Ironically, the FTC reached a record $20 million settlement with Vivint Smart Home, a national seller of smart home technology platforms, including security devices and monitoring services. One of the purposes of the company’s products is to help residents make sure the person at their front door is who they say they are. But Vivint also engaged in some identity deception of its own, according to the FTC. For example, when a potential customer couldn’t qualify for financing, the FTC said Vivint’s sales representatives would find another person with a similar name and then use that person’s credit report to determine the customer’s eligibility. The complaint alleges Vivint violated the Fair Credit Reporting Act, the Federal Trade Commission Act and the Red Flag Rule.
With more than 1.5 million customers in the United States and Canada, Vivint is a well-known player in the industry. One of the company’s ways of acquiring new customers is through door-to-door salespeople, many of whom work only during the summer and on commission. Vivint equips its sales representatives with tablets equipped with a proprietary system called Street Genie to manage the onboarding process for new customers, including credit verification.
Typical Vivint security setup costs $1,000 or more, so most customers are interested in financing. As part of the process, the Vivint sales representative uses Street Genie to check the person’s credit report. What happens if a potential customer doesn’t qualify for a loan? According to the lawsuit, some of Vivint’s commission-only representatives used two illegal practices to make sales.
One method is called “white paging.” As explained in the complaint, Vivint employees would use the White Pages to find an unrelated person with the same or similar name as the customer who had just failed a credit check. The sales representative will enter the unrelated person’s address into the Street Genie application as the “Previous Address” and then rerun the credit check. In reality, Vivint representatives tricked the system into approving new accounts for unqualified customers by illegally using the credit history of random people who happened to have the same name and a better credit score.
Illegal Method #2: According to the FTC, Vivint representatives would ask potential customers who failed a credit check for the names of other people, such as relatives. The representative then pulls the person’s credit report (apparently without their permission) and adds their address to the “Previous Address” field, thus qualifying the primary account holder. In a variation of this scheme, the sales representative adds a co-signer on an account that the primary account holder is unaware of, but that the sales representative believes will pass a credit check. Vivint then opens accounts for unqualified customers based on the credit history of innocent third parties.
But things didn’t stop there. The FTC said Vivint would refer innocent third parties to its debt buyers if customers who qualified for accounts only because sales representatives hijacked someone else’s credit later defaulted on their loans. In other words, people who had nothing to do with the deal—and who had never even heard of Vivint—found their credit compromised and debt collectors saddled with the responsibility.
An isolated incident involving a bad apple or two? No, says the FTC. You’ll have to read the complaint to learn the details about what happened, but the lawsuit says Vivint was well aware of the problem. Although the company initially fired sales representatives for inappropriate behavior, Vivint rehired some of them soon after. Some Vivint employees have since warned managers that sales reps continue to evade the meager precautions the company has put in place. But Vivint allowed the practice to continue, according to the FTC.
The complaint alleges Vivint violated the Fair Credit Reporting Act by allowing its sales representatives to obtain credit reports from unrelated individuals without their permission in order to determine a potential customer’s account eligibility. The FTC said this practice violated the FCRA’s requirement that companies must have a “permissible purpose” to receive credit reports. Additionally, the indictment alleges that Vivint’s conduct in transferring false debts to debt buyers or debt collectors was an unfair practice under the Federal Trade Commission Act. The FTC also said Vivint violated the red flag rule by failing to develop and implement a written identity theft prevention program designed to detect, prevent and mitigate identity theft related to covered accounts.
To resolve the case, the defendants will pay a $15 million civil penalty, the largest ever in an FTC Fair Credit Reporting Act case, and an additional $5 million to compensate injured consumers. The proposed order also includes provisions that would change the way the company does business going forward. For example, Vivint must implement employee monitoring and training programs, establish an identity theft prevention program, establish a customer service task force to verify accounts before turning them over to debt collectors, and conduct evaluations every other year by an independent third party to ensure FCRA compliance. Regularity.
The settlement agreement makes three recommendations for other businesses.
Green light for red flag rule re-evaluation. If your company is protected by a red flag rule and your identity theft prevention plan is sitting in a folder, it’s time for regular updates based on the rule.
Limit the use of credit reports to “permitted purposes” specified by law. Section 604(f) of the FCRA makes it illegal to obtain or use a credit report for any reason other than the specific purpose authorized by law. Given that the information in credit reports is highly confidential, does anyone at your company check to make sure your practices are compliant with the FCRA?
Educational and gentle. Whether it’s related to the FCRA or any other consumer protection provision, train your employees to comply with the law and monitor their behavior to make sure they understand the information. Without proper supervision, untrained employees and a commission-only compensation system can be a dangerous combination.Additionally, don’t turn a blind eye when a consumer or employee comes to you with credibilityThere may well be concerns that your policies are not being followed.
