In an effort to crack down on data-mining firms that obtain personalinformation from consumers through fraud, the U.S. Federal Trade Commission (FTC) announced Wednesday it had filed suit against three firms that it alleged unlawfullyobtained and sold confidential financial data.
The agency, which brought the sealed cases in three separate U.S. districtcourts, targeted Baltimore, Maryland-based Information Search Inc.; SmartData Systems in Staten Island, New York; and Discreet Data Systems of Humble, Texas.
In documents filed with the courts, the FTC alleged that the companies maintainedWeb sites where they advertised that they could obtain confidential financial information — including checking and savings accountnumbers and balances; stock, bond and mutual fund accounts; and safe deposit box locations.
The commission said that the firms typically charged betweenUS$100 and $600 for their data-mining services.
Specifically, the FTC petitioned the courts “to halt the illegal practicespermanently, freeze the defendants’ assets pending trial, and order them togive up their ill-gotten gains.”
The FTC said that in each of the cases, thecourts issued temporary orders to the defendants to stop their operationsand imposed a partial freeze of their assets until a hearing is held.
The FTC complaints state that the data-mining firms engagedin practices that violated a federal law known as the Gramm-Leach-BlileyAct.
Passed in 1999, the GLB Act prohibits “pretexting,” or the use of falsestatements to collect sensitive consumer data from financial institutions ordirectly from consumers. It also governs the use of counterfeit, lost orstolen records containing sensitive consumer data.
To gather evidence for the three cases, the FTC said it initiated sting operations with the cooperation of local banks, in which investigatorsset up dummy bank accounts in the names of cooperating witnesses and thencalled the companies posing as customers.
In one case, an FTC investigator pretended to be a customer seeking theaccount balance on her fiance’s checking account.
After being provided withlimited information about the account, the data-mining firm supplied the balance figure to the undercover investigator.
Curbing the Data Trade
According to the FTC, pretexters often place consumers at great risk by”invading their financial privacy and exposing them to the risk of economicharm and financial fraud, because their information could be disclosed toindividuals who might use it to deplete a bank account or liquidate a stockportfolio, or to steal an identity.”
To help curb this burgeoning information-trade business, the commissionkicked off “Operation Detect Pretext” earlier this year, examining more than1,000 Web sites and 500 print media advertisements that offered to conductfinancial searches. The investigation was aimed at determining whether any of the companies were involved in pretexting.
The FTC said its investigation turned up roughly 200 firms — 175 of whichwere online companies — that offered to acquire and sell asset or bankaccount information about consumers to third parties.
As a result, federalregulators sent notices to the offending companies at the end of January,warning them to comply with the GLB Act as well asother applicable federal laws, including the Fair Credit Reporting Act.
The agency said that firms that do not act in accordance with those laws mayface civil and criminal penalties, and could be fined up to $11,000 foreach infraction.