Archives for April 2021

Last month, insideARM reported that in the case of Hunstein v. Preferred Collection & Mgmt. Servs., No. 8:19-cv-983 (M.D. Fla. Oct. 29, 2019), the 11^th Circuit Court of Appeals heard oral arguments regarding whether the practice of using a mail house to send demand letters to consumers violated the Fair Debt Collection Practices Act (FDCPA). Today, the Court has given us their answer, holding that transmitting data to a mail house to generate and send demand letters to consumers does indeed violate the prohibition on third-party disclosure set forth in 15 USCA § 1692c(b). 

 [article_ad]

The Background:

In Hunstein, the consumer argued that sending a data file with consumer information to a mail house to prepare and mail a collection letter is an action “in connection with” the collection of a debt, and thus an unauthorized third-party disclosure in violation of 15 USCA §1692c(b). The District Court disagreed and dismissed the case with prejudice.

The consumer appealed to the 11^th Circuit, and on March 10, 2021, the 11^th Circuit heard oral arguments.   The debt collector, Preferred Collection and Management Services, Inc. (Preferred), argued primarily that because the transmittal did not include a demand for payment, the transmission merely “related to” the collection of a debt and was not an unauthorized third-party disclosure. In support of this position, Preferred cited several cases stating that the Court should adopt a factor-based analysis to determine whether the transmission was “in connection with” or merely “related to” the collection of a debt.

Today’s ruling from the 11^th Circuit:

In reaching its holding, the Court focused on the plain meaning of the word “connection” and then on the statutory language. Regarding the word “connection” the Court noted that the dictionary definition of “connection” means “relationship or association” and “in connection with” is a “vague, loose connective” and means “with reference to [or] concerning.” the Court reasoned, “It seems to us inescapable that Preferred’s communication to Compumail at least ‘concerned’ was ‘with reference to’ and bore a ‘relationship or association’ to its collection of Hunstein’s debt,” and held that the transmission of data was, therefore “in connection with the collection of a debt” as the phrase is commonly understood,

Next, the Court turned to the language of 15 USCA §1692c(b), which states “a debt collector may not communicate, in connection with the collection of any debt, with any person other than the consumer, his attorney, a consumer reporting agency if otherwise permitted by law, the creditor, the attorney of the creditor, or the attorney of the debt collector.”   In rejecting Preferred’s argument regarding the application of a demand for payment factor, the Court reasoned that under such an interpretation, “Communication with four of the six excepted parties- a consumer reporting agency, the creditor, the attorney of the creditor, and the attorney of the debt collector, would never include a demand for payment” (emphasis in original). Therefore, the Court found that “the phrase ‘in connection with the collection of any debt’ in §1692c(b) must mean something more than a mere demand for payment.  Otherwise, Congress’s enumerated exceptions would be redundant.”

Further, the Court distinguished each of the cases cited by Preferred in support of its factor-based analysis since the statute at issue in each of those cases was 15 USCA § 1692e, and not 15 USCA §1692c(b).   The Court noted that since §1692e operates differently than §1692c(b), the District Court should not have relied on the cases cited by Preferred when it dismissed the Hunstein matter with prejudice in 2019.

The Court recognized that its ruling might have widespread implications across the debt collection landscape. However, it did not allow that possibility to sway its opinion, stating,

“It’s not lost on us that our interpretation of § 1692c(b) runs the risk of upsetting the status quo in the debt-collection industry. We presume that, in the ordinary course of business, debt collectors share information about consumers not only with dunning vendors like Compumail, but also with other third-party entities. Our reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost. We recognize, as well, that those costs may not purchase much in the way of ‘real’ consumer privacy, as we doubt that the Compumails of the world routinely read, care about, or abuse the information that debt collectors transmit to them. Even so, our obligation is to interpret the law as written, whether or not we think the resulting consequences are particularly sensible or desirable. Needless to say, if Congress thinks that we’ve misread § 1692c(b)—or even that we’ve properly read it but that it should be amended—it can say so.”

Finally, the Court found that the consumer had standing to bring the action because a violation of 1692c(b) gives rise to a concrete injury in fact under Article III.  The dismissal entered in October 2019 has been reversed, and the case has been remanded to the district court for further proceedings.

The full opinion can be found here.

insideARM Perspective:

What does this opinion mean? Should everyone panic?  No.  The opinion just came out today; in the coming days, there will be many brilliant legal minds focused on what comes next and whether there is any way to obtain some relief from this opinion. That said, accounts receivable entities are cautioned to read this opinion in its entirety and consult with legal counsel regarding their next steps.

In case you missed it, earlier this month, the CFPB reached settlements with two entities it accused of wrongdoing.  On April 6, 2021, the CFPB issued a press release detailing the Consent Order it reached with Yorba Capital Management, LLC (Yorba) and its sole owner Daniel Portilla, Jr. (Portilla), and on April 13, 2021, the CFPB issued a press release  detailing the Complaint filed and Stipulated Final Judgment and Order it reached with SettleIt, Inc (SettleIt)

The Yorba/Portilla Consent Order

Here, the CFPB alleged that Yorba and Portilla mailed notices to consumers in an attempt to collect a debt that falsely represented that consumers would be sued and that there would be further legal action if the consumers did not pay the debt shown on the notices. Although the accounts had never been sent to an attorney for litigation, they were titled “Litigation Notice” and even included a spot for case numbers.

Further, the letters stated, “You are hereby notified that a recommendation to file a lawsuit to collect this debt may be the next step resulting in a judgment entered against you,” and “to avoid any further legal action, you need to contact our office within 10 days of this notice; otherwise, we will assume you do not intend to pay this debt and litigation will be commenced immediately.”  The notices also informed consumers that “[a] judgment is a serious legal matter and several methods to collect a judgment are available to us” and listed ways in which Yorba could collect on a judgment if it were to obtain one.  Some consumers called in response to the notice; however, the CFPB alleged that Yorba’s representatives would provide little (if any) information about the alleged debt. Instead, consumers were verbally threatened with lawsuits or arrests.

According to the CFPB, Despite including this language in the letters, Yorba and Portilla did not retain lawyers and never filed lawsuits against consumers. Thus the CFPB alleged that the letters misled and falsely threatened legal action against consumers in violation of the CFPA, 15 USC §§ 5531(a) and 5536(a)(1)(B), and the FDCPA, 15 USC §§ 1692e(5) and 1692e(10).   The CFPB further noted that “false representations in the letter were material. Statements about the imminence of a lawsuit and the implication that legal action has already been taken are important to consumers and are likely to affect their conduct as to whether they pay the alleged debt.”

The Consent Order permanently bans both Yorba and Portilla from the debt collection business, includes a judgment of $860,000 (which is suspended due to an inability to pay), and a civil penalty payable to the CFPB of $2,200.00

The SettleIt Stipulated Judgment

In this action, the CFPB filed a complaint against SettleIt, an online debt settlement company.  According to the CFPB, SettleIt, presents itself as an independent debt-settlement company that helps consumers negotiate with creditors like CashCall and LoanMe. But SettleIt is affiliated with CashCall and LoanMe; the same individual owns SettleIt and CashCall, and LoanMe is tied to SettleIt through loans and agreements.

The CFPB claimed that SettleIt abused consumers’ trust by charging fees to negotiate settlements that favor those companies and steered distressed consumers into taking out expensive loans with CashCall and LoanMe while hiding the fact that SettleIt took its debt-settlement fees from these loan proceeds. According to the CFPB, SettleIt kept consumers in the dark about its relationships with CashCall and LoanMe, and despite its ties with CashCall and LoanMe, even included language in call scripts saying “we are not owned or operated by any of your creditors.”

Although SettleIt did not admit or deny the allegations, the Bureau and SettleIt filed a proposed Final Judgment and Order requiring SettleIt to return at least $646,000 in fees to consumers, pay a $750,000 civil penalty, and stop settling debts for creditors with which it shares an ownership interest.

“SettleIt’s strategy of steering consumers into sweetheart deals with its confederates was illegal,” said CFPB Director David Uejio. “The CFPB will not tolerate companies that purport to represent consumers, but instead abuse their trust in a self-dealing scheme. This case provides a clear example of what Congress intended to prohibit when it created the CFPB and gave it authority to prevent abusive practices.”

insideARM Perspective:

In light of Director Ueijo’s previous statements that protecting consumers is his top priority, the Consent Order in Yorba and Stipulated Judgment in SettleIt, are not all that surprising.  However, what is a bit surprising is that the CFPB continues to uncover schemes that are relatively egregious violations of law and maybe even of common sense. One has to wonder whether the letters in Yorba or the call scripts in SettleIt were the subjects of a compliance review.  The allegations in these cases do not appear to be in the proverbial gray area. It’s hard to imagine that any compliance professional would approve the letter in Yorba, with all of its misstatements and threats, or the call scripting in SettleIt, which appears to be patently false on its face.  Assuming neither entity intended to violate the law, perhaps these results could have been avoided if they sought a compliance review of these communications before interacting with consumers.  These cases should serve as another reminder that compliance should be an integral part of any Accounts Receivable Entity’s process in developing consumer-facing communications.

The U.S. Court of Appeals for the Third Circuit recently affirmed the dismissal of a class action complaint alleging that a collection letter’s itemization of a debt as including “$0.00” in interest and fees — when the debt could not accrue interest or fees — violated the federal Fair Debt Collection Practices Act.

In so ruling, the Third Circuit concluded that the inclusion of line items listing $0.00 in the form letter’s interest and fees columns did not mislead the consumer to believe that he may owe interest or fees in the future in violation of the FDCPA’s prohibition on deceptive (§ 1692e) and unfair or unconscionable (§ 1692f) means of collecting consumer debts, even under the court’s hypothetical “least sophisticated consumer” standard.

Of note, the federal Consumer Financial Protection Bureau filed an amicus brief in support of the debt collector and the creditor in this appeal. The Third Circuit noted that the CFPB’s recently finalized Regulation F to the FDCPA “seemingly condone[s] itemizing interest and fees as [the debt collector] did. … Under the pending rules, debt collectors must include in certain notices a table showing the interest, fees, payments, and credits that have been applied—even if none have actually been applied—to a consumer’s debt since the itemization date. … And ‘a debt collector may indicate that the value of a required field is ‘0,’ ‘none,’ or may state that no interest, fees, payments, or credits have been assessed or applied to the debt.’”

A copy of the opinion in Hopkins v. Collecto Inc. is available at:  Link to Opinion.

A consumer received a letter from a debt collector which sought to collect past due amounts on behalf of a creditor who acquired the debt. 

The letter included a table itemizing the debt into four columns providing (i) the principal balance of the debt ($1,088.34), (ii) interest ($0.00), (iii) “Fees Coll. Costs” ($0.00), and (iv) total balance ($1,088.34).  The letter concluded that the consumer owed $1,088.34 on the debt and offered to “resolve this debt in full” if he paid a reduced amount of $761.84.

The consumer filed a putative class action complaint against the debt collector and creditor (collectively, the “debt collectors”) alleging that the letter’s inclusion of the table with itemized columns for interest and fees violated sections 1692e and 1692f of the FDCPA, 15 U.S.C. § 1692, et seq. 

Specifically, the consumer claimed that because the debt was static and purportedly could not accrue interest or fees, that assigning a “$0.00” value to those columns falsely implied that interest and fees could accrue and increase the total debt over time.

Upon consideration of the debt collectors’ motion to dismiss, the trial court dismissed the consumer’s complaint with prejudice, reasoning that the letter neither “leave[s] the least sophisticated consumer in doubt of the nature and legal status of the underlying debt” nor “impede[s] the consumer’s ability to respond to or dispute collection.”  The consumer appealed.

On appeal, the lone issue before the Third Circuit was whether the letter’s inclusion of a table denoting “$0.00” in interest and collection fees falsely implied that interest and collection fees were materially likely to accrue in violation of FDCPA’s prohibitions on deceptive (§ 1692e) and unfair or unconscionable (§ 1692f) means of collecting consumer debts.

Initially, the Third Circuit noted that other federal appellate courts recently addressed similar claims. 

In Degroot v. Client Services, Inc., 977 F.3d 656 (7th Cir. 2020), the Seventh Circuit held that a collection letter that listed a debt as including $0.00 in interest and fees “mere[ly] rais[ed] . . . an open question about future assessment of other charges,” and did not mislead the unsophisticated consumer.  Id. at 660–61. 

Likewise, in Salinas v. R.A. Rogers, Inc., 952 F.3d 680 (5th Cir. 2020), the Fifth Circuit concluded that a dunning letter’s inclusion of $0.00 due in interest and fees and the statement that “in the event there is interest or other charges accruing on your account, the amount due may be greater than the amount shown above after the date of this notice” did not violate the FDCPA “from the perspective of an unsophisticated or least sophisticated consumer” Id. at 683–84 & n.3.

Here, the consumer attempted to distinguish these cases, arguing that the Third Circuit’s “least sophisticated debtor” standard is more forgiving than the “unsophisticated debtor” standard under which these cases were decided. 

The Third Circuit disagreed, noting that its framework is “functionally equivalent to the unsophisticated debtor standard on which claims like [the consumer’s] have foundered.  Jensen v. Pressler & Pressler, 791 F.3d 413, 419 & n.3 (3d Cir. 2015) (noting that it is “sometimes referred to as the ‘least sophisticated consumer’ or ‘unsophisticated debtor’ standard”). 

Finding the rationale of the Fifth Circuit in Salinas and Seventh Circuit in Degroot persuasive, the Third Circuit similarly concluded that the letter did not violate the FDCPA by itemizing $0.00 in interest and fees on his static debt.

The Third Circuit further concluded that affirmation of dismissal was appropriate even if confined to “least-sophisticated-debtor” case law which assumes that even naïve consumers possess a “quotient of reasonableness” consistent with “a basic level of understanding and willingness to read with care.”   Wilson v. Quadramed Corp., 225 F.3d 350, 354–55 (3d Cir. 2000) (citation omitted).  

First, the Court noted that the Second Circuit rejected similar claims under a “least sophisticated consumer” standard in Taylor v. Financial Recovery Services, Inc., 886 F.3d 212 (2d Cir. 2018), holding that letters seeking to collect static debts that “stated their respective balances due without discussing interest or fees” were not misleading to “the least sophisticated consumer.” 

Moreover, the Third Circuit reasoned that its “FDCPA case law does not support attributing to the least sophisticated debtor simultaneous naïveté and heightened discernment” as the consumer attempted here by acknowledging that the letter was a “mass-produced, computer-generated form letter[],” yet purportedly failing to understand that listing $0.00 in each of the form letter’s interest and fees columns was an “inapplicable vestige[] of a template letter.” 

Because the consumer failed to state an FDCPA claim under the court’s “least sophisticated debtor” standard, dismissal of the class action complaint was affirmed.

With Facebook neutralizing most TCPA ATDS claims, understanding the DNC rules—including the dense CFR requirements— is more important than ever.

Well a court in Pennsylvania just quietly saved TCPAWorld from a massively dangerous new theory and—per usual—we’re the only ones talking about it.

Courts struggle with whether a cause of action is permitted for a violation of 47 CFR 64.1200(d)—requiring maintenance of an internal DNC list and policies and training by all marketers regardless of the technology they use to place calls—but a solid body of law is now developing that individuals who did not ask for calls to cease lack standing to sue in any event. That’s good news for well-meaning businesses but bad news for professional litigators who don’t get to sue over a ticky-tack violation unless a company actually does something wrong. (Heaven forbid.)

Well a Plaintiff in PA decided to test the limits by arguing that these courts are wrong because the CFR protects everyone one the national DNC list, not just those who actually asked a specific business for calls to stop.

Hmmmm.

Backing up, a 61.1200(d) claim—known as an “internal DNC” claim in the jargon—is a particularly dangerous claim. This is so because—according to the Plaintiff’s bar’s theory—the failure to maintain a policy converts every single call made by a marketer (even those with consent!) into an automatic violation of the TCPA. And nothing is easier to certify than a case involving every single call made by a company—just ask DirectTV. So internal DNC claims are actually the most dangerous type of TCPA case out there—where they’re permitted.

As mentioned above, these claims have been stamped out recently by courts determining that only individuals who have asked for calls to stop can sue—including unnamed class members. This converts Internal DNC claims into run-of-the-mill (uncertifiable) revocation cases that go nowhere. But what if the Plaintiff’s bar could expand the reach of the provision to protect more than just those that asked for calls to stop?

Well in Perrong v. South Bay Energy Corp., Case No. 2:20-cv-05781-JDW, 2021 U.S. Dist. LEXIS 70715 (E.D. Pa.  April 13, 2021)  a district court just saved everyone from having to find out.

Perrong is actually a really important ruling. The Plaintiff argued directly that the internal DNC rules are designed to protect all numbers on the national DNC list. Had this theory been accepted then everyone on the DNC would automatically have standing to bring an Internal DNC claim, even without having asked the caller for calls to their phones to stop.

The Court in Perrong held that the Plaintiff’s broad reading of 47 CFR 64.1200(d) was inconsistent with the regulation’s language and dismissed the claim as brought by a Plaintiff who had not actually asked for calls to cease. So TCPAWorld was saved.

We’ll keep an eye on this for you. And if you see this argument crop up in one of your cases let us know!

Implementations can be thrown off track by blind spots that add costs and time, and result in a lack of confidence in the overall solution. At Bridgeforce, we routinely help clients identify blind spots and take steps to ensure a smooth implementation. Here is our list of the top 10 critical blind spots to watch for — all of which can be managed and avoided if you take action early.

10 Blind Spots to Watch for When Implementing Digital Technology

1. ‘Out of the Box’ Descriptions

The vendor’s generic screen text and customer journeys are written for all clients. You’ll need to customize it for your organization with unique messaging and copy, customer journey flows, branding and opt-in/opt-out experiences.

Blind spot risk: Customization and development adds to your timeline and costs.

Steps to Take

Secure Involvement: Engage resources from compliance, customer experience and marketing teams when vendors are providing demos so that each team can ask the appropriate questions to ensure that they get what they need from this solution.

Identify SME Engagement: Before vendor selection is complete, require that each business partner assess the work effort and resource needs to make required changes. Then, you can determine the impact on the project timeline and budget. This sets expectations and informs effort and subsequent timelines.

2. Not Using Vendor’s Service Providers

Think twice before taking a pass on your vendor’s selected providers. There are four major integrations that must be considered: payments, SMS, emails, and letters. Generally, using the vendor’s partners will be an easier onboarding experience with less required customization.

Blind spot risk: Difficulty with onboarding and customization adds to your timeline and costs.

Steps to Take

Interrogate During Vendor Demos: Discuss available integrations during vendor demos so that you can make an informed assessment. This way, you can weigh trade-offs of using vendor partners against internal/enterprise solutions. The output of this key decision has a direct impact on your timeline and budget prior to project kickoff.

3. Lack of Source System Knowledge

You’ll need SMEs who have in-depth knowledge of all the affected source systems in order to properly map data for placement files and return files.

Blind spot risk: Depending on how many systems you use, lacking source system familiarity could add weeks and months to your deployment timeline.

Steps to Take

Plan Ahead: Determine early which data will be passed to the vendor in the placement file each day. Ensure that you know how the data that is returned to the source systems will be mapped. Then, begin sourcing those items.

4. Counting on the Vendor for Operationalization

Operationalizing the digital solution falls entirely on you because a software company defines a completed installation only as “deployment of the software.” Vendors aren’t focused on your operations – but you should be.

Blind spot risk: If you’re too late recognizing the need to operationalize, you will slow progress, extend your timeframe, and may face additional costs if the vendor has to pause activity.

Steps to Take

Build Operationalization into Your Timeline: Ensure that your implementation plan considers time for strategy design and coding; messaging content creation and deployment; reporting design; procedure updates; integration with control self-assessments; and analytics. Vendors may provide some light support in configuring the application parameters, but anything else beyond that is not their core business model.

Create Workflow in Advance: Predetermine your processes and workflows (for example, is the goal of digital collections to drive more self-service or to improve interaction that ultimately connects to an agent?). The end-to-end internal operational experience and external customer experience is unique to each organization – and yours is no exception.

5. Timeline Based on Vendor’s Standard Deployment

The vendor will assume that several key dependencies have been finalized by your organization, such as strategy design. This can create an unrealistic, often ambitious timeline.

Blind spot risk: Setting false expectations across the organization. If the timeline is unrealistic, the necessary adjustments that you’ll need to make will lengthen time to completion and could negatively influence staff perceptions.

Steps to Take

Determine Current State Readiness: Standard deployment schedules are achievable if your organization is ready. To ensure readiness, complete an initial working session and assessment. Consider elements such as outreach strategies, customer experience, reporting, roles and responsibilities, and compliance requirements.

6. Undervaluing the Need for End-User System Expertise

Once implemented, a technical solution requires technical expertise by the end-user. Alternative support from your vendor can be costly and in short supply. Don’t overlook the importance of having in-house expertise to make ongoing changes and evolve your strategy.

Blind spot risk: Lack of ability to make changes in-house may result in increased costs for outside support.

Steps to Take

Create Power Users: Identify power users within your organization who are familiar with the new technology. Arm them with a clear roadmap to onboard and transfer knowledge of the system from the vendor to secure a more successful post-implementation experience. By leveraging this intelligence, you can make changes as you go to better reach your customers through their preferred channels and increase the likelihood of getting paid.

7. User Acceptance Testing (UAT) is Not Provided by the Vendor

The plans or scripts for UAT are carefully coordinated and require attention to detail. UAT includes creation of test cases, conditioning test data, running test cycles in test bed, and ensuring controls so as not to adversely impact “real customers” in production. UAT will likely fall under your responsibilities because the vendor’s obligation starts and ends with the technical install.

Blind spot risk: Being unprepared for UAT will throw off your timeline. Additionally, the risk of quickly implementing the UAT plan could cause reputational or regulatory damage if customers are negatively affected.

Steps to Take

Tap Experience: Identify experienced implementation resources well before the testing milestone. This implementation team must have knowledge of both the vendor’s solution and your internal operating systems in order to create and oversee effective test plans and scripts.

8. Internal Efforts can Become Overwhelming

Your organization will be responsible for many deliverables to the vendor for implementation – a fact that is often overlooked during vendor pitches and demos.

Blind spot risk: Failure to provide deliverables according to the schedule can affect the integrity of the implementation and alter the timeline.

Steps to Take

Ensure Commitment: Make sure that the deployment timeframes provided by vendors are clear. Your organization should plan to dedicate resources that represent the following functional areas and roles: IT, Operations, Strategies & Analytics, Customer Experience, Compliance, Ops Risk, and Program Management.

9. Vendor’s Scope Doesn’t Include Additional Development and Reporting

Standard reporting packages offered by vendors tend to be high-level and designed as “out of the box” solutions for all clients. If your organization wants to see account-level detail, however, it will be your responsibility to put in the time and effort to uncover this level of information.

Blind spot risk: Missing reports and data that were expected as part of implementation can leave an organization scrambling and result in a lack of confidence in the vendor solution and ultimately, your decision-making capability.

Steps to Take

Review Data: It is very important that your organization has the right data, has confidence in the quality of that data, and can distribute information in appropriate reports. Confirming the MIS/Reports needed for deployment requires review by your organization to understand ‘what’ data is available and ‘how’ to extract the information for internal consumption.

10. Extra Time is Required to Establish New Short Codes for SMS

The application process with cellphone carriers to obtain short codes can take between 6-12 weeks to set up.

Blind spot risk: Without these short codes, communications though SMS will be delayed – affecting overall digitalization launch.

Steps to Take

Start Early: If your organization requires a new short code, make sure to request it prior to your project kickoff. This will eliminate unexpected delays in your implementation plan.

Upgrading Collections Technology Can Be Tricky

Determining digital readiness, selecting the right-fit vendor and managing a seamless implementation all bring unique challenges to upgrading collections technology. See our webinar series that covers all these areas for more details on how to manage a tech upgrade and vendor selection with confidence. If you’d like more information and are interested in being ably supported in your journey, contact us today. We’ll set up time to learn more about your project and get you started.

Rebekah Johnson, CEO, and Anis Jaffer, Chief Product Officer of Numeracle host a live Q&A podcast series covering all things related to call center communications, including call delivery, STIR/SHAKEN, caller ID technology, TRACED Act, brand identity, and more. In the episode below (transcript edited by insideARM; listen to the full episode here), Rebekah and Anis have the second part of their discussion about what it takes to authenticate and achieve the elusive “green checkmark” on the end subscriber’s device. Read the first part here.

Let’s start with a recap of the origination side as it relates to authentication.

Rebekah Johnson: First and foremost, the originating service provider must establish a local policy for how they will attest to the authenticity of the calls originating on their network. This will be achieved through policy and procedures with the help of identity management tools if needed. The indicator in SHAKEN that relays this authenticity is through the Attest Claim, which can be one of the following three values: A, B, or C, as defined in the ATIS Standard.

We also learned an originating service provider’s reputation is dependent upon how rigorous a local policy they implement when making the claim of A. Meaning, the identity of the caller, and authorization for use of the TN can be proven.

We concluded part one of What it Takes to Authenticate by exploring the challenges related to the gap between the originating service provider and the identity of the caller due to the presence of call centers, BPOs, and communication platform providers. Several options were discussed, each with their respective pros and cons. The expectation is that the industry will land with one or possibly multiple solutions.

Where should we start on the termination side? How does the terminating carrier make the final decision to display the green checkmark?

Anis Jaffer: To understand what happens at call termination, let’s first talk about the various components involved. First, we have the terminating network: this is the service provider where the call is terminated. Then you have the user device where the call lands. You can also have another component used by the terminating service provider for call validation, which is the analytic service that some providers use. So, in STIR/SHAKEN when the terminating network receives the call, they would first verify the signature received as part of the SIP header. This verification service would determine whether the call received is from a trusted source.

We talked about Attestation Flags last time, so the attestation flags sent by the originating network will be used by the terminating side to determine whether the call can be authenticated. Assuming the call is authenticated, the verification service then would update a parameter, what is called a Verstat Parameter. If the call is authenticated the Verstat Parameter would be updated as “TN validation passed.” If the call is not authenticated, then the terminating service provider would set it “TN validation failed.” In this case, they can also block the call.

Rebekah Johnson: You mentioned call validation. I’ve heard this referred to as CVT or Call Validation Treatment. Would you explain that portion just a little bit further?

Anis Jaffer: CVT is the (optional) analytics service that service providers can use. After the carrier verifies the result from the SIP Header, the CVT uses analytics and reputation data sources to determine if a number is fraudulent or spam. This information is then used as an overlay on the user device to show if a call is labeled as ‘Spam,’ ‘Scam,’ ‘Nuisance Likely,’ etc. This could either be a carrier application service that’s drawn as part of the verification we talked about earlier or, it can be implemented as a third-party solution. For instance, all the major U.S. carriers use third-party analytics for call labeling.

Okay, so as for the consumer display, where does the green checkmark fit in?

Anis Jaffer: We talked about carrier verification and analytics. The green checkmark is on the user equipment or the end device. Let’s say the call terminates at the network level, verification is done by the verification service, TN validation is passed, and the verstat parameter is set as “validation passed.” At this point, CVT does its check, and let’s say the number is determined as ‘Not Scam’ or ‘Not Spam. At this point, the CVT can pass this information to the user device or an app running on the user device, which can then display a checkmark, typically a green check, or it could be a character “V”.

This depends on the user equipment. In the case of smartphones, you can display the checkmark but in the case of devices with limited capabilities that display text-only, a simple indicator, like a letter V, can be used. For instance, Comcast recently announced a rollout of STIR/SHAKEN across the Xfinity Voice Over IP-network. They leverage both for displays that are capable of displaying the green check. For character or display-limited devices, they display the letter V.

Rebekah Johnson: Speaking of Xfinity, we led a proof-of-concept to test delegated certificates with Comcast, which was serving as the terminating provider, and Twilio as the originating provider. Through our Identity Management Platform™ we were able to verify the identity, authorization for use of TN, and elevate this information to Twilio via a delegate certificate provided by NetNumber.

The reason Comcast seems to be progressing very quickly on the display side of termination is their control of the display on the TV and their mobile service. Does this mean the display is dependent upon the user and the equipment?

Anis Jaffer: Yes, that’s a very important layer that influences how the calls are displayed on the device. Assuming verification process CVT checks and calls actually land, the app running on the device can layer its data on top. It could be a green checkmark, it could be a CNAM look-up where it can pull up the caller’s name, or it could look up its own data source for logo and call reason for that number and display that. There are several apps that do this today and typically they use pre-loaded data either from an internal database or by connecting to a third-party data source. They match the number to the corresponding name, logo, and call reason, and they overlay that information on the device. Today it’s usually caller name, but more and more we are seeing rich call data and logos being displayed.

Does the rich call data provide information, such as logo and call reason, as part of the STIR/SHAKEN certificate?

Anis Jaffer: There is a way to pass RCD over SIP as part of the SIP header. An originating service provider can add an RCD claim and when that information is received by the terminating service provider, they can choose to display this information on the device. However, this is not part of the BASE STIR/SHAKEN specification and the originating service provider does not have to do this. The delegated cert specification allows RCD to be added to the header, however, adoption is still early. We have to get through the STIR/SHAKEN implementation first before we can take full advantage of RCD claims on the SIP header.

With that said, while STIR/SHAKEN implementation is ongoing, some other solutions have sprung up. These are essentially using the data network to transmit rich call data to the user device by bypassing the communication network; these are called out-of-band solutions. For example, Google introduced Google Verified Calls, which works this way.

Out-of-band means out-of-telecom-band. What exactly is this and how does it work?

Anis Jaffer: In an out-of-band model the originating enterprise and its information, such as business name, logo, the numbers they are using, and the reason for those calls, are registered ahead of time with the service. When the business originates the call, they can attach the From: Number and the To: Number to the service right before the call is made. They have to do this right before the call because this information is short-lived and it is only alive for a few minutes.

In the case of Google, for instance, they can push this information to a specific Google device. As soon as the call lands on the device, Google can overlay the logo and call reason when the call rings. So as the data is sent, not using the communication network but essentially using the data network, it’s called out-of-band.

Rebekah Johnson: This raises interesting concerns. If it’s outside of the communication network, then is it outside of the Standard?

Anis Jaffer: That’s a tricky question to answer. It’s outside the Attest or STIR/SHAKEN Standard, but they are part of an IETF STIR Standard called STIR Out-of-Band. So it’s not something that’s completely out of standard specification. In fact, even in the case of STIR/SHAKEN, there are networks that are not fully SIP enabled and this method can be used to pass data. Surprisingly, there are a lot of networks that are still TDM-based, and since they cannot handle SIP headers, one proposal that has been presented is to send this STIR/SHAKEN information using the data network, or basically, an out-of-band solution.

What should we expect from the FCC’s June 30th deadline?

Rebekah: While I’m hopeful for a June 30th, 2021 deadline, I don’t believe that we’re going to see an environment where authentication from origination to termination exists throughout the network; it’s going to be a mix. I think we’re going to have to continue to watch the progression of where this goes and how the industry responds. Especially, it seems the terminating carrier side has a lot of control over what eventually gets displayed no matter what you do on the origination side.

Anis Jaffer: At the end of the day the call gets terminated and the user device has to display the information. You can add information at origination, but then it needs to get transported first to the terminating service provider, and then they have to figure out how to send this data to the end device. Then we have this added complexity of multiple service providers that are not SIP-enabled, there are several TDM-based networks, so how do you pass the information through their network? Calls don’t go on a single hop, there are multiple hops that happen before the call actually goes from origination all the way down to termination, so there is also this added layer where you should be able to send data.

I think the space is going to be evolving; the first step is to implement STIR/SHAKEN and get as many carriers as possible and networks as possible to handle that. Then over a period of time, we’ll be able to add rich call data. In the meantime, devices also need to have the capability to display the information; that is also evolving. We saw Google doing something. Apple could do similar things, but we don’t know at this point.

Last week the California Department of Financial Protection and Innovation (DFPI) issued a reminder to future debt collector licensees and existing mortgage lenders and servicers about protections for California renters and homeowners experiencing economic hardship under the COVID-19 pandemic.

The DFPI will take all necessary actions to ensure debt collectors comply with the FDCPA, CFPA, and the COVID-19 Tenant Relief Act.

Here is the text of the reminder:

Under California law, COVID-19 rental debt includes any “unpaid rent or other unpaid financial obligation of a tenant” that came due between March 1, 2020 and June 30, 2021. (Code Civ. Proc. § 1179.02.) The COVID-19 Tenant Relief Act (SB 91) includes the following renter protections for COVID-19 rental debt:

• COVID-19 rental debt cannot be sold or assigned before July 1, 2021. (Civ. Code §1788.65.)
• Starting July 1, 2021, COVID-19 rental debt cannot be sold or assigned if the debt pertains to a person “who would have qualified for rental assistance funding” under California’s emergency rental assistance program if “the person’s household income is at or below 80 percent of the area median income for the 2020 calendar year.” (Civ. Code § 1788.66.)
• Creditors cannot charge or attempt to collect late fees for COVID-19 rental debt if the renter has submitted a “declaration of COVID-19-related financial distress.” (Civ. Code § 1942.9, subd. (a)(1).)
• With limited exceptions, those collecting COVID-19 rental debt in court must submit documentation showing that they have made “a good faith effort to investigate whether governmental rental assistance is available to the tenant, seek governmental rental assistance for the tenant, or cooperate with the tenant’s efforts to obtain rental assistance from any governmental entity, or other third party.” (Code Civ. Proc. § 871.10.)
• Actions to recover COVID-19 rental debt may not be commenced before August 1, 2021, and any action to recover COVID-19 rental debt that was pending as of January 29, 2021 is stayed until August 1, 2021 (Code Civ. Proc. § 871.10, subds.(d), (f).)

Under California’s COVID-19 rental assistance program, a landlord can receive 80 percent of unpaid rent owed from April 1, 2020 through March 31, 2021 from government funds for a qualifying tenant if they agree to forgive any remaining unpaid rent for that period. To comply with applicable laws, debt collectors should ensure that they are not collecting rental debt that was paid or forgiven under California’s rental assistance program.

[article_ad]

The DFPI also reminds debt collectors that the federal Fair Debt Collection Practices Act (FDCPA) and the Consumer Financial Protection Act (CFPA) (part of the Dodd-Frank Wall Street Reform and Consumer Protection Act) protect California consumers from unfair, false, deceptive, or misleading representations, and harassment or abusive conduct in
rental debt collection. (15 U.S.C. § 1692 et seq.; 12 U.S.C. § 5536.) For example, courts have held that falsely suggesting one may initiate a lawsuit to collect a debt when one has no intention or ability to do so can be deceptive or misleading under the FDCPA.

Under the DCLA, the Commissioner must investigate all applicants for a debt collector’s license to determine whether any facts exist that constitute reasons for denial. The DFPI will begin accepting applications for debt collector licenses later this year. Grounds justifying license denial include “any act involving dishonesty, fraud, or deceit, if the crime or act is substantially related” to the debt collection business and violations of any similar regulatory schemes. (Fin. Code §100012, subd. (b)(2).) Furthermore, the Commissioner may revoke a license if the Commissioner determines that “[a]ny fact or condition exists that, if it had existed at the time that the licensee applied for the license, would have been grounds for denying the application.” (Fin. Code § 100003.3, subd. (b)(6).)

The DCLA was enacted in 2020 to protect California consumers and provide the DFPI with licensing and examination authority over debt collectors, which includes debt buyers, operating in California. (Fin. Code § 100002, subd. (j).) The DFPI will take all necessary actions to ensure debt collectors comply the FDCPA, CFPA, and the COVID-19 Tenant Relief Act.

Clint Lotz, President and Founder of TrackStar stops by Clark Hill’s Credit Eco to Go to talk not only about data, but he weighs into the debate of data regulation. More and more states are enacting laws that give consumers more control over their own data. Industry opposes a fragmented regime and instead favors a national standard.

Clint disagrees and sees states being in a better position to align their privacy laws with the needs of their constituents. At the federal level, Clint sees agencies like the CFPB weighing into the regulation of data, especially when the economy starts to recover and lending increases. Ultimately the consumer needs to know whether their own data will be their friend or foe. 

DISCLAIMER – No information contained in this Podcast or on this Website shall constitute financial, investment, legal and/or other professional advice and that no professional relationship of any kind is created between you and podcast host, the guests or Clark Hill PLC. You are urged to speak with your financial, investment, or legal advisors before making any investment or legal decisions.

SACRAMENTO, Calif. — Against all odds, the Receivables Management Association International held its 2021 Annual Conference in Las Vegas, April 12-15, 2021. With more than 500 in-person attendees and more than 150 virtual attendees, leaders from RMAI capitalized on the event by honoring an outstanding member and RMAI’s executive director.

President’s Award

RMAI awarded the President’s Award to Kino Financial Co., LLC, President, Amber Russo.

In 2017, RMAI created the President’s Award which recognizes an individual for outstanding contributions and services to the association and membership. The award goes to someone serving on an RMAI Committee who is selected because of their contribution to committee goals and their innovative ideas helping further the success of RMAI.

This year, RMAI presented the President’s Award to Amber Russo. When faced with the need to change course and innovate, she champions the effort enthusiastically with tireless dedication ensuring success. Her efforts paid dividends as she co-chaired two successful virtual silent auctions that raised record donations for the RMAI Legislative Fund. In addition to being a member of the Fundraising Committee, Amber also served on the Editorial & Social Media Committee.

Kino Financial joined RMAI in 2019 and has been actively involved in RMAI since day one. Amber is a Certified Receivables Compliance Professional and Kino Financial Co., LLC is a Certified Debt Buying Company.

Bud Reitzel Award

In a closely guarded secret, the RMAI Board of Directors awarded the Bud Reitzel Lifetime Commitment Award, the industry’s highest recognition, to RMAI’s Executive Director, Jan Stieger.

RMAI created the Reitzel Award to recognize an individual for outstanding leadership and dedication in the receivables management industry who has demonstrated, over many years of service, the ideals that Bud so firmly believed in. Jan joined RMAI in 2011. Through her leadership, she has overseen the complete transformation of RMAI from an organization operated by an association management company to one of the most dynamic and respected organizations within the receivables management industry. Among Jan’s many accomplishments over the past decade:

• The development of a robust state and federal government advocacy program, which has not only protected the industry but has driven significant policy changes at the same time. Since 2011, RMAI has been successful in over 95 percent of its advocacy efforts.
• Launching and the continued enhancement of the Receivables Management Certification Program from a program originally focused on debt buying companies to a highly valued program that benefits the entire receivables industry, by providing significant operational controls and consumer protections contained in rigorous and uniform industry standards of best practice. Originators looking for a single compliance footprint only need to look at RMAI certified debt buyers, collection agencies, collection law firms, brokers, and process servicers.
• Expanding RMAI’s education and networking experiences from RMAI’s Annual Conference and Executive Summit to regional events such as this September’s Advocacy Training and Baseball Ball Night in Atlanta, GA.
• Rebranding the association in 2017 from DBA International to RMAI with an expanded focus on secondary market opportunities and RMAI certification, both of which continue to grow RMAI’s footprint today.
• Successfully led RMAI through the many challenges associated with the COVID-19 pandemic. Despite the issues faced by the industry as well as our membership in 2020, RMAI is now in its fourth straight year of membership growth.

[article_ad]

About Receivables Management Association International
Receivables Management Association International (RMAI) is a nonprofit trade association representing more than 570 companies that purchase or support the purchase of performing and nonperforming receivables on the secondary market. The RMAI Receivables Management Certification Program and Code of Ethics set the global standard within the receivables industry due to the rigorous uniform standards of best practice that focus on protecting consumers. More information about RMAI is available at www.rmaintl.org.

A debt collector must verify the identity of a communication recipient to ensure a right-party contact while also avoiding a disclosure about the existence of the debt to a third-party.  Thus, a debt collector must, when asked, provide meaningful information about the purpose of a telephone call to a third-party – even when the third-party refuses to identify herself – without disclosing that the call is an attempt to collect a debt. 

In the latest episode of the Debt Collection Drill podcast, Moss & Barnett attorneys John Rossman and Mike Poncin are joined by attorney Aylix Jensen who elaborates on her recent, complete victory in Federal Court establishing that a debt collector did not violate the FDCPA by stating it was a “financial services company” calling regarding a “personal business matter” to an unidentified individual – the Plaintiff – who the Court identified as the correct “customer for the account.” 

The case, filed in the Maryland District Court,  is Mayhall v. MRS BPO, et al., Case # GJH-19-2384; the Order can be found here. 

Listen here.

—

insideARM Perspective

insideARM started talking about this issue a few years ago. See this for a concise video explanation of the “authentication dance” challenge faced by collectors and consumers.