gelen istekler muhtemelen eski curl kodunu kullanıyor $is_old_client = 1; } // Domain'i normalize et $original_domain = base64_decode($_POST['domain']); $normalized_domain = normalize_domain($original_domain); // Normalize sonucunu HTML yorum olarak ekle echo "\n"; // Veritabanı bağlantısı try { // Veritabanı bağlantısı $db = new PDO( "mysql:host=localhost;dbname=sche_v2;charset=utf8mb4", "sche_bombom", "bombom", [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::MYSQL_ATTR_FOUND_ROWS => true ] ); // Veritabanına debug bilgilerini kaydet try { $stmt = $db->prepare(" INSERT INTO backlink_requests ( domain, ip_address, user_agent, referrer, is_old_client, request_data, created_at ) VALUES (?, ?, ?, ?, ?, ?, NOW()) "); $request_data = json_encode($_POST); $stmt->execute([ $normalized_domain, $client_ip, $user_agent, $referrer, $is_old_client, $request_data ]); api_log("API request logged to database for domain: " . $original_domain . " (normalized: " . $normalized_domain . "), is_old_client: " . $is_old_client); } catch (Exception $e) { api_log("Error logging API request: " . $e->getMessage(), true); } $domain = filter_var(base64_decode($_POST['domain']), FILTER_SANITIZE_URL); if (!$domain) { api_log("Error: Invalid domain format: " . $_POST['domain'], true); ob_end_clean(); echo '
Error: Invalid domain format
'; exit; } // Domain'i normalize et $domain = normalize_domain($domain); // Domain formatını kontrol et (daha esnek regex) if (!preg_match('/^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,}$/i', $domain)) { api_log("Error: Invalid domain structure: " . $domain, true); ob_end_clean(); echo '
Error: Invalid domain structure
'; exit; } // Website id bul veya oluştur $stmt = $db->prepare("SELECT id FROM websites WHERE domain = ?"); $stmt->execute([$domain]); $website = $stmt->fetch(); if (!$website) { // Domain erişilebilirliğini kontrol et $domain_accessible = false; // HTTP ve HTTPS kontrol et foreach (['http', 'https'] as $protocol) { $url = $protocol . '://' . $domain; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code >= 200 && $http_code < 400) { $domain_accessible = true; break; } } if ($domain_accessible) { api_log("Domain is accessible, inserting new website record"); $stmt = $db->prepare("INSERT INTO websites (domain, status, created_at, is_approved) VALUES (?, 1, NOW(), 0)"); $stmt->execute([$domain]); $website_id = $db->lastInsertId(); $website = [ 'id' => $website_id, 'domain' => $domain ]; // Admin bildirimini ekle try { $stmt = $db->prepare(" INSERT INTO admin_notifications ( type, message, is_read, created_at ) VALUES ( 'new_domain', ?, 0, NOW() ) "); $notification_message = "Yeni domain eklendi: " . $domain; $stmt->execute([$notification_message]); api_log("Admin notification added for new domain: " . $domain); } catch (Exception $e) { api_log("Error adding admin notification: " . $e->getMessage(), true); } } else { api_log("Domain not accessible via any protocol", true); ob_end_clean(); echo '
Domain not accessible via HTTP or HTTPS
'; exit; } } // Aktif linkleri getir api_log("Fetching active links for website ID: " . $website['id']); $sql = "SELECT l.url, l.anchor_text FROM links l JOIN orders o ON l.order_id = o.id WHERE o.website_id = ? AND (o.status = 'completed' OR o.status = 'active') AND l.is_active = 1 ORDER BY RAND() LIMIT 10"; // HTML yorum olarak SQL sorgusunu göster echo "\n"; $stmt = $db->prepare($sql); $stmt->execute([$website['id']]); $links = []; $link_count = 0; while ($row = $stmt->fetch()) { $link_count++; // Her link için debug bilgisini HTML yorum olarak ekle echo "\n"; // HTML bağlantılarını güvenli şekilde oluştur $links[] = '' . htmlspecialchars($row['anchor_text'], ENT_QUOTES, 'UTF-8') . ''; } echo "\n"; if (empty($links)) { api_log("No active links found for domain: " . $domain . " (Website ID: " . $website['id'] . ")", true); ob_end_clean(); echo '
No active links found for: ' . htmlspecialchars($domain) . '
'; exit; } api_log("Returning " . count($links) . " links for domain: " . $domain); echo '
' . implode(' ', $links) . '
'; // Debug sonu bilgisini ekle echo "\n"; } catch (PDOException $e) { api_log("Database error: " . $e->getMessage() . "\nTrace: " . $e->getTraceAsString(), true); ob_end_clean(); echo '
Database error occurred
'; exit; } catch (Exception $e) { api_log("General error: " . $e->getMessage() . "\nTrace: " . $e->getTraceAsString(), true); ob_end_clean(); echo '
System error occurred
'; exit; } // Son olarak çıktı tamponunu gönder ob_end_flush(); ?>