Three leading banks are testing the bounds of controversial credit card add-on services, even as the government gears up for a second round of related crackdowns on the products.
The continuing sales efforts come after regulators hit Capital One (COF) for $210 million in fines and refunds to consumers and Discover (DFS) $214 million for improperly marketing payment protection and identify theft protection services to credit card customers. Regulators followed shortly thereafter by charging American Express (AXP) $112.5 million in fines and refunds to consumers for similar lapses across its credit card operations.
Several banks have since halted sales of such credit card add-ons, and the industry is now bracing for additional enforcement actions relating to the products.
Undeterred, American Express, Wells Fargo (WFC) and Citigroup (NYSE:C) appear to be testing how much wiggle room regulators have left them in the lucrative but oft-criticized business.
The sale of such add-on products is "something we thought was going to go away, but has not," says Doug Miller, an analyst with Corporate Insight, which tracks financial companies' customers communications.
Specifically, American Express has swapped one add-on service for another, while Wells Fargo (WFC) and Citigroup (NYSE:C) are continuing to offer forms of payment and identity theft protection. All other top-tier U.S. credit card lenders have stopped marketing add-ons credit card services online to new customers, Corporate Insight says.
American Express has halted sales of identity theft protection. However, in recent months it has been offering customers a similar "credit monitoring" service provided by Experian. Customers are charged a $1 sign-up fee and $14.99 per month. In exchange, the service provides customers with versions of their credit scores from the three largest credit bureaus and email alerts about any "key changes" to their credit files.
Amex cautioned in the footnotes on email messages and in letters sent to customers this spring that the credit scores provided "are not used by lenders" and that "in some instances we may not be able to begin monitoring information from all three bureaus."
American Express and Experian each declined to comment.
The credit monitoring that American Express is now marketing appears to be a variation on the identity theft protection that it and many other major credit card lenders have discontinued. Most big banks, with the exception of Wells Fargo and Citibank, have also abandoned payment protection; the product provides consumers with a form of insurance that suspends or cancels out credit card payments in the event the borrower suffers an illness, certain other hardships or dies.
Such add-on products have been sharply criticized by consumer advocates, who argue that they provide poor value; for every dollar of premiums that customers pay, banks dispense just 21 cents on average to cover their suspended or cancelled debts, according to a 2011 report by the Government Accountability Office. Banks have also been criticized for sales practices that critics claim include: targeting the add-ons toward low-income customers who can least afford them; unfairly denying benefits; and selling customers plans for which they are ineligible to receive benefits.
Regulators have thus far focused their crackdown on such marketing practices, rather than on the substance of the offerings themselves. Specifically, the enforcement actions against Discover and Capital One involved how the lenders and their third-party vendors communicated with customers.
The CFPB's fines "have set a clear expectation that deceptive marketing practices will not be tolerated. … Deceptive marketing is not unique to any one class of financial product, and identifying and stopping these harmful practices will continue to be a priority for the Bureau," said spokesman Sam Gilford in an email.
In continuing to sell the add-ons Amex, Wells and Citi appear to be betting that the government will remain focused on marketing practices rather than on the products' underlying utility and pricing. It's a gamble that could pay off. The nine largest credit card issuers brought in an estimated $1.3 billion in net profits from debt-relief products in 2009, the GAO calculates. The products are also one of the few remaining sources of credit card fee income for banks in an era when Dodd-Frank and the Credit Card Accountability Responsibility and Disclosure Act have reduced or eliminated many other sources.
"Once the dust clears on this, the banks will be back if they can strike the right balance, because it can be a place of profit for them," says Mercedes Tunstall, a partner with the law firm Ballard Spahr.
Wells Fargo in the past year has cut the cost of its card add-ons, ended waiting periods before certain benefits kick in and simplified disclosures, according to spokeswoman Natalie Brown.
"We offer this product because customers who choose it tell us they feel the service offers them value," she says.
Citigroup still pitches payment and identity-theft protection to its cardholders online, but in October 2012 it discontinued phone and point-of-sale marketing, according to spokeswoman Emily Collins. The bank altered its sales practices due to "reviews in light of new regulatory guidelines," she added. "We believe these products offer distinct value."
Other banks appear to have largely abandoned card add-ons. Capital One, Bank of America (BAC) and JPMorgan Chase (JPM) have stopped selling their versions of identity theft and payment protection to new customers. A Discover spokesman says it has "suspended" sales of the product and hasn't "scheduled a relaunch date."
A year ago, "the pace at which these [regulatory] orders came out was a one-two-three punch," says Linda Gallagher, head of the consumer protection practice at Promontory. "Banks had to stop and assess. … Some felt that maybe they could make certain tweaks. Others said maybe the revenue isn't enough to override the concern and the risk."
Enforcement Action Ahead
The industry is now bracing for a second wave of enforcement action. Both Bank of America and JPMorgan Chase are in regulators' crosshairs, according to regulatory filings released last month. Bank of America said it may be required to pay restitution and penalties related to its payment and identity-theft protection products. JPMorgan Chase said regulators are focused on its discontinued identity-theft protection offering.
Regulators have also investigated both banks' oversight of third-party vendors of the add-on products, their filings indicate. JPMorgan Chase could be fined as early as this week, Bloomberg reported.
Looking for Wiggle Room
Some industry insiders say that regulators' focus on marketing practices provides an opportunity for lenders to continue offering add-ons — carefully.
"It's possible to offer these products within the constraints that the CFPB is pushing," says Hank Israel, a partner at the banking consultancy Novantas.
But predicting how those constraints will evolve is likely to prove a challenge. Industry observers say that even after the first wave of enforcement actions, they remain unsure what sales practices or products will be considered acceptable by regulators.
"Banks still don't have a clear roadmap as to what the regulators will accept. ... The orders themselves do not provide a lot of guidance," says Anand Raman, a partner with the law firm Skadden, Arps, Slate, Meagher & Flom.
Given the heightened regulatory scrutiny, and the related risks it poses to banks' reputations, some industry members question the wisdom of continuing to offer credit card add-ons.
"In the current environment, and in light of how regulators are viewing these products, there may be more risk than reward," says Teresa Epperson, a managing director at the consultancy AlixPartners.
For banks willing to run the reputational risk, the economic appeal of add-ons is clear--even if they incur regulators' wrath. At Discover, for example, the CFPB's $214 million card add-on settlement was eclipsed by the $234 million it made from the products in 2010 alone. If American Express, Wells or Citi are eventually fined similar amounts, that would likely be far less than each has earned from add-ons.
"I think the companies are gaming this thing out as long as they can," says Ed Mierzwinski of U.S. Public Interest Research Group, a federation of state-level consumer groups.
"If they make $500 million over the next two years, and then they pay the CFPB $100 million, they make $400 million."
Between the two products, credit monitoring is generally regarded in the industry as offering more value to customers than payment protection. That's partly due to consumers' skittishness about their credit scores, which has made credit-monitoring the most popular add-on among bank customers. It's especially popular with older people and those who have been victims of identity theft, according to Novantas' Israel.
However, consumer advocates charge that credit monitoring involves selling something consumers have a legal right to receive for free, given that they can obtain annual credit reports from each of the three major credit bureaus (Experian, Equifax and TransUnion) at no charge.
"You don't need to pay for credit monitoring. You can just do it yourself by ordering your credit report," says Chi Chi Wu, a lawyer with the National Consumer Law Center. "You can stagger them and check your report every [four] months … [without] a need to pay for an expensive monthly product, and a credit monitoring product won't stop an identity theft."
Experian spokesman Michael Troncale says credit monitoring provides additional value to customers by tracking mid-year changes, which can flag identity theft.
"We offer assistance that can help determine if a change is identity theft or not," he says. A TransUnion spokesman made similar points. Equifax declined to comment.
The credit bureaus are also facing mounting regulatory scrutiny over how they and the lenders that supply them with consumer data handle disputes over customers' credit scores. That controversy is not directly related to card add-ons, but mounting pressure on data reporting agencies could eventually dissuade them from offering the controversial credit card products, says Ira Rheingold, executive director of the National Association of Consumer Advocates.
"There will be a lot of enforcement actions and rulemaking" in this area, he says.