As the one or two regular readers of this blog already know, I have a beef with the bill collection industry. Not with all collectors, but with those who repeatedly flout the rules and regulations, harass innocent bystanders, and work with debts that are dubious at best. There are a surprisingly large number of companies that fit into this category. Not only are they a nuisance to the public (I personally have dealt with hundreds of wrong number calls from these jerks), but they also throw sand into the wheels of commerce and make it harder for real creditors to get paid. I would like to open a Hall of Shame museum for the collectors with the rottenest behavior. But how can we judge the absolute worst?
Perhaps we should single out companies who break the law, get caught and get punished, and then immediately do exactly the same thing again. Midland Credit Management (MCM) and its related companies were fined $10 million by the CFPB (and ordered to pay $42 million in refunds) in 2015, and then another $15 million in 2020. (UPDATE: I've written much more about Midland Credit Management / MCM in another post.) Convergent Outsourcing paid out $5.5 million for making a huge quantity of illegal robocalls from 2008 to 2016, but didn’t stop spewing out the spam and had to pay more money a few years later. (UPDATE: Convergent Outsourcing has now also earned its own post.) To these behemoths, frequent multimillion dollar penalties are the cost of doing what they call “business” (and what many other people would call “crime”). However, there are plenty of smaller organizations that manage to foul up our society just as mightily as the big boys while living on a more modest budget.
One of the worst small collectors I have personally dealt with was called American Agencies. This miserable firm robocalled me every day for several months, using cryptic messages that never said who or what they were looking for. One time I went on vacation and returned to find ten identical prerecorded screeds from them clogging my answering machine. But when I called back to ask what was so gosh darn important, no one seemed to know. One of their employees eventually admitted that American Agencies had no reason to be contacting me, yet he insisted that he was powerless to stop the robocalls. They would just have to run their course, and there was no guarantee that they wouldn’t return in a few years – much like a herpes outbreak or the World Cup. But American Agencies is not the worst collector of all time, because it finally did something to justify its patriotic name: It went out of business. That was a great move that benefited all of America.
A similar fate befell Diversified Consultants, Inc. (DCI) of Florida (not to be confused with a legitimate business of the same name in Kansas City). I never had any interactions with DCI, but court records and news stories tell a damning story. Apparently, the company had an obnoxious habit of ignoring the Telephone Consumer Protection Act (TCPA). (“Laws? Those are for the little people, not us...”) In one case, it was accused of making 167 wrong number robocalls to a teenager's cell phone. Its harassment campaigns were so outrageous that they were slammed by a consumer advocate in testimony before the U.S. Senate. But despite basing its whole existence on hounding people (often the wrong ones) for unpaid bills, DCI wasn’t paying its own bills. It owed a law firm $813,000 for defending it from all those pesky consumer lawsuits, and it owed a robodialing service $690,000. Oh, the irony. Rather than pay its debts, DCI closed its doors in 2020 and filed for bankruptcy.
Based on some new information that came to light last month, I will nominate a different company as possibly the Worst Debt Collector of All Time. The dishonor goes to Receivables Performance Management, Inc. (“RPM”) of Lynnwood, Washington.
I first became aware of these people around the same time that I was getting the daily robocalls from American Agencies. RPM decided to pile on with daily prerecorded messages of its own, and these calls were just as mysterious as its competitor’s. At first, I was intrigued, because “RPM” sounded like the name of a used record store that might be calling to offer a trade for my Culture Club LPs. But when I did some googling and discovered that “RPM” stands for “Receivables Performance Management,” I almost felt sorry for them. What a pathetic name! It’s like they started with the cool abbreviation and then strung together three unrelated words to justify it. A more appropriate backronym would have been “Repeated Phone Misuse”.
I finally abandoned my land line phone in disgust, and I haven’t heard from RPM since. I guess I didn’t really owe them anything, huh, or else they would have sued me by now? Paper tigers they are.
RPM is one of the companies that motivated me to learn about the TCPA and eventually write my book Telephone Terrorism. Its rudeness has encouraged other people to learn about this law as well. One of them was a New Jersey man named Mr. Levy who owed $22,000 to RPM from an old MasterCard account. The collector could have resolved this matter by sending a bill through the mail, as Levy asked it to do, and maybe following up with a court judgment and wage garnishment if necessary. However, RPM decided that the classier course of action was to robodial Levy’s cell phone up to 5 times a day and 31 times a week. Oh, and it also supposedly told him to “go back to Israel.” Not surprisingly, RPM soon found itself on the receiving end of a lawsuit for violations of the TCPA and FDCPA.
When confronted with these allegations, none of which were effectively disputed, most defendants would immediately write a substantial settlement check to avoid further embarrassment. Not RPM. It instead chose to defend itself with several arguments that bordered on frivolous. Levy won his case and was awarded damages in the six-figure range.
RPM learned a lesson from court losses such as this, but it was the wrong one. Instead of taking measures to avoid harassing people with robocalls, it found a loophole in the law. It began using a new type of dialing system that mimics the obnoxious behavior of an autodialer, but without being 100% automated. The mad scientists who developed it should have been working on a cure for rabies, or on inventing a magnetic pickle that will stay on your burger rather than sliding out onto your shirt. Instead, they spent years cobbling together this bizarre machine that allows one person to “dial” a phone number with a mouse click while a second person hangs up on whoever answers. (Optionally, the second person may stay on the line to tell the call’s recipient to go back to Israel.) Two agents working in tandem can harass more people with this Frankenstein dialer than four or five agents can harass with a manual dialing system, and they can apparently do so without triggering TCPA liability. RPM has put this wondrous technology to good use. For example, it employed the gadget to bother a different New Jersey man 92 times about a debt that wasn’t his. Who needs a miracle rabies medicine, or a pickle-and-mustard-free wardrobe, when you can do fun things like this and get away with it?
At this point, you probably have a question: Why does RPM hate people from New Jersey so much? Perhaps the firm’s owner is jealous that Bruce Springsteen is adored by the critics while his favorite band Right Said Fred is overlooked. Or maybe a classmate named Chris Christie stole his prom date when he was in high school, and he has despised the state ever since it elected Christie governor. I’m not really sure which is the correct explanation, but it’s probably one of these two.
A few weeks ago, we learned yet another unpleasant fact about RPM. The company’s databases were raided by hackers in April and May of 2021, and the personal information (including Social Security numbers) of more than 3.7 million alleged debtors was stolen. RPM is just now getting around to notifying the victims and law enforcement authorities – eighteen months after the fact. And the compensation that it is offering is another slap in the face. It believes that one year of free credit monitoring should be enough to patch up any damages caused by its inadequate cybersecurity procedures.
Receivables Performance Management is far from the only organization that has been careless with Americans’ data. However, most of the time we have a choice in who we share our personal info with. We can decide not to put our debit card in a gas pump that has suspicious wires sticking out. We can refrain from posting our favorite birth control techniques on Pinterest. But in this case, unnamed third parties foolishly decided to give other people’s SSNs to a company whose only apparent talent is in making scummy robocalls. Did they demand a thorough audit of RPM’s computer systems before handing over all of this data? If not, these other corporations may also be on the hook for damages in the class action lawsuits that are currently being filed against RPM. I’m sure that a lot of lawyers will be asking a lot of questions in the coming months.
There’s another reason why this is worse than the average data breach. If RPM is anything like the other low-rent debt collection agencies who rely heavily on questionable phone tactics, you can bet that a good chunk of the stolen data is inaccurate. Some of the supposed debts are probably not really owed, meaning that defamatory information is now floating around the digital underworld. And many of the debts are linked to the wrong people’s phone numbers and addresses, thereby ensnaring far more than the stated 3.7 million victims. I bet I’m still in their files (along with a notation like “Do not call again. He wrote a book about the TCPA.”), but I haven’t received a notice in the mail about the cyberattack. They probably sent my notice to some guy in New Jersey.
UPDATE (03-January-2024): The Better Business Bureau says that Receivables Performance Management “is no longer in business”! RPM’s web site is now just a single page saying that all accounts have been closed. This is great news for anyone who was getting robocalls or harassing letters, but bad news for those pursuing compensation for RPM’s shenanigans.
UPDATE (26-April-2024): Despite being closed for months, the garbage fire known as RPM is still getting a lot of search traffic on Google and still getting complaints with the BBB. According to some of these BBB complaints, the company took people's money to “settle” “debts” (often “debts” of dubious legitimacy) but never removed them from credit reports -- then shut their doors so there is no one to contact to get the adverse information removed. One person alleges that RPM even sold a “settled” “debt” to another collector after accepting payment for it! But remember that the BBB is powerless, especially against a company that has gone out of business. Anyone who believes that they were defrauded should contact law enforcement agencies that have the power to pursue civil and criminal remedies against the individuals involved.
UPDATE (15-Oct-2024): RPM has settled the data breach class action for $5.6 million, a small sum considering the large number of people impacted. Claims must be submitted by Nov. 12, 2024. I can find no indication that RPM has resumed its phone spamming, so this settlement may be one of their final acts. With one last flush they descend into history's sewer.
Comments