Through Consumer Sentinel we hear from people across the country about frauds they encounter in the marketplace. One thing we learn from these reports is how scammers want to be paid. People are telling us that they’re increasingly being told to pay with gift cards – specifically, by giving someone the PIN number off the back of a gift card. Often people are specifically asked for certain brands, like iTunes and Google Play cards.

To understand this issue better, we looked at fraud reported directly to the FTC. To avoid skewing the results, we excluded reports about shop-at-home purchases – this Spotlight is not about the use of gift cards to purchase retail goods, but rather their use as a payment vehicle for scams.

We found that from January through September of this year, gift cards and reload cards (like MoneyPak) were reported as a payment method in 26% of the fraud reports in which people told us how they paid, up from just 7% in 2015 – a 270% increase. Con artists favor these cards because they can get quick cash, the transaction is largely irreversible, and they can remain anonymous.

People report that con artists direct them to buy gift or reload cards at well-known stores like Walmart, Target, Walgreens, and CVS. According to these reports, they demand some specific card brands. While these change over time, iTunes cards have been the top card brand by a wide margin since 2016. By contrast, Google Play cards were not reported in significant numbers until this year.

Stepping back to look at all fraud reports available to the FTC from all sources, we found that losses where people reported using gift or reload cards reached $40 million in 2017, up from $20 million in 2015 and $27 million in 2016 (Source: FTC Consumer Sentinel Network Data Book, 2016 and 2017). Through September of this year, that number is already $53 million. And while individual fraud losses using these cards have held steady at a $500 median loss per incident, people report losing a lot more to some types of scams. (Median loss calculations are based on all fraud reports in FTC’s Consumer Sentinel Network database that identify gift or reload card as a method of payment and include a dollar loss value of $1 to $999,999.) Tech support scams are a notable example. When people report paying for fraudulent tech support services with a gift or reload card, the median dollar loss is now $959, up nearly 60% from $600 in 2017.

It’s not just tech support scams. When people report paying a fraudster with a gift or reload card, about four times out of five the fraud they report is an imposter scam – in fact, gift cards and reload cards are now the number one reported method of payment for imposter scams. These scammers pose as well-known businesses, family members, friends, or government agencies. They deploy various tactics to compel people to pay. They may pretend to be the IRS and tell people they cannot use other payment methods because of their delinquent tax status. They may even call iTunes cards “payment vouchers.” To avoid alerting store personnel, they often direct people to buy cards from several different stores, and they tell people not to talk to anyone about why they are buying the cards.

Familiarity with these tactics and awareness of the prevalence of gift cards and reload cards as a method of payment for fraud may help people to recognize and avoid a wide range of scams. When someone demands to be paid with a gift card, that’s a scam.

Payments to a fraudster made by gift card or reload card should be reported immediately to the card issuer. It may not be possible to stop funds from being withdrawn from the card, but it is important to alert companies to card fraud. Consumers should also report details of the incident to the FTC at FTC.gov/complaint. To learn more, visit FTC.gov/giftcards.

People looking for romance are hoping to be swept off their feet, not caught up in a scam. But tens of thousands of reports in Consumer Sentinel show that a scam is what many people find. In 2018, Sentinel had more than 21,000 reports about romance scams, and people reported losing a total of $143 million – that’s more than any other consumer fraud type identified in Sentinel.¹ These reports are rising steadily. In 2015, by comparison, people filed 8,500 Sentinel reports with dollar losses of $33 million.

Romance scammers lure people with phony online profiles, often lifting photos from the web to create attractive and convincing personas. They might make up names or assume the identities of real people. Reports indicate the scammers are active on dating apps, but also on social media sites that aren’t generally used for dating. For example, many people say the scam started with a Facebook message. 

Once these fraudsters have people by the heartstrings, they say they need money, often for a medical emergency or some other misfortune. They often claim to be in the military and stationed abroad, which explains why they can’t meet in person. Pretending to need help with travel costs for a long-awaited visit is another common ruse.

Scammers can reap large rewards for time spent courting their targets. The median individual loss to a romance scam reported in 2018 was $2,600, about seven times higher than the median loss across all other fraud types.² People often reported sending money repeatedly for one supposed crisis after another.

People who said they were ages 40 to 69 reported losing money to romance scams at the highest rates – more than twice the rate of people in their 20s.³ At the same time, people 70 and over reported the highest individual median losses at $10,000.⁴

Among people who told us how they paid the scammer, the majority said they wired money. The next largest group said they sent money using gift and reload cards (like Moneypak), and reports of this type of payment increased in 2018. People said they mailed the cards or gave the PIN number on the back to the scammer. Con artists favor these payment methods because they can get quick cash, the transaction is largely irreversible, and they can remain anonymous.

So what can singles do to play it safe while dating online? Here are some tips to help spot bogus suitors:

• Never send money or gifts to a sweetheart you haven’t met in person.
• Talk to someone you trust about this new love interest. In the excitement about what feels like a new relationship, we can be blinded to things that don’t add up. Pay attention if your friends or family are concerned. 
• Take it slowly. Ask questions and look for inconsistent answers. Try a reverse-image search of the profile pictures. If they’re associated with another name or with details that don’t match up, it’s a scam.
• Learn more at ftc.gov/imposters.

Help stop these scammers by reporting suspicious profiles or messages to the dating or social media site. Then, tell the FTC at FTC.gov/complaint.

¹Figures based on 21,368 reports submitted directly to FTC and by all Sentinel data contributors in 2018 that were classified as romance scams.

²Median loss calculations are based on reports submitted in 2018 that indicated a monetary loss of $1 to $999,999. Reports provided by MoneyGram, Western Union, and Green Dot are excluded for this calculation as these data contributors report each transaction separately, which typically affects calculation of an individual’s median loss.

³Reporting rates per million population by age calculated using population numbers obtained from the U.S. Census Bureau. U.S. Census Bureau, Annual Estimates of the Resident Population for Selected Age Groups by Sex for the United States, States, Counties and Puerto Rico Commonwealth and Municipios (June 2018).

⁴Median loss calculations are based on reports submitted in 2018 that indicated a monetary loss of $1 to $999,999. Reports provided by MoneyGram, Western Union, and Green Dot are excluded as these data contributors report each transaction separately, which may affect the median loss.

If the mere thought of your computer being hacked frightens you, you’re not alone. And tech support scammers know how to exploit that fear to their own advantage. They work to scare you into believing your computer is compromised and then offer to “fix” the problem – for a fee. The FTC’s Consumer Sentinel Network got nearly 143,000 reports about tech support scams in 2018.¹

These scams usually start with a phone call or a pop-up warning of a computer problem that gives a number to call. People tell us the scammers often claim to be Microsoft or Apple – they may even spoof caller ID to make it look like one of these companies really is calling. In another twist, they get people who actually do need computer help to call them by posting phony customer support numbers for well-known companies online.

These scammers convince people to hand over remote access to their computer and then make a big show of “troubleshooting.” They may open system folders or run scans that seem to show evidence of a problem. Then they ask for money for supposed repairs and things like bogus service contracts.

In 2018, people reported losing $55 million to these scams. And while many people did not lose any money, those who did reported losing hundreds: the median individual reported loss was $400. Credit cards were the top method of payment people said they used, and that’s good news – credit card companies can reverse fraudulent charges. But many others said the scammer convinced them to pay by giving the PIN numbers on the back of gift cards, often iTunes or Google Play cards. For most in this group, the money is simply gone.

Tech support scams stand out for the disproportionate harm they may be causing older adults. While Sentinel data tells us that people 60 and older are both great at reporting fraud and less likely than younger people to report losing money to many types of fraud,² they are far more likely  to report a loss to tech support scams. In 2018, people 60 and over were about five times more likely to report losing money to these scams than younger people.³ In fact, over the past four years, older adults filed more reports of a loss on tech support scams than they did in any other Sentinel fraud category.⁴ The reported median individual loss to tech support scams for older adults was $500 last year – 25% higher than the median individual loss reported by younger people.⁵

But money isn’t the only thing people lose on this scam. By allowing scammers remote access to their computer, people hand over control. Scammers can then readily steal sensitive information or install spyware – a form of malware that lets them quietly gather information. People have even been persuaded to log into their bank accounts, often on the pretext of depositing a refund, allowing the scammer to move funds remotely.

Here are some things you can do to avoid these scams:

• Do not click any links or call a number that pops up on your screen warning of a computer problem.
• Hang up on unexpected calls from anyone who claims to be tech support.
• Don’t believe your caller ID – it can be easily spoofed.
• Never give control of your computer or share passwords with anyone who contacts you.
• Keep your security software up to date.
• If you need help, contact a computer technician that you trust. Don’t just rely on an online search.

If you’ve been scammed, change any passwords you shared and scan your computer for malware. If you gave your credit card number, tell the credit card company. Check your statement and contact your credit card company to reverse the charges for bogus services. If you later get a call about a supposed refund, you can bet that’s part two of the same scam – hang up.

Report tech support scams to the FTC at ftc.gov/complaint. To learn more, visit ftc.gov/techsupportscams.

1 Figure based on 142,904 reports to Sentinel in 2018 that were classified as tech support scams. 105,676 of these reports were provided by Microsoft Corporation’s Cybercrime Center.

2 For age comparisons of other Sentinel fraud types, see Figure 4 of Protecting Older Consumers 2017 - 2018. A Report of the Federal Trade Commission.

3 Figures based on the number of 2018 tech support scam reports that indicated a monetary loss ($1 - $999,999) per million population by age. People who said they were 20 – 59 filed loss reports at a rate of 21.5 reports per million people in this age group, while people who said they were 60 and over filed 104.2 loss reports per million people in this age group. Population numbers obtained from the U.S. Census Bureau: U.S. Census Bureau, Annual Estimates of the Resident Population for Selected Age Groups by Sex for the United States, States, Counties and Puerto Rico Commonwealth and Municipios (June 2018). In 2018, 31,043 tech support scam reports to Sentinel included usable age information.

4 This statement is based on fraud reports filed from 2015 to 2018 by people who indicated an age of 60 and over and who indicated a monetary loss.

5 Median loss calculations are based on reports submitted in 2018 that indicated a monetary loss by people who said they were 60 and over as compared to people who said they were 20 to 59. Not all reports to Sentinel indicate age.

Pretending to be someone people trust is what scammers do. They may claim to be a well-known company or a beloved family member, but data from the FTC’s Consumer Sentinel Network suggest that pretending to be the government may be scammers’ favorite ruse. Since 2014, the FTC has gotten nearly 1.3 million reports about government imposters. That’s far more than any other type of fraud reported in the same timeframe. This spring, monthly reports of government imposter scams reached the highest levels we have on record.¹

The vast majority of people who report this type of scam say it started with a phone call,² and these callers have their mind games down pat. Government impersonators can create a sense of urgent fear, telling you to send money right away or provide your social security number to avoid arrest or some other trouble. Or they can play the good guy, promising to help you get some free benefit like a grant or prize, or even a back brace. Scammers like to make the situation so immediate that you can’t stop to check it out.

These scams can be extremely lucrative. Reported losses to government imposter scams add up to more than $450 million since 2014. Only 6% of people who report government imposters say they lost money.³ But when people do lose money, it’s a lot: the median individual reported loss is $960.⁴ People ages 20 to 59 report losing money to these scams at higher rates than people 60 and over, but median individual reported losses increase with age. People 80 and over report a median loss of $2,700.⁵

Gift cards are now the payment method of choice for these scammers. Most people who tell us they lost money to a government imposter say they gave the scammer the PIN number on the back of gift cards like Google Play or iTunes cards.⁶ Wire transfers come in a distant second to gift cards as a payment method. But with both methods, the scammer gets quick cash while staying anonymous, and the money is simply gone.

The top government imposters reported so far in 2019 have both familiar and new faces. The FTC reported recently about the dramatic surge in Social Security imposters, but IRS imposters are still hanging on in the top five. Scammers use “bureau” or “administration” in their name to make their government grant offers sound official, and use generic names like “sheriff’s office” to suggest a hefty law enforcement presence. Government imposters will adapt quickly to find new ways to get your money. Lots of government agencies have been impersonated, including the FTC. The scammer’s pitch is even more convincing when they fake the number on your caller ID so it shows the name or phone number of a real government agency. It’s illegal to fake the number on caller ID, but scammers know it helps convince people that the caller really is with the government.

So what can you do to protect yourself against imposters when their stories keep changing?

• Be suspicious of any call from a government agency asking for money or information. Government agencies don’t call you with threats, or promises of – or demands for – money. Scammers do.
• Don’t trust caller ID – it can be faked. Even if it might look like a real call, don’t trust it.
• Never pay with a gift card or wire transfer. If someone tells you to pay this way, it’s a scam.
• Check with the real agency. Look up their number. Call them to find out if they’re trying to reach you – and why.

Report government imposter scams to the FTC at FTC.gov/complaint. To learn more, visit ftc.gov/imposters. Want to explore the data? Visit the new interactive infographic on government imposters.

1 People reported about 41,400, 39,600, and 46,600 government imposter scams to Sentinel in March, April, and May 2019 respectively. Prior to March 2019, the highest monthly reporting levels for government imposter scams on record were in September 2016 with about 38,400 reports filed.

2 From January 2018 through May 2019, 96% of people who reported a government imposter scam and specified a contact method said they were contacted by telephone.

3 Figure based on reports to Sentinel from January 2018 through May 2019 that were classified as government imposter scams.

4 Median loss calculations are based on government imposter reports submitted to Sentinel from January 2018 through May 2019 that indicated a monetary loss ($1 - $999,999).

5 Age comparison and median loss figure based on government imposter reports in from January 2014 through May 2019 that indicated a monetary loss. People who said they were 20 – 59 filed loss reports at a rate of 269 reports per million people in this age group, while people who said they were 60 and over filed 211 loss reports per million people in this age group. Population numbers obtained from the U.S. Census Bureau: U.S. Census Bureau, Annual Estimates of the Resident Population for Selected Age Groups by Sex for the United States, States, Counties and Puerto Rico Commonwealth and Municipios (June 2018). Not all reports include usable age information.

6 Gift\reload cards were identified as the payment method for 58% of government imposter reports to Sentinel from January 2018 through May 2019 that indicated a payment method. Wire transfers were identified as the payment method for 13% of these reports.

Online shopping has been a lifeline for many people hunkering down to help reduce the spread of COVID-19. But as online orders have increased, so too have reports to the FTC’s Consumer Sentinel Network about sellers failing to deliver on promises — or just failing to deliver, period. During April and May of 2020, more people reported problems with online shopping than in any other months on record. More than half said they never got the items they ordered.¹

With COVID-19, scammers quickly launched opportunistic websites. People reported online shops claiming to sell the things they desperately needed but could not get. By the week of April 5, reports of unreceived merchandise were almost on par with previous peak numbers from the December 2019 holiday shopping season.² In the following weeks, as people scoured the internet for scarce items, reports of unreceived orders continued to climb. Reports in May were nearly double the December 2019 numbers.³ Of course, many sellers have had legitimate supply chain problems, but these reports are about no-show orders, not just shipping delays.

People reported unreceived orders of facemasks in April and May far more often than any other item, and undelivered sanitizer, toilet paper, thermometers, and gloves were also reported.⁴ But that’s not the whole story. Reports show that scammers shirked their promises to shoppers on everything from clothes to electronics – and even puppies, which people had bought online. Scammers often used pandemic-related pretexts for supposed shipping delays, sometimes – in the puppy scam – even charging extra fees for COVID-related “regulations.” Then they just stopped responding. This stalled people who might otherwise have posted negative reviews.

Reports show that scammers have honed their ability to put up remarkably polished looking websites in recent years. They’ve learned to work social media and online advertising to their advantage, and to peel off negative reviews by simply disappearing and popping back up under a new name. This is a global problem, since the web gives scammers cheap access to consumers worldwide.⁵

While pandemic purchases have fueled record numbers, reports about online shopping were common even before the pandemic. People reported losing nearly $420 million dollars since 2015,⁶ and the numbers have been on the rise for years. The FTC took in more than 86,000 online shopping reports in 2019, which is a 38% increase over 2018, and the largest annual increase in recent years.⁷ Most troubling is the rise in the number of people who report that they simply did not get the items they ordered. That number increased more than fourfold from 2015 to 2019.⁸

There is some good news. Credit cards are the top way people reported paying for their online shopping, including unreceived orders. What’s good about this is that people can dispute credit card charges if they don’t get what they paid for.

Here are some tips to avoid being left empty-handed when you shop online:

• Check out the company by typing its name in a search engine with words like or “scam” or “complaint.”
• Confirm the seller’s physical address and phone number.
• Watch out for unfamiliar sites selling products that are in short supply or name brand goods at steep discounts.
• Pay with a credit card, and contact your credit card company to dispute the charges if a seller doesn’t deliver your goods or they are not as promised.

To learn more about Coronavirus-related scams, visit ftc.gov/coronavirus/scams. For more about online shopping, including how to dispute credit card charges, go to ftc.gov/onlineshopping. And if you spot a scam, report it to the FTC at ftc.gov/complaint.

1 This monthly comparison is based on online shopping reports directly to the FTC from January 2015 through May 2020. Consumers submitted 15,492 such reports in April 2020 with 7,545 indicating that items were not received, and 18,946 such reports in May 2020 with 10,827 indicating that items were not received.

2 This comparison is based on 1,519 online shopping reports about unreceived merchandise directly to the FTC the week of December 15, 2019 and 1,486 such reports the week of April 5, 2020.

3 This comparison is based on 5,487 online shopping reports about unreceived merchandise directly to the FTC in December 2019 and 10,827 such reports in May 2020.

4 This finding is based on keyword analysis of the narratives provided in online shopping reports directly to the FTC in April and May of 2020 indicating that items were not received. Of the 18,370 such reports, 1,328 mentioned facemasks.

5 Online shopping is the top category reported to econsumer.gov, a partnership of more than 35 consumer protection agencies around the world. Many of these reports are from consumers located outside the United States. Consumers filed 56,040 online reports with eConsumer from January 2015 through May 2020.

6 This figure is based on online shopping reports directly to the FTC from January 2015 through May 2020.

7 This increase is calculated based on 86,472 and 62,606 online shopping reports directly to the FTC in 2019 and 2018 respectively. In earlier years, 34,249 (2015), 40,319 (2016), and 53,373 (2017) such reports were made.

8 This increase is calculated based on 9,435 and 38,701 online shopping reports directly to the FTC in 2015 and 2019 respectively indicating items were not received. In the intervening years 12,080 (2016), 18,852 (2017), and 26,710 (2018) such reports were made.

Gift cards make great holiday gifts. But reports to FTC show that scammers like getting them, too. Scammers don’t ask nicely, though. They use trickery to insist on gift cards, and they ask for specific brands. Scammers prefer gift cards because they can get quick cash while staying anonymous. In fact, giving a scammer the PIN numbers off the back of a gift card is the number one way people report losing money on many of the top frauds reported to the FTC.

About one in four people who tell the FTC they lost money to fraud say they paid with a gift card.¹ In fact, gift cards have topped the list of reported fraud payment methods every year since 2018. During that time, people reported losing a total of nearly $245 million, with a median individual loss of $840.²

Based on reports, certain types of scams seem to favor gift cards as a form of payment. Nearly half of people who reported paying someone posing as a government authority said they paid with a gift card. Nearly 45% of those who reported losing money to someone pretending to be a friend or a family member paid with gift cards. And gift cards were the reported payment method in about a third of tech support and other business impersonation scams.³

Scammers always have some reason why you need to buy gift cards. They might say you’re in serious trouble with the government and must buy “electronic vouchers” to avoid arrest. Some people say scammers posing as businesses promised special promotional pricing for phone or TV service if they paid for the first three months with a gift card. Others thought they were buying gift cards to evaluate a retailer as a “secret shopper.”

Scammers tell people to go to specific stores like Walmart, Target, CVS, and Walgreens to buy the cards. Some people have reported that alert store employees have intervened, but scammers work hard to stop that from happening. They keep people on the phone and tell them not to talk to anyone about why they’re buying the cards. They even tell people what to say if anyone asks questions.

Romance scammers tell all sorts of lies to steal your heart and money, and reports to the FTC show those lies are working. Last year’s romance scam numbers looked a lot like 2021 all over again, and it’s not a pretty picture. In 2022, nearly 70,000 people reported a romance scam, and reported losses hit a staggering $1.3 billion.^[1] The median reported loss: $4,400.^[2]

These scammers pay close attention to the information you share, and don’t miss a beat becoming your perfect match. You like a thing, so that’s their thing, too. You’re looking to settle down. They’re ready too. But there is one exception – you want to meet in real life, and they can’t. Reports show their excuse is often baked right into their fake identity. Claiming to be on a faraway military base is the most popular excuse, but “offshore oil rig worker” is another common (and fake) occupation. In short, there’s no end to the lies romance scammers will tell to get your money.

Reports show romance scammers often use dating apps to target people looking for love. But reports of romance scams that start with unexpected private messages on social media platforms are even more common. In fact, 40% of people who said they lost money to a romance scam last year said the contact started on social media; 19% said it started on a website or app.^[3] Many people reported that the scammer then quickly moved the sweet talk to WhatsApp, Google Chat, or Telegram.^[4]

You may have heard about romance scammers who tell you they’re sick, hurt, or in jail – or give you another fake reason to send them money. But did you know that many romance scammers operate by offering to do you a favor? They may claim to be a successful cryptocurrency investor who’ll teach you how it’s done. But any money you “invest” goes straight into their wallet. In another twist, they might say they’ve shipped you a valuable package (not true), which requires you to send money for “customs” or some other made-up fee. It’s all a lie. You send the money, and the package never turns up.

Reports also show that scammers who convince you to share explicit photos will then threaten to share them with your social media contacts. It’s called sextortion, and these reports have increased more than eightfold since 2019.^[5] People aged 18-29 were over six times as likely to report sextortion than people 30 and over.^[6] About 58% of 2022 sextortion reports identified social media as the contact method, ^[7] with Instagram and Snapchat topping the list.^[8]

The way romance scammers take your money is another important piece of the story. People reported sending more money to romance scammers using cryptocurrency and bank wires than any other method: together, they accounted for more than 60% of reported losses to romance scams in 2022.^[9] While not the costliest payment method,^[10] gift cards were the most frequently reported – 24% of people who reported losing money to a romance scam in 2022 said it was taken using gift cards.^[11]

So how can you spot a romance scammer in the act?

• Nobody legit will ever ask you to help—or insist that you invest— by sending cryptocurrency, giving the numbers on a gift card, or by wiring money. Anyone who does is a scammer.
• If someone tells you to send money to receive a package, you can bet it’s a scam.
• Talk to friends or family about a new love interest and pay attention if they’re concerned.
• Try a reverse image search of profile pictures. If the details don’t match up, it’s a scam.

Help stop scammers by reporting suspicious profiles or messages to the dating app or social media platform. Then, tell the FTC at ReportFraud.ftc.gov. If someone is trying to extort you, report it to the FBI. Learn more at ftc.gov/romancescams.

[1]This figure and figures throughout this Spotlight are based on reports to the FTC's Consumer Sentinel Network (Sentinel) that were classified as romance scams. Reports filed with the Internet Crimes Complaint Center (IC3) prior to 2019 are not included in Sentinel. To ensure greater consistency in reporting trends over time, IC3 reports were excluded from earlier Spotlights about romance scams, but now are included in this Spotlight to focus on the scope and nature of the losses. Reported romance scam losses from all Sentinel sources by year are as follows: $493M (2019), $730M (2020), $1.3B (2021) $1.3B (2022). Because the vast majority of frauds are not reported to the government, these figures reflect just a small fraction of the public harm. See Anderson, K. B., To Whom Do Victims of Mass-Market Consumer Fraud Complain? at 1 (May 2021), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852323 (study showed only 4.8% of people who experienced mass-market consumer fraud complained to a Better Business Bureau or a government entity).

[2]Reports provided by MoneyGram and Western Union are excluded for this median loss calculation as these data contributors report each loss transaction separately, which typically affects calculation of an individual’s median loss. As noted in footnote 1, reports provided by IC3 were excluded from earlier Spotlights about romance scams, but are included in this Spotlight. For this reason, this median loss figure should not be compared to previous Spotlights.

[3]These figures exclude reports that did not identify a contact method. Of 2022 loss reports that identified social media as the contact method and named a specific platform, 29% named Instagram and 28% named Facebook.

[4] About 40% of 2022 romance scam loss reports with detailed narratives mentioned WhatsApp, Google Chat, or Telegram. Detailed narratives are defined here as narratives of at least 2,000 characters in length

[5] This figure excludes reports contributed by IC3 as not all IC3 reports about sextortion are included in Sentinel. Romance scam reports involving sextortion were identified using keyword analysis of the narratives provided in reports.

[6] This age comparison is normalized against the population size of each age group. The analysis is based on U.S. Census Bureau data for population by age. See U.S. Census Bureau, Annual Estimates of the Resident Population for Selected Age Groups by Sex for the United States (June 2020), available at https://www.census.gov/data/tables/time-series/demo/popest/2010s-national-detail.html. This excludes reports contributed by IC3 as not all IC3 reports about sextortion are included in Sentinel.

[7] This figure excludes reports that did not identify a contact method.

[8] Of 2022 sextortion reports that identified social media as the contact method and named a specific platform, 41% named Instagram and 31% named Snapchat.  

[9] Figures pertaining to payment methods exclude reports that did not identify a method of payment and reports provided by Western Union and MoneyGram. Figures pertaining to bank wires are based on reports indicating “bank transfer or payment” as the payment method.

[10] In 2022, the median individual reported loss was $700 when gift cards were identified as the payment method on romance scams. For comparison, the median individual reported losses on other top payment methods were as follows: $10,079 (cryptocurrency), $10,000 (bank transfer or payment), and $650 (payment app or service). The gift card payment method includes cards that hold a specific cash value that can be used for purchases and reload cards such as MoneyPak that are used to add value to these cards.

[11] This figure excludes reports that did not indicate a payment method.

Online dating can be a great way to find lasting love – or even your next fling. But reports to the FTC suggest it also creates opportunities for scammers. In the past five years, people have reported losing a staggering $1.3 billion to romance scams,[1][2] more than any other FTC fraud category. The numbers have skyrocketed in recent years, and 2021 was no exception – reported losses hit a record $547 million for the year. That’s more than six times the reported losses in 2017 and a nearly 80% increase compared to 2020. The median individual reported loss in 2021 was $2,400.[3]

Image

Reports show that romance scammers are masters of disguise. They create fake online profiles with attractive photos swiped from the web. Sometimes they even assume the identities of real people. They may study information people share online and then pretend to have common interests. And the details they share about themselves will always include built-in excuses for not meeting in person. For example, many reportedly claim to be serving overseas in the military or working on an offshore oil rig.

Many people who’ve experienced scams report being contacted on dating apps. But you don’t have to be looking for love to be courted by a romance scammer. Reports of unexpected private messages on social media platforms are common. More than a third of people who said they lost money to an online romance scam in 2021 said it began on Facebook or Instagram.[4]

Romance scammers weave all sorts of believable stories to con people, but their old standby involves pleas for help while claiming one financial or health crisis after another. The scammers’ stories might involve a sick child or a temporary inability to get to their money for a whole range of reasons. People who lost money to a romance scammer often report sending money repeatedly: they believe they’re helping someone they care about. But it’s all a lie.

In another common twist on the romance scam, people agree to help transfer money as a favor to their supposed sweetheart. The scammer often claims to need help getting their inheritance money or moving funds for an important business deal. Stories like this often set people up to become “money mules” – they may think they’re just helping, but they’re really laundering stolen funds. These stories are also used to trick people into sending their own money. People have reported paying all sorts of bogus fees to accept money that never turns up. Others say they deposited a check from their sweetie and sent some of the money as instructed, only to find out later that the check was fake – leaving them without the money they sent. Still others report sending money based on promises – later proven to be false – that they would be repaid.

A growing trend in 2021 was scammers using romance as a hook to lure people into bogus investments, especially cryptocurrency. People are led to believe their new online companion is a successful investor who, before long, casually offers investment advice. These so-called investment opportunities often involve foreign exchange (forex) trading or cryptocurrency. And when people follow this investment “advice,” they wind up losing all the money they “invest.”

In fact, the largest reported losses to romance scams were paid in cryptocurrency: $139 million last year alone.[5] That’s a remarkable growth in cryptocurrency payments to romance scammers: 2021 numbers are nearly five times those reported in 2020, and more than 25 times those reported in 2019. In 2021, the median individual reported loss using cryptocurrency was a staggering $9,770. While cryptocurrency losses were the most costly, it was not the most common payment method for romance scams. In 2021, more people reported paying romance scammers with gift cards than with any other payment method. In fact, about one in four people said they paid a romance scammer with a gift card, and they reported losing $36 million last year.[6]

Reports about romance scams increased for every age group in 2021. The increase was most striking for people ages 18 to 29. For this age group, the number of reports increased more than tenfold from 2017 to 2021. But the reported median loss increased with age: people 70 and older reported the highest individual median losses at $9,000, compared to $750 for the 18 to 29 age group.[7]

So how can you spot scammers if you’re looking for love online?

• Nobody legit will ever ask you to help by sending cryptocurrency, giving the numbers on a gift card, or by wiring money. Anyone who does is a scammer.
• Never send or forward money for someone you haven’t met in person, and don’t act on their investment advice. 
• Talk to friends or family about a new love interest and pay attention if they’re concerned.
• Try a reverse-image search of profile pictures. If the details don’t match up, it’s a scam.

Help stop scammers by reporting suspicious profiles or messages to the dating app or social media platform. Then, tell the FTC at ReportFraud.ftc.gov. Learn more at ftc.gov/romancescams.

Scammers impersonate all sorts of businesses, but reports to the FTC’s Consumer Sentinel point to Amazon as a runaway favorite for scammers. From July 2020 through June 2021, about one in three people who reported a business impersonator said the scammer claimed to be Amazon. Reports about Amazon impersonators increased more than fivefold during this period.¹ About 96,000 people reported being targeted, and nearly 6,000 said they lost money. Reported losses totaled more than $27 million. The reported median individual loss: $1,000.

These impersonators get your attention with messages to call about suspicious activity or unauthorized purchases on your Amazon account. When you call the number, a phony Amazon representative tricks you into giving them remote access to your computer or phone to supposedly fix the problem and give you a refund. But then—whoops—a couple of extra zeros are keyed in and too much money is (supposedly) refunded. They tell you to return the difference. In fact, some people have reported that the “representative” even begged for help, saying Amazon would fire them if the money wasn’t returned.

To make their lies about refunding that so-called overpayment more believable, scammers have reportedly accessed people’s online banking. They move money from one account to another—say, from savings to checking. Then, when people see a large deposit in their checking account, they think it’s the refund, but it’s all fake. If they send money, as requested, they end up sending their own (very real) money.

In another twist, scammers tell people to buy gift cards and send pictures of the numbers on the back. The scammers may call these numbers “blocking codes” or “security codes,” and explain that sharing them can block the hackers who—supposedly—took over the Amazon account in question. But the only thing those numbers are good for is getting (or stealing) the money on the card. After people send pictures of the gift cards, they often report getting texts confirming a supposed account credit in the amount of each gift card purchase. That’s just another trick scammers use to get their targets to buy more cards.

Another common hook are text messages that say you’ve won a raffle for a free product from Amazon. People who click the link to claim their free prize then have to enter credit card information to pay for “shipping.” Before long, they see charges they never agreed to.

Most people who report these scams say the scammer contacted them.² But some people have reported finding bogus phone numbers when searching online for the number to call Amazon about a real issue. Of course, the scammers who answer calls to those phone numbers are happy to “help.”

The data suggest that Amazon impersonation scams may be disproportionately harming older adults. Over the past year, people ages 60 and up were over four times more likely than younger people to report losing money to an Amazon impersonator.³ Older adults also reported losing more money—their median reported loss was $1,500, compared to $814 for people under age 60.

After Amazon, Apple is the second most frequently reported company, but it’s a distant second. Apple impersonators reportedly tell people their iCloud account has been compromised or that they’ve been chosen to get a free iPad. Sound familiar? Scammers change names but often use the same lies again and again.⁴

Here are ways to avoid some common tricks business impersonators use:

• Never call phone numbers given in unexpected calls, texts, emails, or messages on social media. And don’t click any links. Those are scams.
• If you’re worried, check it out. Go directly to the company’s website to find out how to reach them. Don’t trust the phone numbers or links that come up in search results.
• Never give anyone remote access to your devices unless you contacted the company first (using its real number). If someone tells you to give remote access to get a refund, it’s a scam.
• Never pay by gift card. Nobody legit will ever require you to. And never send pictures of gift cards. If someone tells you they need the numbers on the back of a gift card, it’s a scam.
• Talk about it. If you’re getting these messages, so are people you know. Help them avoid the scam by sharing what you know.

To learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—visit ftc.gov/scams. If you spot a scam, report it to the FTC at ReportFraud.ftc.gov.

Scams that impersonate well-known businesses and government agencies are consistently among the top frauds reported to the FTC’s Consumer Sentinel Network.^[1] In 2023, data from the FTC alone show more than 330,000 reports of business impersonation scams and nearly 160,000 reports of government impersonation scams.^[2] That amounts to nearly half the frauds reported directly to the agency.^[3] Combined, reported losses to these impersonation scams topped $1.1 billion for the year, more than three times what consumers reported in 2020.^[4]

Image

While these types of scams aren’t new, reports tell us scammers have switched things up. Comparing 2020 to 2023, for example, reports of scams starting with a phone call have plummeted, while reports of scams starting with a text or email have increased. In that same period, people reported skyrocketing losses through bank transfer^[5] and cryptocurrency. And reports show an increasingly blurred line between business and government impersonation scams: many scammers impersonate more than one organization in a single scam – for example, a fake Amazon employee might transfer you to a fake bank or even a fake FBI or FTC employee for fake help.^[6]

While these scams come in many different forms, the top five described below account for nearly half of 2023 reports.^[7]

1. Copycat account security alerts

Topping the list are messages about supposed suspicious activity or unauthorized charges. The message might say it’s from Amazon, alerting you that someone’s ordered a big-ticket item using your account. Or it might look like it’s your bank, asking you to verify a charge. These messages often include a phone number to call or ask you to text back YES or NO. Though scammers are convincing, it’s not really Amazon or your bank. It’s a scammer who says they can help fix the problem, which is also fake. What they tell you to do is really designed to steal your money. Often, this means transferring funds or loading cash into a Bitcoin ATM to “protect” it.   

2. Phony subscription renewals

Up next are scams that look like routine email notices that an account you never opened is about to auto-renew to the tune of hundreds of dollars. Often, they say it’s an account with Geek Squad.^[8] Of course, it’s not really Geek Squad; it’s a scammer. If you call to sort it out, they’ll say they have to connect to your computer to process your “refund.” Once in, they make it look like too much money was refunded. They demand that you return the difference, often by buying gift cards and giving them the numbers on the back.

3. Fake giveaways, discounts, or money to claim

A message about a giveaway, discount, or free money may seem to come from a company you know – say, discounts from your internet provider, a giveaway from a big retailer, or sweepstakes winnings from Publishers Clearing House. Sometimes the so-called offer is about government money you can supposedly claim. These stories are all just another set-up to steal your money. The story ends with you buying gift cards or sending money to claim the deal, gift, or sweepstakes. And that’s always a sign of a scam.

Image

4. Bogus problems with the law

Scammers pretending to be government agents say your identity has been used to commit a serious crime – often, they claim, money laundering or drug smuggling. They then offer to help you fix the supposed problem, which always involves them telling you to move money or put it on gift cards. For example, many people reported being told to load cash into Bitcoin ATMs to supposedly protect their funds during a so-called investigation. The scammers even called these ATMs “safety lockers.” But this is another scam, and every part of the story is a lie. Money you move is money they steal.

5. Made-up package delivery problems

Messages pretending to be from the U.S. Postal Service, UPS, or FedEx say there’s a problem with a delivery. They include a link to a website that looks real – but isn’t. Some ask for your bank account details. Others ask you to pay a small “redelivery fee,” but if you do, the scammer now has your credit card information. And, reports tell us, these scammers quickly start racking up fraudulent charges.

All these scams have tactics that scammers hope give them an advantage. First, their messages look a lot like the messages real companies send: emails or texts about special deals and security alerts on your accounts. Second, they play on your emotions: if you’re worried about a problem or excited about a free gift, it can be harder to spot signs of a scam. Finally, they reframe their demands for money to avoid setting off alarm bells: people who’d never send money to a stranger have emptied their accounts, believing they were “protecting” their funds.

So how can you spot and avoid these scams?

• Never click on links or respond to unexpected messages. If you think a story might be legit, contact the company or agency using a phone number or website you know is real. Don’t use the information in the message.
• Don’t believe anyone who says you need to buy gift cards, use a Bitcoin ATM, or move money to protect it or fix a problem. Real businesses and government agencies will never do that – and anyone who asks is a scammer.
• Slow down. Scammers want to rush you, so, again: stop and check it out. Before you do anything else, talk with someone you trust. Anyone who’s rushing you into paying or giving information is almost certainly a scammer.

Learn more about impersonator scams. To spot and avoid scams – and learn how to recover money if you paid a scammer – visit ftc.gov/scams. Report scams to the FTC at ReportFraud.ftc.gov.

[1] In 2023, business imposter scams were the most reported fraud subcategory, and government imposter scams were the third most reported. These fraud subcategories also ranked among the top three most reported frauds in 2020, 2021, and 2022. This excludes reports categorized as unspecified.

[2] This figure and figures throughout this Spotlight are based on reports directly to the FTC. The combined number of business imposter and government imposter reports by year are as follows: 316K (2020), 529K (2021), 458K (2022), 487K (2023). Some reports are classified as both business imposter and government imposter. Because the vast majority of frauds are not reported to the government, these figures reflect just a small fraction of the public harm. See Anderson, K. B., To Whom Do Victims of Mass-Market Consumer Fraud Complain? at 1 (May 2021), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852323 (study showed only 4.8% of people who experienced mass-market consumer fraud complained to a Better Business Bureau or a government entity).

[3] Excluding reports classified as unspecified, 48% of reports directly to the FTC in 2023 were classified as business imposter or government imposter or both.

[4] The combined reported losses to business imposter and government imposter reports by year are as follows: $310M (2020), $673M (2021), $961M (2022), $1.1B (2023).

[5] "Bank transfer" refers to a payment category in Sentinel that includes bank wire transfers and ACH payments. Some consumers also select this option for Zelle payments.

[6] Reports about FTC impersonation have increased about five-fold since 2020. See FTC Consumer Alert, The FTC won’t demand money, threaten you, or promise you a prize (July 2023) available at  https://consumer.ftc.gov/consumer-alerts/2023/07/ftc-wont-demand-money-threaten-you-or-promise-you-prize

[7] The top scam types were identified by hand-coding a random sample of 850 reports filed in 2023 classified as business imposter or government imposter that included a narrative describing the consumer’s experience.

[8] More people reported impersonation of Geek Squad in 2023 than any other impersonated company. The number of reports about Geek Squad impersonation increased over 100-fold from 2020 to 2023. These scams have contributed heavily to the rise of email as the most reported fraud contact method in 2023. See FTC Consumer Alert, How to recognize a fake Geek Squad renewal scam (October 2022) available at https://consumer.ftc.gov/consumer-alerts/2022/10/how-recognize-fake-geek-squad-renewal-scam. 

Earlier this year, the U.S. Supreme Court ruled that the North Carolina State Board of Dental Examiners violated the federal antitrust laws by preventing non-dentists from providing teeth whitening services in competition with the state’s licensed dentists. N.C. State Bd. of Dental Exam’rs v. FTC, 135 S. Ct. 1101 (2015). The Board had argued that, because it is a state agency, it is exempt from liability under the federal antitrust laws. The FTC rejected that argument during our administrative trial, the Fourth Circuit rejected it on appeal, and finally the Supreme Court put the argument to rest, finding that the “state action defense” does not apply to the actions of a licensing board controlled by market participants unless its conduct is actively supervised by the state.

The Board is a state agency established under North Carolina law and charged with setting and enforcing licensing standards for dentists. This type of regulatory board is increasingly common as more states establish licensing requirements for an ever-expanding list of occupations, including, in some places, locksmiths, beekeepers, auctioneers, interior designers, fortune tellers, tour guides, and shampooers. These boards typically are made up of licensed professionals—that is, doctors commonly regulate doctors, beekeepers regulate beekeepers, and tour guides regulate tour guides. The problem—from an antitrust perspective—is that when a controlling number of decisionmakers on the regulatory board have a private incentive to limit competition from non-licensed providers, there needs to be an independent determination that the board’s actions are consistent with the state regulatory scheme in order to avoid antitrust liability.

In the wake of the Supreme Court’s decision, we received requests for advice from state officials and others as to what constitutes antitrust compliance for state boards responsible for regulating occupations. In response, we developed FTC Staff guidance that addresses two basic questions:

1. When does a state regulatory board require active supervision in order to invoke the state action defense?
2. What factors are relevant to determining whether the active supervision requirement is satisfied?

Of course, states can avoid unneeded and burdensome regulation of service providers and empower regulatory boards to restrict competition only when necessary to protect the health or safety of consumers. Or the state may create a board that serves only in an advisory capacity or is made up of persons who have no financial interest in the occupation that is being regulated. In addition, a state may forgo active supervision and choose to have its boards subject to federal antitrust standards. In that case, the state need not provide for active supervision.

Antitrust analysis – including the applicability of the state action defense – is fact-specific and context-dependent. The new FTC staff guidance does not suggest that states should actively supervise regulatory boards, nor does it recommend a one-size-fits-all approach. Instead, we have identified certain overarching legal principles governing when and how a state may provide active supervision for a regulatory board, and we urge each state regulatory board to consult with the Office of the Attorney General for its state for customized advice on how best to comply with the antitrust laws.

In order to reduce the burden associated with submitting detailed information for every document withheld on a claim of privilege, the Bureau has established an optional two-step privilege log process. Rather than submitting a complete privilege log for all withheld documents and custodians, parties may opt to initially submit an abbreviated log of documents withheld on a claim of privilege. This is called a Partial Log. This initial log has very limited information about the withheld documents—it contains the identity of the custodian and the number of documents withheld from that person’s files. Bureau staff then has five business days to identify a limited number of people (five custodians or ten percent of the people searched, whichever is greater) for which a party must submit a Complete Log that sets out the complete information for withheld (and redacted) documents for each identified custodian. If five days pass after submission of the Partial Log and staff has not asked for a Complete Log for any custodians, the submitting party can certify substantial compliance at that time.

It is important to remember that parties choosing to submit partial privilege logs cannot certify substantial compliance until either the five days have passed without a request for a Complete Log, or, if such a request is made, the Complete Log is submitted. Instruction 6 of the FTC’s Model Second Request spells this out:

In place of a Complete Log of all documents withheld from production based on a claim of privilege, the Company may elect to submit a Partial Privilege Log for each Person searched by the Company whose documents are withheld based on such claim and a Complete Log for a subset of those Persons, as specified below:

(a) The Partial Log will contain the following information: (1) the name of each Person from whom responsive documents are withheld on the basis of a claim of privilege; and (2) the total number of documents that are withheld under a claim of privilege (stating the number of attachments separately) contained in each such Person’s files. Submit all non-privileged portions of any responsive document (including non-privileged or redactable attachments) for which a claim of privilege is asserted (except where the only non-privileged information has already been produced in response to this Instruction), noting where redactions in the document have been made. Provide the Partial Log in Microsoft Excel readable format.

(b) Within five (5) business days after receipt of the Partial Log, Commission staff may identify in writing five individuals or ten percent of the total number of Persons searched, whichever is greater, for which the Company will be required to produce a Complete Log in order to certify compliance with this Request.

Despite these instructions, some parties have attempted to certify substantial compliance by submitting only the initial Partial Log. This leads to unnecessary disputes because certifying substantial compliance bears on other obligations, such as updating other information and topping off document responses. And offering to extend an existing timing agreement without withdrawing the certification of substantial compliance misses the point: submitting a Partial Log is not substantial compliance. Because failure to follow the instructions in the Second Request can lead to unanticipated delays in certifying compliance, it’s best to remember that the Bureau will require a Complete Log for some custodians in most cases.

A little advanced planning can avoid last-minute problems. Parties often submit the Partial Log well in advance of completing their Second Request production. This allows parties to certify substantial compliance by including the Complete Log for any designated individuals along with the rest of the second request response.

Last week, Bureau of Competition staff published a report on filings received in fiscal year (FY) 2016 under the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), the thirteenth such report since the MMA took effect in 2004. These reports identify the frequency of pharmaceutical patent settlements and specific types of provisions that appear in such settlements. Comparing the data in these reports with developments in the law—including the advent of the “scope of the patent” test in 2005 and the Supreme Court’s rejection of that test in favor of traditional antitrust principles in 2013—indicates how pharmaceutical companies have responded to changes in the prevailing legal standard. With more than three years’ worth of data since the Supreme Court’s FTC v. Actavis decision, it appears that pharmaceutical companies have adjusted to the legal landscape: they continue to develop products and settle litigations while largely avoiding reverse payments.

Claims Disproven

Prior to the Supreme Court’s decision, pharmaceutical companies and their trade associations warned that subjecting all reverse-payment agreements to antitrust scrutiny would significantly reduce generic companies’ incentives to develop lower-cost equivalents to branded products and the companies’ ability to settle their patent litigation. Several years of settlements since Actavis prove otherwise.

Fact: Companies are settling more cases on more pharmaceutical products than before the Actavis decision. In FY 2016, pharmaceutical companies filed 232 final settlements of patent litigation, an increase of more than 35% compared to the previous record set in FY 2015. Those final settlements relate to 103 distinct pharmaceutical products covering a variety of dosage forms. In comparison, in FY 2011 and 2012—the two complete years of filings prior to the Supreme Court’s decision—the number of distinct pharmaceutical products covered were 90 and 88, respectively. Prior years covered even fewer drug products. The FY 2016 data, therefore, show that, since Actavis, pharmaceutical companies are reaching settlements on more products and with more generic companies on average for each product.

Another Fact: Parties can—and do—settle patent litigation without the brand company paying its potential generic competitor. Of the 232 final settlements received in FY 2016, only one contained a no-AG commitment or a side deal—the most commonly challenged forms of reverse payments. That is the lowest level since 2004 (the first year of data), when there were no such payments. These figures indicate that side deals and no-AG commitments are not necessary to settle pharmaceutical patent litigation.

Instead, companies settled with reverse payments because they thought it was permissible to do so. After some courts largely inoculated most reverse payments from antitrust review in 2005, the use of reverse payments skyrocketed. In 2004, none of the final settlements included reverse payments. In FY 2006 and FY 2007, 40-50% of all final settlements filed with the FTC contained reverse payments.

When the Supreme Court made it clear, however, that reverse-payment agreements are subject to antitrust scrutiny, companies found other ways to settle. For example, the use of side deals and no-AG commitments has declined precipitously in recent years. Indeed, no companies used a side deal—the type of agreement at issue in Actavis—in a final settlement in either FY 2015 or FY 2016. Further, after courts ruled that no-AG commitments can be reverse payments, the use of no-AG commitments in final settlements also declined dramatically from 19 in FY 2012 to just a single instance in FY 2016.

The FY 2016 report also indicates that pharmaceutical companies are not only abandoning past practices likely to lead to antitrust liability, but also increasingly using provisions that have received a nod of acceptance by the courts, legislators, and/or enforcement agencies. For example, the Supreme Court indicated that payments for anticipated litigation costs saved by the brand company through settling may be justified, and thus permissible. FTC consent settlements often include an exception for avoided litigation fee payments under $7 million. The FY 2016 data show a sharp increase in the number of settlements that include payments from the brand company to the generic company for “litigation costs.” In FY 2016, there were 29 such payments, more than double any previous year. All 29 of these payments fall at or below the $7 million threshold, with an average payment of $2.85 million.

The Next Frontier

FY 2016 also saw an increase in settlements involving “possible compensation.” Settlements are categorized as involving “possible compensation” when it is not clear from the face of the agreement whether certain provisions act as compensation from the brand to the generic company. In FY 2016, seventeen final settlements contained possible compensation (fourteen contained only possible compensation and three contained possible compensation and litigation fees).

A common example of possible compensation is an agreement in which the brand company commits not to license any third party to sell an AG product for a period of time (a no-third-party-AG commitment). Though such a commitment does not block the brand from launching an AG on its own, it could nonetheless replicate the adverse effect of a no-AG commitment, particularly if the brand company has little or no experience selling generic products in the United States. Another common form of possible compensation is an agreement containing a declining royalty structure, in which the generic’s obligation to pay royalties is substantially reduced or eliminated if a brand company sells an AG. Like a no-third-party AG commitment, this type of provision does not explicitly preclude the brand from launching an AG, but it may achieve the same effect.  Possible compensation in agreements increased by 70% compared with FY 2015. The FTC staff will be closely scrutinizing such agreements as filings with side deals and traditional no-AG commitments continue on a downward trend.

A final trend noted in the FY 2015 and FY 2016 reports is that pharmaceutical companies have been simultaneously settling federal court litigation and a proceeding before the U.S. Patent and Trademark Office’s Patent Trial and Appeal Board (PTAB), such as an inter partes review or a post-grant review. The MMA’s filing requirements are based on the substance of an agreement, not the venue in which the parties are contesting patent issues. Even if settling an inter partes review or a post-grant review on a standalone basis, the agreement must be filed if it meets the statutory requirements—for example, it involves a (1) brand company; (2) a generic company; and (3) it relates to the manufacture, marketing, or sale of the product covered by the generic company’s ANDA filing. FTC staff will be updating its Pharmaceutical Agreement Filing FAQs to remind pharmaceutical companies that the MMA requires submission of these and other types of agreements (e.g., stipulations of dismissal submitted jointly by the brand and generic companies in which the ANDA filer is precluded from selling its product until a future date).

Continued Review and Reporting

Even though the number of settlements with reverse payments have declined since Actavis, antitrust enforcement still plays a critical role in ensuring that these agreements (and future variations on the same theme) do not harm consumers. FTC staff will continue to review and report on MMA filings, which it has done since MMA requirements took effect in 2004. Late last year, Congress extended reporting requirements to certain agreements relating to biologics and biosimilars seeking FDA approval under the Biologics Price Competition and Innovation Act (BCPIA). The FTC has started reviewing these agreements to assess whether they raise competitive concerns, and starting with FY2019 data will include information about these agreements in future reports.

The Front Office of the FTC’s Bureau of Competition receives a great deal of advocacy from the bar. Virtually every day, parties and their counsel make arguments and present evidence to us regarding the various merger and conduct matters handled by the Bureau’s various Divisions. Some of this advocacy is conducted in person, but much of it takes place on paper, in the memoranda universally known as “white papers.” In some ways, white papers can be even more useful than in-person presentations at 600 Pennsylvania Avenue: they can be read (and re-read) carefully; they can be distributed to a wider group than the handful of attendees at a meeting; and they reduce the risk that your carefully chosen words will be misremembered or misunderstood.

Most written advocacy to the Bureau is of an extremely high quality, reflecting the caliber and experience of the counsel who appear before us.  Nevertheless, sometimes we notice that there’s some room for improvement. To that end, last month I wrote a very short blog post for the Bureau’s Competition Matters blog on the importance of brevity in white papers. And now, I’m writing to share some further thoughts on how to use them effectively. Of course, it’s up to parties and their counsel to decide how to advocate to us: these comments are just intended to give a window into what we find helpful when reading through the work product that we receive daily from parties, complainants, market participants, and others.

A white paper to the Bureau, like any other form of written advocacy, is helpful only insofar as it achieves four basic but crucial objectives. From most important to least important, those objectives are: honesty, clarity, brevity, and timeliness. I’ll say something about each of those in turn.

Honesty. First, in every sense, is honesty. Candor is the single most important measure of written advocacy, and a submission to the Bureau must be scrupulously honest. Of course, this means above all that parties should resist the temptation to shade the facts or the state of the law in ways that will not survive contact with the underlying documents or with fair-minded legal research. As Bruce Hoffman and Heather Johnson have pointed out in another recent blog post, FTC rules prohibit unprofessional conduct in general and misleading representations in particular, on pain of suspension or disbarment from practice before the Commission.

Happily, outright misrepresentations are rare in submissions to the Bureau. But a related problem can arise when advocates ignore bad or difficult facts and focus on what they think will be the more helpful ones. This kind of approach can lead to statements that are literally accurate but are misleading in context, or which totally fail to grapple with a difficult issue. In some recent cases, parties’ submissions have attempted to duck a key issue that they have been expressly asked, by staff or the Bureau, to address. Don’t do this! If there is a tough fact, document, or argument that undermines (or might wrongly be thought to undermine) your position, it’s imperative to acknowledge it in full, right up front, and address it with your best response. Gamesmanship, or ignoring something and hoping for the best, just isn’t worthwhile. Our experienced and hard-working staff know the facts intimately and have access to a wide array of truth-generating mechanisms, including investigational hearings, extensive document productions, and broad contact with other knowledgeable market participants.

Similar problems can also arise when parties or their counsel make strong representations to staff, or to the Bureau, that turn out not to survive contact with the facts. In many cases, this happens because representatives of parties or counsel got out ahead of their own factual investigation and did not properly vet or fact-check a statement before making it. This is always an unhappy event, but there are two good ways to manage the risk. First, resist the urge to make broad representations before a careful and thorough investigation of the facts: a measured approach is always wiser while investigations are proceeding. Second, if you learn facts that are in some tension with a previous oral or written statement to the Bureau or staff, correct the record immediately and candidly. We understand that these things can happen; but nothing is more harmful to a party’s interests, or to the credibility of their counsel, than leaving the Bureau or staff to find out independently that a party’s representation was not accurate.

It’s also worth pointing out that a written submission should not only be literally honest: it should also aim to leave the reader feeling confident that its arguments are a fair reading of the relevant underlying facts or materials. The best way to do this is to include the most important supporting documents—whether ordinary course business documents, expert analysis, testimony, cited documents, or anything else—as attachments to the white paper. If your argument relies on expert analysis, for example, both the analytical work and the underlying data should be attached to the white paper. A bare conclusion with a promise of future expert substantiation will inspire only skepticism. If the expert work is complete, it should be included; if it is not, the submission itself is premature. Of course, there is a balancing exercise to be undertaken when deciding how much to include: all else equal, brevity’s certainly better. But if the reader has to reach out to others in order to rustle up copies of underlying materials to fact-check your arguments—or, worse, if those materials do not yet exist—the persuasiveness of your submission is likely to suffer. And when prioritizing among supporting materials, remember that ordinary course business documents are often more helpful than after-the-fact testimony.

Clarity. Clarity is more important than anything except honesty. (For the reasons identified above, resist the temptation to choose the clearer nearly-true version over more complex really-true version: honesty first.) But clarity trumps everything else, including brevity: if you really have to choose between being clear and being brief, be clear. Among other things, this means that you should plainly and succinctly identify what you or your client are asking of us, and why. What is it that we can do, should do, and are not currently doing?

Surprisingly, parties—particularly but not exclusively complainants—sometimes fail to give a straightforward statement of what they want from us. The work of the Bureau is made much easier when complaining parties identify particular conduct that they allege is unlawful and tell us why they think so. Of course, this is not a strict obligation: parties don’t need to seek expensive antitrust counsel in order to bring a concern to our attention, and the FTC’s staff are experienced enough to spot potential grounds of antitrust concern in generalized complaints. But our work is much easier when advocates clearly state the problem they’ve encountered and the solution they’re asking for.

Brevity. After honesty and clarity, brevity is your best friend (and ours). Submissions should be as long as necessary in order to honestly and clearly present the party’s arguments, and not a page longer. It is neither necessary nor helpful to repeat arguments made in previous papers to the Bureau, and aligned parties should make joint submissions wherever possible rather than duplicate one another’s arguments. If your matter raises a variety of discrete issues, consider whether it would be more effective to submit a set of short papers, each dealing with an individual topic, rather than a single omnibus Lord-of-the-Rings-style tome. And, where a single paper genuinely must be longer than you’d like, make sure your table of contents and two- or three-page executive summary are models of elegance and clarity. An executive summary, in particular, should state not only the conclusions that you want the reader to accept but also the principal reasons why those conclusions are appropriate. Don’t hide the crucial arguments in the body of a long paper: an executive summary that includes conclusions without reasoning is a missed opportunity to help the reader.

The importance of brevity is a function of the volume of document flow to, from, and through the Front Office. We read everything carefully—however long it is—but the chances that a document will be fully digested and discussed in good time is greatest if it is boiled down to its essence by the author first. Recall that the Bureau typically has between 10 and 20 second request investigations ongoing at any given time, plus a wide variety of initial merger reviews and conduct investigations, plus the various policy and other activities that fill up the schedule every day. Each of these matters generates a slew of paperwork from the various Bureaus and Offices at the FTC. Parties and their counsel want the Bureau to spend time thinking carefully about their argument, and talking about it with one another and the staff team, not struggling to get through the submission in good time.

Timeliness. Finally, but indispensably, a submission must be timely: that means it should reach us at least three business days before a meeting or other critical event, and longer if it’s a lengthy document or raises novel issues. As a colleague remarked recently, a last minute white paper just isn’t worth a whole lot: it can’t be read carefully, discussed, analyzed, or effectively tested by staff. Every white paper from a party invariably prompts the Bureau or a Commissioner to ask: “ok, but what does the staff think?” And if the paper has just arrived, the answer is likely to be: “the team just received it and are still working through it.” Advocacy without a reaction from the staff team will be heavily discounted by the reader. This means that attempting to jam the staff or Bureau with eleventh-hour submissions is self-defeating: the best way to persuade us is by following regular order and making arguments that can survive careful analysis and meaningful reflection by the many people who work on the Bureau’s cases.

*

I doubt that there is anything particularly surprising or novel, or even particularly specific to the Bureau, in our desire for honesty, clarity, brevity, and timeliness in written submissions. And, to be sure, none of these is a moral absolute (except honesty, which is): we recognize, for example, that sometimes a white paper will arrive late despite everyone’s best efforts, and we appreciate that it can be hard to achieve both brevity and clarity at the same time in some of our more complex cases.

These short comments—which could themselves probably have been shorter and clearer—are intended to give some insight on what we generally expect and look for in written submissions, to explain what will help us digest them efficiently, and to help us give fair value to the arguments and evidence they present. To that end, I hope they’ll help you to help us to help you, in our ongoing efforts to ensure that all parties (and their counsel) experience an efficient, fair, and careful process in all the Bureau’s cases.

*The opinions expressed are those of the author and do not necessarily reflect the views of the Federal Trade Commission or any individual Commissioner. This post first appeared on Law360.

In The Wizard of Oz, Dorothy was told to ignore the man behind the curtain. Some may argue that the same guidance applies to ancillary parts of a merger or joint venture agreement. These can include non-solicitation and non-compete provisions. Even when such provisions are ancillary to an otherwise legitimate business transaction, we will still make a determination that the restraints do not independently violate the antitrust laws by being overly broad. Ancillary provisions in these agreements will be assessed to determine if they are reasonably necessary for accomplishing the benefits of the transaction, and narrowly tailored to the circumstances surrounding the transaction.

What one means by narrowly tailored depends on the competition that is restrained by the agreement and how it relates to a legitimate business concern. If you are selling three gas stations in Los Angeles but the non-compete bars the seller from operating gas stations in California for seven years, such a provision is unduly broad and would raise significant antitrust concerns, due both to its geographic scope and its term. If, on the other hand, the non-compete applied to a one or two-mile radius around each station for a couple of years, this appears more tailored to address the potential concerns about loss in value by the buyer. But Staff would still have to evaluate the provision, even though the more limited term and scope evidence an intent to narrowly tailor the effect of the non-compete. The same approach applies to non-solicitation clauses: restrictions on soliciting employees must be narrowly tailored to protect the value to the business of the personnel at issue; they should not act as a de facto no-poach agreement.

In considering the scope of these types of restrictions, consider what you are trying to protect or guard against, why you need that protection, and the scope of the protection you actually need (as opposed to want), given the value invested in the transaction. This analysis will help guide parties to reaching a reasonable scope and term. Where, however, the terms distort competition and the principle of ancillarity is used to mask an otherwise anticompetitive agreement, the Bureau will not be willing to ignore the man behind the curtain.

The FTC welcomes comments on its recent HSR Rulemaking initiative, and to facilitate a robust and thoughtful set of public comments, the Commission is holding a series of three live virtual workshops in November to answer the public’s questions before comments are due. 

On September 21, the Commission announced that it would seek public comments on proposed changes to the rules and interpretations that implement the Hart-Scott-Rodino Act. This rulemaking initiative has two parts. The first is a Notice of Proposed Rulemaking (NPRM) that would, if adopted, make two changes to the existing rules. The first proposed change would require filers to disclose additional information about their associates and to aggregate acquisitions in the same issuer across those entities. The second change is a new proposed rule that would exempt the acquisition of 10 percent or less of an issuer’s voting securities unless the acquiring person already has a competitively significant relationship with the issuer.

The second part of this rulemaking initiative is designed to encourage a broad conversation about changes in corporate structure and investment activity since the late 1970s and whether those changes warrant modifications in HSR rules or interpretations. What was right for 1979 when the premerger notification program began may not be right for 2020, and we want to ensure that HSR rules and interpretations keep pace with new developments so that the antitrust agencies get notice of potentially problematic deals before they occur. The Advance Notice of Public Rulemaking (ANPRM) seeks to gather information on seven topics that will help determine the path for potential future amendments to the HSR rules and interpretations of those rules. These seven topic areas were identified based on our experience with reviewing thousands of filings every year, and answering questions about HSR filing obligations—and enforcing the rules when necessary to ensure HSR compliance.

The seven topics covered by the ANPRM are:

1. Size of transaction
2. Real estate investment trusts
3. Non-corporate entities
4. Acquisitions of small amounts of voting securities
5. Influence outside the scope of voting securities
6. Transactions or devices for avoiding the HSR Act requirements
7. Issues pertaining to the HSR filing process.

The NPRM and ANPRM will soon be published in the Federal Register, and comments will be due 60 days thereafter. Understanding the breadth of topics and the significance of the proposed changes, we want to encourage a wide range of stakeholders to submit comments so that the Commission has a robust record when it considers next steps.

If you have questions, we would like to answer them, in hopes that the answers we provide will improve the quality of the feedback we receive during the comment period. Here’s how to get an answer to your question about either one of the two rulemaking initiatives.

Send your question via email to the dedicated mailbox we’ve set up to receive questions: HSRRuleReview@ftc.gov. Please indicate in the Re: line whether you are asking about the NPRM or the ANPRM.  If you have a question about the NPRM, please indicate further which topic you are writing about, the aggregation requirement or the proposed exemption. For instance, if you have a question about aggregation, please include this in the RE line: “NPRM Aggregation.” If you have a question about one of the topics in the ANPRM, please further indicate about which topic you are writing. For instance, if you have a question about the Size of Transaction, please include this in the RE line: “ANPRM Size of Transaction.”  

HSR experts from the PNO and Compliance offices within the Bureau will review the questions. Then we will host three virtual events to address the questions. We will broadcast the first event live on the FTC’s website on November 9 beginning at 1:00 pm ET and will address questions posed about the aggregation proposal in the NPRM. The second event will occur on November 10 at 1:00 pm ET and will address the proposed new exemption in the NPRM. The third will occur on November 16 at 2:00 pm ET and will address questions about the seven topics under review in the ANPRM. We will also be taking questions during the live event using the same email address. We may combine questions to try to respond to all the issues raised, especially if we receive a large number of inquiries. We expect each session to last one hour, depending on the number of questions we receive.

A link to view the Question and Answer session will be posted the morning of the event to ftc.gov.

There may be additional public events scheduled after we have received all comments. These HSR initiatives represent a major undertaking for the Commission, and we are committed to hearing from a wide range of stakeholders as the Commission considers how to “right size” the HSR rules for modern times.

Next Monday and Tuesday, November 9 and 10, we will be hosting a virtual Question and Answer session to discuss the Commission’s Hart-Scott-Rodino Rulemaking initiative.  On Monday from 1 to 2 pm, we will be discussing the proposed changes in the Notice of Proposed Rulemaking (NPRM) that would, if adopted, require filers to disclose additional information about their associates and to aggregate acquisitions in the same issuer across those entities. On Tuesday from 1 to 2 pm, we will discuss the other changes in the NPRM that would exempt the acquisition of 10 percent or less of an issuer’s voting securities unless the acquiring person already has a competitively significant relationship with the issuer.

On the following Monday, November 16, starting at 2 pm, we will host our third and final event, turning to the Advance Notice of Public Rulemaking (ANPRM).  The ANPRM initiative seeks to gather information on seven topics that will help determine the path for potential future amendments to the HSR rules and interpretations of those rules.   

You can send us a question in advance (please!) or submit them during the event to HSRRuleReview@ftc.gov.  We hope this opportunity to ask questions and get feedback from staff will improve the quality of the feedback the Commission receives during the comment periods for these rulemaking initiatives.

A link to view the Question and Answer session will be posted the morning of the event to ftc.gov.

When Congress passed the Hart-Scott-Rodino Antitrust Improvements Act of 1976, it created minimum dollar thresholds to limit the burden of premerger reporting. In 2000, it amended the HSR statute to require the annual adjustment of these thresholds based on the change in gross national product. As a result, reportability under the Act changes from year to year as the statutory thresholds adjust. The PNO fields many questions about the upcoming adjustments to the HSR thresholds from parties whose transactions may take place around the time of the revisions.

The Commission recently announced the new HSR thresholds, which will become effective on March 4, 2021. The following rules-of-thumb should help parties determine the relevant thresholds and any resulting reporting obligations that apply based on when the filing is made, when the transaction closes, and when the thresholds adjust.

Rule 1: The correct threshold for determining reportability is the one in effect at the time of closing.

The most significant threshold in determining reportability is the minimum size of transaction threshold. This is often referred to as the “$50 million (as adjusted)” threshold because it started at $50 million and is now adjusted annually. For 2021, that threshold will be $92 million. To determine reportability for a deal that will close around the time that the new threshold is effective, look to what the $50 million (as adjusted) threshold will be at the time of closing. For example, a deal valued at $93 million which will close on or after March 4, 2021, is reportable because it is above the new minimum size of transaction threshold, even though it does not exceed the current threshold of $94 million.

Rule 2: The filing fee is determined by the value of the transaction at the time of filing.

If you determine that a transaction is reportable, the filing fee should be based on the filing fee threshold that is in effect at the time of filing. Note that the filing fees themselves do not change, only the thresholds for calculating the correct fee. Here are the new filing fee thresholds, effective on March 4, 2021:

Rule 3: Notification thresholds for subsequent purchases adjust yearly, too.

The HSR Rules contain additional notification thresholds that relieve parties of the burden of making another filing every time additional voting shares of the same person are acquired. So, when HSR notification is filed, the acquiring person has one year from the end of the waiting period to cross the threshold stated in its HSR filing. Under Section 802.21, you must cross the threshold stated in the filing within one year after the end or termination of the waiting period, or you will have to file a new HSR notification in order to cross that threshold. Section 802.21 also specifies that once the filed-for waiting period ends or terminates, you can acquire up to the next threshold over the next five years without filing again.

Here’s how this works. If you file on March 1, for a $93 million voting securities acquisition that will close sometime in April 2021, you should file to cross the $92 million threshold because that is the $50 million (as adjusted) threshold in effect at the time of closing (See Rule 1). You then have one year from the end of the waiting period to cross the $92 million threshold, even though the $50 million (as adjusted) threshold may be higher next March when the thresholds adjust again.

The next relevant threshold is the “$100 million (as adjusted)” threshold (so called because it started as $100 million and is now adjusted annually). So, after the end of the waiting period for the filing to cross the $92 million threshold, you then have five years to acquire up to the next notification threshold—in this case, the $100 million (as adjusted) threshold—without an additional HSR filing. In each subsequent year of the five-year period under Section 802.21, that threshold will adjust and you always look to the revised threshold in effect at the time. The revised $100 million (as adjusted) threshold for 2021 will be $184 million, but in 2022, it will likely be higher and you would look to the higher 2022 figure for evaluating additional acquisitions at that time.

As always, contact the PNO with specific questions regarding the HSR rules.

When Congress passed the Hart-Scott-Rodino Antitrust Improvements Act of 1976, it created minimum dollar thresholds to limit the burden of premerger reporting. In 2000, it amended the HSR statute to require the annual adjustment of these thresholds based on the change in gross national product. As a result, reportability under the Act changes from year to year as the statutory thresholds adjust. The PNO fields many questions about the upcoming adjustments to the HSR thresholds from parties whose transactions may take place around the time of the revisions. The Commission recently announced the revised thresholds, which will become effective on February 23, 2022. The following rules of thumb should help parties determine the relevant thresholds and any resulting reporting obligations that apply based on when the filing is made, when the transaction closes, and when the thresholds adjust.

Rule 1: The correct threshold for determining reportability is the one in effect at the time of closing.

The most significant threshold in determining reportability is the minimum size of transaction threshold. This is often referred to as the “$50 million (as adjusted)” threshold because it started at $50 million and is now adjusted annually. For 2022, that threshold will be $101 million. To determine reportability for a deal that will close around the time that the new threshold is effective, look to what the $50 million (as adjusted) threshold will be at the time of closing.

Rule 2: The filing fee is determined by the value of the transaction at the time of filing.

If you determine that a transaction is reportable, the filing fee should be based on the filing fee threshold that is in effect at the time of filing. Note that the filing fees themselves do not change, only the thresholds for calculating the correct fee. Here are the new filing fee thresholds, effective on February 23, 2022:

Rule 3: Notification thresholds for subsequent purchases adjust yearly, too.

When HSR notification is filed, the acquiring person has one year from the end of the waiting period to cross the threshold stated in its HSR filing. Under Section 802.21, you must cross the threshold stated in the filing within one year after the end or termination of the waiting period, or you will have to file a new HSR notification in order to cross that threshold. Section 802.21 also specifies that once the filed-for waiting period ends or terminates, you can acquire up to the next threshold over the next five years without filing again.

As always, contact the PNO with specific questions regarding the HSR rules.

By any measure, this year has been extraordinary. Our litigation workload continues to expand, with eight cases in various stages of administrative or federal court litigation and three on appeal. The latest, in which a unanimous Commission authorized staff to block the merger of the two largest providers of home mortgage loan origination systems and other key lender software tools, is an enormous undertaking, involving several horizontal and vertical theories in an incredibly complex industry. Earlier this year, Bureau staff also mounted a challenge to prevent Meta from buying Within, maker of a popular virtual reality fitness app. While we did not succeed in stopping that deal, the FTC secured a federal court opinion that resurrected important theories of harm regarding the elimination of potential competition which restores an important facet of Section 7 law that has been dormant for too long.

On the conduct side, we brought our first cases relying on the Commission’s new Section 5 Policy Statement, forcing companies to give up onerous noncompete restrictions for thousands of workers.  The FTC and ten state Attorneys General also filed a federal suit charging two of the largest pesticide companies operating in the United States with using loyalty programs to maintain their monopolies and gouge farmers. That case alleges not only violations of the Sherman Act, but also violations of Section 5 of the FTC Act and Section 3 of the Clayton Act.

But these cases are just the tip of the iceberg. The Bureau is busy investigating many more mergers and suspect business practices. We are broadening the lens, considering how to use the antitrust laws to protect all market participants, including workers and farmers. We are looking to all the laws that the FTC enforces, including the Robinson-Patman Act, which protects small businesses from abusive price discrimination and commercial bribery. It is an exciting moment to be at the FTC, and it has been the highlight of my career to lead the Bureau during this time.

At this year’s annual Spring Meeting, I also took the opportunity to remind antitrust practitioners of some basic principles of Hart-Scott-Rodino compliance. Parties need to take seriously their obligation to collect and submit the information required by the HSR Act and Rules, and to appreciate the consequences when they fail to do so. Here are some reminders.

Submit all 4(c) documents, period full-stop. Parties are obligated to conduct a thorough search of transaction-related documents prepared by or for any officer or director and to submit all of those that are called for by Item 4(c) and 4(d) of the HSR Form. These documents are critical to staff’s review of the HSR filing because they contain the company’s evaluation or analysis of the proposed deal on topics that are core to the competition analysis: market shares, competition, competitors, markets, and the potential for sales growth or expansion. These key decision documents are often the only source of non-public assessments of the proposed transaction’s potential competitive impact and may reveal the rationale of officers and directors who authorized the deal to go forward.

If we discover, for instance in a Second Request production, that there is a 4(c) document that was not submitted with the HSR filing, the PNO can bounce the original filing if the waiting period has not expired. This is true even if the agency has issued Second Requests: if the newly revealed 4(c) document changes the scope of the agency’s investigation, the PNO may require a new filing and the agency may issue a new Second Request. 

There are also consequences if we discover the 4(c) document after the waiting period has expired, for example when it is submitted with an HSR filing on another deal.  In some cases, the PNO will require a corrective filing for the original deal, and the violation of the HSR requirements could also lead to an enforcement action to impose civil penalties. Those penalties can be significant, as the Bureau is committed to vigorously enforcing the HSR Rules. Furthermore, if the omission caused the Agencies to not take action to stop a merger, we can still seek to undo the illegal transaction.

Consider if changes in the merger agreement require a new filing. During an investigation, material changes to the terms and scope of a transaction may alter the proposed transaction so much that it is no longer the one the parties intend to consummate.  If there are material changes in the terms of the proposed transaction before the HSR waiting period has expired, the parties should contact the PNO to discuss whether a new filing is required. After consulting with agency staff reviewing the HSR filing, the PNO may require parties to amend their original filing and submit updated deal documents as well as a new certification. If the changes are significant enough, the PNO may require a new filing with all new information and documents (including a refresh on Item 4 documents), which would trigger a new waiting period. 

An HSR filing cannot be made on a hypothetical deal. The PNO receives thousands of filings every year and sometimes it is important to remind the antitrust bar of some very basic principles of HSR compliance. For instance, the HSR Rules do not permit filing on hypothetical deals. This has been true from the beginning of the premerger program. Here is what the Commission said back in 1978: “because of the time and resource constraints on agency staff, the Agencies should not expend resources to review transactions so lacking in specifics that they could be considered merely hypothetical.” (43 Fed. Reg. 33,450 at 510-511). That means that for transactions in which a definitive agreement has not yet been executed, there must be an agreement in principle or letter of intent executed by the parties. A mere indication of interest or a document that is no more than an agreement to file HSR and wait to see what the Agencies do is not sufficient. The certification requirement is meant to ensure that the parties each have a good faith intent to consummate the transaction they describe.  That deal may change (see Point #2 above), but when the filing is made, the transaction needs to be one that the Agencies can actually review for potential competitive problems.

The FTC’s first law enforcement action related to the revised Endorsement Guides offers compliance insights for marketers.  In a proposed settlement with Reverb Communications, Inc., the FTC alleged that employees of a public relations agency hired by game developers posed as consumers and posted reviews on Apple’s iTunes store without disclosing that the reviews came from people working on behalf of the developers.

According to the FTC, in addition to giving their clients’ game apps high ratings, Reverb employees posted comments like "Amazing new game," "ONE of the BEST," "[Company] hits another home run with [product name]," "Really Cool Game" "GREAT, family-friendly board game app," "One of the best apps just got better" and "[Company] does it again!" They didn’t disclose that the company was hired to promote the games and that it often got a percentage of the sales. The FTC alleged that these facts would have been relevant to consumers who were evaluating the reviews and deciding whether to buy the apps.

The FTC’s proposed settlement, which names both the company and its owner, requires the company to take down the deceptive endorsements, and bans similar misrepresentations in the future.  Looking for more information?  Read The FTC’s Revised Endorsement Guides: What People are Asking or watch this video.

As a recent FTC action against three companies and their owner proves, ads promising quick and easy relief from credit card debt are likely to attract law enforcement attention. But this case featured an interesting twist because what the company really was up to was generating leads it turned around and sold to other companies.

According to the FTC’s lawsuit against Media Innovation, Hermosa Group, Financial Future Network, and Jonathan Greenberg, the Rockville, Maryland, companies advertised debt settlement services through English and Spanish radio and television ads that ran nationally. The ads featured a laundry list of questionable claims:

► Find out today how quickly and easily you can eliminate your debt.

► Let the professionals at the Financial Future Network help, and enjoy the freedom of debt-free living.

► It's quick! It’s easy!

► It’s simple, secure and proven.

► Legally reduce your debt. Lower your monthly payments.

One TV ad featured a bar chart that shows a consumer’s debt shrinking from "thousands" to "hundreds" with the words "You Pay Less!" or "You Pay LESS with Hermosa!" on the screen.

So when people called the advertised toll-free number, did the companies provide debt settlement services or sign them up in a debt settlement program? Nope. Instead, callers were immediately routed as "leads" to other companies that paid the defendants between $50 and $65 per name and phone number. About 80% of the leads generated by the ads were sold to an unrelated outfit that, in turn, referred the leads to other debt settlement companies or law firms.

According to the FTC’s complaint, the defendants didn’t provide debt settlement services and didn’t have proof to back up their claims that they — or any other company — could substantially reduce or eliminate customers’ debts or achieve these results quickly. The FTC also charged that the defendants didn’t have substantiation that the companies that ultimately got the leads delivered the promised results.

The upshot from the settlement: $500,000 disgorgement, an $8.5 million suspended judgment, tough injunctive provisions, and a lifetime ban against defendant Greenberg from any involvement in the debt relief services industry.

An important P.S. for people in the debt relief industry: The FTC recently amended the Telemarketing Sales Rule mandating key disclosures to customers and making it illegal to collect fees before delivering promised debt relief services. Although the actions in this case predated the amendment, the new rule is in full force now. To find out more, read Debt Relief Services & the Telemarketing Sales Rule: A Guide for Business and Debt Relief Services & the Telemarketing Sales Rule: What People Are Asking or watch this video.

There are some combinations that raise immediate compliance issues for responsible businesses — and kids’ privacy and mobile applications are among them.   A settlement announced by the FTC — the agency’s first involving a mobile app — sends the important message that consumer protection laws and rules apply with full force in the mobile marketplace.

W3 Innovations, which does business as Broken Thumbs Apps, develops and distributes mobile apps.   Several of their apps, including the Emily’s Girl World, Emily’s Dress Up & Shop, and Emily’s Runway High Fashion apps, were directed to children and were marketed in the Games-Kids section of Apple’s App Store.  The Emily apps, which had more than 50,000 downloads, allow kids to play games, create virtual models, and design outfits. The apps encouraged them to email Emily’s Blog with shouts-outs to friends or requests for advice.

The Children’s Online Privacy Protection Rule requires parental notice and consent before companies collect kids’ personal info online, whether through a website or a mobile app.  According to the FTC, W3 Innovations collected and maintained thousands of e-mail addresses from users of the Emily apps without giving notice of their information collection practices and without getting verifiable parental consent. That, says the FTC, violated the COPPA Rule.

In addition to a $50,000 civil penalty, the settlement — which names both the company and its president — bars future COPPA violations and requires them to delete all kids’ personal information collected in violation of the Rule.

Today the FTC also released Living Life Online, a resource for children with short articles, activities, quizzes, and an ask-the-expert column.  Being online is part of kids’ lives. Living Life Online helps them be better digital citizens. Share it with your children or with parents of kids wrestling with topics ranging from cyberbullying to cell phone bill shock.  Order free copies from the FTC’s bulk order page.

Businesses are understandably concerned about the threat that hackers pose to the security of sensitive data on their networks. But a closing letter the FTC staff sent to Morgan Stanley Smith Barney LLC warns of another danger lurking closer to home.

The FTC staff investigated the allegation that a Morgan Stanley employee had misappropriated information about the company’s wealth management clients. How did the person do it? By allegedly transferring data from Morgan Stanley’s network to a personal website accessed at work, and then onto personal devices. The exported data later showed up on other sites, leaving the information vulnerable to misuse – and exposing Morgan Stanley’s clients to potential harm.

The letter lists the staff’s reasons for closing the investigation, including the fact that Morgan Stanley had already implemented policies designed to protect against insider theft of personal information. What protections did the company have in place?  For example, it had a policy limiting employee access to sensitive customer data without a legitimate business need, it monitored the size and frequency of data transfers by employees, it prohibited employee use of flash drives or other devices to download data, and it blocked access to certain high-risk apps and sites. 

But in this instance, the investigation determined that the Morgan Stanley employee was able to get certain client information because the access controls for a narrow set of reports were improperly configured. However, once the problem came to light, the company moved quickly to fix it.

As with most letters like this, the decision to close the investigation shouldn’t be taken to mean that staff thought the law had – or hadn’t – been violated. The letter also notes, “The Commission reserves the right to take such further action as the public interest may require.”

Chances are you’re reading this while connected to a network with similarly sensitive information. What can other companies learn from the Morgan Stanley episode?

An ounce of prevention is worth a pound of breach. While you’re safeguarding your network from outside threats, think through any places where your system could be porous internally. Consider how confidential information moves through your company and then retrace its steps from the perspective of a rogue staffer. Shore up any weak spots in your defenses.

Limit access to confidential material to employees with a legitimate business reason.  At a concert, backstage passes are reserved for a select few. Implement a similar policy when it comes to sensitive information in your company’s possession. Not every staff member needs instant access to every piece of confidential data.

Data security is an ongoing process. Savvy companies adjust their practices in light of current risks and changing technologies. As employees increasingly use personal sites and apps, deploy appropriate controls to address the potential risks of broad access on work devices.

We often get the question, “If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?”  From the perspective of the staff of the Federal Trade Commission, NIST’s Cybersecurity Framework is consistent with the process-based approach that the FTC has followed since the late 1990s, the 60+ law enforcement actions the FTC has brought to date, and the agency’s educational messages to companies, including its recent Start with Security guidance.  First, a little background.

How did the Cybersecurity Framework come about?

In February 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called on the Department of Commerce’s National Institute of Standards and Technology (NIST) to develop a voluntary risk-based Cybersecurity Framework for the nation’s critical infrastructure—that is, a set of industry standards and best practices to help organizations identify, assess, and manage cybersecurity risks.  NIST issued the resulting Framework in February 2014. 

What is the Cybersecurity Framework?

The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices.  The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO). 

The Framework terms this compilation of practices as the “Core.”  This Core is composed of five concurrent and continuous functions—Identify, Protect, Detect, Respond, and Recover—that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk.  Each function is further divided into categories tied to programmatic needs and particular activities.  In addition, each category is broken down into subcategories that point to informative references.  Those references cite specific sections of standards, guidelines, and practices that illustrate a method to achieve the outcomes associated with each subcategory.

The five functions signify the key elements of effective cybersecurity.  Identify helps organizations gain an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities.  Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats.  Detect are the steps organizations should consider taking to provide proactive and real-time alerts of cybersecurity-related events.  Respond helps organizations develop effective incident response activities.  And Recover is the development of continuity plans so organizations can maintain resilience—and get back to business—after a breach.

The Framework breaks down each of these functions into additional categories and then provides helpful guidance.  For example, as the chart above shows, the Identify function has five categories:  Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.  Under Governance, one of the four subcategories is that an organization should establish an organizational security policy.  The subcategory points organizations to standards such as COBIT, ISA, ISO/IEC, and NIST SP 800-53 Rev. 4 for information on how to implement a policy. 

As the Framework recognizes, there’s no one-size-fits-all approach to managing cybersecurity risk.  Because organizations have unique risks—different threats, different vulnerabilities, different risk tolerances—their approaches to risk management will vary.  But that’s the benefit of the Framework:  It’s not a checklist, but rather a compilation of industry-leading cybersecurity practices that organizations should consider in building their own cybersecurity programs.  For most organizations, critical infrastructure or not, the Framework may be well worth using solely for its stated goal of improving risk-based security.  But it also can deliver additional benefits—for example, encouraging effective collaboration and communication with company executives and industry organizations.  That’s because the Core provides a common language regarding cybersecurity issues that can help facilitate important discussions between an organization’s IT staff and its business people, some of whom may tune out when they hear technical terminology.

How does the Framework relate to the FTC’s work on data security?

As the nation’s consumer protection agency, the FTC is committed to protecting consumer privacy and promoting data security in the private sector.  The FTC has undertaken substantial efforts for well over a decade to promote data security in the private sector through civil law enforcement, business outreach and consumer education, policy initiatives, and recommendations to Congress to enact legislation in this area.  Section 5 of the FTC Act is the primary enforcement tool that the FTC relies on to prevent deceptive and unfair business practices in the area of data security.  Since 2001, the FTC has settled some 60 cases against companies the FTC alleges failed to provide reasonable protections for consumers’ personal information. 

From the outset, the FTC has recognized that there is no such thing as perfect security, and that security is a continuing process of detecting risks and adjusting one’s security program and defenses.  For that reason, the touchstone of the FTC’s approach to data security has been reasonableness—that is, a company’s data security measures must be reasonable in light of the volume and sensitivity of information the company holds, the size and complexity of the company’s operations, the cost of the tools that are available to address vulnerabilities, and other factors.  Moreover, the FTC’s cases focus on whether the company has undertaken a reasonable process to secure data. 

With that bit of background on the FTC’s data security program, let’s get back to the question, “If I comply with the Framework, am I complying with what the FTC requires?”  The Framework is not, and isn’t intended to be, a standard or checklist.  It’s meant to be used by an organization to determine its current cybersecurity capabilities, set individual goals, and establish a plan for improving and maintaining a cybersecurity program, but it doesn’t include specific requirements or elements.  In this respect, there’s really no such thing as “complying with the Framework.”  Instead, it’s important to remember that the Framework is about risk assessment and mitigation.  In this regard, the Framework and the FTC’s approach are fully consistent:  The types of things the Framework calls for organizations to evaluate are the types of things the FTC has been evaluating for years in its Section 5 enforcement to determine whether a company’s data security and its processes are reasonable.  By identifying different risk management practices and defining different levels of implementation, the NIST Framework takes a similar approach to the FTC’s long-standing Section 5 enforcement. 

Indeed, the alleged lapses the FTC has challenged through its law enforcement actions correspond well with the Framework’s five Core functions.  Let’s review each of the Framework’s functions more fully.

Identify.  The purpose of the Identify function is to develop an understanding of cybersecurity risks to systems, assets, data, and capabilities, which in turn helps organizations focus and prioritize their security efforts, consistent with their risk management strategy and business needs.

The FTC has brought a number of cases alleging that companies had failed to take appropriate action to assess security risks and develop plans to address them.  These same types of activities fall within the Framework’s Identify function.  For example, in the complaints against CVS Caremark Corporation and Petco Animal Supplies, Inc., the FTC alleged that those companies failed to implement policies and procedures to safeguard consumers’ information.  These allegations align with the Framework’s guidance on establishing an organizational information security policy.

Likewise, in the complaints against HTC America, Inc. and TRENDnet, Inc., the FTC alleged that the companies did not have a process for receiving, addressing, or monitoring reports about security vulnerabilities.  These allegations are consistent with the Framework’s guidance that companies should consider having a method for receiving threat and vulnerability information from information-sharing forums and sources. 

Ultimately, much like the Framework’s Identify function, the FTC’s cases have sought to ensure that companies are taking reasonable steps to identify vulnerabilities and threats to determine the risk to consumers’ personal information.

Protect.  The Framework’s Protect function provides guidance to help organizations develop and implement appropriate safeguards to ensure the delivery of critical services and to limit or contain the impact of a cybersecurity event.  This includes limiting access to assets and facilities, raising employees’ awareness and providing training, managing consumers’ information consistent with the organization’s risk strategy, maintaining security policies and information security components, and using technical security solutions to secure systems and assets.

Many FTC cases highlight companies’ alleged failures to implement reasonable data security practices that the Framework emphasizes under the Protect function.  For example, in its action against Twitter, Inc., the FTC alleged that the company gave almost all of its employees administrative control over Twitter’s system.  According to the FTC’s complaint, by providing administrative access to so many employees, Twitter increased the risk that a compromise of any of its employees’ credentials could result in a serious breach.  This principle comports with the Framework’s guidance about managing access permissions, incorporating the principles of least privilege and separation of duties.   

The FTC’s cases against Accretive Health, Inc. and Cbr Systems, Inc. also comport with the Framework’s guidance relating to protecting data-in-transit and formally managing assets throughout removal, transfers, and disposition.  In Accretive, the FTC alleged that an employee transported a laptop with personal information in a manner that made it vulnerable to theft or other misappropriation.  Likewise, in Cbr Systems, the FTC alleged that the company created unnecessary risks to personal information by transporting portable media with personal information in a manner that made it susceptible to theft or misappropriation.  In both cases, the laptops and the portable media were stolen, unnecessarily exposing thousands of people’s personal information.  These cases demonstrate why companies should have reasonable security policies for when data is in transit or being transferred.

As shown, many of the FTC’s cases involve companies’ failures to develop and implement reasonable safeguards to protect consumers’ information—measures that also would fall under the Framework’s Protect function.   

Detect.  The Framework’s Detect function delineates various steps that organizations could take to develop and implement appropriate methods to identify the occurrence of a cybersecurity event in a timely manner.  This includes monitoring information systems and assets at discrete intervals, and maintaining and testing detection processes and procedures to ensure timely and adequate awareness of anomalous events. 

The FTC has brought several cases that highlight why it’s important to have processes in place to detect intrusions.  For example, in its action against Dave & Buster’s, Inc., the FTC alleged that the company didn’t use an intrusion detection system and didn’t monitor system logs for suspicious activity.  Likewise, in Franklin’s Budget Car Sales, Inc., the FTC alleged that the company didn’t inspect outgoing Internet transmissions to identify unauthorized disclosures of personal information.  Had these companies used tools to monitor activity on their networks, they could have reduced the risk of a data compromise or its breadth.  Their alleged deficiencies also didn’t comport with the Framework’s guidance within the Detect function about monitoring networks for potential cybersecurity events or for unauthorized personnel, connections, devices, and software. 

Respond.  The Framework’s Respond function provides guidance on how to develop and implement appropriate actions in response to a detected cybersecurity event to effectively contain its impact.  This can include executing and maintaining response processes and procedures, coordinating with internal and external stakeholders, conducting analysis to ensure adequate response, containing and mitigating incidents, and incorporating lessons learned. 

Many of the FTC’s cases have challenged companies’ failures to execute and maintain reasonable response processes and procedures.  For example, in its case against Wyndham Worldwide Corporation, the FTC alleged that the company failed to follow proper incident response procedures, including failing to monitor its computer network for malware used in a previous intrusion.  As a result of this and other failures, the FTC alleged that intruders were able to gain access to the company’s computer network on three separate occasions in a 21-month period, leading to the compromise of more than 619,000 payment card account numbers and more than $10.6 million in fraud loss.

The FTC’s case against ASUSTeK Computer, Inc., demonstrates why it is important for companies to voluntarily share information with external stakeholders to achieve broader awareness of cybersecurity threats—guidance echoed by the Framework.  According to the complaint, ASUSTeK learned of a variety of vulnerabilities affecting its routers.  Despite this knowledge, ASUSTeK failed to provide adequate notice to consumers about these security risks, the steps consumers could have taken to mitigate them, and the availability of software updates that would correct or mitigate the vulnerabilities.  As a result, hackers located consumers’ routers and exploited the vulnerabilities to gain unauthorized access to over 12,900 connected storage devices.

Several of the FTC’s cases have sought to ensure that companies not only detect breaches, but also take appropriate steps when a breach happens.  This means that companies should contain events and communicate their occurrence with the appropriate parties.  The Framework’s Respond function has a similar goal. 

Recover.  The Framework’s Recover function outlines steps organizations could take to develop, implement, and maintain plans for resilience and to restore capabilities or services that were impaired due to a cybersecurity event.  It includes incorporating lessons learned into future activities, and coordinating with internal and external parties. 

The Recover function supports a return to normal operations after a cybersecurity event.  FTC orders demonstrate the importance of this function, emphasizing how consumer interests should factor into a company’s recovery plan.  For example, in Oracle Corporation, the order required the company to provide broad notice to its users about the settlement and how to address Java vulnerabilities.  Under the terms of the order, Oracle reached out to users not only through its website and social media, but also by working with external parties, such as antivirus vendors and browsers.  This is consistent with the Framework’s guidance under the Recover function that organizations should consider communicating recovery activities with internal and external parties, including coordinating centers, Internet Service Providers, victims, and vendors. 

How can a company use the Framework and the FTC’s Start with Security guidance?

The Framework’s five Core functions can serve as a model for companies of all sizes to conduct risk assessments and mitigation, and can be used by companies to:  (1) establish or improve a data security program; (2) review current data security practices; or (3) communicate data security requirements with stakeholders.  And as the FTC’s enforcement actions show, companies could have better protected consumers’ information if they had followed fundamental security practices like those highlighted in the Framework.

In addition, given that the FTC’s enforcement actions align well with the Framework’s Core functions, companies should review the FTC’s publication, Start with Security, which summarizes lessons learned from the FTC’s data security cases and provides practical guidance to reduce cybersecurity risks.  Applying the risk management approach presented in the Framework with a reasonable level of rigor—as companies should do—and applying the FTC’s Start with Security guidance will raise the cybersecurity bar of the nation as a whole and lead to more robust protection of consumers’ data.

Note: video added to this blog on 3/13/2017

Dads and Moms want what’s best for their babies, so some companies feature adjectives like “organic” or “natural” in ads for infant gear. Those are among the terms Illinois-based Moonlight Slumber used to sell its baby mattresses online and at some of the nation’s biggest retailers. But according to an FTC complaint, when it came to backing its mattress claims with proper support, the company was asleep at the switch.

In ads for its Starlight Simplicity and Little Star mattresses, Moonlight Slumber described the products as “organic” and “a safe, organic alternative to traditional crib mattresses” with a “Natural Latex Core.” The company said other mattresses it sold were made from “BabySafe Natural Materials,” including “eco-friendly plant-based foam.” The company also claimed that testing proved “there are no VOCs (Volatile Organic Compounds, commonly known as ‘Off Gassing’).”

And Moonlight Slumber suggested that parents didn’t have to just take their word for it. According to a logo the company prominently displayed, its products had the “Green Safety Shield.”

Organic and natural? Won’t emit VOCs? Proven by testing? Bearing the Green Safety Shield? On a parent’s shopping list, that’s a check, check, check, and check. But according to the FTC, those claims were deceptive, deceptive, deceptive, and deceptive.

The complaint alleges that a substantial majority of the content in the Starlight Simplicity and Little Star mattresses wasn’t organic. The cores and fire barriers contained no organic content at all and the cotton cover was 70% non-organic. In fact, according to the FTC, the only purely organic content was the mattress ribbon, a minor decorative component.

What’s more, most of the company’s mattress cores were made wholly or primarily of polyurethane, a non-natural material made from isocyanates and polyols derived from petrochemicals. Despite Moonlight Slumber’s ad claims, the latex core for the Little Star mattress was synthetic, not natural – and six other mattress styles contained little or no plant-based material. The FTC also alleges that the company didn’t have sound science to support the claim that its products didn’t emit substances like VOCs. What about Moonlight Slumber’s representation that it had testing to back up that promise? False, says the FTC.

And who bestowed the “Green Safety Shield” on Moonlight Slumber? The company awarded the seal to itself.

The proposed order prohibits a host of misrepresentations about whether a product is organic, natural, plant-based, emissions-free, or VOC-free. It also requires appropriate proof for testing claims and for representations about other environmental and health benefits. In addition, the order nixes misleading certifications and requires the company to clearly disclose when it has a material connection to an endorser. The FTC is accepting public comments about the proposed settlement until October 30, 2017.

For companies that want to rest easy about their substantiation obligations, the case offers two take-aways.

Consumers won’t take deceptive organic claims lying down. Advertisers must substantiate their organic claims. The U.S. Department of Agriculture’s National Organic Program develops standards for organically-produced agricultural products. For other product categories not covered by the National Organic Program, long-standing FTC substantiation principles apply. Advertisers must have a reasonable basis for claiming that their non-agricultural products – for example, mattresses – are “organic.” FTC and USDA staff, along with various stakeholders, discussed these issues at an October 2016 roundtable on consumer perception of organic claims.

It’s risky to sign, seal, and deliver your own seals. Duck-lipped mirror shots used to be our least favorite form of selfie, but we have a new cellar dweller: seals or certifications that companies award themselves without clearly explaining that to consumers. As the FTC’s Green Guides and dozens of law enforcement actions establish, misleading certifications raise particular concerns when they appear to give an independent authoritative A-OK for health, safety, or environmental claims that consumers can’t evaluate for themselves. If your ad features seals or certifications of your own designation, make that abundantly clear to consumers.

The FTC’s complaint against Bronx Honda alleges the company jacked up what consumers had to pay by fabricating fees, inflating charges, and sneaking in stealth add-ons. The lawsuit also alleges the defendants discriminated against African-American and Hispanic consumers by charging them higher financing markups and fees, in violation of the Equal Credit Opportunity Act and Reg B. The $1.5 million proposed settlement, which requires the company to implement a fair lending program that safeguards against discrimination, should serve as a reminder to other businesses that may be overdue for an ECOA compliance check.

The FTC says the company’s deceptive advertising claims were just the start. According to the complaint, Bronx Honda advertised some vehicles with a “Was” price and a lower “Now” price. But in many instances, sales reps told consumers the “Now” price was in error and they’d have to pay more. In addition, the FTC says in numerous instances, the defendants falsely told consumers they had to pay bogus extra fees to buy or finance “Certified Pre-Owned Hondas.” In fact, Certified Pre-Owned Hondas are covered by the manufacturer’s seven-year, 100,000-mile warranty and American Honda Motor Corporation doesn’t allow dealerships to charge a separate fee for the warranty. The FTC says Bronx Honda also charged some consumers thousands more for “dealer prep,” “shop,” or “reconditioning” fees for Certified Pre-Owned Hondas, even though according to American Honda, that designation means the dealership has already “recondition[ed] any component that does not meet [the manufacturer’s] standards.”

According to the complaint, Bronx Honda also overcharged consumers by dinging them for as much as $695 in documentation fees, an amount limited by New York law to no more than $75. In addition, the lawsuit alleges the defendants often gave consumers one figure for the agreed-upon total, but then inflated the price without the buyer’s knowledge in other documents – a practice Bronx Honda employees called “air money.”

To cite just one example from the complaint, the FTC said Bronx Honda advertised a 2014 Certified Pre-Owned Honda CR-V Touring AWD for $28,354, but then piled on – among other things – a $1,995 “certification fee,” a $350 document processing fee, a $493 prep fee, and a $795 shop fee, purportedly for “brakes” and “repairs,” even though repairs to brakes and other components are performed as part of the manufacturer’s certification. You’ll also want to read the complaint to see how the FTC alleges the defendants violated the Truth in Lending Act and Reg Z by failing to clearly disclose required credit information and the annual percentage rate.

Moving to the ECOA allegations, the FTC says Bronx Honda singled out African-American and Hispanic consumers for particularly pernicious practices by directing its employees to charge them higher interest rates and inflated fees. For example, the defendants arranged financing through third-party financing companies that provided Bronx Honda with a specific “buy rate,” a risk-based finance charge that reflected the interest rate at which the entity would finance a retail installment contract from the dealer. But according to the FTC, Bronx Honda had a discretionary pricing policy that allowed sales people to mark up interest rates and fees for consumers who financed their vehicles. Unlike the buy rate, that markup wasn’t based on the underwriting risk or credit characteristics of the applicant. Combine that practice with Bronx Honda’s alleged instructions to sales personnel to charge African-American and Hispanic consumers higher markups and additional fees – conduct the FTC says the defendants told their employees not to try with non-Hispanic white customers – and you’ll see why the complaint charges the defendants with violating the ECOA. 

What did that mean in dollars and cents for African-American and Hispanic consumers? According to the complaint, among thousands of consumers who received financing through Bronx Honda, the defendants charged the average African-American borrower approximately $163 more in interest and the average Hispanic borrower approximately $211 more in interest than similarly situated non-Hispanic white borrowers. What’s more, African-American and Hispanic borrowers received the maximum markup 50% more often than non-Hispanic white borrowers. Non-Hispanic white borrowers did not receive a markup – or received a contract rate below the buy rate – about twice as often as African-American or Hispanic borrowers.

What was in it for Bronx Honda? The financing company compensated Bronx Honda from the increased interest revenue derived from the markup, a percentage of which the dealership passed on to its employees.

In addition to the $1.5 million financial judgment and injunctive provisions designed to remedy the violations alleged in the complaint, the Fair Lending Program required by the proposed settlement is worth a read. Under the terms of the order – which applies to defendants Bronx Honda and General Manager Carlo Fittanto – they must designate a qualified senior manager to be responsible for the program and mandate employee training at least once a year. In addition, the defendants must put written guidelines in place to establish objective, non-discriminatory criteria for assessing (or not assessing) fees and charges. What’s more, the settlement mandates specific provisions in retail installment sales contracts, including that the interest rate may be no higher than 185 basis points above the “buy rate,” and that any deviation below this markup be for only a few specific, documented reasons. And the defendants must promptly terminate any employee who engages in discriminatory conduct, violates the terms of the fair lending program, or violates other injunctive provisions of the order.




 

Small businesses are a critical part of the U.S. economy, providing opportunity and employment to consumers across the country. Unfortunately, the current health crisis has brought financial strain to small businesses and their ability to secure the financing they need to survive. So now more than ever, struggling businesses and their owners need protection from deceptive and unfair practices. And the FTC is working swiftly to provide it.

Since the onset of the pandemic, we have taken enforcement actions and used other tools to stop financing providers and their marketers from targeting businesses with unlawful conduct. For example, today we announced a lawsuit against Yellowstone Capital, a merchant cash advance provider that we allege took unauthorized withdrawals from consumers’ bank accounts and made false claims about collateral, personal guarantees, and the cash amounts it provides.

In recent months, we also have filed actions against two other operations targeting small businesses with alleged FTC Act violations: RCG Advances and Ponte Investments LLC (doing business as “SBA Loan Program”). Additionally, the FTC and Small Business Administration sent joint warning letters to advertisers for potentially misleading claims about their purported affiliation with the federal government or emergency loan programs created to protect businesses during the pandemic.

The FTC’s enforcement efforts, as well as our 2019 Strictly Business forum on small business financing, offer some key takeaways for financing providers and the companies that work with them:

Like other consumers, small businesses are protected under the FTC Act.  The FTC Act gives the agency broad authority to stop deceptive and unfair practices by companies involved in every step of the financing process, including lenders and finance providers, as well as marketers, independent sales organizations (ISOs), brokers, lead generators, servicers, and debt collectors.

Don’t deceive consumers about the features or obligations of your financing products.  Our recent actions against Yellowstone and RCG allege that these merchant cash advance providers misrepresented key aspect of their products, including the funding amounts consumers would receive and requirements that small businesses provide collateral and personal guarantees. Similarly, you can’t make misleading claims about other important terms – like cost and payment amounts.

Don’t mislead consumers about who you are or your association with government relief programs.  As is often the case when new government programs are rolled out, during the current crisis some marketers have deceptively touted their connection to these programs. Our pending action against the company doing business as SBA Loan Program alleges the defendants deceived small business consumers about their affiliation with the Small Business Administration and their authority to make Paycheck Protection Program (PPP) loans. Recent FTC-SBA warning letters raise similar concerns.

Police your marketers and other agents.  Simply relying on intermediaries like ISOs, lead generators, brokers, servicers or debt collectors to market or service your products won’t shield you from liability. Instead, take steps to ensure your agents don’t engage in deception or other unlawful conduct. Vet them carefully, build compliance standards into your contracts, monitor their actions for warning signs of trouble (for example, consumer complaints), audit them, and enforce those contractual standards. The FTC’s action against CEC is a case in point. In an action against the operator of postsecondary schools, we pursued not only the schools for their direct role in marketing, but also for their alleged violations of the FTC Act resulting from the illegal conduct of lead generators who – for example – falsely claimed to be affiliated with the U.S. military.

Ensure that you and your servicers avoid unlawful servicing practices.  The FTC Act’s protections aren’t limited to marketing. They extend across the full life cycle of a financing product – including repayment and collections. So, for example, the law would prohibit a company from failing to honor its promises that customers can lower or cease payments as a result of reduced revenue or a health-related shutdown. Additionally, the FTC Act prohibits unfair practices, like taking unauthorized payments from consumers’ bank accounts – something we’ve alleged happened in both Yellowstone and RCG.

Don’t initiate collection actions or seek harsh remedies – for example, confessions of judgment (COJs) – against small business owners who are honoring their obligations.  For example, in RCG, we allege that a finance provider filed COJs against consumers who didn’t breach their agreements or default. Given the severe consequences of COJs, the FTC is watching closely to ensure they are not used deceptively or unfairly.

When collecting outstanding payments or debts, never make false or egregious threats.  You and your collectors should avoid the types of conduct the FTC has alleged to be unlawful in our many debt collection cases, like collecting amounts consumers don’t owe, making false threats of arrest or other severe consequences, harassing consumers with continuous calls, or using abusive language or threats of violence (as we allege occurred in RCG).

Report potentially unlawful conduct to the FTC.  If you see finance providers, marketers, or others in the industry cross the lines we’ve outlined, report it to the FTC. Similarly, if you have customers who say other providers have targeted them with deceptive or unfair conduct, encourage them to report their experience to us online or call us at 1-877-FTC-HELP.
 

For people dealing with student loan debt – your employees, a family member, or maybe you – the CARES Act gives emergency grants to qualifying borrowers. But like other financial assistance programs, consumers need to know key details up front. As part of its ongoing effort to monitor the marketplace for questionable claims arising from the COVID pandemic, FTC staff just sent a warning letter to New York-based Frank Financial Aid, raising concerns about representations regarding CARES Act grants, as well as a cash advance product the company is advertising.

What has FTC staff concerned? Some potentially misleading claims on Frank’s website. One fundamental fact to keep in mind is that for assistance through the Department of Education’s Higher Education Emergency Relief Fund created by the CARES Act, the Department has made it clear that each school has its own unique application process and “decides the criteria for qualified students to receive a grant, the grant amount, and how and when the grant will be disbursed (paid out) to students” – which raises the issue of what Frank has claimed.

• Frank has said consumers may “apply in 2 minutes for your student emergency grant” through the company’s site and that “Frank emails you everything you need to send to your school.” But according to the FTC, the letters Frank creates aren’t tailored to the application process and documentation requirements of each school.
• Frank has said that to be eligible for emergency relief, students and/or their parents must have experienced one or more of four identified criteria since March 1, 2020 (for example, a firing or furlough). But again, each school determines its own grant eligibility criteria.
• In addition, Frank has said that consumers who get a cash advance through the company (which is separate from any CARES Act relief) can “[p]ay it back when your financial aid comes in.” However, in the fine print is the statement that consumers are required to pay back Frank’s cash advance “61 days after the date of disbursement.” Furthermore, despite claims on its website that consumers can get cash advances of up to $5,000 on their student loans with “No interest, no fees – ever,” the company actually charges a fee of $19.90 per month.

The warning letter advises Frank to take a look at its advertising and marketing – including websites, social media, email, telemarketing, and texts – to ensure the company is complying with the FTC Act’s prohibition on unfair or deceptive acts or practices. The letter also suggests a careful look at disclosures required by the Truth in Lending Act. FTC staff has directed the company to get back to us promptly with the specific actions it has taken to address these concerns.

The message for other marketers is that the pandemic in no way changes established consumer protection principles. That’s why FTC staff is keeping a careful watch on companies’ claims.

Looking for information about dealing with student debt during the pandemic? The Department of Education has information for borrowers. Also, check out FTC consumer resources for addressing the financial impact of the coronavirus.

 
 

The pandemic is still taking a toll on your customers, your employees – and your business. The new American Rescue Plan, just signed into law, gets the ball rolling to help out on many people’s financial well-being. Payments will soon be coming by direct deposit, checks, or a debit card to people eligible for the payment. You can learn more about who’s eligible, and the timing, at IRS.gov/coronavirus. Share that link with your staff to help keep them informed. But let me tell you what will NOT happen, so you can spot and avoid the scammers who are right now crawling out from under their rocks.

1. The government will never ask you to pay anything up front to get this money. That’s a scam. Every time.
2. The government will not call/text/email/DM you to ask for your Social Security, bank account, or credit card number. Anyone who does is a scammer.
3. Nobody legit will ever — EVER — tell you to pay by gift card, cryptocurrency, or wire transfer through companies like Western Union or MoneyGram. You know who will tell you to pay like that? A scammer.

Also, let your HR staff know that the new law also has some language about health insurance, temporarily increasing subsidies for newly laid-off people and for many people buying their own health insurance through the Affordable Care Act (ACA). Please re-read #1-3, above, because they apply here, too. Nobody legitimate will ever call, text, email, or message you out of the blue about getting or keeping health insurance coverage, or to demand payment or your account numbers. That will always be a scam.

If you spot one of these scams, please tell the Federal Trade Commission at ReportFraud.ftc.gov. We’re doing our best to stop these scammers in their tracks, and your report will help.

Meanwhile, check out this video from Acting Chairwoman Slaughter for tips on avoiding economic impact payment scams.