All Internet payday loans involve transmitting bank account numbers, Social Security numbers, name and address, and extensive other personal information to a distant lender. One lender advises consumers with debit cards to copy the front and back of the card to fax to the lender. These personal financial documents are an identity thief’s jackpot of information needed to apply for credit in the borrower’s name and other unauthorized uses.

Privacy Rights Clearinghouse advises consumers that e-commerce shopping by check or debit card leaves consumers vulnerable to bank fraud and with less protection than credit cards provide. Security risks are high when this information is transmitted over unsecured web links, when it is faxed to companies unknown to consumers, and when posted privacy policies give carte blanch to web sites to make any use it wants of consumer information.

The president of the Electronic Payments Network, a division of Clearinghouse, the largest private check processing system owned by large banks, told the Washington Post that “One of the most dangerous things a consumer can do on a Web purchase when they are dealing with someone they had no prior relationship with is to give out a bank account number.”  He advised using a credit card, instead, which comes with more consumer protections and “doesn’t give crooks access to your financial assets.”

Payday lenders are subject to federal law on security and privacy of financial information. For purposes of the Gramm-Leach-Bliley Act (“G-L-B”), the Federal Trade Commission is responsible for enforcing privacy and security rules with non-bank financial institutions. Payday lenders are required to provide privacy policies just as banks, insurance companies and securities firms are under G-L-B.  They must give consumers the right to opt out of the sale of customer data to third parties. The only information that financial institutions are prohibited from disclosing to third-party nonaffiliated companies is the consumer’s bank account number or access code.  If a company sells customer information to third party nonaffiliates, it must give consumers the right to opt out of information sharing.

The FTC’s Safeguards Rule requires financial institutions to safeguard customer records and personal information collected during customer transactions, including names, addresses and phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. Each company must have a written information security plan describing its program to protect customer information. An employee must be designated to coordinate safeguards, identify and assess risks to customer information and contract with service providers to implement the safeguards.  (See www.ftc.gov) Consumers have no way of knowing if Internet payday loan sites fully comply with the financial privacy and security requirements of G-L-B.

Phishing is the latest tactic used by crooks to get consumers to divulge account numbers and passwords or PINs so that bank accounts and credit cards can be looted. The typical Phishing scam involves an email purporting to be from a well-known company, such as Citibank, PayPal, or EBay, telling consumers to click on a link to visit the company’s web site to provide account numbers and PINs. 

The links take consumers to the thief’s site where that information is collected and used to steal from financial institutions and their customers. The National Consumers League reports that ID thieves trick people into providing their Social Security numbers, financial account numbers, PIN numbers, mothers’ maiden names and other personal information by pretending to be someone they are not. The group advises consumers not to click on a link in an e-mail that asks for personal information, since the link may deliver information to identity thieves.