InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Special Alert: CFPB revises UDAAP manual to include discriminatory practices
On March 16, the Consumer Financial Protection Bureau announced significant revisions to its Unfair, Deceptive, or Abusive Acts or Practices exam manual, in particular highlighting the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. Congress has enacted several statutes that outlaw discrimination on specified prohibited bases, including the Equal Credit Opportunity Act (ECOA), which generally makes it unlawful to discriminate on a prohibited basis when extending credit and which the CFPB is authorized to enforce. With this announcement, the Bureau made clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice — and therefore the CFPB can bring discrimination claims related to non-credit financial products (and other agencies that have UDAP authority may follow in the CFPB’s lead).
FTC settles action against e-commerce platform for data breach cover up
On March 15, the FTC announced a proposed settlement with two limited liability companies, the former and current owners, of an online customized merchandise platform (collectively, “respondents”) for allegedly failing to secure consumers’ sensitive personal data and covering up a major breach. According to the complaint, the respondents allegedly violated the FTC Act by, among other things, misrepresenting that they implemented reasonable measures to protect the personal information (PI) of customers against unauthorized access and for misrepresenting that appropriate steps to secure consumer account information following security breaches were taken. The complaint further alleged that respondents failed to apply readily available protections against well-known threats and adequately respond to security incidents, which resulted in the respondents' network being breached multiple times. Notably, one of the breaches involved a hacker gaining access to “millions of email addresses and passwords with weak encryption; millions of unencrypted names, physical addresses, and security questions and answers; more than 180,000 unencrypted Social Security numbers; and tens of thousands of partial payment card numbers and expiration dates.” The complaint goes on to allege that the online customized merchandise platform failed to properly investigate the breach for several months despite additional warnings, including failing to promptly notify its customers of the breach. Under the terms of the proposed settlement, the respondents are: (i) ordered to pay $500,000 in redress to victims of the data breaches: (ii) prohibited from making misrepresentations about their privacy and security measures, among other things, and (iii) required to have a third party assess their information security programs and provide the Commission with a redacted copy of that assessment suitable for public disclosure.
FTC sues weight-loss companies alleging COPPA and FTC Act violations
On February 16, the FTC filed a complaint for permanent injunction in the U.S. District Court for the Northern District of California against an international weight loss service organization and its subsidy (collectively, “defendants”) for allegedly using unfair and deceptive practices to obtain personal information of underage users without parental consent. According to the complaint, the defendants violated the Children’s Online Privacy Protection Act and Section 5 of the FTC Act by collecting and keeping personal information from children under 13 without providing notice to or obtaining consent from their parents. The complaint alleges that the defendants, among other things, failed to: (i) “provide through the App and website a clear, understandable, and complete direct notice to parents of [the] Defendants’ practices”; (ii) “make reasonable efforts, taking into account available technology, to ensure that parents receive the direct notice”; and (iii) “obtain verifiable parental consent before any collection, use, or disclosure of personal information from children.” The proposed settlement is pending court approval.
District Court denies FTC’s stay bid in $550 million suit
On February 7, the U.S. District Court for the Northern District of Georgia denied the FTC’s motion to stay, or in the alternative, voluntarily dismiss its $550 million consumer deception case against a technology company and its CEO (collectively, “defendants”). The FTC filed the motion to stay (or voluntarily dismiss) after a recent U.S. Supreme Court decision altered the agency’s ability to obtain equitable monetary relief.
The FTC filed a suit in 2019 alleging the defendants made deceptive representations to customers and charged hidden, unauthorized fees in connection with the company’s “fuel card” products, which was in violation of Section 5 of the FTC Act. In 2019, when the agency filed its lawsuit, legal precedent held that the FTC could obtain restitution for consumers directly through such civil proceedings in federal court. However, in April of 2021, the Supreme Court held in AMG Capital Management, LLC v. FTC, that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.)
As a result, the FTC filed its motion to stay or voluntarily dismiss in an attempt to preserve the possibility of obtaining monetary relief for injured consumers in federal court, while it pursues claims against the defendants through the agency’s administrative process. The defendants argued they would be harmed by a dismissal of the FTC’s suit in federal court since the defendants have spent money and resources on their case to date. The defendants also claimed that the FTC’s request was done to seek a more favorable forum, and that the FTC’s four-month delay in pursuing this new course after the Supreme Court’s AMG decision demonstrates bad faith. The court noted that “[i]n filing this lawsuit in federal court in December of 2019, the FTC was acting in reliance on the state of the law as it existed at that time in this circuit and all others except the Seventh Circuit,” and “[t]here is no fault, and nothing unreasonable, in the FTC’s decision.” Nevertheless, in denying the FTC’s motion, the court concluded that the “balance of equities does not weigh in favor of a stay or dismissal without prejudice.”
Georgia reaches settlement with rent-to-own company over deceptive business practices
On February 8, the Georgia attorney general announced a settlement with a rent-to-own company accused of allegedly engaging in deceptive sales and marketing practices and violating the FDCPA. While the company did not admit to the allegations, it agreed to pay $145,590 in civil money penalties, with an additional $170,910 due if the company violates any of the settlement terms. The company is also required to (i) ensure its advertising, sales, and marketing practices comply with the Georgia Fair Business Practices Act and the Georgia Lease-purchase Agreement Act; (ii) refrain from engaging in harassing and unlawful debt collection practices; and (iii) verify debts are accurate before placing them with a third-party collection agency. “Our office takes seriously allegations of deceptive business practices, and companies that take advantage of our citizens will be held accountable,” the AG stated.
FTC bans auto marketer over deceptive mailings
On January 28, the FTC announced that it had banned a marketing services company and its owner from the auto industry for allegedly misleading consumers that their websites were affiliated with a government stimulus program and sending consumers deceptive mailings regarding prizes they had supposedly won. According to the opinion, the respondents violated the FTC Act by utilizing deceptive and unfair practices such as sending misleading mailings to persuade consumers to visit auto sales sites by suggesting that these sites were affiliated with a government Covid-19 stimulus program when in fact the sales were not part of any such program. The respondents also allegedly quoted monthly payments to purchase vehicles on credit, but did not provide key financing terms required by law that consumers need to determine the true cost of the advertised loans. Additionally, the respondents allegedly sent direct mail advertisements that deceptively indicated that consumers had won specific, valuable prizes that could be collected upon visiting the car dealership. The FTC noted that the respondents conducted such mailings, despite entering into three prior consent orders with state authorities identifying the ads as deceptive. According to the order, the respondents, are, among other things, banned from advertising, selling, or leasing automobiles for 20 years, and are prohibited from misrepresenting any material fact while marketing any product or service of any kind, as well as from any further violations of TILA’s disclosure requirements.
FTC reports on social media fraud
On January 27, the FTC released a blog post regarding scam data usage on social media. Reports to the FTC showed that social media is increasingly used by scammers and “that social media was far more profitable to scammers in 2021 than any other method of reaching people.” The blog post, Social media a gold mine for scammers in 2021, reported that more than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. Additionally, the FTC noted that investment scams and romance scams had the most reported dollars lost.
FTC settles FTC Act violations matter
On January 25, the FTC announced a proposed settlement with an online fashion retailer (defendant) for allegedly engaging in deceptive practices—the FTC’s first action involving a company’s efforts to conceal negative customer reviews. According to the complaint, the defendant allegedly violated the FTC Act by, among other things, misrepresenting that the product reviews on its website reflected the views of all purchasers who submitted reviews, when it actually suppressed certain low reviews. The complaint further noted that the defendant utilized a third-party review management software to automatically post certain reviews to its website and hold other reviews for the defendant’s approval. However, from 2015 to 2019, the defendant allegedly did not approve or post lower-starred reviews. According to the FTC, “[s]uppressing a product’s negative reviews deprives consumers of potentially useful information and artificially inflates the product’s average star rating.” The announcement pointed out that this is the FTC’s second recent action taken against the defendant, which includes ordering the defendant to pay $9.3 million to resolve allegations that it failed to properly notify consumers and provide them the opportunity to cancel their orders after it failed to timely ship merchandise, and that it illegally utilized gift cards to compensate consumers. Under the terms of the proposed settlement of the recent allegations, the defendant is: (i) ordered to pay $4.2 million; (ii) prohibited from making misrepresentations about any customer reviews or other endorsements; and (iii) required to post on its website all customer reviews of products currently being sold, under certain circumstances. The FTC also announced that the agency is sending letters to ten companies “offering review management services, placing them on notice that avoiding the collection or publication of negative reviews violates the FTC Act,” and released new guidance for online retailers and review platforms on the agency’s key principles for collecting and publishing customer reviews that are not meant to mislead consumers.
CFPB bans payment processor for alleged fraud
On January 18, the CFPB filed a proposed stipulated judgment and order to resolve a complaint filed last year against an Illinois-based third-party payment processor and its founder and former CEO (collectively, “defendants”) for allegedly engaging in unfair practices in violation of the CFPA and deceptive telemarketing practices in violation of the Telemarketing Act and its implementing rule, the Telemarketing Sales Rule. As previously covered by InfoBytes, the CFPB alleged that the defendants knowingly processed remotely created check (RCC) payments totaling millions of dollars for over 100 merchant-clients claiming to offer technical-support services and products, but that actually deceived consumers—mostly older Americans—into purchasing expensive and unnecessary antivirus software or services. The tech-support clients allegedly used telemarketing to sell their products and services and received payment through RCCs, the Bureau claimed, stating that the defendants continued to process the clients’ RCC payments despite being “aware of nearly a thousand consumer complaints” about the tech-support clients. According to the Bureau, roughly 25 percent of the complaints specifically alleged that the transactions were fraudulent or unauthorized.
If approved by the court, the defendants would be required to pay a $500,000 civil penalty, and would be permanently banned from participating in or assisting others engaging in payment processing, consumer lending, deposit-taking, debt collection, telemarketing, and financial-advisory services. The proposed order also imposes $54 million in redress (representing the total amount of payments processed by the defendants that have not yet been refunded). However, full payment of this amount is suspended due to the defendants’ inability to pay.
FTC alleges UDAP violations by credit report provider
On January 13, the FTC announced a proposed order to be entered into with a business credit report provider (respondent) alleging that the respondent engaged in deceptive and unfair practices. According to the FTC’s complaint, the respondent failed to provide businesses with a clear, consistent, and reliable process to fix errors in their credit reports even though the respondent was selling those businesses products that purported to help them improve their reports. The FTC’s complaint also alleged that the respondent’s telemarketers deceptively pitched another service to businesses and falsely claimed that the businesses had to purchase the service for the respondent to complete the business’s credit profile. In addition, the respondent allegedly did not disclose to businesses that the service’s subscription is automatically renewed each year, nor did it properly disclose other renewal practices that led to increasing costs. Under the terms of the proposed order, the respondent would be required to, among other things: (i) comply with specific periods of time within which to promptly investigate and correct errors; (ii) inform businesses of the results of their investigations; (iii) provide businesses with free access to the revised information; and (iv) either delete the disputed information or perform a reinvestigation of the information to confirm its accuracy when a business informs the respondent of incorrect information in its report. Additionally, the proposed order would require the respondent to provide refunds to certain businesses that purchased its service products between April 2015 and May 2020, and to provide opportunities for many current customers to cancel their services and obtain refunds.