In a telling lawsuit, the U.S. Consumer Financial Protection Bureau (CFPB) on Monday (June 6) sued processor Intercept Corp. and two of its executives for”enabling unauthorized and other illegal withdrawals from consumer accounts by their clients” and ne having “turned a blind eye to blatant warning signs of potential fraud or lawbreaking by its clients.”

This move is interesting in that it places processors—and, presumably, others in the payments arena—in the role of quasi-law-enforcement. Is a mobile carrier to blame if customers use their phones to make obscene phonecalls, sell drugs or arrange murders? Is a hardware store to blame if someone buys a hammer and uses it to attack someone?

To take this to the next logical level, what did the business know? Is a business required to search out wrongdoing in their service or merely to react if an obvious problem presents itself, such as that hardware store shopper saying “I want to use this hammer to kill someone. If I clean off the blood well, how long do I have to return the hammer for a full refund if I keep the receipt?”

In the news release announcing the lawsuit, CFPB director Richard Cordray said Intercept had just such obvious heads-up to improper behavior and did nothing about it. (The full lawsuit is available here.)

“Intercept and its executives Bryan Smith and Craig Dresser ignored clear signs of brazen fraud, including illegal withdrawals from consumer accounts, and need to clean up their act,” Cordray said. “Companies cannot turn a blind eye to wrongdoing when they process payments from consumer banking accounts on behalf of clients that are breaking the law.”

But where does “turn a blind eye” end and “actively look for wrongdoing” begin?

The agency said that processors need to take a more active role. “The CFPB alleges that Intercept, Smith, and Dresser violated the Dodd-Frank Wall Street Reform and Consumer Protection Act’s prohibition against unfair acts and practices by processing payments for clients without adequately investigating, monitoring, or responding to red flags that indicated some clients were breaking the law or deceiving customers. Intercept, Smith, and Dresser played a key role in this unlawful conduct by giving these clients access to the banking system and the means to extract money from consumers’ bank accounts,” the agency said.

The statement then got more specific: “Many of Intercept’s clients have run up annual return rates of 20 to 40 percent for network transactions, far above the 1.5 percent industry average. Intercept made little effort to find the cause of these astronomical rates, and, despite the red flags, kept processing transactions for these clients. Intercept ignored other warning signs such as state and federal enforcement actions against clients, including a Federal Trade Commission action against Scott Tucker and his payday lending operation.”

The government made a good argument, though, that Intercept went out of its way to facilitate transactions that should have been flagged. The big heads up to CFPG? Bank shopping.

“On at least one occasion, Intercept entered into a trial period with a financial institution to process a limited number of payments, but then ran millions of dollars of network transactions through the bank, generating high volumes of returns,” it said. “If banks raised concerns about consumer complaints against an Intercept client, Intercept would simply seek out a new bank to help it process payments for the same clients. Intercept skipped among eight different banks between 2008 and 2014.”

CFPG seems to have chosen well, in that Intercept—assuming these allegations hold—gave them plenty of ammunition to build a case that they knew or should have known that they were facilitating improper transactions. But the question of “where is the line drawn?” is crucial.

Let’s assume that actions are not nearly as over-the-top as the allegations seem to be here. How far should processors go to look for fraudulent activity? This is clear heads-up that fraud vigilance is worth the investment. Failing it may cost a lot more than higher returns.