The Federal Trade Commission announced this week it is suing a consumer data broker that sold payday loan application data to scammers who used the information to pull money out of consumer bank accounts. The scam brings to mind an underground identity theft service I wrote about in 2012 that was gathering its data from a network of payday loan sites.
According to the FTC’s complaint, data broker LeapLab bought payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it. “At least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case – allegedly used the information to withdraw millions of dollars from consumers’ accounts without their authorization,” the FTC said.
The FTC charges that the defendants sold approximately five percent of these loan applications to online lenders, who paid them between $10 and $150 per lead. But the defendants also allegedly sold the remaining 95 percent for approximately $0.50 each to third parties who were not online lenders and had no legitimate need for this financial information.
In Sept. 2012, I published a blog post about “Usearching[dot]info,” a now-defunct ID theft service that offered the ability to purchase personal information on countless Americans, including SSN, mother’s maiden name, date of birth, email address, and physical address, as well as and driver license data for approximately 75 million citizens in Florida, Idaho, Iowa, Minnesota, Mississippi, Ohio, Texas and Wisconsin.
That story noted that Usearching[dot]info also included data that appeared to come from another source — more than 330,000 consumer bank account records pulled from an archipelago of satellite Web sites that negotiate with a variety of lenders to offer payday loans. From that piece:
“I first began to suspect the information was coming from loan sites when I had a look at the data fields available in each record. A trusted source opened and funded an account at Usearching.info, and purchased 80 of these records, at a total cost of about $20. Each includes the following data: A record number, date of record acquisition, status of application (rejected/appproved/pending), applicant’s name, email address, physical address, phone number, Social Security number, date of birth, bank name, account and routing number, employer name, and the length of time at the current job. These records are sold in bulk, with per-record prices ranging from 16 to 25 cents depending on volume.”
“But it wasn’t until I started calling the people listed in the records that a clearer picture began to emerge. I spoke with more than a dozen individuals whose data was being sold, and found that all had applied for payday loans on or around the date in their respective records. The trouble was, the records my source obtained were all dated October 2011, and almost nobody I spoke with could recall the name of the site they’d used to apply for the loan. All said, however, that they’d initially provided their information to one site, and then were redirected to a number of different payday loan options.”
I have no idea whether LeapLab sold information to this identity theft service, or whether Ideal Financial was a customer of Usearching[dot]info. LeapLab is no longer in business, and Ideal’s assets are frozen and in receivership. But it’s clear Ideal obtained consumer data from multiple sources: The FTC says LeapLab provided Ideal Financial with financial account information for only about 16 percent of Ideal Financial’s victims.
In this, as with so many financial scams, the people least able to afford it get scammed and fleeced. The FTC charges that Ideal Financial purchased information on at least 2.2 million consumers from data brokers and used it to make more than $43 million in unauthorized debits and charges for purported financial products that the consumers never purchased. Sadly, these “financial products” were mostly about how consumers could manage their money better or get themselves out of debt.
This scam is also a reminder of how crooks steal millions with small charges, all made through a vast network of phony company Web sites made to look like established companies with legitimate products. Also, these types of micropayment schemes are more common around the holidays, so now is good time for readers to keep an extra close eye on their bank and credit card statements for any unauthorized charges.
A copy of the FTC civil complaint against LeapLab is here (PDF). Also interesting to read are these exhibits in the case (both PDF).
Great article. Can you tell if the Feds in law enforcement care at all about this type of stuff? Seems like jail is more of a deterrent than FTC civil action.
“Seems like jail is more of a deterrent than FTC civil action.”
What is it that makes jail seem a more deterrent action? Do you have stats supporting this observation? Or (as I suspect), are you just hoping to get someone into jail for this? Yeah, that’ll fix everything. 😛
PCI is a mess, and the banking system is a mess. Anyone taken advantage of in the US just declines the charge, and the vendor who charged it has to fight for the right to collect (and it often isn’t worth it. Curious).
This story is about ID theft of people with a few pennies in their bank accounts. The thieves are bottom feeders, and the financial/banking system is so corrupt/incompetetent, even these transactions are allowed through.
In computer programming, we go to the Nth degree to NOT inhale misunderstood or invalid data. Banks appear to let damned near anything through, relying instead on the stupid approach of *rolling back* bad transactions once they’re discovered. Very lazy, and we get what we pay for: ineptitude in spades. That institutional ineptitude is what allows bottom feeders like this to fleece millions (of poor, earnest, hoping to contribute, working people) before they’re caught.
Demand your bank do better, and perhaps one of these days, none of this stuff will pass even the most minimalistic smell test! And, we’ll have no-one who needs to be thrown in jail to learn the error of their ways. What does that get anyone, after all?
The entire payday industry was established to prey on the poor. Once they’ve exacted a toll they discard the remains to the scammers. Absolutely utterly disgusting.
It states that a agency who collects and sells leads, is the one who sold the information, not the payday loan industry.
Are you going to tell me that they are part of the industry. Uhhh then would Office Depot be also? They sell paper to the Payday Loan store.
Which is worse? A $49 overdraft fee or a $25 payday loan fee? Or what about when that $49 snowballs into several hundred or several thousand dollars?
Seems to me that at that point, the poor consumer would be better off paying the payday people.
That there are some unscrupulous loan sharks out there is a given. But not all of them are at the payday places. Look at the banking industry in general and you see a lot of poor morals.
I do not work in that industry, and have never had to use their services. But I acknowledge that there is legitimate need for it.
What don’t I understand, (obviously I’m confused) Hopefully have the parties correct.
How is this different than Superget.info buying data/info from US Info Search, who in turn bought from Court Ventures, who was bought by Experian, then the latter claiming they were not hacked and data breached (not saying data was sold)? Why haven’t US Info Search, Court Ventures, and Experian also been charged?
One would hope the FBI, FTC, and CFPB take note of this and call out Experian for being the frauds they are…huge fines and prison certainly get shareholders attention.
Any person who deals with a pay day loan is a huge fool in my opinion
You might look at the book /Scarcity: Why Having Too Little Means So Much/, which analyses the decision process people go through when they do things like take out payday loans. For instance, the late fees, interest and reconnect charges that would be incurred if a utility bill is not paid might be far more than the interest on the payday loan.
Thank you for the reference to that book. I had forgotten the title, but yes, it lays it out how insidious the late fees and overdraft fees and reconnect fees can be… And it does affect those with the least the most.
Brian talks about how the cyberthieves end up hitting the poor more disproportionately, well it’s not just those guys that do that. Certain legitimate industries seem to do the same thing.
That’s the only thing that’s going to make people take notice: Real criminal charges and real(ly long) prison sentences for these subhuman troglodites[sic]. Be it the horrid usury of payday loansharks or Chase CxO’s that made billions from poisoned mortgage securities. Put them in a real prison, general population. That’s what would happen to any of us Joe/Jane Schmoes.
Brian, thanks for all you do. Your site is a treasure trove of pertinent and important info about the goings on of these miscreants.
Happy Holidays to everyone. I hope you all get some quality time and relaxation during this season.
Credit card info and bank account information should not be sold without explicit permission from the owner. This information was always considered personal and confidential and a higher standard of permission for each occurrence should be required. I know business wants it easier to sell this stuff, but the law has to draw the line. Losses aside from the disclaimers gets added to the cost of doing business and passed on to all consumers in the end.
Leaplab was, and is, a name used to refer to a variety of operating (sham) companies all conceived and controlled by one piece-of-garbage lowlife in Arizona named John Ayers. Ayers is named in the FTC lawsuit. There’s at least three, more like five to seven business entities that Ayers combined, merged, separated, dissolved, and reinstated over time, according to his whimsical needs of the moment, without corporate, legal or any other documentation, each (or all) of which he continually referred to as “Leaplab” from 2005-2014. Ayers believes he is the “boss” of everything and everyone and views legal documents or processes as annoyances vs. what really matters, what “he” wants at any given moment and of course he believes he makes the rules therefore “he” ought to be able to conduct business in any name he wants whenever he wants but in his mind, somehow all of these operating businesses were actually not their individual businesses but “part” of some larger nexus of businesses which to him was all called “Leaplab.” Difficult to understand but that is how his mind works. Ayers is a psychopathic narcissist who hired former military personnel to impersonate federal law enforcement agents and to physically beat, intimidate and harm employees who quit and raised the possibility of going to authorities. Ayers acted as the President of his local “EO Accelerator” Entrepreneurs’ Organization chapter in Phoenix from 2010-2013 and managed to convince a number of local entrepreneurs in Arizona that he was indeed a “successful businessman” by presenting himself as a “internet marketer” and only giving vague details about what Leaplab actually did to earn revenues. Ayers believed that the sham consumer fraud operations of Leaplab were too complicated for the average person or Government investigator to understand. What the FTC’s lawsuit vs. John Ayers does not and can not address is that Ayers was stealing from EVERYONE on all sides of his business–Ayers had none of his own data, so not only did Ayers facilitate theft from consumers, but Ayers was directly stealing from all of his own business partners. Ayers stole on one side to get the data without paying for it, and used the stolen data in concert with others to defraud millions of consumers. Add in Ayers’ acts of extortion with intent for monetary gain vs. his business partners and intimidation with actual use of violence against former employees and you’re starting to get a more clear picture about John Ayers. Ayers is an arrogant bastard who suffers from adult ADHD and cocaine use and wakes up every day often with little to no recollection of what happened the prior day. After already facing extensive civil litigation by numerous parties, John Ayers filed personal bankruptcy in Arizona on June 13, 2014. Ayers attempts to conceal his legal problems from his wife, family and his Entrepreneurs’ Organization associates. Ayers in typical form listed on his bankruptcy petition every Attorney who had represented him during recent years his civil litigation in an attempt to do what John Ayers does best: to screw everyone in a last-ditch attempt for an “easy way out.” While John Ayers did list his 2006 Lamborghini paid for with proceeds from his scams and frauds, and other vehicles and properties on the bankruptcy petition, Ayers was accused in bankruptcy court of omitting many material holdings including numerous business entities, offshore bank accounts in Panama, Costa Rica, the United Kingdom and other international havens. John Ayers is now facing lengthy hearings in United States Bankruptcy Court where trustees are investigating many years of fraudulent conduct by Ayers. John Ayers was the favorite business partner of Steven Sunyich of Ideal Financial Solutions, Ayers/Sunyich worked together not only to defraud consumers but to conceal and move assets. It is unknown how much $ Ayers/Sunyich hold together in offshore havens. One big difference between Ayers and Sunyich is that Sunyich on information and belief never used violence whereas Ayers is a thug who views himself as a “gangster” and derives personal pleasure and his sense of self worth from psychotic illusions of power, that he can and will have his detractors beaten, tortured, murdered etc. We get a view of how dangerous John Ayers is as more information continues to surface such as how Ayers was using hired thugs to facilitate the sale of ecstasy (MDMA) tablets shipped through interstate commerce to Phoenix (often in fedex delivery boxes) through Ayers’ straw-man Lance Johnson “Musa Rasul.” The list goes on and on. John Ayers acts like a “quiet, shy, nice” guy in person who often attempts to portray himself as some sort of “internet marketing genius” and hopes his vague references to being successful and smart are enough for most people to approve of him. Ayers has an excuse for everything and often talks quietly with a false sense of self-deprecating humor to act as if “everything” has simply been a big mistake or misunderstanding. Ayers is a cold blooded, calculating narcissistic thug who cares about no one other than himself. Ayers was given many chances to stop his illegal scams and sham conduct yet chose to waste years pursuing violent revenge vendettas against others to feel some sort of power instead of thinking of his wife and kid. Ayers has continually showed no feeling whatsoever not even bothering to make a single phone call or visit with his mother in law died last year. Recently, Ayers has also shifted to his new favorite tactic, trying to portray himself as some sort of “victim” of supposedly “excess litigation” and the United States Courts. Make no mistake about it. John Ayers is an extremely dangerous madman and if given the time and opportunity will re-constitute himself to continue committing all of the same fraudulent, violent and retaliatory acts mentioned here and in the Government and other lawsuits against him. Watch this message thread for subsequent comments which will probably be posted by shill accounts registered by Ayers (his usual tactics) in weak attempts to distract. Ayers has used distraction and excuses for his entire adult life to be the con man he is. However to understand Ayers don’t be distracted from this post which does what Ayers hates the most, it speaks the truth about John Ayers. Look past Ayers’ excuses and distractions at the REAL FACTS to see a true madman and violent psychopath, John Ayers.
FTC must definitely prosecute data broker LeapLab for the misdeed.