Financial Practices Division
Bureau of Consumer Protection
Federal Trade Commission
600 Pennsylvania Ave., NW
Washington, DC 20580
Re: Demonstrated Consumer Risk due to Online Link Blocking by www.AnnualCreditReport.com. Fifty “Live Imposter” Domains Luring Consumers Away from the Official Free Credit Report Site.
Dear Mr. Winston:
We request that the Federal Trade Commission take immediate steps to correct the credit bureaus’ implementation of the Web site www.annualcreditreport.com. As you know, Congress mandated that the credit bureaus create a central repository for consumers to access their credit report free of charge on a once-per-year basis.
The credit bureaus created a way for consumers to do this by mail, telephone, and the Web site “www.annualcreditreport.com.” The World Privacy Forum has released a 42-page study on annualcreditreport.com documenting the substantial issues regarding its implementation. (See Call Don’t Click, www.worldprivacyforum.org)
While a number of issues regarding www.annualcreditreport.com need to be corrected, one issue stands out as critically important to correct immediately. That is, the active blocking of Web linking to the annualcreditreport.com site is harming consumers right now, and does not serve any apparent purpose other than to direct consumers to for-pay services at the credit bureaus.
Currently, the credit bureaus do not allow any entities but the FTC and the three credit bureaus to make active Web links to https://www.annualcreditreport.com. Since consumers are not able to click on an active link from a legitimate news or nonprofit organization to reach the free credit site, consumers must copy and paste or type in the domain name in order to reach it.
The World Privacy Forum tested domains that were very close misspellings of annualcreditreport.com and has confirmed 96 domain names very similar or nearly identical to annualcreditreport.com that have been purchased. For example, annualcreditreport.com, annualcreditrepports.com, and annuolcreditreport.com are examples of the “typo” domains that have been purchased.
Experian has purchased 28 of these names, and questionable “pay per click” domain parking companies have purchased the other remaining confirmed domains. Fifty of the “pay per click” domains are live and are luring consumers to a range of inappropriate sites through deceptive practices. These 50 domains are loaded with pop-up ads and some send consumers to highly questionable sites. Some of these domains also send consumers to commercial for-pay services at some credit bureaus.
The World Privacy Forum has confirmed through an analysis of the source code of the imposter sites that there are some very reasonable questions that the FTC needs to be asking the credit bureaus regarding the role of the credit bureaus’ “affiliate marketing” programs at these “typo” domains. There are also questions that the FTC needs to ask about how the credit bureaus are policing their affiliates.
The reason these questions are pertinent is because currently, when consumers misspell annualcreditreport.com and land on a live “typo” domain, many of those domains are sending consumers to commercial for pay credit report services at the credit bureaus for a commission. (See Call Don’t Click, Discussion of Findings, and Appendix A. See Footnote 8 for details on the credit bureau affiliate marketing programs; www.worldprivacyforum.org)
We believe the combination of not allowing active linking to the annualcreditreport.com site and the presence of live imposter domains that are actively sending consumers to sites other than annualcreditreport.com is circumventing the intent of Congress in passing the Fair and Accurate Credit Transactions Act of 2003 and requires immediate action.
-We request that the FTC immediately require the credit bureaus to allow legitimate news organizations and consumer groups to link to the www.annualcreditreport.com site.
-We request that the FTC issue cease and desist letters to the “typo” domains that deceptively state that they are the official “annual credit report” site. The 50 domains in this category are listed in full in the World Privacy Forum’s “Call Don’t Click” report, which is attached to this letter and is available at www.worldprivacyforum.org.
-We request that the FTC investigate the affiliate marketing practices of the credit bureaus in relationship to www.annualcreditreport.com. The credit bureaus should not have any affiliates that use typos of www.annualcreditreport.com to send consumers to their for-pay services.
A brief word about security. The credit bureaus have stated that they are not allowing active links to the annualcreditreport.com site “for security purposes.” Active Web links to annualcreditreport.com from legitimate news organizations and consumer groups will reduce the number of consumers that are lured to the imposter domains and will thus improve security.
It is important to note that the credit bureaus have active affiliate marketing programs that pay commissions to “affiliate” sites that link to the bureaus’ domains that are hosting for-pay services. We would like to know how these links to the credit bureaus are more secure than other links to the free site. And if the credit bureaus believe these affiliate links are more secure, then we request that they extend this technology and linking methodology to be applied to the www.annualcreditreport.com site so that news organizations and consumer groups may link to the site and help consumers get there without going off-course.
World Privacy Forum
Principal Investigator, Call Don’t Click study
2033 San Elijo Avenue #402
Cardiff, CA 92007
Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Enclosures (1) Call Don’t Click: Why It’s Smarter to Order Your Federally Mandated Free Credit Report via Telephone, not the Internet.