The Consumer Financial Protection Bureau entered into a Consent Order with Capital One Bank on July 18, 2012. The order is the CFPB’s first ever enforcement action and was coordinated with the Office of the Comptroller of the Currency. The enforcement action resulted from an examination of allegedly deceptive marketing practices by call-centers (third-party vendors) that sold credit card add-on products such as credit protection and credit monitoring services on behalf of Capital One. One important aspect of the Consent Order is that it resulted from the practices of a third-party vendor, and not actions directly by Capital One itself. Also on July 18th, the CFPB issued a compliance bulletin providing guidance on the marketing of credit card add-on products. The Bulletin states that institutions should also consider the guidance when offering add-on products in connection with other credit and deposit services.

Click to read more ...

The United States Court of Appeals for the First Circuit recently ruled that a merchant may be liable for reasonable mitigation costs suffered by victims of a data breach. In Anderson v. Hannaford Brothers Co., the First Circuit held that victims of a widely-publicized theft of card numbers from the Hannaford Brothers chain could, under Maine law, make cognizable claims for reasonable costs of mitigation related to the theft, e.g., card replacement fees and credit insurance.

Click to read more ...