I appreciate the opportunity to address the Senate Committee on Banking, Housing and Urban Affairs on the critical issue of protecting the privacy of our citizens’ financial information. This Committee has taken a leading role in the challenge to protect consumer financial privacy. I commend the bipartisan efforts of Senators Sarbanes and Shelby in addressing these issues.
Unfortunately, Title V of the Gramm Leach Bliley Act ("GLBA") is not working to protect consumers from the misuse of their financial information. The Act has confused consumers, provided a green light to the unauthorized sharing of personal financial data as part of misleading telemarketing campaigns, and is riddled with loopholes that exempt many business practices from any control. I will focus my remarks on three aspects of GLBA: (1) the opt-out provisions in section 502(b); (2) the limitations on sharing of account numbers in section 502(d); and (3) the favorable preemption standard in the Sarbanes amendment, section 507. While the alleged consumer "protections" in section 502 have proven of limited value in protecting consumers, section 507 is an important part of GLBA that may ultimately provide various state models for how to more fairly balance the needs of business with the privacy rights of consumers.
Opt-Out Is Ineffective To Protect Consumers.
The opt-out system is not an effective means of protecting consumer financial privacy. It puts the burden on consumers to look for the privacy notices, read and attempt to understand them, and then take affirmative action to halt the sharing of their nonpublic personal information with nonaffiliated third-parties, such as telemarketers. This system is contrary to how consumers act in the marketplace and what consumers expect from government efforts to remedy the imbalance of power in the marketplace. Businesses that want to share personal financial information should do no more and no less than is required in any consumer transaction—obtain prior express consent of the consumer; in other words, opt-in to the deal.
The current system does more to confuse than assist consumers. The opt-out notices flooding consumers’ mailboxes have been a boon for the printing and postal industry, but they have not meant much for the typical consumer. The notices are dense and impenetrable. Even the most educated and persistent of consumers would have a hard time deciphering statements such as "we may disclose [information to]…carefully selected business partners (e.g., so they can alert you to valuable products and services)" to mean the financial institution will allow telemarketers to charge your credit card account without obtaining a signature or account number from you. The ineffectiveness of the notice and opt-out procedure has been thoroughly documented.
GLBA Limitations On Account Number Sharing Have Had No Meaningful Impact On Preacquired Account Telemarketing Abuses.
Each year, American consumers experience millions of dollars of unauthorized charges on bank, credit card, mortgage and other accounts as a direct result of financial institutions sharing personal financial data. Despite an attempt at appearing to address this concern, GLBA has had no effect on the problem. In fact, GLBA may have inadvertently acted to legitimize financial institutions’ participation in data-sharing practices that result in deceptive telemarketing practices.
Preacquired Account Telemarketing Abuses. Financial institutions sell to telemarketers the names, phone numbers and other information about their customers along with the right to charge the accounts of those customers. Telemarketers use this charging authority to call consumers with a "free trial" or "no risk" offer for services like travel membership clubs and credit card protection insurance. The telemarketer, because it has the ability to directly charge the account, never obtains an account number, a signature, or any other traditional evidence of consent from the customer. This sales practice, known as preacquired account telemarketing, has led to a constant and heavy flow of complaints to Attorneys General and other consumer protection agencies.
Preacquired account telemarketing is inherently unfair and causes deception and abuse, especially with elderly and vulnerable consumers. This sales practice turns on its head the normal procedures for obtaining consumer consent. Other than for a cash purchase, providing a signature or an account number is a readily recognizable means for a consumer to signal assent to a deal. Decades of consumer education have made many consumers aware that disclosing their account number may result in unexpected charges. The corollary to this is that many consumers believe that as long as they do not disclose their account number, no charge can be made on the account. Preacquired account telemarketing exploits this belief.
When financial institutions share with the telemarketer the information needed to directly charge a customer’s account, it removes these short-hand methods of consumer control over consent to a purchase. Preacquired account telemarketing strips the consumer of control over the transaction and exploits the belief that being careful about disclosing an account number provides protection. The telemarketer not only establishes the method by which the consumer will provide consent, but also decides whether the consumer actually consented.
Our Office has brought a series of cases exposing this practice. Fleet Mortgage Corporation, for instance, entered into contracts in which it agreed to charge its customer-homeowners for membership programs and insurance policies sold using preacquired account information. If the telemarketer told Fleet that the homeowner had consented to the deal, Fleet added the payment to the homeowner’s mortgage account. Angry homeowners who discovered the hidden charges on their mortgage account called Fleet in large numbers. A survey taken by Fleet of its customer service representatives is attached as Exhibit A. It showed that customers overwhelmingly told Fleet that they did not sign up for the product, and wanted to know how it was added to their mortgage accounts without their approval, consent or signature. Fleet’s employees shared the resentment of these consumers, with comments such as "unethical for Fleet to add [optional insurance] without my permission;" "[homeowner] knows they are being slammed w/ ins they never authorized (and) thinks unethical & bad business by us… I agree with the customer;" and "they feel this is fraud…It’s a scam."
The number of financial institution customers affected by this sales practice is staggering. An investigation of a subsidiary of one of the nation’s largest banks revealed an extraordinary number of complaints of unauthorized charges. During a thirteen month period, this bank processed 173,543 cancellations of membership clubs and insurance policies sold by preacquired account sellers. Of this number of cancellations, 95,573, or 55%, of the consumers stated "unauthorized bill" as the reason for the request to remove the charge.
The frail elderly, consumers who speak English as a second language, and other vulnerable groups are especially at risk with preacquired account telemarketers. A review of randomly selected sales of one preacquired account telemarketer investigated by our office showed 58% of customers whose accounts were charged were over 60. Sellers continually use preacquired account telemarketing to sell elderly consumers membership clubs, magazines and other products for which they have no possible use. Examples from our office’s investigations of telemarketers using preacquired billing information include the following: charges to the credit card of an 85-year old man with Alzheimer’s; charges to the credit card of a 90-year old woman who asked to "quit this" and said "sounds like a scam to me;" charges to the credit card account of an Hispanic man who says "no se es" in response to a telemarketer’s question; and charges to the bank checking account of an impaired 90-year old man who did not believe he consented to the charge. Attached as Exhibit B is a letter from a Legal Aid attorney listing a variety of useless and expensive membership clubs charged to the credit card of a retired church janitor in his late 80s. The janitor was charged for a home protection plan even though he lived in a nursing home; an auto club membership even though he had no car; a dental plan even though he already had coverage; and a credit card security plan even though federal law already protected him from theft of a credit card.
These are just a few of the substantial number of consumer complaints our offices has received about this sales practice. In fact, this Office continues to receive as many complaints about these practices post-GLB as it did before enactment of the law.
GLBA Has Had No Impact On Preacquired Account Telemarketing Abuses. GLBA has not changed the involvement of financial institutions in preacquired account telemarketing, and the abuses continue to occur. All 50 state Attorneys General recently filed comments with the Federal Trade Commission ("FTC") stating that consumer complaints and state consumer protection enforcement actions against preacquired account telemarketers have continued without significant change after passage of the GLBA. The reason is not hard to discern.
GLBA, in §502(d), prohibits a financial institution from disclosing, "other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer." Thus, §502(d) prohibits the practice by financial institutions of providing the credit card numbers of its customers to nonaffiliated third-party telemarketers. When sellers of magazines, membership clubs, insurance programs and other services solicited the financial institutions’ customers via telemarketing calls, the customers were never asked to recite their credit card numbers because the sellers already had the numbers on hand with the capability to send through a charge.
After §502(d) of GLBA was enacted, however, the federal banking agencies promulgated rules that permitted financial institutions to continue sharing account numbers with third party sellers as long as they were in encrypted form. As a result of this Rule, the practices of financial institutions and their third party sellers have remained the same. Financial institutions may share encrypted or randomly generated reference numbers for their customer’s accounts with third party sellers. These sellers can still send through charges to consumers’ accounts without consumers giving their credit card numbers. The encrypted numbers are simply decrypted by the financial institution and the charges are put directly on the consumer’s account. This allows preacquired account telemarketing process to continue—legally and unimpeded. Unscrupulous telemarketers can still cause a charge to a consumer’s account even when a consumer says "no" to the sale, or simply believes he or she is trying out a free trial offer.
The essential characteristic of preacquired account telemarketing is the ability of the telemarketer to charge the consumer’s account without traditional forms of consent—i.e., paying cash, providing a signature, or providing a credit card or bank account number. The key is how the agreement between a company controlling access to a consumer’s account and the telemarketer who preacquires the ability to charge a consumer’s account affects the bargaining power between that telemarketer and the consumer. GLBA, as interpreted in implementing regulations, does not address this relationship.
GLBA’s Favorable Preemption Language Is Critical To Future
Consumer Privacy Protections.
Although Title V of GLBA has done little to address the privacy needs of financial institution customers, the Sarbanes amendment, section 507, offers the best hope to secure protections for consumers. It is imperative that GLBA retain favorable preemption standards for state legislation.
State legislatures have taken or considered a variety of approaches to protecting consumer information. North Dakota voters recently re-instated an opt-in approach to consumer financial information that had previously been in effect. California’s legislature has alternately passed and seriously considered various consumer privacy initiatives. The Minnesota Senate has passed an opt-in financial privacy bill.
State privacy initiatives have been the subject of enormous industry legislative pressure. In an article entitled "Lobbyists Swarm to Stop Tough Privacy Bills in States," the Wall Street Journal reported on the "regimented lobbying forces of the Old Economy" that have opposed such measure. Despite this intense effort, state privacy bills continue to advance in state legislatures. Proposed revisions to GLBA that would preempt such state action would be the death knell for meaningful reforms to protect consumers against misuse of their personal financial information.
CONCLUSION
I thank the Committee for its consideration. Consumer protection efforts in the area of financial privacy are in a beginning stage of development. Title V of GLBA has not adequately protected the privacy of the average citizen. I hope that the Congress will support the continuation of state legislative efforts at meaningful reform of our privacy laws.
Home | Menu | Links | Info | Chairman's Page