Securing Sensitive Debt Data

Slide background

Securing Sensitive Debt Data

Like juggling chain saws or using a Ming vase as a sippy cup, some things are just too risky to be reasonable. Here’s one to add to that list: posting unencrypted financial information about 55,000 consumers on a website available to anyone with an internet connection. Two FTC settlements with debt brokers – and a 7-step brochure for industry members – offer advice on keeping sensitive information secure.

In separate lawsuits filed last year, the FTC says two companies posted spreadsheets on a site for debt buyers, sellers, and others in the collections industry. The spreadsheets included the kind of information that’s an all-you-can-eat buffet for fraudsters and identity thieves: names, addresses, credit card numbers, bank account data, and debts people allegedly owed. The disclosure of data like that raises the specter of phantom debt collection.

The name sounds other-worldly, but the problem is all too real. Phantom collectors get people to pay debts they’re not authorized to collect. Armed with enough information to sound legit, they pocket the cash and disappear. And they don’t stop there. Some phantom debt collectors collect from people who don’t owe money at all. They lean on consumers so hard that some say “Uncle!” just to make it stop.

Of course, the lifeblood for these ghouls is financial information other companies have handled cavalierly. The FTC alleged that those companies put consumers in substantial risk by making their data a available to anyone who visited that site. At the FTC’s request, a federal court ordered the site to take the information down. It also ordered the debt brokers to contact the consumers whose information had been compromised.

The settlements require them to set up and maintain security programs to protect consumers’ sensitive information. And it won’t be a one-time thing. They have to get qualified third parties to certify their programs every two years.

Sarma Collections is compliant with all regulatory requirements, including CFPB, FCRA, FDCPA, HIPAA and FTC matters. We are regularly audited by third party agencies to ensure compliance with all regulatory requirements. We use state-of-the-art telephone voice technology recognition tools to ensure proper disclosure compliance


Categories: News & Press Releases

Tags: ,

Leave a Comment