March 20, 2003
The Federal Trade Commission has filed a complaint charging a mortgage spamming operation with violating federal laws by using an array of deceptions to con consumers into sharing their personal financial data. The company’s assets have been frozen, and the defendants have agreed to halt the alleged deceptive practices until the court issues a final ruling on the FTC’s allegations. The FTC charged the operation with violating the FTC Act, the Truth in Lending Act, the Gramm-Leach-Bliley Act, and the FTC’s Privacy Rule, and will ask the court to bar the defendants’ illegal practices permanently and order the defendants to give up their ill-gotten gains.
According to the FTC, 30 Minute Mortgage, Inc. sent spam and maintained Web sites where it advertised “3.95% 30 year mortgages” and until recently described itself as a “national mortgage lender.” The company urged potential customers to complete detailed online loan applications. The applications required consumers to supply sensitive personal information, such as their names, addresses, phone numbers, social security numbers, employment information, income, first and second mortgage payments, and asset/account types and balances. The company assured consumers that when they submitted the loan applications, their sensitive information would be protected because it would be transmitted using Secure Sockets Layer (SSL) technology.
“It took 30 Minute Mortgage the proverbial New York minute to deceive consumers,” said Howard Beales, director of the FTC’s Bureau of Consumer Protection. “They sent deceptive spam, then collected sensitive personal information under false pretenses and offered it for sale.”
The FTC alleges that 30 Minute Mortgage is not a “national mortgage lender” and does not offer 3.95% 30 year loans. Instead, the company and its principals sold or offered to sell thousands of completed applications to nonaffiliated third parties without consumers’ consent, according to the FTC. The FTC also alleges that sensitive personal and financial information that consumers provided was not protected in transmission because the Web sites at times did not use SSL or other encryption technology.
The FTC charges that the misrepresentations violate provisions of the FTC Act that bar deception. The complaint also alleges that defendants have violated provisions of the Gramm-Leach-Bliley Act that bar misrepresentations to obtain financial information — a practice known as pretexting. In addition, the FTC alleges that defendants have violated or are about to violate the Gramm-Leach-Bliley Act and the FTC’s Privacy of Consumer Financial Information Rule by sharing application information with nonaffiliated third parties when the defendants had not first given consumers notice and the right to “opt out.” Finally, the FTC charges that offering loans without making certain, specified disclosures violates the Truth in Lending Act and its implementing Regulation Z.
The FTC complaint names 30 Minute Mortgage, Inc., Gregory P. Roth, and Peter W. Stolz as defendants. The defendants stipulated to a preliminary injunction that was filed in U.S. District Court for the Southern District of Florida in Fort Lauderdale. The order was entered by the court on March 14, 2003, and will remain in effect until the court issues a final ruling on the FTC’s allegations.