By Lesley Fair

Undercover intrigue and an international sting operation.  It sounds like the makings of the latest Hollywood thriller.  But it’s really the true tale of recent federal law enforcement that should sound a warning note to companies in the business of buying and selling consumer data.

The story starts when the Federal Trade Commission (FTC) joined forces with the U.S. Postal Inspection Service and the U.S. Attorney for the Southern District of Illinois to stop an operation that sold consumer data to telemarketers who planned to use the information illegally. The lists included consumers’ credit card and bank account numbers, exposing thousands of consumers to possible identity theft.

The Postal Inspection Service set up an undercover sting – using postal inspectors posing as Canadian telemarketers – and sought to buy lists that contained consumers’ credit card numbers, security codes, bank account information, and routing codes.  The undercover inspectors made it clear they planned to use the data to market credit cards for a fee in advance, in violation of the FTC’s Telemarketing Sales Rule.  It’s illegal to traffic in lists like that, but one particular list broker, Practical Marketing, sold them to the undercover inspectors anyway.  The U.S. Attorney brought criminal charges against Practical Marketing, and the company pleaded guilty to identity theft in federal court.  

In a related civil action, the FTC charged Practical Marketing with knowingly assisting telemarketers who were illegally buying lists to solicit consumers for the credit cards.  According to the FTC, Practical Marketing and its principals sold unencrypted credit card and bank account information – so-called full data leads– in violation of federal law.  

The FTC settlement bars the list brokers from collecting, selling or disclosing consumers’ account numbers to unaffiliated third parties, and requires them to turn over the lists to the FTC and destroy any copies. The settlement also requires them to take steps to monitor their clients’ activities, including evaluating the truthfulness of their marketing claims, investigating any complaints they receive about their clients, and reporting clients’ questionable activities to the FTC.

What lessons should marketers take from these cases?  First, cross-border fraud remains a top target for federal law enforcers.  Companies that violate the law can’t hide their wrongdoing behind national borders.  Second, in appropriate cases, federal law enforcement agencies will work together to use every weapon in their arsenal – civil and criminal – to combat illegal business practices that harm consumers.  Third, marketers should exercise caution in any transaction involving consumer information.  

Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.