Vivint Smart Homes Inc., a smart home security and monitoring company with a financing program, must pay $20 million as a part of a settlement related to Federal Trade Commission’s (FTC) allegations that the company violated the Fair Credit Reporting Act (FCRA) by improperly obtaining credit reports for potential customers. The company also allegedly violated the FTC’s Red Flags Rule (as codified by 16 C.F.R. § 681.1) by neglecting to adopt a written Identity Theft Prevention Program, which is designed to detect the red flags of identity theft in a company’s day-to-day operations. According to the stipulated order for permanent injunction and civil penalty judgment filed on April 29, 2021, the company will pay a $15 million civil penalty, as well as an additional $5 million to compensate injured consumers.
The FTC alleged that sales representatives of the company often found another consumer with the same or similar name, and used that innocent consumer’s credit history to qualify an unqualified customer. Said representatives also allegedly asked customers to give a name of someone they knew with better credit, then added that person as a co-signer without their permission, and used their credit history for the unqualified customer. When the unqualified customers defaulted on their loans, the co-signer was allegedly referred to the company’s debt buyer. Said innocent consumers stated that they were victims of identity theft as a result.
The settlement also requires the company to implement a monitoring and training program for its employees, an identity theft prevention program, and a customer service task force to verify account ownership prior to referring accounts to debt collectors. The company must also help the innocent consumers that were referred to debt collectors, obtain independent compliance assessments, and appoint a chief compliance officer.
These allegations and corresponding settlement terms underscore the importance of compliance with the FCRA.