Debt Collector Requirement to Authenticate Consumer Comes to a Head

Two court cases in 2018 address the awkward dance endured at the beginning of each initial phone call between a consumer and a debt collector.

When speaking with consumers, debt collectors walk on a sword’s edge to comply with two sections of the Fair Debt Collection Practices Act (FDCPA). Section 1692c (b) prohibits a debt collector from communicating with third parties about the debt with the exception of several limited carve-out situations such as having the consumer’s prior consent. Section 1692e (11) requires a debt collector to disclose that he is attempting to collect a debt and that any information obtained will be used for that purpose while speaking with the consumer.

At first glance, these two sections of the FDCPA seem straight-forward. If the debt collector is talking to the consumer, he must disclose the purpose of the call. If the debt collector is talking to a third party, then he must refrain from disclosing the purpose of the call or any other information about the debt unless one of the limited carve-outs is satisfied.

A closer look at the practical implications of these two sections reveals a gray area triggered by the initiation of a telephone conversation.

Consumer Verification Process

To determine whether the debt collector needs to disclose the purpose of the call, he must first determine whether he is speaking with the right person. The FDCPA provides no guidance on how to do this, so debt collectors and their creditor clients have had to create their own policies and procedures. While these procedures may vary by company and whether the call is inbound or outbound, there is a common thread: generally debt collectors ask the consumer to verify some piece of personal information, such as the last four digits of the consumer’s social security number or the consumer’s birth date, to ensure they have the right person on the phone.

Prendergast and Ali Illustrating the Complexity

Prendergast v. First Choice Assets, LLC, No. 17-cv-316 (N.D. Ill. May 14, 2018) concerns this exact situation. This case revolves around two phone calls placed by a debt collection agency while attempting to collect a debt on behalf of its debt buyer client. In both calls, a debt collector asked the consumer to verify the last four digits of her social security number to confirm the right person was on the line; both times, the consumer refused and the conversation ended. During the second phone conversation, the consumer acknowledged she was Yenma (the plaintiff’s first name), but would not verify the last four digits of her social security number. According to the court, the called party’s acknowledgment of his or her first name is enough to trigger the requirement to disclose the call’s purpose if it is an outbound call placed to a number that the debt collector received with the account.

This same court recently came to a somewhat different conclusion in Ali v. Portfolio Recovery Associates, LLC et al., No. 15-CV-6178 (N.D. Ill. Sept. 30, 2018). In Ali, Portfolio Recovery Associates, LLC (PRA), through its counsel, served a collections lawsuit on a person who had the same first name, middle initial, and last name as the consumer liable for the account, only to later find that this was not the same person. The court would not grant summary judgment in favor of PRA for the bona fide error defense in Ali because, despite all of its policies and procedures, PRA served the wrong “Syed H. Ali.”

Ali is distinguishable from Prendergast in some ways. First, Ali did not involve a phone call. Second, the address used for service in Ali was not an address that originally came to PRA with the account. However, the skip tracing process used by PRA to obtain the address was two-pronged: it got the address both through an internal legal resource as well as through Experian.

Synthesizing these two cases highlights the complexity. Would the dual-verification of contact information in Ali be sufficient for the Prendergast court to find that verification of only the first name confirms right party contact? What if the Ali situation — same name, wrong person — occured in the Prendergast phone call? How should debt collectors proceed?

Considerations

Some questions for consideration:

  • At what point can a debt collector be satisfied that they are indeed speaking to the right party, thus allowing them to disclose the purpose of the call without fear of third party disclosure?
  • How many pieces of personal information, if any, other than a full name must a consumer verify to confirm their identity?
  • In today’s world of identity theft and data breaches, are standard forms of information such as social security number or birth date even relevant proof of identity anymore?
  • If the consumer refuses to provide any information to allow the debt collector to verify that they are speaking to the right party, is the debt collector in violation of the FDCPA if he does not disclose the purpose of the call even if refraining from doing so was with the intent to protect the consumer’s privacy?

In today’s environment, the last bullet point occurs regularly. Consumers are continually instructed by regulators, consumer advocates, and the media not to disclose their personal information if they do not know who they are speaking with. While everyone, including the ARM industry, agrees that measures to protect consumers against identity theft are important, this leaves debt collectors between a rock and a hard place due to the requirements of the FDCPA. Further, the situation makes collectors appear evasive, and often even encourages complaints to be filed, because consumers suspect fraud.

While a debt collector must disclose their agency’s name if asked by the person on the line prior to verifying the called party is the right party, that may not mean much. Consumers are familiar with the names of the entities where they took out a loan or opened a line of credit, but they are generally not familiar with the names of debt collection agencies. The issue gets more complex with purchased debt because there is an added degree of separation between the original creditor and the debt collector that is collecting on behalf of a debt buyer.

This all leads to an awkward authentication dance between the debt collector, who is trying to verify that they are speaking to the correct person, and the consumer, who is weary and suspicious of being asked for personal information from a person they don’t know. In these situations, both parties are trying to protect the consumer’s personal information. Unfortunately, these reasonable intentions often  lead to a stalemate that has the potential to harm the consumer.

If debt collectors cannot communicate and resolve accounts with consumers, it increases the likelihood that creditors, with no other means of recovering delinquent accounts, will file lawsuits against consumers. Collections lawsuits have an high default rate — meaning that consumers do not respond to complaints or appear in court — which causes judgments to be entered against consumers. Judgments impact consumers’ credit scores and follow consumers for many years to come.

There has to be a better way for all parties involved — consumers and their advocates, debt collectors, and regulators — to resolve this authentication issue.

Editor’s note: We suggest you now read this article, also published today, for more about this topic, and some potential solutions.