TransUnion deceived consumers by falsely marketing credit scores and credit-related products, enrolling consumers without consent, lacking cancellation mechanisms, and providing misleading information about the products' costs, purpose, and protection of personal information.
Excerpt
Our analysis
TransUnion engaged in deceptive practices by manipulating consumers to sign up for subscription services, violating the Consumer Financial Protection Act (CFPA). They enrolled consumers without consent, failed to offer cancellation mechanisms, misrepresented products as free or $1, falsely portrayed the purpose of collecting payment information, provided misleading information about their credit score, and misrepresented the consequences of product cancellation. Transunion manipulated its consumers to sign up for the subscription services. The follow up examination revealed that the defendant violated the settlement agreed and while it required credit card information for verification purposes, it contained a button for availing a free credit score which if clicked would result in the user being signed up for a recurring monthly subscription. These disclosures were mentioned in fine print and were difficult to locate. Additionally, they violated the Electronic Fund Transfer Act (EFTA) and Regulation E by not obtaining written authorization for recurring charges and failing to provide copies of such authorizations to consumers.
Outcome
CFPB settled charges with TransUnion, requiring the company to pay $13.9 million in restitution and $3 million in civil penalties. TransUnion was also bound by a law enforcement order to warn consumers about the limited use of credit scores, obtain consent for recurring payments, provide easy cancellation options, and comply with other requirements. Despite initial violations in 2019, TransUnion continued to violate the order and engage in further legal violations, leading to further consequences from the CFPB.
Parties
Consumer Financial Protection Bureau and Transunion
Case number
1:22-cv-01880
Decision
Related deceptive patterns
Hard to cancel (aka "Roach Motel") is a deceptive pattern where it is easy to sign up for a service or subscription, but very difficult to cancel it. This typically involves hiding the cancellation option, requiring users to call customer services to cancel, and making the cancellation process overly complex and time-consuming. This can cause users to give up trying to cancel, and continue paying for the service for a longer period.
Forced action involves a provider offering users something they want - but requiring them to do something in return. It may be combined with other deceptive patterns like sneaking (so users don't notice it happening) or trick wording (to make the action seem more desirable than it is). Sometimes an optional action is presented as a forced action, through the use of visual interference or trick wording. In cookie consent interfaces, forced action is sometimes carried out through "bundled consent". This involves combining multiple agreements into a single action, and making it hard or impossible for a user to selectively grant consent.
The hidden subscription deceptive pattern typically works by employing some form of sneaking or misdirection. Users think they are buying one thing, when in fact there's a hidden legal stipulation that they are in fact signing up to a recurring subscription. Once they have signed up, the service is usually covert and the user is sent no emails or notifications reminding them that they are paying on a recurring basis, so that payments continue for as long as possible. It is also typically paired up with the hard to cancel deceptive pattern.
Related laws
CFPA prohibits unfair, deceptive, and abusive acts and practices when offering or providing consumer financial products or services.
Requires disclosures for consumer financial products or services to be clear, easily understandable, and provided in a format that can be retained by the consumer.