FTC Business Blog

$50 million in refund checks for University of Phoenix students chundycz March 24, 2021 | 11:01AM $50 million in refund checks for University of Phoenix students By Lesley Fair “The check’s in the mail.” You’ve heard it before, but this time it’s true if you are one of the 147,000 University of Phoenix students who will be receiving payments totaling more than $50 million as a result of the FTC’s law enforcement action against the online school. In a 2019 lawsuit, the FTC alleged the University of Phoenix lured consumers in with ads that falsely touted – among other things – job opportunities for its students with national employers like AT&T, Yahoo!, Microsoft, Twitter, and the American Red Cross. To settle the case, the defendants agreed to pay $50 million in direct payments for some students and an additional $141 million in canceled balances that eligible students owed directly to the school. (Other debts – for example, federal and private student loans or military benefits – aren’t affected by the settlement.) Who is getting the 146,804 checks and 677 PayPal payments the FTC is sending out? The money is going to students who: first enrolled in a masters, bachelors, or associates degree program between October 15, 2012, and December 31, 2016; paid more than $5,000 with cash, grants, federal and private student loans, or military benefits; didn’t get debt cancellation as part of this settlement; and didn’t opt out of the University of Phoenix providing the student’s contact information to the FTC. People who receive checks should deposit or cash them within 90 days. By the way, the FTC never requires people to pay money or provide account information to get a refund or to cash a refund check. People who get a refund via PayPal will have 30 days to accept the payment. (This FAQ has more information about the PayPal payment process.) If you have questions about debt canceled by the school, email the University of Phoenix at UOPXFinance@phoenix.edu or call 1-800-333-5305. For questions about refunds, call the FTC’s refund administrator, Rust Consulting, at 1-877-310-0487. Even if you weren’t a University of Phoenix student, someone in your company may have been. Share this information with them to make sure they don’t miss their check in the mail.

Setting the debt parking brake lfair November 30, 2020 | 12:14PM Setting the debt parking brake By Lesley Fair What are the biggest risks of parking? A dinged door? A bruised bumper? For consumers victimized by the pernicious practice of debt parking, the impact on their financial health can be devastating. And if you’re a debt collector who engages in debt parking, an FTC settlement with Midwest Recovery Systems suggests you could face law enforcement action for violations of the FTC Act, the Fair Debt Collection Practices Act, and the Fair Credit Reporting Act. Just what is debt parking? It’s the practice of placing purported debts on consumers’ credit reports without first attempting to communicate with the consumer about the debt. Some call it “passive debt collection,” but there’s nothing passive about the injury it can inflict. Consumers often don’t learn about it until a mortgage company, prospective employer, or other decision maker pulls their credit report and spots what appears to be an unpaid debt. With a house, car, or job in the balance, many people feel pressured to pay up – even though they may not actually owe the money. That’s the tactic the FTC says Missouri-based Midwest Recovery Systems and owners Brandon M. Tumber, Kenny W. Conway, and Joseph H. Smith engaged in. According to the lawsuit, since at least 2015, the defendants have reported to credit reporting agencies more than $98 million in bogus or highly questionable debts for payday loans, debts subject to unresolved fraud claims, debts in bankruptcy, debts in the process of being rebilled to consumers’ medical insurance, and even debts people had already paid. The FTC alleges the defendants continued to collect those debts even in the face of billowing red flags about their validity. In fact, when consumers were able to dispute the purported debts, the defendants have regularly concluded that between 80% and 97% of them were either inaccurate or invalid. That’s not surprising, given that many of those debts originated from certain payday lenders and others whom the FTC has sued for their own illegal practices. Here’s an example cited in the complaint of how the defendants used debt parking to help line their pockets with millions in gross revenue. When applying for a mortgage, a consumer was told that an outstanding medical debt of $1,500 had lowered his credit score, which threatened to put the kibosh on buying a house. He contacted the hospital where he supposedly owed the debt, only to be told that he owed just an $80 co-pay. In spite of that, the FTC says the defendants refused to remove the debt and threatened the consumer with a lawsuit if he didn’t pony up. His complaint was one of thousands that Midwest Recovery received. For people who work in the collections field, the pleading in this case merit a careful read. In addition to alleging the defendants made false or unsubstantiated representations in violation of the FTC Act and the Fair Debt Collection Practices Act, the complaint expressly challenges their debt parking tactics as an unfair practice under the FDCPA. The FTC says they also violated the FDCPA by failing to provide validation notices – one of the protections in the statute designed to ensure consumers have the information they need to dispute an invalid debt. Three other counts charge the defendants with violating the Fair Credit Reporting Act by furnishing information to credit reporting agencies they knew or had reasonable cause to believe was inaccurate, by failing to conduct reasonable investigations of disputes, and by failing to report the results of those investigations to consumers. The settlement suggests some takeaway tips for others in the collections ecosystem. Consumers’ credit reports are a NO PARKING zone. This is the first FTC case to address debt parking – and thus the first to challenge the practice as unfair under the FDCPA – but the message couldn’t be clearer. Debt collectors that park fake or questionable debts can expect law enforcement scrutiny. What’s more, this kind of parking can result in remedies that extend far beyond a ticket or a boot. In addition to a financial judgment and tough injunctive provisions, the settlement requires the company to turn over all its remaining assets and one defendant to sell his stake in another debt collection company and surrender the proceeds. Watch for the symptoms of questionable medical debt. The Midwest Recovery settlement is among the first FTC matters to address medical debt. Over 43 million consumers have outstanding medical debts on their credit reports, and medical debt accounts for more than half of the debts reported by third-party collection companies. But medical billing is a frequent source of confusion and uncertainty for consumers, given the complex and often opaque system of insurance coverage and cost sharing. Now more than ever, accuracy issues are a particular concern. Exercise caution at the intersection of debt collection and credit reports. Reporting debts first and asking questions later – or not at all – can land collectors in a steaming alphabet soup of FDCPA and FCRA violations. Prudent members of the industry scrutinize questionable categories of debt and debts to questionable creditors. They also contact consumers and listen to what they have to say before furnishing information to credit reporting agencies.    

20 more warning letters tell companies to cut out unproven COVID-19 claims lfair August 14, 2020 | 11:41AM 20 more warning letters tell companies to cut out unproven COVID-19 claims By Lesley Fair Coronavirus claims for zappers, virus-busting cards, sage, oregano, and bay leaves are among the representations called into question in the latest round of warning letters sent by FTC staff. With the total closing in on 300, the letters make it clear that companies need to clean up their claims about preventing or curing COVID-19. Here are the products and promises that have raised the most recent concerns. The1VirusBuster.  Citing statistics on the proliferation of coronavirus, the company promoted The 1 Virus Buster Cards as “safe, simple, and effective. All you need to do is hang it on your neck or attach it to your collar, close to your mouth and nose. If used correctly, it kills 99.99% of most harmful bacteria and viruses, which live in the air you breathe, within a three-foot radius.” Active Lifestyle Clinic.  In marketing materials titled “Learn about our COVID-19 protocol,” the Phoenix clinic promoted ozone therapy as an “effective, safe, and affordable way to treat virus and infection . . . .” Dave Asprey.  In a letter sent in care of Seattle-based Bulletproof 360, Inc., FTC staff cited blog posts, including one about “how to hack coronavirus.” The website touted a variety of products, including andrographis, sage, oregano, bay leaves, and a formulation called Bulletproof. Back 2 Health Family Wellness Center.  A video on the New Jersey office’s YouTube channel claimed to show consumers “how to improve your immune system to fight any virus including the corona virus or Covid 19.” On a webpage with the heading “Corona Virus Covid-19 and Chiropractic,” the company touted “regular chiropractic adjustments” as a way “you may lessen the severity or duration if you do happen to get sick.” Bottom Line Inc.  In promoting products it sells, the Connecticut company stated, “[A]ccording to the NIH, there is significant data showing that melatonin limits virus-related diseases and would also likely be beneficial in COVID-19 patients.” In addition, the company claimed that astragalus, quercetin, elderberry, and zinc “help prevent the virus from entering your cells by blocking the receptors where it tries to dig in.” Breiner Whole-Body Health.  After referring to “the new coronavirus spreading worldwide,” a video on the Connecticut company’s website claimed, “We have several IV drips that can . . . help prophylactically as well as IVs that can be used if you have a current infection.” On a Facebook post, the company said that for consumers who take intravenous Vitamin C, “the viruses themselves will just . . . get overwhelmed and die.” CoviDoctors.  The Lubbock-based business advertised on its website “Get the same herbal formulas used in Chinese hospitals for treatment and prevention of Covid-19.” The company also promoted three products it claimed were based on “research from China on advanced formulas for prevention of coronavirus infection.” Fortifeye Vitamins.  On its website, the Florida business warned consumers that “this cytokine storm when you have this virus attacks your lungs, your heart, your brain . . . you could die.” The company promoted a variety of products as “natural approaches to help fight against this viral invasion,” including its Fortifeye Super Immune Wellness bundle, described as “the big daddy, the king daddy.” Gesundheit Nutrition Center.  In describing “things you can do to protect yourself from becoming infected by this CoronaVirus or any other virus for that matter,” the Montana company recommended products it sells, including “Oil of Oregano, Olive Leave Extract, Elderberry, Sovereign Silver, Garlic, Astragalus, and Cat’s Claw.” Hackbart Chiropractic.  On a webpage with the heading “Improved Immunity During Covid-19,” the Nebraska clinic stated, “There are many things you can do but what is the single most effective option? Get Adjusted!” It continued, “Develop a good offense through chiropractic so you can have the upper hand over COVID-19.” Hyde Park Holistic Center.  A webpage for the Georgia clinic included the heading “Possible Natural Solution” to coronavirus and recommended four products available from its online store: AdvaClear, which contains EGCG; Sinuplex, which contains quercetin; Zinc AG; and Ultra Potent [Vitamin] C. Dr. Rozita Moshtagh.  In a warning letter sent to Dr. Moshtagh at San Diego’s Naturopathic Medicine Clinic, FTC staff cited claims on her website – for example, “We offer Anti COVID-19/Anti Coronavirus Natural Antivirals and IV Therapy” and “Schedule Your High Dose IV Vitamin C. KEEP Covid-19 AWAY.” Natural Health Center of Clifton.  In a Facebook post titled “Coronavirus: How to Protect Yourself,” the New Jersey center promoted its “CoronaVirus Protocol” as “specifically designed to BOOST your immune system and ward off viruses.” It also recommended chiropractic adjustment as a way to “Boost Your Immune System & Protect Yourself Against The CoronaVirus.” NaturalHealthSupply.com.  The Maine company promoted its Zapper and Food Zappicator as devices that could prevent or treat coronavirus by using certain frequencies to kill viruses. NSideOut Health.  Using hashtags #coronakiller, #coronacure, or #covidcure on Instagram posts, the Atlanta company promoted its elderberry syrup, elderberry elixir, elderberry seamoss gel, and black seed oil as “ideal for everyday use but especially during this pandemic . . . .” Provita Health Store.  On its webpage, the company described the health risks posed by COVID-19 and recommended the VariZapper, a device “to remove viruses.” Using the hashtag #coronavirus, the product was promoted on Instagram as a “#frequencygenerator device that removes #pathogens from the body.” Silver Cancer Institute & Center for Chronic Disease.  In promoting ozone therapy as part of its “Emergency protocol for CORONA VIRUS,” the Arizona company cited “new peer reviewed literature” and recommended “oxidative therapy with intravenous ozone,” which “quite effectively killed [the] virus.” UWell Life, Inc.  On its website, the California company claimed consumers could “Prevent Corona Virus with Primocyn.” Whole Word Botanicals.  In marketing materials titled “4 Things You Can Do at Home to Ease Coronavirus and Pneumonia Symptoms,” the New York company recommended camu camu, cat’s claw, and desmodium. The website also featured a testimonial claiming that two healthcare workers who had contracted COVID-19 had taken the products and “Three days later their fevers were gone and their oxygen levels were almost back to normal!” Xlear.  In a YouTube video titled “There is a Simpler, Cheaper Way to Deal with COVID-19,” the Utah company claimed that “a Utah State University study found that a nasal spray like Xlear reduced the COVID-19 virus to ‘an undetectable amount’ in 15 minutes.” Like the hundreds of warning letters FTC staff has already sent, the latest letters get down to brass tacks: It is unlawful under the FTC Act . . . to advertise that a product or service can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made. For COVID-19, no such study is currently known to exist for the product identified above. Thus, any coronavirus-related prevention claims regarding such products are not supported by competent and reliable scientific evidence. You must immediately cease making all such claims. The FTC has already filed suit against a company that received a warning letter and failed to make material changes to its COVID-19 claims. Looking for more compliance resources? Visit the FTC’s Business Guidance During Coronavirus portal.    

Stick with Security: Apply sound security practices when developing new products lfair September 8, 2017 | 9:37AM Stick with Security: Apply sound security practices when developing new products By Thomas B. Pahl, Acting Director, FTC Bureau of Consumer Protection Your company has a killer concept for an innovative app or a connected product and you’re in that initial blue-sky-and-whiteboard stage. You’ll have lots of opportunities to develop your distribution chain, create eye-catching ads, and start the social media buzz. But there’s one task that can’t wait. Now is the time to start with security – and that includes applying sound security practices when developing new products. Tech experts will tell you it’s tough to graft security on after the fact. The sounder strategy – and the one more likely to win consumer confidence – is to build security in from the start. A look at FTC investigations, law enforcement actions, and the experiences that businesses have shared with us suggest the importance of starting with security in product development. Here are examples gleaned from those sources. Train your engineers in secure coding. The premium your company places on sound data security can’t be an “It goes without saying . . .” kind of thing. Say it clearly, sincerely, and frequently. Create a work environment where your staff is encouraged at every stage to factor security into product development. From concept to marketplace and beyond, articulate your expectation that employees keep security at the forefront of their decisionmaking. Ultimately, it’s the best strategy for your customers, your corporate reputation, and your profitability. Example: A company launching a new software product emphasizes to its software engineers the importance of coding quickly to ensure that the product reaches the market as soon as possible – and the engineers meet in-house coding deadlines. But only after the product is in consumers’ hands does the company discover that the engineers have repeatedly created code that is susceptible to common, well-known security vulnerabilities for which there are available solutions. To correct the problem, the company has to implement an expensive after-the-fact fix. The more efficient – and ultimately, more cost-effective – practice would have been for the company to emphasize to its software engineers the importance of secure coding throughout the development process and to provide them with the training necessary to meet that expectation. Follow platform guidelines for security. Starting with security doesn’t necessarily mean starting from scratch. Every major platform has guidelines for developers to help keep sensitive data secure. Wise companies take that advice into account in designing new products. Example: A company creates a mobile app for two different app platforms. Both platforms require data to be encrypted in transit and both have Application Programming Interfaces (APIs) that provide industry-standard encryption. By using the platforms’ APIs correctly, the company’s engineers can help keep data secure. Verify that security features work. Keeping an umbrella in your car is a prudent idea, but test it while the sun is shining. Don’t wait until a torrential downpour to find out that the ribs are bent or the handle is broken. In a similar vein, it’s wise to build security features into your products, but before you head to the marketplace, verify that they’re enabled and operating properly. Furthermore, if you make any claims to consumers about the nature of the security your product provides, those representations must be truthful and supported by proof you have in hand before you start selling. “But we don’t make any security-related claims.” Maybe so, but are you sure? Under the FTC Act, companies are responsible for all representations – express and implied – that consumers acting reasonably under the circumstances take from a company’s marketing materials. That includes statements or depictions conveyed on TV or radio, in print, on your website, in online ads, on packaging, through social media, in privacy policies, or in an app store. Businesses are free to put security features front and center in their marketing materials as long as they honor established truth-in-advertising standards. So before you tout the security benefits of your product, verify that they live up to your advertised promises. Example: A company that sells a household budgeting app runs an ad claiming that its product has “bank grade security.” But the company doesn’t have a written security program, doesn’t conduct risk assessments, doesn’t train its employees in secure information practices, and fails to implement other practices commonly associated with “bank grade security.” By making representations that are false or unsubstantiated, the company has likely violated established truth-in-advertising standards. Test for common vulnerabilities. Is there any way to make your product 100% hack-proof? Without reverting to the days of tin cans connected with string, the answer is no. But there are steps you can take to protect your customers from well-known vulnerabilities that are preventable with tried-and-true security tools. The good news is that many of those tools are free or available at low cost. Before you release your product, make sure it’s ready for prime time. Test it to ensure that you’ve built in defenses against known risks. Of course, new threats emerge periodically, which is why security should be a dynamic process at your business. The security protocols you put in place for last year’s product may not be sufficient for Version 2.0. How can you keep your ear to the ground about defending against the latest threats? There is robust public cross-talk among researchers, tech experts, industry members, government agencies, and others committed to sticking with security. Follow their discussions on trusted websites, heed their warnings about new risks, and revise your design decisions accordingly. Example: A 10K race application requires registrants to enter their name, address, date of birth, credit card number, and fastest 10K time. The data is stored in a SQL database that combines data from race events all over the country. The event organizers didn’t consult free resources to stay current on security risks, and never performed any code analysis or penetration tests to assess whether their application was vulnerable to a SQL injection attack. By staying current with free resources – for example, OWASP’s Top Ten Project – the event organizer could have reduced the risk of exposing racers’ personal information to unauthorized access. Example: An app company regularly consults public resources like US-CERT for updated information about cyberthreats. The company realizes that the product it’s developing includes a security flaw some hackers have started to exploit. By catching the problem early and implementing an appropriate fix, the company has protected its customers and its reputation. What can companies learn from these examples? Building security from the ground up is a cost-effective approach to innovation. Next in the series: Make sure your service providers implement reasonable security measures

Ashley Madison settles with FTC over data security lschifferle December 14, 2016 | 12:05PM Ashley Madison settles with FTC over data security By Lisa Weintraub Schifferle If you care about data security and privacy, you’ll want to read about the FTC’s settlement with ruby Corporation, ruby Life Inc., and ADL Media Inc. –  the companies that operate AshleyMadison.com. AshleyMadison.com advertised a dating website that’s “100% secure and anonymous.” It bolstered those claims by including an icon of a “Trusted Security Award” and an image indicating that the website was a “100% discreet service.” The website lured you in with promises of “thousands of women” in your city (and mind you, about 16 million of the 19 million U.S. profiles were of men). Then, it used “engager profiles” – fake profiles created by staff who communicated as if they were actual female users. The company created these profiles by using information from existing members who had not had any account activity for a while. Many times, non-paying users upgraded to full memberships so they could send messages to what they believed were real users but were, in fact, fake profiles. For users who were concerned about others finding out about their activities on the website, the website promised that you could “remove your digital trail.” For $19, you could buy a “Full Delete” that promised to remove all of your information from AshleyMadison.com. We’re talking information like: name; relationship status; sexual preferences and desired encounters; desired activities; photographs; and financial information. Sounds like information people wouldn’t want to get out in the public, right?     In July 2015, a group called “The Impact Team” hacked into Ashley Madison’s computer system. The group threatened to release all of the website’s user information unless Ashley Madison shut down. When the company balked, the group published personal information about 36 million users. That’s a lot of very personal information of a lot of people. It even included information from people who had paid for a “Full Delete.” It turned out that Ashley Madison kept personal information for up to 12 months after a “Full Delete,” and sometimes failed to remove the profiles altogether. How did this happen? The FTC’s complaint alleges that AshleyMadison.com engaged in several practices that failed to provide reasonable data security, including: Failure to have a written information security policy Failure to implement reasonable access controls Failure to adequately train personnel about data security Failure to monitor third-party service providers These basic principles are all outlined in the FTC’s Start with Security guide. The FTC’s five-count complaint alleges both deception and unfairness. The deception counts involve: misrepresentations that the company took reasonable steps to ensure that AshleyMadison.com was secure; misrepresentations that the engager profiles were from actual women; misrepresentations about deleting profiles; and misrepresentations about the data security seal (you guessed it – the company without a written data security policy did not in fact receive a “Trusted Security Award”). Finally, the complaint alleges that the company’s unfair security practices injured or are likely to injure consumers. The FTC’s settlement with ruby Corporation and its subsidiaries prohibits the companies from making those types of misrepresentations. It also requires them to maintain a comprehensive information security program and get biennial assessments. And the FTC isn’t in this alone. The FTC’s settlement is in conjunction with thirteen states and the District of Columbia. The FTC also had help from its international counterparts in Canada and Australia. Based on a joint investigation, the Office of the Privacy Commissioner of Canada entered into a compliance agreement and the Office of the Australian Information Commissioner entered into an enforceable undertaking with Toronto-based ruby Corporation. Those agreements focus on remedial measures to improve the company’s data security and data retention policies.  So, what’s the lesson learned from the Ashley Madison case? Businesses must keep their promises. And if you collect sensitive personal information, you must protect it.  For further guidance about how to do that, check out Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business. And for more compliance resources, visit the Business Center’s Privacy and Security portal.  

2015’s top-pick topics: A 10-tative list lfair December 31, 2015 | 10:26AM 2015’s top-pick topics: A 10-tative list By Lesley Fair 2015 saw the end of The Late Show with David Letterman, but his Top 10 List legacy lives on. From the home office in Washington, D.C., here is our informal take on ten topics we covered this year in the BCP Business Blog. Advertising substantiation.  People will be citing the D.C. Circuit’s POM Wonderful opinion for years to come, so we extracted a dozen quotable quotes. Other relevant posts: Spilling the beans: The anatomy of a diet craze discussed what some folks call “The Oz Effect” and analyzed how green coffee bean extract became a weight loss thing (an unsubstantiated thing, according to the FTC). Five principles to help keep your health claims healthy offered lessons from recent cases. Other health-related highlights: the Tommie Copper settlement and the workshop on advertising for homeopathic products. Auto ads.  It’s been an eventful year in the FTC’s drive to ensure accuracy in auto advertising. For instance, in Operation Ruse Control, the FTC and 32 law enforcement partners brought more than 200 actions alleging illegal claims or conduct in auto sales. Cognition claims.  Whether the target market is brainy babies, successful students, or sharp-as-a-tack seniors, advertisers are promoting products that promise to improve what’s between the ears. The FTC took on a number of purported cognition claims, including a videogame pitched to improve kids’ school performance and a dietary supplement advertised to reverse age-related mental decline. Data security and privacy.  The Third Circuit’s decision in FTC v. Wyndham and the subsequent settlement are worth a reread. The proposed settlement with Oracle involving Java SE updates and two COPPA cases addressing the use of persistent identifiers are notable, too. But the action hasn’t just been on the law enforcement front. To help businesses build sound security into their day-to-day operations, the FTC debuted its Start with Security initiative, featuring a new publication, videos, and conferences. Next on the itinerary is Start with Security: Seattle on February 9, 2016. Debt collection.  This year saw unprecedented activity against questionable debt collection tactics. For example, Operation Collection Protection involved 115 actions by the FTC and state, federal, and international partners. In addition, the list of banned debt collectors now numbers 93. The $63 million FTC-CFPB settlement with Green Tree alleged a host of violations related to loan servicing and debt collection. We’ve also worked to keep the lines of communication open with industry members and other stakeholders by hosting Debt Collection Dialogues in Buffalo, Dallas, and Atlanta. Enforcement.  The FTC’s $100 million settlement with Lifelock for alleged violations of an existing order proves that it’s about the follow-through. Settlements with Bed Bath & Beyond, Nordstrom, J.C. Penney Company, and Backcountry.com for “bamboo” claims send the related message that companies should heed warnings about possible law violations. Fair Credit Reporting Act.  As the adage goes, life begins at 40. Look no further than the Fair Credit Reporting Act. 2015 saw a $2.9 million settlement with Sprint for alleged violations of the Risk-Based Pricing Rule. For employers interested in how the FCRA applies to the personnel process, this post put a disco spin on compliance. Native advertising and endorsements.  The FTC’s Enforcement Policy Statement on Deceptively Formatted Advertisements and the accompanying guide for business explore how established truth-in-advertising and disclosure principles apply to native ads. On the related topic of testimonials, the proposed settlement with Machinima, a blog post debunking seven myths about endorsements, and The FTC’s Endorsement Guides: What People Are Asking offer advice on keeping your practices compliant. Technology.  Tech touches pretty much everything the FTC does these days, but here are some noteworthy developments: the $40 million settlement with TracFone for purported promises of “unlimited” data, lawsuits challenging deceptive claims for apps, the Internet of Things report and business brochure, workshops on lead generation and cross-device tracking, and the establishment of OTECH, BCP’s Office of Technology Research and Investigation. Telemarketing. Lifestyles of the pitchin’ shameless describes lawsuits by the FTC, all 50 states, and D.C. challenging illegal telemarketing practices and other alleged violations by the Cancer Fund of America and related parties. A partial summary judgment in the pending FTC-state AG action against Dish Network cited 57,606,609 calls made in violation of the Telemarketing Sales Rule. In the ongoing battle against illegal robocalls, the FTC joined forces with 10 state AGs to challenge a campaign by Caribbean Cruise Line and others that involved robocalls by the billion. We also sponsored a new challenge, Humanity Strikes Back, to encourage tech solutions to pesky pre-recordings. And following a public comment period, the FTC announced updates to the TSR. What should consumers know about the year in review? This post from our Consumer Blog recaps law enforcement actions and warns about emerging scams. In addition, our Every Community initiative continues to bring the FTC to neighborhoods across the country.  

What’s on boomers’ minds? lfair July 8, 2015 | 10:36AM What’s on boomers’ minds? By Lesley Fair Baby boomers are running scared and marketers are in hot pursuit. What strikes such fear? The specter of memory loss and cognitive impairment severe enough to turn you into “a prisoner” in your own home who is “unable to recall who you are, where you live, or to whom you are related.” According to an FTC lawsuit, Brain Research Labs, KeyView Labs, MedHealth Direct, and others deceptively touted the dietary supplement Procera AVH as a solution to that problem. Ads for Procera asked consumers to imagine what their lives would be like if: “You are no longer allowed to handle your financial matters.” “You are no longer trusted to purchase anything . . . for you or anyone else.” “You are moving to a nursing home to live with strangers.” “You must sell your car, or give it to a family member.” “Your lifelong possessions are to be sold or given away.” According to the FTC, the defendants claimed Procera could prevent and reverse age-related mental decline and memory loss, and improve concentration, focus, mental clarity, and mood. Consumers paid between $40 and $80 for a 3-4 week supply. The defendants sold some buyers on the supposed benefits of an automatic shipment program, charging their credit cards for regular supplies. The pitch didn’t end there. On their site and in other promotions, the defendants brought out the heavy artillery: assurances that “a landmark clinical study” proved that their “breakthrough nutritional formula” would “help reverse up to 15 years of mental decline, effectively restoring a 50-year-old’s brainpower to that of a 35-year-old.” A print ad, for example, touted “randomized, double-blind, placebo-controlled research” where “clinicians witnessed a startling transformation in study participants’ brains.” Many of those claims were conveyed through Josh Reynolds, the stated “creator” of Procera and “Science Director” of defendant Brain Research Labs. But the FTC says the defendants didn’t have proof to back up their claims that the product would significantly improve memory, concentration, focus, clarity, and mood or stop or reverse age-related mental decline and memory loss – especially cognitive impairment severe enough to interfere with independent living. The complaint also challenges those “clinically proven” claims as false and alleges that Josh Reynolds didn’t appropriately exercise his purported expertise in endorsing the product. The proposed settlement includes broad injunctive provisions to protect consumers in the future. In addition, the defendants will pay $1.4 million with $400,000 of that reserved to satisfy a judgment in a case brought by local California law enforcement officials. The order also imposes a $61 million judgment against defendant KeyView Labs and a $91 million judgment imposed jointly against the remaining defendants. Under the terms of the settlement, KeyView will shut down the Procera automatic shipment program. What can other companies take from this case? Advertisers shouldn’t need a heads-up that misleading cognition claims are an important enforcement priority. Recent FTC actions have challenged deceptive representations about teaching toddlers to read, boosting students’ grades and SAT scores, and improving memory in older adults, to name just a few. Many consumers are concerned about cognition at every stage of life, but companies shouldn’t rush into the market unless they have – at minimum – competent and reliable scientific evidence to support their claims. There may not be an I in T-E-A-M, but there are three of ‘em in L-I-A-B-I-L-I-T-Y. The promotion of Procera involved multiple parties. You’ll want to check the pleadings for the specifics, but the complaint names the businesses that have sold Procera; MedHealth Direct, a company involved in creating the ads; John Arnold, MedHealth Direct’s President; Josh Reynolds, the expert endorser and manager of the company that commissioned and reviewed the study; and a company that owned that company. When faced with compliance choices, prudent businesses are mindful of the breadth of liability under the FTC Act.  

Track afield: What the FTC’s Google case means for your company wfg-adm109 August 13, 2012 | 12:04PM Track afield: What the FTC’s Google case means for your company By Lesley Fair After two weeks of talk about track, the trending topic is tracking, including the FTC’s $22.5 million settlement with Google for violating an earlier order.  Google told users of the Safari browser it wouldn’t place tracking cookies or serve them targeted ads, but the FTC charged that the company’s tracking practices went far afield of its claims.  Of course, the terms of that settlement apply just to Google, but there’s a lot savvy executives can take from the case and other recent FTC actions that touch on tracking. It’s a decathlon, not a dash.  By now, most companies have (we hope) gotten the message that what they say in their privacy policies has to line up with their day-to-day operations.  But chances are you’re conveying claims not just in your privacy policy, but also where you talk about choice mechanisms, opt-outs, and other ways users can customize their experience.  The FTC’s complaint against Google cites — among other things — alleged misrepresentations on the company’s Advertising Cookie Opt-Out Plug-in page.  The message for businesses?  Like decathletes, prudent companies excel across the board.  They know where they make privacy promises, maintain an inventory of the cookies they use, and don’t launch new ones without thinking through the implications. Members only.  No, not the sporty jackets from the 80s.  We’re talking here about what’s conveyed when companies highlight their affiliation with self-regulatory programs.  To join the Network Advertising Initiative (NAI), a voluntary self-regulatory group for the online ad industry, companies agree to disclose their data collection and use practices.  Although Google touted its NAI membership, the FTC says the company didn’t truthfully disclose what it was doing with Safari users’ data.  Therefore, the FTC charged that Google misrepresented the extent to which it honored NAI’s Code.  Membership in self-regulatory programs is your call, but once you advertise your adherence to an industry code, live up to its terms. Ill-advised disguise.  Marathoners dream of entering the stadium first and running that last stretch in front of a cheering crowd.  But remember American Frank Shorter in the ‘72 Olympics?  He led the pack into the arena, but didn’t know someone had donned a uniform, hidden under the bleachers, and taken a victory lap before officials figured out the ruse.  Of course, the circumstances are different, but our point relates to the FTC’s allegation that Google used code to disguise its cookie to work around Safari’s opt-out default setting.  The take-away for careful companies is that sidestepping users’ preferences can lead to costly legal missteps. Relay race.  Many recent FTC privacy cases suggest a disconnect between what companies say they’re doing and what’s actually happening behind the scenes.  How do businesses overcome that hurdle?  Coaches love to quote the Lombardi-esque chestnut, “There is no I in T-E-A-M.”  But if you’re talking about your company’s data management team, there should be an I-T.  Your information technology staff needs to run a strong lead-off with smooth baton passes to your marketing execs and legal advisors.  But victory depends on a solid anchor leg from top management committed to crossing the finish line in front. (We’ll stop with the sports metaphors for now.)  

Check that check wfg-adm109 June 22, 2012 | 1:33PM Check that check By Colleen Tressler & Karen Hobbs At the BCP Business Center, we offer tips on how to stay on the right side of the law.  But we also do our best to spread the word about the latest frauds targeting businesses — and this one’s a piece of work.  If your company accepts checks or online payments, you’ll want to be on the look-out for a scam that could leave you with a stack of worthless paper. Here’s what’s happening:  In exchange for a fee and some personal information, fraudsters are giving people “instructions” on how to use bank account and routing numbers that don’t belong to them to pay their bills online, or print checks so they can make payments in person or by mail.  In one scheme, scammers are using a variation on the “free money from the government” fraud.  They tell people to use the routing number of the Federal Reserve Bank of Atlanta — 0610-0014-6 — to make checks and electronic payments through the Automated Clearinghouse (ACH) Network.  (No, we’re not offering a how-to here.  The number is no longer valid.) If you get an ACH payment, check, cashier’s check, or certified check with that routing number, look into it.  Checks with that number aren’t valid payment instruments.  If you take one, you run the risk of not getting paid.  So what should you do?  Don’t accept the check — and notify the authorities immediately:  your state Attorney General, the local office of the FBI, and your bank. What else can you do to protect your business from fake check rip-offs?  Train your staff to watch for warning signs that a paper check might be counterfeit, like: no perforated edge on one side of the paper; the absence of security features, like a watermark; a routing number with fewer than nine digits; a bank address on the check that doesn’t match its real address; or a flimsy feeling to the paper. Read Merchants Beware: New “Free Money from the Government” Scam May Cost You to find out more.  

The Reebok settlement: What the FTC order means for advertisers and retailers wfg-adm109 September 29, 2011 | 1:11PM The Reebok settlement: What the FTC order means for advertisers and retailers By Lesley Fair The FTC’s settlement with Reebok requires the company to get their ad claims in shape and works out a $25 million refund program for people who bought EasyTone and RunTone shoes and apparel. Of course, the terms of the lawsuit apply only to Reebok, but experienced advertisers understand the benefits of mining FTC orders for compliance nuggets applicable to their business. What if you sell Reebok shoes or apparel or represent companies that do? You’ll definitely want to read the order for provisions relating to retailers. So what’s in the Reebok settlement? Strong injunctive provisions for a starter. Under Part I of the order, the company will need competent and reliable scientific evidence to support future claims that a product will strengthen muscles or result in a quantified percentage or amount of toning or strengthening. The order defines “competent and reliable scientific evidence” in this context to mean “at least one Adequate and Well-Controlled Human Clinical Study of the Covered Product that conforms to acceptable designs and protocols, the results of which, when considered in light of the entire body of relevant and reliable scientific evidence, is sufficient to substantiate that the representation is true.” Another interesting aspect: The order makes it clear that it covers claims made directly or by implication, “including through the use of a product name, endorsement, depiction, or illustration.” What about other health or fitness-related claims for covered products? The order requires Reebok to have competent and reliable evidence to back up those claims, too. For those — covered by Part II of the order and including representations about “muscle tone and/or muscle activation” — that means “tests, analyses, research, or studies that have been conducted and evaluated in an objective manner by qualified persons and are generally accepted in the profession to yield accurate and reliable results.” Part III makes it illegal for Reebok to misrepresent “the existence, contents, validity, results, conclusions, or interpretations of any test, study, or research.” What about the refund program? Reebok will be paying $25 million, which will go toward consumer refunds. The order adds that “consumer redress that otherwise would be conducted” by the FTC “may be instead conducted through prompt, court-approved resolution of one or more private class action lawsuits” against Reebok. The order makes it clear that key parts of any class action resolution submitted for court approval — for example, the class action notice, claim form, settlement claim procedures, and privacy and security practice — have to be OKed by the FTC. In addition to reporting and compliance requirements common in FTC law enforcement actions, the order requires Reebok to send a letter to retailers that sell the products in question. The letter — which is attached to the order — directs retailers to: 1)  remove promotional materials on display that include claims about improving or increasing muscle tone, muscle strength, muscle activation, or posture; 2)  cover over those claims on product boxes with stickers Reebok will provide; 3)  remove package inserts with those claims; and 4)  remove hangtags on shoes and remove or sticker over hangtags on apparel if they make those claims. If you have clients that sell Reebok products, they’ll get the letter soon.