Security & Fraud

Upromise Fined $500,000 By FTC For Violating Data Collection, Usage

Upromise, a membership reward service, was fined $500,000 by the Federal Trade Commission (FTC) to settle allegations it violated a FTC rule that requires companies to disclose their data collection and usage of that data and get a third-party assessment of its data collection tools.

In a press release, the FTC said that following a 2012 order, Upromise encouraged consumers to download a toolbar called RewardU. The FTC order in 2012 called on Upromise to make it clear and prominent to customers about the safeguards it has in place and the effectiveness of the safeguards to protect consumers’ personal information, but the FTC said it failed to comply with the provisions or the order.

“Upromise once again didn’t disclose to consumers the extent of its data collection and failed to comply with the FTC’s order to get required privacy assessments,” said Tom Pahl, acting director of the Federal Trade Commission’s Bureau of Consumer Protection. “Companies must keep their privacy promises.”

Under the new order, Upromise can’t violate the 2012 order and has to pay a $500,000 civil penalty. Before launching a future toolbar, it also has to have a third-party professional specializing in website design and user experience certify that Upromise has adhered to the order’s disclosure and “express, affirmative” consumer consent requirements. Upromise also must obtain advance written approval from the FTC of any required assessment’s scope and design. In addition, it must permanently expire RewardU-related cookies from consumers’ computers and notify those consumers how to uninstall the toolbar and any associated cookies.

The move on the part of the FTC to fine Upromise comes at a time when government watchdogs are going after companies that violate consumer laws in lots of areas, including student loan servicing. In January the Consumer Financial Protection Bureau (CFPB) filed suit against Navient, the largest servicer of federal and private student loans in the United States. The CFPB suit alleges that Navient, formerly part of Sallie Mae, has been in violation of the Dodd-Frank Wall Street Reform and the Consumer Protection Act, the Fair Credit Reporting Act, and the Fair Debt Collections Practices Act. The bureau claims that Navient and two subsidiaries provided bad information, processed payments incorrectly and failed to act when borrowers issued complaints — systematically and illegally failing borrowers.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment