Earlier this week, the Consumer Financial Protection Bureau filed a lawsuit against credit reporting agency TransUnion, two of its subsidiaries, and former long-time executive John T. Danaher for violating a 2017 law enforcement order, including dark patterns and deceptive subscription practices. The purpose of the original order was to stop the deceptive marketing tactics of Equifax and TransUnion. Despite the order, TransUnion continued its behavior, violating consumer financial protection laws and continuing to use “deceitful digital dark patterns” to take advantage of its customers.
“TransUnion is an out-of-control repeat offender that believes it is above the law,” said CFPB Director Rohit Chopra in an April 12, 2022 news release. “I am concerned that TransUnion’s leadership is either unwilling or incapable of operating its businesses lawfully.”
“TransUnion continued to repeatedly violate the terms of the order, as well as other consumer protection laws. Rather than quickly resolve these clear repeat offenses by fully redressing victims and making changes to its business to ensure these violations never recur, TransUnion’s conduct has made it crystal clear that the company is an out-of-control repeat offender that must be held accountable,” the CFPB said.
Former executive Danaher knowingly defied order
The CFPB alleges that Danaher’s continued violation of the order was intentional. They believe he ignored the order because doing so would cost the company revenue.
“Danaher concocted a plan to dodge it and work around it. In one of his most egregious violations, John Danaher ordered staff to roll back certain changes implementing the order. Specifically, we allege that John Danaher halted the rollout of an affirmative checkbox meant to stop unintended subscription enrollments,” the CFPB said.
“John Danaher made the decision that revenue trumped both what was good for TransUnion’s customers and what was required of TransUnion to comply with the law. John Danaher was on clear notice of the terms of the 2017 law enforcement order, which TransUnion freely agreed to and which bound its executives and board members. Rather than comply with a law enforcement order, John Danaher appeared to take a risk that violating the order was worth the increased revenue and profit,” the consumer protection watchdog added.
According to LinkedIn, Danaher served as the president of consumer interactive and online credit and identity protection products for TransUnion. He worked at the Chicago-based company from 2004 to 2021.
The agency said that, if other executives are also found to have violated the law enforcement order, they will amend their complaint to include.
Digital dark patterns
A key component of the lawsuit was TransUnion’s use of dark patterns, digital design features that are used to deceive, direct or manipulate users into behavior that is profitable for an organization selling a product or service that that is harmful to the users.
Specifically, the CFPB alleges that TransUnion used dark patterns to get them to enroll in their subscription credit monitoring product. Using colorful buttons that gave consumers the impression they were getting their credit scores, the consumers were actually enrolling in a monthly subscription for credit monitoring. Consumers gave their credit card information for identification verification, when they were actually signing up and paying for credit monitoring subscriptions.
- The enrollment process was not clear or conspicuous. It was outlined in fine print and off to the side of the enrollment form. The disclosure was inside an image that took as long as 30 seconds to load.
- TransUnion did not provide an easy mechanism for cancellation, and the company made it difficult for consumers to cancel.
“Dark patterns have festered online, and the CFPB will be working with the Federal Trade Commission, the Department of Justice, state attorneys general, and our international partners to combat this digital misconduct,” the agency said.
“Our action underscores our resolve to rein in repeat offenders, regardless of their size or clout. As described in our complaint, TransUnion was repeatedly told by CFPB staff in 2019 and again in 2020 that it was in violation of the 2017 order. The CFPB expects financial companies to work constructively with us to resolve compliance issues quickly and make appropriate fixes—and companies typically do,” said the CFPB.
TransUnion’s use of dark patterns drew thousands of complaints from consumers.
CFPB seeks additional information
As the CFPB seeks a resolution to this matter, they put a call out to consumers and current and former TransUnion employees who have information about the company’s misconduct. The CFPB asked potential whistleblowers to email them or call the Whistleblower Tip Line.
2017 law enforcement order for dark patterns
According to the 2017 order, the CFPB said that Equifax, Transunion and their subsidiaries deceived customers about the usefulness and actual cost of credit scores they sold to consumers. The companies also lured consumers into making recurring payments for credit-related products with false promises, said the CFPB. Equifax and TransUnion were ordered to pay $17.6 million in restitution to customers and pay fines of $5.5 million to the CFPB.
“TransUnion and Equifax deceived consumers about the usefulness of the credit scores they marketed, and lured consumers into expensive recurring payments with false promises,” said CFPB Director Richard Cordray in a January 3, 2017 news release. “Credit scores are central to a consumer’s financial life and people deserve honest and accurate information about them.”
Similar to the Federal Trade Commission, the CFPB is frustrated with companies that knowingly deceive the public in the name of profit through the use of digital dark patterns and deceptive subscription practices. The CFPB is going after companies like TransUnion that not only violate consumer protection laws but that do so intentionally. TransUnion’s behavior seems particularly egregious, and it is surprising that their deceptive subscription practices went on for another five years after the initial order was issued.