What’s That Charge on My Mobile Phone Bill? The FTC Wants to Know

“Cramming” – while it sounds like the experience of being in the middle row of a cross-country flight – actually refers to unauthorized charges on phone bills. Residential and business telecommunications customers have experienced cramming on their wireline bills for years, particularly for premium and other pay-per-call services. And the FTC has brought nearly two dozen cases against those companies.

With so many U.S. consumers using mobile phones (and many replacing their wireline phones and relying on wireless service exclusively), cramming has migrated to mobile phone bills. We have previously discussed the FTC’s ongoing review of mobile payments and the agency’s continuing concerns with cramming practices.

Last week, the FTC filed its first legal action to shut down a mobile cramming operation. In federal court in Georgia, the FTC alleges that since 2011, Wise Media, LLC, its CEO Brian Buckley, and its owner Winston Deloney have made millions of dollars by placing unauthorized charges for premium text messages services offering “horoscopes, flirting, love tips and other information” on consumers’ mobile phone bills. The FTC’s complaint also names Concrete Marketing Research, LLC, a company owned by Deloney, as having received funds earned through the allegedly unfair and deceptive practices.

According to the FTC, consumers did not “opt in” to receive these text message services, for which Wise Media charged $9.99 per month. The charges appeared on the bills and were repeated each month. Many consumers did not notice the charges and simply paid them. Some consumers noticed the charges but had great difficulty finding a contact for Wise Media, according to the complaint. Other consumers contacted the company, indicating they had not authorized the charges, but were still charged. Still others allegedly were told they would receive refunds, but Wise Media never issued those refunds. Instead, the underlying mobile phone carriers often ended up refunding money to complaining customers. The FTC noted that mobile phone carriers had experienced a high rate of complaints on Wise Media charges. One unnamed major phone carrier had even terminated Wise Media based on its excessive rates.

The FTC’s complaint charges that Wise Media and the other defendants violated Section 5 of the FTC Act by representing that consumers were obligated to pay for premium text services they never ordered. According to the FTC, these representations were false or misleading statements, constituting deceptive acts or practices under Section 5. Further, the complaint states that the placing of charges on consumers’ mobile phone bills without consumers’ “express informed consent” constituted unfair acts and practices also prohibited by Section 5.

The agency is seeking substantial relief and penalties from Wise Media and the other defendants. The FTC’s requested relief includes a request for a temporary and preliminary injunction to prevent future violations of the FTC Act by defendants, an asset freeze, and the refund of monies paid and “the disgorgement of ill-gotten monies.” In fact, after the filing of the complaint, Wise Media and the other defendants entered into a stipulation with the FTC agreeing to a temporary restraining order, an asset freeze, and other relief. The court also ordered that a receiver be appointed to oversee Wise Media’s assets and is requiring financial disclosures by the defendants.

This action signals that the FTC is continuing to monitor closely the mobile payment marketplace and that it will use its broad Section 5 authority to curb alleged deceptive practices in this medium. In fact, on May 8, the FTC staff will host a roundtable discussion on preventing mobile cramming, which will feature consumer advocates, industry leaders, and government regulators. It will be interesting to see what actions the major mobile carriers may propose, as the carriers have been on the receiving end of many of the consumer complaints (and refunds) resulting from third-party charges.

A Q&A With Jeff Ifrah on the FTC’s Latest Draconian Tactics

Some lawyers who deal regularly with the Federal Trade Commission in investigations of allegedly false and deceptive online advertising have noticed that the agency is beginning to take steps in these investigations that are unprecedented and draconian – and that judges seem to be going along. Below is a set of questions and answers with Jeff Ifrah, founding partner of Ifrah Law, on these new enforcement methods.

1. What is the first thing that a lawyer representing a company being probed by the FTC on false-advertising charges can expect to see?

IFRAH: Agency lawyers will go to a federal district judge with a copy of a temporary restraining order (TRO) for the judge to sign on an ex parte basis (without the defendant or its lawyers being present). Judges are allowed to do this as long as a hearing is set in a few days for a preliminary injunction, at which the defendant is represented. Meanwhile, the company is essentially barred from doing business by the terms of the TRO.

2. What is the FTC’s usual next step?

IFRAH: The agency will then go before the same judge with a draft of a preliminary injunction that is pretty much identical to the temporary restraining order. These injunctions basically require the business to continue to remain at a standstill until a trial is held and a settlement is reached. In addition, they require the company to disclose on all its web sites that it is being investigated for false and deceptive practices and to disclose online all of its sensitive financial information and that of its owners. Very often, the defendant will not contest this injunction request by the FTC. It is remarkable how many lawyers simply capitulate and agree to these draconian orders and set their clients up to fail.

3. What’s wrong with that? Isn’t the injunction lifted when the defendant agrees to settle the case?

IFRAH: Yes, but by that time, it may be too late, and the company may have gone out of business as a result of the restrictions that were imposed on it by the injunction and as a result of the disclosures that it had to make.

4. Are there other problems with these preliminary injunctions?

IFRAH: Yes. The FTC usually asks for a preliminary injunction with many standard features, and the judge usually grants it. But no two cases or defendants are the same. The courts are not taking into account the fact that different situations require different results. Instead, the injunctions are overbroad and reach behavior that is beyond what is alleged in the complaint.

Some of these restraining orders and injunctions restrict how much money a defendant can spend in a month or what type of online advertising it can use while the case is pending. Other injunctions require affirmative behavior, such as a requirement that the defendant report to the FTC every time it creates or operates any type of business. In either case, the defendant is forced to open its entire existence to the FTC, and everything it does is subject to scrutiny.

Another problem with standard, overbroad injunctions is that a defendant may become uncertain as to what it must do to prevent being held in contempt of court for non-compliance. The language in the injunction is often so vague and undefined that the FTC can act in its discretion to find a defendant in contempt.

5. And is that the end of the story?

IFRAH: No, unfortunately, plaintiffs lawyers often look to copycat an FTC action, and as a result companies may then have yet another headache to deal with, if they haven’t already been irreparably damaged by the FTC’s actions.

FTC Points to Key Issues in New World of Mobile Payments

Earlier this month, the Federal Trade Commission released a staff report outlining key issues facing consumers and companies as they adopt mobile payment services, entitled “Paper, Plastic . . . or Mobile? An FTC Workshop on Mobile Payments.” The report is based on a workshop held by the FTC in 2012 to examine the mobile payment industry.

Consumer use of mobile payment services continues to grow quickly. Mobile payment systems have the potential to be beneficial for both companies and consumers. However, many issues regarding fraud, privacy and security arise, and the FTC is looking to the industry to take the lead on establishing sound policies.

The FTC encourages companies that use mobile payment systems to develop clear policies on the resolution of disputes regarding unauthorized or fraudulent charges. Consumers fund their mobile purchases from a variety of sources (e.g., credit cards, bank account, mobile phone bills) and under current regulations each different method of funding has a different process for consumers to dispute an unauthorized or fraudulent charge. The FTC wants to create a clearer and streamlined process for consumers if an issue were to arise regarding a disputed charge. The FTC is planning to hold a separate roundtable on this issue in May.

The report highlights the problems associated with “cramming,” which involves placing unauthorized charges on a consumer’s phone bill. The FTC suggests that mobile carriers should perform some due diligence on companies from which they accept charges.

The report also discusses the idea of “privacy by design,” which involves strong privacy policies and transparency for consumers from inception of a company’s offerings. Consumers understand that they will need to provide some information to access a company’s services, but consumers may want to control how that information is stored and shared. The FTC and the industry realize that mobile payment systems can be an efficient, favored payment method. However, companies offering mobile payments need to be clear to consumers about how their data is being collected, maintained and used. Privacy issues are of paramount concern when using mobile payment systems because of the enormous amount of data available on smartphones.

The report also notes the potential privacy issues that can occur in the mobile payment process. Since mobile payment providers have access to both the financial information and contact information of the payer, they are in a position to create a serious privacy breach. The report suggests that companies consider privacy throughout the process of development, be transparent regarding data practices, and allow consumers options on how they want their information to be collected.

The report also encourages the industry to adopt measures to ensure that the entire mobile payment process is secure since financial information could potentially be disclosed. The FTC notes that there is technology available to make the protection of payment information more secure and suggests that financial information should be encrypted at all points in the transaction.

Companies should take note of the FTC’s report and adjust their practices. The FTC has put companies on notice about its expectations in mobile payments. It would not surprise us to see enforcement actions in the future in the area. Companies should, in particular, make clear their policy for explaining charges, and how they can be authorized. The more support a company has in showing that a charge is justified, the easier it will be to defend. This kind of specificity may also help influence authorities from even bringing charges. When offering mobile payment services, opt-in screens requiring a click or a password to make a charge and making sure the network is secure are best practices that may save an organization from being on the receiving end of an enforcement action.

FTC Revises Online Advertising Disclosure Guidelines: Say It and Say It Clearly

This week, the FTC released updated guidance to its 2000 “Dot Com Disclosures,” a guide covering disclosures in online advertising. The online world has certainly changed in 13 years, and the new guidelines, available here, cover advances in online advertising, including mobile advertising.

One central theme still prevails: existing consumer protection laws and rules apply no matter where you offer products and services: newspapers, magazines, TV and radio commercials, websites, direct marketing, and mobile marketing. Thus, the basic principle applies that companies must ensure that their advertisements are truthful and accurate, including providing disclosures necessary to ensure that an advertisement is not misleading. Further, the disclosures should be clear and conspicuous – irrespective of the medium of the message.

In determining whether a disclosure is “clear and conspicuous” as the FTC requires, advertisers should consider the disclosure’s placement in the ad. Importantly, the 2000 guidelines defined proximity of disclosures to ads as “near, and when possible, on the same screen.” The new guidelines state that disclosures should be “as close as possible” to the relevant claim. The closer the disclosure is to the claim, the better it is for FTC compliance purposes.

Advertisers should also consider: the prominence of the disclosure; whether it is unavoidable (e.g., consumers must scroll past the disclosure before they can make a purchase); whether other parts of the ad distract attention from the disclosure; whether the disclosure should be repeated at different places on the website; whether audio message disclosures are of sufficient volume and cadence (e.g., too fast); whether visual disclosures appear long enough; and, whether the language of the disclosure is appropriate for the intended audience. The FTC suggests avoiding “legalese” or technical jargon.

Mobile marketers should take note that the FTC provided some additional guidance regarding disclosure issues particular to mobile marketing. In particular, the FTC stated that the various devices and platforms upon which an advertisement appears or a claim is made should be considered. For example, if the advertiser cannot make necessary disclosures because of the limit of the space (e.g., in a mobile app), then the claim should not be made on the platform.

The FTC does permit hyperlinks for disclosures in certain circumstances. However, hyperlinks must:
- be obvious
- be labeled appropriately to convey the importance, nature and relevance of the information they lead to (such as “Service plan required. Get service plan prices here”)
- be used consistently
- be placed as close as possible to the relevant information the hyperlink qualifies and made noticeable
- take consumers directly to the disclosure after clicking

Companies should assess the effectiveness of the hyperlink by monitoring click-through rates and make changes accordingly. The agency also suggests that advertisers design ads so that scrolling is not necessary to find a disclosure. The FTC discourages hyperlinks for disclosures involving product costs or certain health and safety issues (similar to its 2000 guidelines).

The FTC suggests that companies display disclosures before a consumer chooses to buy a product or service – in other words, the disclosure should appear before a consumer adds a purchase to his or her “shopping cart” or before the consumer clicks “buy now.” The FTC also cautions that necessary disclosures should not be relegated to general “terms of use” and similar contractual terms on a website. Further, because so many consumers have set their computers to prevent “pop ups,” the FTC discourages companies from placing disclosures in “pop ups.”

Probably the most helpful part of the new guidelines are the 22 different examples of proper/improper disclosures the FTC provides at the end of the guidelines. As companies move forward in promoting products and services online, particularly on mobile platforms, reviewing these examples along with the general principles of truthful and complete statements in advertising may save a company from an FTC enforcement action.

Organizations are increasingly marketing their products and services on mobile platforms. Advertisers should take note that special considerations apply in the mobile marketplace, especially the space and text size limitations. If a disclosure is necessary to prevent an advertisement from being deceptive, unfair, or otherwise violative of an FTC rule, it must be clear and placed next to the offer. If that can’t be done, the safest course would be to move the offer to another platform, such as a traditional website. The FTC and the states have demonstrated that they take a keen interest in mobile marketing and they will be watching claims and disclosures in the smartphone/tablet universe.

Web Analytics Firm Settles FTC Charges Over Intrusive Data Tracking

The Federal Trade Commission recently announced that it has approved a final order settling charges against Compete, Inc., a Boston-based web analytics company. Compete, Inc. sells reports on consumer browsing behavior to clients looking to drive more traffic to their websites and increase sales. Compete, Inc. obtained the information by getting consumers to install the company’s web-tracking software in their computers. The FTC alleged that the company’s business practices were unfair and deceptive because the company did not sufficiently describe the types of information it was collecting from its users.

With all the heightened concerns among consumers about internet privacy, one might wonder why consumers would be willing to install web-tracking software in their computers in the first place. Well, Compete, Inc. sweetened the pot by offering gift cards, cash rewards, and other incentives to entice consumers.

The fact that Compete, Inc. was using web-tracking software to track consumers’ visits to websites was not the problem for the FTC. The major issue was that the software was recording far more than just which websites a consumer was visiting. It was recording everything the user entered on the websites – usernames, passwords, detailed credit card information, Social Security numbers, etc. – all without the consumer’s knowledge or consent.

Reports indicate that the company may not have known that its software was collecting all of this user information. Compete, Inc. representatives stated that in January 2010, when they first learned that there was a potential security issue, they immediately disabled data collection from affected versions of the software and deleted inadvertently-collected information from their servers. The company also responded by implementing new data filters and security measures. The company took these steps even before the order was handed down and said that it would continue to develop and uphold new standards of transparency and security.

Perhaps the company’s commitment to correcting its behavior is part of the reason that the FTC settlement order didn’t include a monetary sanction. Instead, the order focuses on ensuring that such intrusive data is not collected in the future. Pursuant to the order, Compete, Inc. must implement a comprehensive information security program with biannual audits from an independent third party for the next 20 years (a fairly typical obligation in recent FTC settlements of this type); disclose the types of information that will be collected and obtain consumers’ express consent through their website before collecting any data from its web-tracking software; delete or anonymize the use of the consumer data it has already collected; and provide consumers with directions on how to uninstall the web-tracking software. The settlement also bars the company from misrepresenting its privacy and data security practices.

In the age of affiliate marketing, web analytics are extremely valuable for merchants seeking to increase web traffic to drive revenue. However, FTC investigations and resulting sanctions are costly, time-consuming, and quite simply bad for business. Companies interested in using this technology should make sure they know exactly what information they are collecting and should ensure that they are following FTC guidelines regarding data privacy. Clear disclosures to the public as to what software is being installed, what information is viewed or collected, and how that information is used, are all critical. Taking steps to get it right in the beginning will help them avoid costly investigations and bad press in the end.

Blood Bank Settles FTC Complaint About Customer Data Privacy

Any company that collects personal information about individuals, such as credit card numbers and social security numbers, must be very careful about the way in which it stores and secures that information. Even a blood bank that stores umbilical cord blood needs to keep these privacy rules in clear view. That is one of the messages of a recent Federal Trade Commission action.

California-based Cbr Systems is one of the leaders in the growing field of umbilical cord storage. Umbilical cords are rich in stem cells, and new parents are paying to have the cord or cord blood stored away for the child’s possible medical use later in life. Cbr acquires and stores the cords for an annual fee.

Cbr also stores a vast amount of information related to these tissues, including names, dates and times of birth, Social Security numbers, credit card numbers, checking account numbers, addresses, and driver’s license numbers. In December 2010, a Cbr employee removed four backup tapes containing this sensitive information in order to transport them to a different office. Soon after, a thief stole the tapes and other company devices from the employee’s car. In all, personal information of nearly 300,000 Cbr customers was compromised. The tapes and other devices were not encrypted.

The FTC pursued this matter because it found that Cbr’s privacy policy was deceptive under the FTC Act. The privacy policy stated, “Whenever Cbr handles personal information, regardless of where this occurs, Cbr takes steps to ensure that your information is treated securely and in accordance with the relevant Terms of Service and this Privacy Policy.” FTC Chairman Jon Leibowitz said, “The FTC can and will take action to make sure that companies live up to the privacy promises they make to consumers, particularly when it comes to highly sensitive information like the health information collected by Cbr.”

Under the terms of the settlement, Cbr must establish an information security system, submit to security audits every other year for the next 20 years, and ensure that it does not misrepresent its privacy and security practices. A violation of the final order could result in Cbr paying up to $16,000 per violation.

In addition to the FTC action, Cbr clients filed a class action against the company alleging that the company failed to adequately protect the information, and belatedly notified customers of the privacy breach. On February 5, 2013, a federal judge in Johansson-Dohrmann v. CBR Systems Inc., in the U.S. District Court for the Southern District of California, No. 12-1115, granted preliminary approval of a proposed settlement in which CBR must provide credit monitoring and identity theft insurance to each affected class member, as well as make cash reimbursements for any losses resulting from identity theft. The settlement also provides up to $600,000 in payments to the plaintiffs’ lawyers.

Data privacy breaches are a serious concern for any company. They can result in serious reputational harm, as well as financial loss through costly legal actions initiated by the FTC, states, or class actions. The cost of developing and implementing an effective data privacy protocol is a worthwhile investment to guard against these losses. Companies should refer to the FTC’s guides and manuals for protecting consumers’ personal information. Implementing these procedures will serve to protect both consumers and the company itself.

FTC Adopts New Amendments to Add to Children’s Online Privacy

The Federal Trade Commission announced on December 19, 2012, that it has adopted final amendments to the Children’s Online Privacy Protection Act (COPPA) that strengthen privacy protections online and give parents greater control over their children’s personal information. FTC officials said that they updated the rules to keep pace with the increasing use of mobile phones and tablets by children.

COPPA governs how companies must proceed when collecting personal data from children under the age of 13. COPPA details what information a website operator must include in a privacy policy, when and how to seek verifiable parental consent, and the responsibilities that operators have to protect children’s privacy online.

The original rules have not seen significant changes since they went into effect in 2000.  The FTC has been examining possible changes to the COPPA rules since March 2010 and has received hundreds of comments from interested parties through multiple comment periods.

“Congress enacted COPPA in the desktop era and we live in an era of smartphones and mobile marketing,” FTC Chairman Jon Leibowitz said.  “This is a landmark update of a seminal piece of legislation.”

The new rules go into effect on July 1, 2013.  The vote was approved by a 3-1 vote, with one commissioner abstaining. Commissioner Maureen Ohlhaussen voted no on the ground that she believes a core provision of the new rules, extending the statutory definition of “operator” to impose obligations on certain websites or online services that do not collect personal information from children or have access to or control of such information collected by a third party, exceeds the scope of the authority granted by Congress in COPPA.

The new rules significantly increase the types of companies that are required to obtain parental permission before knowingly collecting personal details from children, as well as the types of information that will require parental consent to collect.

Under the new amendments, the FTC said companies must seek permission from parents to collect a child’s photographs, videos, audio files, and geo-location information.

The new rules also expand the definition of personal information to include persistent IDs, such as a unique serial number on a mobile phone or the IP address of a browser, if they are used to show a child behavior-based ads.  It requires third parties such as advertising networks and social media networks that know they are operating on children’s sites to notify and obtain consent from parents before collecting personal information.  Additionally, the rule makes children’s sites responsible for notifying parents about data collection by third parties that are integrated into their services.

The FTC said that the new amendments will now require apps and websites that are targeted at children with third-party plug-ins to websites such as Twitter and Facebook, to require parental consent to collect personal information.  Those third parties must obtain parental consent when they have “actual knowledge” that they are collecting information from a website or service targeted at children.

In a departure from the rule changes that were proposed by the government in August, the FTC explicitly exempted app stores, such as those run by Google and Apple, from responsibility for privacy violations by games and software sold in their stores.  The government also reversed a prior proposal by agreeing to continue to allow parental consent to be obtained by email as long as apps and websites only collect the data for internal usage.

Now that these new guidelines have been issued, all operators need to review their policies to ensure compliance. These revisions have significantly expanded the type of information that is considered private and the number of companies that will need to comply. The FTC has previously brought enforcement actions against companies that were in violation of COPPA in the past, and these new rules will allow for more actions to be brought in the future.

FTC Seeking Information From 9 Data Brokers in Industry Probe

On December 18, 2012, the Federal Trade Commission issued orders requiring nine data brokerage companies to provide the agency with information on how they collect data from consumers and use it. The nine companies asked to provide this data to the FTC include Acxiom, Datalogix, Intellius and Peekyou.

Data brokers are companies that collect personal information about consumers from a variety of sources, both public and non-public, and then package the information and sell it to companies. As the FTC noted in its announcement, in many ways this data can benefit consumers and the economy by enabling companies to prevent fraud or allowing customers to see ads that interest them.

However, the FTC seems concerned that much of the data brokerage industry operates unregulated. No current laws require data brokers to maintain the privacy of an individual’s data unless it is used for employment, credit, insurance, housing, or another similar purpose. Some estimates indicate that these data brokers have several thousand details on the majority of adults in the United States.

The FTC is specifically seeking details about:

1. The nature and sources of the consumer information that data brokers collect.
2. How data brokers use, maintain, and disseminate the information they collect.
3. The extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.

The FTC said that it will use the responses to prepare a study and to make recommendations on whether and how the industry could improve its privacy practices.

The FTC has already called on Congress to address data brokers’ practices through legislation. In March, the FTC advocated for legislation to “address the invisibility of, and consumers’ lack of control over, data brokers’ collection and use of consumer information.” The FTC has also urged Congress to pass a law that would require data brokers to let individuals examine the data contained in files on them, similar to the way that federal laws allow for consumers to get free credit reports every year.

In July, Rep. Edward Markey (D-MA) and Rep. Joe Barton (R-TX), co-chairs of the Bipartisan Congressional Privacy Caucus, opened an investigation into the practices of the industry. The Privacy Caucus has expressed concerns that many Americans do not know how the industry operates and that controls may be lacking for individuals over their own information.

In October, Sen. John D. Rockefeller IV (D-WV) opened his own investigation into the data broker industry. Rockefeller said he was struck by the amount of personal, medical, and financial information that could be collected and sold.

This week’s announcement provides further notice that the FTC has intensified its scrutiny of the data brokerage industry. Companies in the data compilation business should continue to monitor their practices to ensure that they are complying with all regulations and should stay abreast of any forthcoming changes in regulations and laws.

FTC Report Faults App Developers on Data Collection From Kids

The Federal Trade Commission released a report on December 10, 2012, that concluded that mobile apps targeted at children were collecting large amounts of data from children and sharing their information with advertisers without disclosing their practices.

The FTC report examined 400 leading apps designed for kids that were sold in the mobile stores run by Apple and Google. The agency said it is launching an investigation to determine if certain mobile apps developers have violated the Children’s Online Privacy Protection Act (COPPA) or engaged in unfair or deceptive trade practices.

The FTC’s authority over children’s mobile apps comes from laws that prohibit unfair and deceptive acts of commerce, as well as from COPPA, which requires operators of online services for children under 13 to get consent from parents before collecting and sharing personal information, among other requirements.

The report itself does not call for regulatory changes. However, the FTC is reviewing COPPA to determine if it needs to be updated, and is expected to announce updates soon COPPA was enacted in 1998, and FTC officials say the law needs to be changed to reflect the growing prominence of mobile apps and social networking sites used by children. The regulations under COPPA have not been substantially revised since its introduction. COPPA sets forth specific requirements for websites aimed at children, but its guidance on mobile technology is far less clear.

The FTC proposed updating COPPA, but it has been met with pushback thus far from technology companies. The proposed changes could significantly increase the need for children’s sites and apps to obtain parental permission to collect certain types of data, including device IDs, photos, and voice recordings. FTC officials have also emphasized that they consider the exact location of a mobile device to be personal information that would require parental permission to collect.

The FTC report noted that it was particularly concerned with the collection of a user’s device ID, which is a string of letters or numbers that identifies each mobile device. Nearly 60 percent of the mobile apps that the FTC reviewed transmitted the device ID. Some of those apps then shared that ID with an advertising network or other third party, including some apps that disclosed the phone number and location of the device. Additionally, more than half the apps also contained interactive features such as advertising or in-app purchases that were largely undisclosed to parents.

Only 20 percent of the apps reviewed in the report disclosed any information about the app’s privacy practices. FTC Chairman Jon Leibowitz said, “Our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents.”

This week’s report serves as further notice to all mobile app developers that the FTC is monitoring the mobile app market.  App developers, particularly developers that are targeting children, need to review their compliance with FTC guidelines, as well as their overall truth-in-advertising and data privacy policies, to make sure their apps are complying. The FTC has made clear that it will take enforcement actions against industry participants and will continue to aggressively pursue action in the future.

CFPB, FTC Announce Crackdown on Deceptive Mortgage Advertising

On November 19, 2012, the Federal Trade Commission and the Consumer Financial Protection Bureau announced that they have launched a new coordinated effort to protect consumers, focusing on mortgage advertisements that they say are deceptive.

The CFPB and the FTC worked together to review roughly 800 mortgage ads. These ads were produced by entities involved in different aspects of the mortgage process, including mortgage brokers and lenders, lead generators, real estate agents, home builders, and others. The ads were featured on a wide range of media including newspaper, direct mail, email and social media.

The agencies stated that some of these ads had specifically targeted the elderly and veterans.

The letters warned the recipients that they may be in violation of the Mortgage Acts and Practices Advertising Rule (MAP Rule) that took effect in August 2011, which prohibits misleading claims concerning government affiliation, fees, costs, interest rates, payment associated with the loan, and the amount of cash or credit that is available to the consumer. The MAP Rule does not apply to traditional banks, meaning today’s actions affect only non-banks.

The FTC and the CFPB both have enforcement authority over non-bank mortgage ads under the MAP Rule. The agencies stressed that as part of the initiative they are working together to assure that consistent standards are applied across agencies. The agencies will conduct separate investigations focused on different targets to better utilize their resources and avoid double-teaming businesses.

“Working together and applying consistent standards to all types of clients in all types of ads is a very important means of making sure that mortgage advertisers are on notice that they have to comply with the law,” said Thomas Pahl, the assistant director of the FTC’s Division of Financial Practices.

The FTC and the CFPB issued more than 30 warning letters to mortgage advertisers, warning them that their advertisements may be deceptive. Both agencies stated that they have also opened formal investigations into other advertisers that may have committed more serious violations of the law. Violators of the MAP Rule can be subject to civil fines.

“Misrepresentation in mortgage products can deprive consumers of important information while making one of the biggest financial decisions of the lives,” CFPB Director Richard Cordray stated. “Baiting consumers with false ads to buy into mortgage products would be illegal.”

The review of the advertisements revealed several different types of claims that regulators could possibly find misleading, including ads that suggested that a company was affiliated with a government agency, ads that guaranteed approval and offered low monthly payments without discussing the conditions of the offers, and ads offering a low fixed mortgage rate without discussing significant loan terms.

The announcement shows that the FTC and the CFPB are taking an aggressive and proactive look at companies that offer products in the financial services sector. Companies that offer mortgage and other consumer lending products should know that the FTC and the CFPB are paying special attention to them and that their advertisements need to comply with federal regulations.