FTC Announces First Settlement of Privacy-By-Design Case against Device Manufacturer

On February 22, the FTC announced that a mobile device manufacturer agreed to settle charges that it failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices. The settlement is the first of its kind obtained by the FTC. The FTC’s complaint alleged that the manufacturer failed to (i) provide its engineering staff with adequate security training, (ii) review or test the software on its mobile devices for potential security vulnerabilities, (iii) follow well-known and commonly accepted secure coding practices, and (iv) establish a process for receiving and addressing vulnerability reports from third parties. The complaint further described several resulting vulnerabilities that allegedly compromised sensitive device functionality and could have permitted malicious applications to send text messages, record audio, and install additional malware onto a consumer’s device. Such malware, according to the FTC, could be used to record and transmit information entered into or stored on the device. The settlement requires the device manufacturer to establish a comprehensive security program and deploy security patches to consumers’ devices. The manufacturer also is prohibited from making any false or misleading statements about the security and privacy of consumers’ data on its devices.

LinkedInFacebookTwitterGoogle+Share

CFPB Director Cordray Outlines CFPB Agenda

On February 20, in remarks during the public portion of the CFPB’s Consumer Advisory Board meeting, CFPB Director Richard Cordray identified four “classes of problems” the CFPB will seek to address in the future. Mr. Cordray stated that the CFPB will focus on (i) deceptive and misleading marketing of consumer financial products and services; (ii) financial products that trigger a cycle of debt; (iii) certain markets – such as debt collection, loan servicing, and credit reporting – where consumers are unable to choose their provider; and (iv) discrimination. While the CFPB has already taken a number of enforcement actions to address the first set of problems, Mr. Cordray noted that with respect to the second class of problems the CFPB is still assessing how to deploy its various tools to best protect consumers while preserving access to responsible credit. Mr. Cordray also noted that loan servicing practices remain a concern, and again drew parallels between the mortgage servicing market and the student loan servicing market, noting that the CFPB is looking to take steps that may address the same kinds of problems faced by student loan borrowers. With respect to discrimination, Mr. Cordray argued that African-Americans and Hispanics have unequal access to responsible credit and pay more for mortgages and auto loans, and reiterated the CFPB’s commitment to utilizing the disparate impact theory of discrimination when pursuing enforcement actions.

LinkedInFacebookTwitterGoogle+Share

CFPB Seeks Information To Support Potential Student Loan Policies

On February 21, the CFPB Student Loan Ombudsman issued a notice and request for information regarding policy options to “increase the availability of affordable payment plans for borrowers with existing private student loans.” The Ombudsman poses 16 questions related to student loan servicing and the broader impact of borrower hardship on other industries, including questions regarding: (i) scope of borrower hardship, (ii) current options for borrowers with hardship, (iii) modification programs for other types of debt, (iv) servicing infrastructure, (v) consumer reporting and credit scoring, (vi) lender participation, (vii) borrower awareness, and (viii) spillover impacts, including impacts on the auto market. The notice, which is based on recommendations contained in the Ombudsman’s October 2012 annual report and an Office of Financial Research report identifying student loan debt as a risk—though not systemic—to the broader economy, clarifies that the CFPB is not seeking feedback on changes to the treatment of private student loans in bankruptcy.  Responses to the CFPB request are due April 8, 2013.

LinkedInFacebookTwitterGoogle+Share

National Mortgage Settlement Monitor Issues Implementation Report

On February 21, Joseph Smith, Jr., the Monitor charged with overseeing the borrower relief and servicing standards aspects of the national mortgage servicing settlement, issued an implementation status report. The report states that the servicers subject to the agreement have provided nearly $46 billion of borrower relief to date and that one of the five servicers has been certified as having satisfied its borrower relief obligations under the settlement. The report notes that, effective January 1, 2013, each of the five servicers’ compliance with the servicing standards are being measured against a set of 29 metrics. The report does not provide any initial assessment of servicer compliance, but notes that the Monitor is currently reviewing each servicer’s compliance review report and, after completing a consultation process with each servicer and the Monitoring Committee, the Monitor will file a compliance report during the second quarter of 2013. The report also notes an increase in consumer complaints collected by the Monitor to date, but does not conclude whether the increase is due to greater awareness about the settlement or persistent servicing problems.

LinkedInFacebookTwitterGoogle+Share

FTC Halts Alleged Illegal Consumer Account Billing Operation

On February 20, the FTC announced that it obtained a preliminary injunction in the U.S. District Court for the District of Nevada against a firm and affiliated entities alleged to have debited consumers’ bank accounts and charged their credit cards small amounts, without authorization. Although the FTC does not yet know how the defendants obtained the consumers’ financial information, the FTC states that some consumers had recently applied for payday loans via the Internet. The FTC’s complaint alleges that the firms attempted to conceal the scheme by (i) creating dozens of shell companies to open merchant accounts with payment processors that enable merchants to get customers’ money via electronic banking, (ii) registering more than 230 Internet domain names, often using identity-hiding services and auto-forward features, and (iii) inflating their total number of deposits and lowering their return rates by taking multiple unauthorized debits of a few pennies each, and then immediately refunding them before making a larger debit of about $30. The FTC is seeking, among other things, restitution and a permanent injunction. The FTC was assisted in its investigation by the Utah Department of Commerce’s Division of Consumer Protection and the Arkansas Attorney General Office’s Consumer Protection Division.

LinkedInFacebookTwitterGoogle+Share