What's worse than a high-cost payday loan? A payday loan-based scam. Yesterday, the CFPB and FTC held a joint news conference to announce separate actions against two different online payday lenders running essentially the same alleged scam and collecting a total of over $100 million dollars combined.
Both the Hydra Group, sued by CFPB, and a "web of companies" run by Timothy Coppinger and Frampton Rowland and sued by the FTC, had the following fraudulent business model:
- They collected detailed consumer information from lead generation websites or data brokers, including bank account numbers,
- then they deposited unrequested purported payday loans of $200-300 into those consumer accounts electronically,
- then they collected biweekly finance charges "indefinitely" through automated electronic debits or withdrawals, and
- meanwhile they used a variety of false documents and deception to extend the scheme, first by confusing the consumer, then by confusing the consumer's own bank into denying the consumer's demands that his or her bank stop the withdrawals. While a typical over-priced $300 payday loan might have a finance charge of $90, if paid in full, the consumers scammed in these operations often inadvertently paid back $1000 or more, according to the agencies.
As CFPB Director Richard Cordray explained:
Today, the Consumer Financial Protection Bureau is announcing an enforcement action against an online payday lender, the Hydra Group, which we believe has been running an illegal cash-grab scam to force purported loans on people without their prior consent. It is an incredibly brazen and deceptive scheme.
In the lawsuit, we allege that this Kansas City-based outfit buys sensitive financial information from lead generators for online payday loans, including detailed information about people’s bank accounts. It then deposits money into the account in the guise of a loan, without getting an agreement or authorization from the consumer. These so-called “loans” are then used as a basis to access the account and make unauthorized withdrawals for expensive fees. If consumers complain, the group uses false loan documents to claim that they had actually agreed to the phony loans.
In the FTC's press release, Jessica Rich, Director of its Bureau of Consumer Protection, explained:
“These defendants bought consumers’ personal information, made unauthorized payday loans, and then helped themselves to consumers’ bank accounts without their authorization,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “This egregious misuse of consumers’ financial information has caused significant injury, especially for consumers already struggling to make ends meet."
Much of the information appears to have been collected from online "lead generation websites." The FTC's complaint (pdf) describes how this was done:
25. Many consumers apply for various types of online loans through websites controlled by third-party “lead generators.” To apply for a loan, the websites require consumers to enter sensitive financial information, including checking account numbers. Lead generators then auction off consumers’ sensitive financial information to the highest bidder.
U.S. PIRG's recent joint report (March 2014) on digital data collection and financial practices, "Big Data Means Big Opportunities and Big Challenges," prepared with the Center for Digital Democracy, has an extensive critique of online lead generators, which are used by online payday lenders, mortgage brokers and for-profit schools to identify "leads." When a consumer types "I need a loan" into a search engine, he or she is often directed to a lead gen site, although often the sites are designed to appear to be lenders. The lead generator business model is to collect a consumer profile, then run a reverse auction; selling you in real-time to the highest bidder. This is the firm that predicts it can make the most money from you, not the firm offering you the best deal.
The cases show that consumers need two consumer watchdogs on the beat. But they also pose a question in the electronic banking economy. The scammers collected money from many consumers, presumably with accounts at many banks and credit unions. But they then deposited the funds, by electronic transfer, into just a few of their own banks. Why didn't those banks figure it out? It's not the first time that preauthorized electronic debits have been used by bad guys.
According to the American Banker story (behind a paywall), one of these Originating Depository Financial Institutions (ODFIs) was U.S. Bancorp, which is the holding company for one of the biggest banks in the country, U.S. Bank. Hopefully, the prudential regulators for U.S. Bank (OCC.gov) and the other ODFIs for the scammers will also investigate whether the banks adequately knew their business customers.