InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Federal and state authorities target income scams
On December 14, the FTC, along with 19 federal, state, and local law enforcement partners, announced “Operation Income Illusion,” which encompasses more than 50 enforcement actions against scams targeting consumers with false promises of income and financial independence. According to an analysis of complaint data by the FTC, consumers have reported that they lost more than $610 million to income scams since 2016—with more than $150 million of losses reported in the first nine months of 2020—which the FTC attributes to the increase in scams related to the Covid-19 pandemic.
The announcement also includes four new enforcement actions and one settlement that are part of Operation Income Illusion, (i) an action and temporary restraining order against a Florida-based operation, which sold expensive memberships to programs by promoting earnings between $500 and $12,500 per sale; (ii) an action against a company with Spanish-language ads targeting Latina consumers with false promises of large profits reselling luxury products; (iii) an action and temporary restraining order against a company marketing investment-related services claiming they would enable consumers to make consistent profits off the market; (iv) an action and temporary restraining order against companies perpetuating a telemarketing scheme claiming false affiliation with Amazon.com to get consumers to purchase business opportunity programs; and (v) settlements (available here and here) with ten defendants involved in a scam targeting older adults while selling various money-making opportunities.
The other agencies reporting actions as part of the sweep include: the SEC, CFTC, the U.S. Attorney’s Office for the Eastern District of Arkansas; and state and county agencies in Arizona, Arkansas, California, Florida, Indiana, Maryland, New Hampshire, Oregon, and Pennsylvania.
FTC orders social media and video streaming companies to provide data on privacy practices
On December 14, the FTC issued orders to nine social media and video streaming companies requiring each company to provide information on their collection, use, and presentation of personal information, including their data gathering and advertising practices. The orders are issued pursuant to Section 6(b) of the FTC Act, which authorizes the FTC “to conduct wide-ranging studies that do not have a specific law enforcement purpose.” According to a sample order, the FTC seeks information concerning the companies’ privacy policies, procedures, and practices, including: (i) how personal and demographic information for both desktop and mobile devices is collected, used, tracked, estimated, or derived; (ii) how user attribute information is derived in order to determine which ads and other content are shown to consumers; (iii) whether algorithms or data analytics are applied to personal information; (iv) how user engagement is measured, promoted, and researched; and (v) how company policies, procedures, and practices are affecting children and teens, including how children and families are targeted and categorized. The Commission voted 4-1 to issue the orders, with Commissioners Chopra, Slaughter, and Wilson releasing a joint statement highlighting the need for the inquiry in order to, among other things, understand the “full scale and scope of social media and video streaming companies’ data collection.” The Commissioners also emphasized the FTC’s interest in “better understand[ing] the financial incentives of social media and video streaming services.” In dissent, Commissioner Phillips argued that the orders are “an undisciplined foray into a wide variety of topics, some only tangentially related to the stated focus of th[is] investigation.”
FTC settles with payment processor for fraud
On December 10, the FTC announced a settlement with a payment processor and its former CEO (collectively, “defendants”) for allegedly processing consumer credit card payments for certain entities “when they knew or should have known that the schemes were defrauding consumers,” in violation of the FTC Act. According to the complaint, the defendants allegedly arranged for merchants engaged in fraud to obtain merchant accounts with acquiring banks in order to process “unlawful credit and debit card payments through the card networks” totaling more than $93 million in consumer charges. The FTC alleges the defendants knew or should have known that the merchant accounts were being used by third parties that the defendants had not underwritten or being used by merchants to sell products that the defendants had not underwritten. Specifically, the FTC argues that the defendants ignored “clear red flags” that the merchants were operating fraudulent schemes, including high rates of consumer chargebacks and the use of multiple accounts to artificially reduce the number of chargebacks. The FTC notes that a number of the merchants the defendants contracted with were shut down by federal law enforcement.
The proposed order requires the defendants to pay $1.5 million to provide redress to affected consumers, and permanently bans the defendants from (i) acting as a payment processor for any companies providing free trial offers for nutraceutical products; (ii) engaging in credit card laundering; and (iii) assisting companies in the evasion of financial institutions’ fraud monitoring. Additionally, the defendants must conduct enhanced screening and monitoring of merchant clients.
New Jersey charges MCA provider with deceptive practices
On December 8, the New Jersey attorney general announced an action against a merchant cash advance provider, its parent company, and six other associated entities (collectively, “defendants”) alleging the defendants violated the New Jersey Consumer Fraud Act (CFA) and the General Advertising Regulations through the marketing and transacting of their merchant cash advance (MCA) product. (The defendants are currently facing similar allegations from the FTC, covered by InfoBytes here.) According to the complaint, the defendants engaged in “unconscionable business practices, deceived consumers, and/or made false or misleading statements” by marketing and advertising an MCA product, which was allegedly structured as a short-term, high-cost loan. New Jersey argues that the MCA contracts contain terms that “eliminate the distinctions between loans (with fixed regular payments over a defined term) and legitimate MCAs (with variable payments tied to actual receivables and an undefined term).” New Jersey asserts that traditionally, MCA’s do not have a finite repayment term and thus, the fixed repayment period was the equivalent of a loan to its customers. Moreover, the agreements’ “fixed daily payments extracted from Consumers’ accounts have little to no relation to the businesses’ receivables.” Additionally, New Jersey asserts that the defendants allegedly engaged in unconscionable collection practices, including requiring consumers to sign, in their individual capacity and on behalf of their business, an Affidavit of Confessions of Judgment to obtain the MCA, which would allow judgment against both the Consumer’s business assets and personal assets in the event of a purported default. New Jersey is seeking a permanent injunction, civil penalties, restitution, and disgorgement.
Notably, the New Jersey complaint follows a recent enforcement action against a merchant cash advance provider in California (covered by InfoBytes here), where the California Department of Financial Protection and Innovation (DFPI) found, in apparent contrast to the New Jersey action, that MCA agreements with an indefinite repayment period, among other things, operate as a loan equivalent by, placing the “risk of repayment on the merchant by leaving the repayment period open until fully repaid (with fees and interest).”
Satellite company to pay over $200 million for telemarketing violations
On December 7, the DOJ announced a settlement with a satellite service provider totaling over $210 million in penalties to be paid to the United States and four states for alleged violations of the TCPA, the FTC Act, and similar state laws. The settlement stems from an action brought by the United States against the satellite company in 2009 asserting that the company initiated millions of unlawful telemarketing calls to consumers and was responsible for millions of calls made by marketers of the company’s products and services. In 2017, a district court awarded the U.S. and the states of California, Illinois, North Carolina, and Ohio $280 million in civil penalties, with a record $168 million going to the federal government (covered by InfoBytes here). On appeal, the U.S. Court of Appeals for the Seventh Circuit affirmed liability but vacated and remanded the monetary award for recalculation.
The stipulated judgment requires the satellite company to pay over $200 million in civil penalties, with $126 million going to the U.S. government, nearly $40 million to California, over $6.5 million to Illinois, nearly $14 million to North Carolina, and $17 million to Ohio.
FTC charges company with passive debt collection
On November 30, the FTC announced a stipulated order entered by the U.S. District Court for the Eastern District of Missouri against a debt collection company and three of its officers (collectively, “defendants”) for allegedly engaging in passive debt collection in violation of the FTC Act, the FDCPA, and the FCRA. According to the complaint, the defendants would place debts that consumers did not owe or the defendants were not authorized to collect on consumers’ credit reports without first attempting to communicate with the consumers about the debts. The complaint alleges further that consumers often did not discover these debts until they “threatened to interfere with an important, time-sensitive transaction.” The FTC alleges that each month, after receiving and investigating complaints from consumers, the defendants would determine between 80 to 97 percent of disputed debts were inaccurate or invalid. However, the defendants continued to collect on unauthorized debts “[d]espite the persistent inaccuracies.”
The defendants neither admit nor deny the allegations in the settlement order. In addition to the $24,300,000 in monetary relief, which is partially suspended due to the inability to pay (with one officer and corporate defendant required to pay over $56,000), the order also, among other things, (i) prohibits the defendants from furnishing credit information prior to communicating with the consumer; (ii) requires the defendants to request deletion of any debts reported prior to the order; and (iii) bars the defendants from engaging in unlawful debt collection practices.
The vote authorizing the complaint and settlement was 4-1, with Commissioner Chopra voting no, arguing that the agency should work “in concert” with the CFPB for debt collection enforcement in order to “help make victims whole through access to the CFPB's Civil Penalty Fund and reduce duplicative efforts.”
FTC reaches $62 million settlement with student loan debt relief operation
On November 19, the FTC entered into a settlement with defendants accused of engaging in deceptive practices when marketing and selling student loan debt relief services. As part of its enforcement initiative, Operation Game of Loans (covered by InfoBytes here), the FTC alleged that the defendants violated the FTC Act and Telemarketing Sales Rule (TSR) by, among other things, charging illegal up-front fees to enroll consumers in debt relief programs, accepting monthly payments that were not applied towards student loans, and collecting monthly fees that consumers believed were being applied to their loans but instead were going towards unrelated “financial education” programs (see previous InfoBytes coverage here). Under the terms of the order, the defendants are permanently banned from providing secured and unsecured debt relief products and services, and are prohibited from (i) engaging in unlawful telemarketing practices and violating the TSR; (ii) misrepresenting financial products and services; (iii) making unsubstantiated claims; and (iii) collecting, or assigning any right to collect, payments from consumers for products sold by the defendants. The defendants are also ordered to pay $62 million in monetary relief.
FTC says mobile banking app is deceptive
On November 18, the FTC filed a complaint against a mobile banking app operator alleging the defendants violated the FTC Act by deceiving users about their high-interest bank accounts and falsely promising users “24/7” access to their funds. The FTC’s complaint alleges that the defendants represented that users would receive “‘minimum base’ interest rates” of at least 0.2 percent or 1.0 percent, but that users actually received a starting interest rate of 0.04 percent and stopped earning any interest if they requested that their funds be returned. Additionally, the complaint claims that while the defendants promised users 24/7 access to their funds and represented they could make transfers out of their accounts and receive the requested funds within three to five business days, some users waited weeks or months to receive their funds despite submitting repeated complaints to the defendants. Other users claimed they never received their money. Moreover, some users claimed that the defendants blamed the failure to deliver the requested funds on “unspecified issues with unspecified ‘banking partners’ or ‘technology partners’ and promised the delays were temporary.
The FTC seeks an injunction against the defendants, along with monetary relief including “rescission or reformation of contracts, restitution, the refund of monies paid, disgorgement of ill-gotten monies, and other equitable relief.”
FTC requires video conferencing provider to improve security safeguards
On November 9, the FTC announced a settlement with a video conferencing provider, resolving allegations that the company violated the FTC Act by misleading users about the levels of encryption and security offered for securing communications during meetings. The FTC’s complaint alleges that, since at least 2016, the company engaged in a series of deceptive and unfair practices by claiming it offered end-to-end encryption to secure users’ communications and—according to the FTC’s press release—“tout[ing] its level of encryption as a reason for customers and potential customers to use [its] videoconferencing services.” The FTC contends that the company actually maintained a lower level of security, which allowed the company access to the contents of users’ meetings, including sensitive personal information, and allegedly secured these meetings with a lower level of encryption than promised. Users who wanted to store recorded meetings using cloud storage provided by the company were told that the meetings were immediately encrypted, but in certain instances, unencrypted meeting recordings were allegedly stored on company servers for up to 60 days before being transferred to the secure cloud storage. In addition, the company allegedly compromised some users’ security by secretly installing software that would allow users to join a meeting by bypassing a browser safeguard designed to protect users from a common type of malware. According to the FTC, the company, among other things, failed to implement any measures to protect users’ security, failed to monitor service providers who had access to the network, lacked a systematic process for incident response, and allegedly increased users’ risk of remote video surveillance by strangers.
The proposed settlement order requires the company to (i) assess and document security risks; (ii) develop ways to manage and safeguard against such risks; (iii) deploy additional methods, including multi-factor authentication, to protect against unauthorized access of the network; and (iv) take other steps, such as implementing data deletion controls and preventing known compromised user credentials from being used. Company personnel must also review any software updates for security flaws to “ensure the updates will not hamper third-party security features.” Furthermore, the company is prohibited from misrepresenting its privacy and security practices, and is required to obtain biennial third-party assessments of its security practices (which the FTC has the authority to approve) and notify the FTC if it experiences a data breach.
FTC issues final order with skincare company for false reviews
On November 6, the FTC announced a final order with a skincare company, resolving allegations that the company misled consumers by posting fake reviews on a retailer’s website and failed to disclose company employees wrote the reviews. As previously covered by InfoBytes, in October 2019, the FTC filed the complaint against the company asserting that (i) the product reviews posted on the company’s website were not “independent experiences or opinions of impartial ordinary users of the products” and therefore, were false or misleading under Section 5 of the FTC Act; and (ii) the failure to disclose the reviews were written by the owner or employees constitutes a deceptive act or practice under Section 5 of the FTC Act, because the information would “be material to consumers in evaluating the reviews of [the company] brand products in connection with a purchase or use decision.”
The Commission, in a 3-2 vote, approved the final order, which prohibits the company from misrepresenting the status of an endorser, including misrepresentations that the endorser or reviewer is an “independent or ordinary user of the product.” The order requires the company and owner to “clearly and conspicuously, and in close proximity to that representation, any unexpected material connection between such endorser and (1) any Respondent; or (2) any other individual or entity affiliated with the product.” The final order does not include any monetary relief for consumers.
In dissent, two Commissioners objected to the final order, stating that the agency is “doubling down on its no-money, no-fault settlement with [the company], who was charged with egregious fake review fraud.” The dissent urged the Commission to publish a statement on monetary remedies in order to restate “legal precedent into formal rules” and designate specific misconduct as penalty offenses through Section 5(m)(1)(B) of the FTC Act, which allows the agency “to seek penalties against parties who engage in conduct known to have been previously condemned by the Commission.”