Vivint to pay $20M FTC settlement for misusing credit reports

April 30, 2021
Company sales reps accused of stealing consumers' info to obtain financing for unqualified customers

The U.S. Federal Trade Commission (FTC) on Thursday announced that Vivint has agreed to pay a $20 million settlement over allegations that the company misused credit reports to help unqualified customers obtain financing for their products and services.

Under the terms of the settlement, $15 million will be levied as a civil penalty against the company while the remaining $5 million will be used to compensate injured consumers.  

According to a complaint filed by the FTC, the conduct of Vivint employees in obtaining these credit reports was a violation of the Fair Credit Reporting Act (FCRA). Furthermore, the FTC alleged that Vivint violated the agency’s Red Flags Rule by failing to implement an identify theft prevention program, which is required of certain companies that regularly use or obtain credit reports. The $20 million settlement is the largest recorded to date for an FCRA case.

Specifically, the FTC claims that some Vivint sales reps, many of which still work on a door-to-door, commission-only basis, used a process known as “white paging,” which involves finding a consumer with the same or similar name on the White Pages app and using their history to qualify the prospective customer for financing. Some of these reps even asked customers to provide the names of relatives or other people they knew that had better credit and then added that person as a co-signer on the account without their permission.    

When customers defaulted on the loans, Vivint then allegedly referred these innocent parties to a debt buyer, potentially harming their credit and subjecting them to debt collectors.

The FTC alleges that Vivint was aware of the problem and even fired many of the sales reps responsible but rehired some of them shortly after.

In a statement, FTC Commissioner Rohit Chopra claimed the company’s leaders knew about the scheme, but looked the other way  as it was in the best interests of the company to drive up its valuation prior to going public last year.

“What occurred in the interim period between Blackstone’s takeover and going public was a disturbing pattern of pervasive fraud that Vivint’s leadership did little to stop, which the Commission alleges occurred between approximately 2016 and 2019,” wrote Chopra. “Like in the Wells Fargo fake accounts scheme, Vivint knew about the alleged fraud but did little to address the problem. It appears that that management turned a blind eye to the scam, because the company could pump up its sales figures in ways that would help score a higher valuation when going public.”

Aside from the financial penalty, Vivint will be required to implement an employee monitoring and training program, as well as an identity theft prevention program as part of the settlement. The company will also be required to establish a customer task force to verify that accounts belong to the right customer before referring them to a debt collect and must also assist consumers that were improperly referred to debt collector.

Additionally, Vivint must obtain biennial assessments by an independent third party to ensure the company is complying with the FCRA.

“We are pleased to have resolved this matter related to certain historical practices,” a spokesperson for Vivint told in statement. “We had already taken steps before the FTC began its review to strengthen our compliance policies and will continue to make this a focus going forward. We are deeply committed to operating with integrity and delivering exceptional service to our customers.”

Joel Griffin is the Editor-in-Chief of and a veteran security journalist. You can reach him at     


Sponsored Recommendations

Barrier1 features expanded portfolio of crash rated, storefront safety bollards at NACS 2023

On display and available for demonstration at Barrier1 booth# B5205 is the Tomcat S10 Storefront Bollard, a crash-rated bollard designed to stop a 5,000lb vehicle traveling at...

Ransomware attack disrupts Johnson Control’s internal IT infrastructure, apps

JCI said after detecting the issue it began probing the incident with help from external cybersecurity experts, adding the company is “also coordinating with its insurers.”

Security contractors in eye of storm as government shutdown looms

Congressional lawmakers negotiated throughout the day Thursday in hopes of reaching an acceptable deal on approving federal appropriations bills.

U.S. businesses see cyberattacks tick down, but they’re still at an unsustainably high level

An influx of cyber threats stemming from pandemic-fueled digitization and the explosion of remote work has subsided, and in its wake, companies have emerged more prepared and ...