On April 6, the FTC released its 2015 Annual Highlights report, which is comprised of four key sections: (i) enforcement; (ii) policy; (iii) education; and (iv) stats and data. Regarding enforcement highlights in 2015, the report covers a range of administrative and court actions related to, among other things, technological innovations that pose fraud and security risks, the security of consumers’ personal identifiable information, and alleged payday loan scams. Significant actions summarized in the enforcement section include the FTC’s (i) December settlement with a leading U.S.-based hotel and resort chain resolving charges that its data security practices were unfair and deceptive; (ii) Operation Ruse Control, a nationwide cross-border crackdown designed to protect consumers from alleged fraud within the auto industry; and (iii) Operation Collection Protection, a federal, state, and local initiative implemented to combat alleged abusive and deceptive debt collection practices. The policy and education sections of the report separately highlight the agency’s efforts to provide guidance and recommendations to government bodies and lawmakers at the state and federal levels regarding best practices for implementing competition principals into proposed laws, regulations, or policies, as well as its education outreach program, such as Start with Security, a conference designed to provide companies with tips for implementing effective data security. Notably, according to the stats and data section of the report, the FTC received more than three million consumer complaints in 2015, with debt collection, “other,” and identity theft leading the numbers at 897,655, 512,022, and 490,220 complaints, respectively.
On April 14, the FTC announced the first of a series of events intended to examine consumer protection across several areas of emerging financial technology. Scheduled to take place in Washington, D.C. on June 9, the first forum will focus on marketplace lending, bringing together industry participants, consumer groups, researchers, and government representatives to examine (i) the different models used by companies in the industry; (ii) potential consumer benefits; (iii) potential consumer protection concerns; and (iv) how existing consumer protection laws may apply to companies in the industry.
FTC Issues Inquiry into Credit Card Companies’ Compliance with Payment Card Industry Data Security Standards
On March 7, the FTC announced that it issued orders to nine companies requiring them to file a Special Report regarding their assessments of other companies’ compliance with the Payment Card Industry Data Security Standards (PCI DSS). Specifically, the FTC’s Order stated that it is “seeking insight into data security compliance auditing and its role in protecting consumers’ information and privacy.” Among other things, a company in receipt of the Order must state whether or not it performs PCI DSS Compliance Assessments, whether or not it provides any Data Security Forensic Audit Services, and whether or not it has been the “subject of any government or regulatory inquiry, private action, arbitration or mediation related to the provision of Data Security Services.” If a company performs PCI DSS Compliance Assessments, the Order requires that it submit certain information on the assessment process, including but not limited to, (i) whether or not Qualified Security Assessors are hired to perform the assessment; (ii) the number and percentage of clients for which it completed a Compliance Assessment, including the number it did not provide a “compliant” or “in place” designation on the Attestation of Compliance or the Report on Compliance, respectively; (iii) the policies and procedures related to the Compliance Assessment; and (iv) copies of a limited set of PCI DSS compliance assessments performed. Companies must file the Special Report within 45 days after the date of service of the Order, dated March 4, 2016.
Recently, the U.S. District Court for the District of Nevada granted in part the FTC’s motion for summary judgment and motion for default judgment against a company, its subsidiaries, and seven individuals (collectively, defendants) for allegedly participating in a scheme to defraud consumers. FTC v. Ideal Fin. Solutions, Inc., No. 2:13-00143 (D. Nev. Feb. 23, 2016). According to the FTC, the defendants misrepresented themselves as consumer credit experts and bought previously declined payday loan applications from data brokers that contained personal information, such as Social Security numbers and bank accounts numbers. The district court found that the FTC “reasonably approximated the consumer-loss amount attributable to defendants: they are jointly and severally liable for $43,083,723, except for [one individual], who is jointly and severally liable for $36,575,542.” In addition, the court banned (i) all the defendants from collecting or disclosing consumer-account information without the consumer’s authorization; and (ii) three defendants from marketing, selling, and handling credit-related products or services.
On March 1, the FTC released a copy of its Consumer Sentinel Network Data Book, which summarizes consumer complaints reported to the agency between January 2015 and December 2015. The report, which is published annually and covers rankings for 30 different complaint categories, found debt collection to be the highest volume complaint category, with identity theft issues and imposter scams following close behind. The report attributes the rise in debt collection complaints to a data contributor that began to collect complaints via a mobile application, resulting in a significant increase in complaints related to debt collection calls placed to mobile phones. Additional areas of complaints submitted to the FTC included: (i) telephone and mobile service plans, rates, and charges; (ii) auto-related complaints; (iii) banks and lenders; (iv) credit card billing services and notification practices; (v) foreign money offers and counterfeit check scams; and (vi) education advertising and accreditation. Addressing identity theft and debt collection concerns, FTC Director Jessica Rich emphasized the agency’s ongoing work to combat alleged unlawful and deceptive debt collection practices: “Steps like the recent upgrade to IdentityTheft.gov and our leadership of a nationwide initiative to combat unlawful debt collection practices are critical to our ongoing work to protect consumers from these harms.”