Phantom debt brokering: an emerging form of identity theft World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics
Phantom debt brokering an emerging form of identity theft
Pam Dixon July 10, 2019 The FTC recently announced a “phantom debt broker” settlement. Phantom debt is debt that has been fabricated and then treated as if it was real debt that could be collected from consumers. Of the phantom debt cases the FTC has worked on, this case in particular provided a clear view into practices that form the modus operandi for a newly emerging type of identity theft. Debt brokers are businesses that buy and sell debt. The problem in this FTC case was that some debt brokers created “counterfeit debts fabricated from misappropriated information about consumers’ identities and finances; and debts purportedly owed on bogus “autofunded” payday loans that fraudulent enterprises foisted on consumers without their permission.” (See: https://www.ftc.gov/news-events/press-releases/2019/07/phantom-debt-brokers-collectors-settle-ftc-new-york-ag-charges?utm_source=govdelivery) In other words, the debt brokers made up the debt using consumers’ information. Of note in this settlement is that the debt was entirely false, and it was given to consumers based on detailed consumer data the debt brokers had access to by virtue of their professional work. Debt brokering is of interest to the World Privacy Forum because the details of consumer debt typically contain copious amounts of sensitive personal information. Financial and demographic data often show up in debt broker data, and in some cases, there may be additional types of information. For example, medical debt can be bought and sold, including in some cases informational details that may have originally been held under the protections of HIPAA. High volumes of personal data is not unexpected in debt brokering. Much of the FTC’s work on debt brokers and collectors has to do with the improper activation of old debt (time-barred debt), or other violations of the Fair Debt Collection Practices Act or aspects of the FTC Act. But we think that the identity theft aspects of this case are worth paying particular attention to. The debt brokers at the center of the FTC’s settlement created fictitious debts from consumers’ identity details and financial data. These fake debts were then ascribed to the victims. The fake debt was then sold to businesses that went out to collect on the fake debt. This put the victims in the crosshairs of debt collectors. According to the FTC’s complaint, at least some of the consumers complained vigorously about the false debt not belonging to them. But when a debt broker is the party that has created the problem, it becomes very challenging for victims to get relief. After the debt collectors contacted the victims, it was up to the victims to try to get debt collectors to re-investigate the debt, and validate that the debt did or did not belong to them. The process of re-investigating debt that a debt broker had falsely created is the very image of asking the fox who is guarding the henhouse to provide an audit of its own activities to the debt collectors. Identity theft has many remedies, from the ability to file police reports to correcting credit bureau reports containing information related to fraudulent ID theft activities. But this FTC phantom debt brokering case outlines a pernicious form of identity theft that reveals gaps in identity theft protections for victims. Victims of this “phantom debt brokering” form of identity theft would have an extremely difficult — if not impossible — time proving that they did not in fact owe the debt. It would take a remarkably persistent consumer to see this kind of an identity theft problem through to a positive resolution. Imagine if a consumer is given a fake debt. They dispute that fake debt. The collection agency goes to the broker (who created the fake debt) to validate the debt. If there is no intervention that stops or reveals the fraud, fake debt collection activities can eventually show up on victims’ credit bureau files. Unfortunately, this emerging form of identity theft has all the makings of a lucrative criminal business model. As this is not the FTC’s first case, there are indications that this form of crime is not going away. For example, the FTC brought a phantom debt case in 2017, see: https://www.ftc.gov/news-events/press-releases/2017/08/ftc-charges-debt-collection-operation-took-consumers-money. The case settled in 2018, see: https://www.ftc.gov/news-events/press-releases/2018/06/phantom-debt-collectors-settle-ftc-charges-deceiving-consumers. In the 2017 phantom debt case, victims of the phantom debt fraud paid more than 2 million dollars to debt collectors to stop the harassment and problems. There needs to be additional attention to new industry practices that will greatly discourage this crime of phantom debt identity theft, and will ensure that consumers have clear pathways and procedures to clear their name when debt brokers may be the ones creating the problem. The Fair Debt Collection Practices act allows the FTC to take enforcement actions against a number of practices, including false or misleading representations, unfair practices, or furnishing deceptive forms, among others. The tools may already exist that would allow for effective deterrents and protective practices to be put in place, but more work is needed in the specific area of identity theft problems arising from phantom debt. A key message for consumers is that if you receive a communication from a debt collector, request that all documentation of the original source of the debt be sent to you in writing. If you do not owe the debt, dispute the debt vigorously and file complaints with the FTC and with your local Attorney General’s office. You can also file a complaint with the Consumer Financial Protection Bureau. More Information
For more information about Debt Buyers, see NCLC’s Debt Buyer Fact Sheet To file a complaint
FTC Consumer Complaint Page State Attorneys General: Listing of all State AGs Consumer Financial Protection Bureau Complaint Page Posted July 10, 2019 in Fair Credit Reporting Act (FCRA), Federal Trade Commission (FTC), Financial Privacy, Identity Theft Tags: debt brokers, debt collection and privacy, phantom debt Next »WPF Executive Director Pam Dixon to testify before US Senate on privacy, predictive analytics, and data brokers « PreviousHighlights of the FTC and DOJ Facebook complaint and order WPF updates and news CALENDAR EVENTS WHO Constituency Meeting WPF co-chair
6 October 2022, Virtual OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy
4 October 2022, Paris, France and virtual OECD Committee on Digital and Economic Policy fall meeting WPF participant
27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence... Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process. COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.