The Ninth Circuit recently held in Bassett v. ABM Parking Services, Inc. that a plaintiff cannot establish Article III standing to maintain a Fair and Accurate Credit Transactions Act (“FACTA”) claim merely by pleading that a business printed a credit card expiration date on the plaintiff’s receipt. In so ruling, the Ninth Circuit followed similar rulings by the Second and Seventh Circuits, avoiding a potential circuit split. As explained below, the Bassett decision is the latest in a growing majority of cases in the wake of Spokeo, Inc. v. Robins that demand a plaintiff allege actual harm to maintain a FACTA damages claim—even one for statutory damages based on an alleged willful violation.
After paying for groceries with a credit card or debit card, the clerk hands the receipt to the customer. In addition to the last four digits of the card number, it contains the first digit. Or perhaps it contains the first six digits. Or maybe the expiration date. Is this a concrete injury that provides the customer standing to sue the grocery store?
That is the question federal courts have grappled with since the Supreme Court decided Spokeo, Inc. v. Robins in May 2016. The Fair and Accurate Credit Transactions Act (“FACTA”) regulates retailers’ conduct in printing card number information on customers’ receipts and provides a private right of action for alleged violations. But, as discussed below, a customer may not have standing to sue in federal court or even in certain state courts just because a violation may have occurred.
On March 29, 2017, the U.S. Supreme Court ruled that a New York statute restricting credit card surcharges regulated commercial speech. Yet, Expressions Hair Design v. Schneiderman (No. 15-1391) did not decide whether such restrictions violated the First Amendment. Rather, the Court remanded the matter to the Second Circuit to decide that question. Nine other states and Puerto Rico have similar statutes, some of which are also being challenged in court.
To read the full alert, click here.
In the days following the U.S. federal elections that resulted in the election of Donald Trump as President and Republican control of the 115th Congress, FinTech companies, banks, and other financial institutions are increasingly asking whether they still need to worry about compliance with the landmark Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), Consumer Financial Protection Bureau (“CFPB”) regulatory actions, and other financial services regulations.
It is true that there will likely be some significant regulatory changes, but it is a little too early for industry participants to pop the champagne corks.
To see are our thoughts about some of the top issues impacting FinTech companies, banks and other financial institutions, click here.
In the wake of the Great Recession, numerous federal government actors have sought to limit, and in some cases, eliminate, the inclusion of pre-dispute arbitration agreements in consumer financial services contracts. For instance, in 2010, as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), Congress amended the federal Truth-in-Lending Act to prohibit the use of pre-dispute arbitration provisions in residential mortgage contracts and home-equity line-of-credit agreements. See 15 U.S.C. § 1639c(e)(1). Now, acting pursuant to a mandate provided by the Dodd-Frank Act, see 12 U.S.C. § 5518(a), the Consumer Financial Protection Bureau (“CFPB”) has joined the hunt. On March 9, 2015, the CFPB issued a report to Congress that appears to put the use of such agreements in all consumer financial services agreements – including credit card, checking account, and payday loan agreements – in the agency’s cross-hairs.
In the last two years, there has been a proliferation of class action lawsuits filed in response to high-profile data breaches compromising the personally identifiable information of customers of various companies. Major corporations including Target, Coca-Cola, and Michaels have all fallen victim to such suits. In many cases, a single data breach event has spawned dozens of class action lawsuits (for example, Target, at one point, faced over 100 such suits in a number of jurisdictions, which have since been consolidated in an MDL).
Although a number of class actions in the data-breach context have been filed, there have been relatively few class certification decisions at this point. However, as the pending cases make their way to the class certification stage, two recent decisions may prove useful for defendants in attempting to defeat class certification—principally, on the basis of Federal Rule of Civil Procedure 23(b)(3)’s “predominance” requirement. That is, In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21 (D. Me. 2013) and Comcast v. Behrend, 133 S.Ct. 1426 (2013), suggest that class certification may be difficult in certain types of data breach cases due to the existence of individualized damages issues, which may undercut the predominance of common questions necessary to pursue a class action.
To read the full alert, click here.
Financial life just got a little bit easier for stay-at-home moms and dads. For over a year and a half, regulations originally promulgated by the Federal Reserve (and reissued by the CFPB) have restricted credit access for “spouses and partners who do not work outside the home,” based on an interpretation of the Credit Card Accountability, Responsibility, and Disclosure Act (the “CARD Act”) that required a creditor to consider a card applicant’s “independent” ability to repay any credit extended. On May 3, the CFPB finalized amendments to Regulation Z that loosen the credit card underwriting standards, allowing consumers over age 21 to qualify based on any income to which they have a “reasonable expectation of access.” By acknowledging that the practical aspects of interfamily relationships may sometimes support a determination that a consumer has an ability to repay even when the consumer may not have a formal legal right to the underlying income or assets, the Bureau acquiesced to the requests of a broad-based coalition of politicians, consumer groups, and credit card issuers to remove an artificial barrier to the ability of stay-at-home spouses and partners to obtain and build credit.
On January 24, 2013, the Massachusetts Office of the Attorney General (“AG”) issued guidance to the industry interpreting its debt collection regulations (“Regulations”) that became effective March 2, 2012. The AG took this unusual step as it recognized that the Regulations raise unique compliance issues for servicers of consumer debt. The AG promulgated the Regulations pursuant to the rulemaking authority conferred by the Massachusetts Consumer Protection Act (“Chapter 93A”), “to establish standards, by defining unfair or deceptive acts or practices, for the collection of debts from persons within the Commonwealth of Massachusetts.” 940 C.M.R. 7.01. Although there is no private right of action, a violation may, nevertheless, constitute “an unfair or deceptive act or practice under Chapter 93A.”
By: Andrew L. Caplan*
*Mr. Caplan is admitted to practice in NY (not admitted in DC); supervised by Nanci Weissgold, a member of the DC bar
On March 5, 2012, the FDIC issued A Quick Guide for Consumers on Credit, Debit, and Prepaid Cards (“the Guide”) to help consumers appreciate the differences among credit cards, debit cards, and prepaid cards. As indicated in a recent FDIC press release, “[t]he guide is intended to help consumers who routinely use cards to pay for goods and services but who don’t always understand the differences in how these cards work or the applicable consumer protections.”
By: David A. Tallman
Adding to its already full plate, the Bureau of Consumer Financial Protection (the “CFPB” or the “Bureau”) recently requested public comment on its review of the various consumer financial protection regulations it has inherited from other agencies. The request signals that the Bureau does not intend for its higher-profile mortgage finance initiatives to overshadow its mandate to update, modify (or even eliminate) outdated, unduly burdensome, or unnecessary existing regulations. It also suggests that the CFPB is contemplating that its initial review of the inherited regulations may extend beyond mere technical corrections to more significant substantive changes.