Some Online Loan Applications Endanger Consumers

July 6, 2017

Have you ever filled out an application online for a “loan matching service”? If so, you have to hope that you didn’t fill out an application on one of the websites operated by a company called Blue Global. They ran websites like,,,,, and others. After they collected consumers’ financial information, they sold that information to non-lenders, including SSNs, bank account numbers, and driver’s license numbers.

According to court documents filed by the US Federal Trade Commission, Blue Global — which was not a lender — encouraged consumers to fill out online loan applications, promising that they would “find the loan with the lowest rate” for consumers, and that they would match consumers to a lender selected from a network of 100 or more loan providers. The websites that Blue Global ran stated that the information was always safe and secure.

Here’s the kind of language that Blue Global used on its websites, this one from

“Once you’ve submitted your application, we’ll match your information with our MoneyToday lender network to try to find you the best available loan. Our loan matching service will try to find the loan with the best interest rates, lowest finance charges and longest repayment period. (” (As quoted in FTC Complaint.)

After people filled out the loan applications, Blue Global sold and shared the loan application information to all sorts of third parties, whether they were lenders or not. The FTC states that during 2013, 2014, and 2015, that of the information sold, no more than 2% of the loan applications went to actual loan providers. That’s 98% of all of their actual sales of consumers’ financial and other sensitive information being sold to unknown third parties, for unknown purposes. Blue Global collected information from 15 million consumers. That’s millions of people who had their sensitive information sold to unknown third parties.

This is particularly important because the people who filled out the online loan applications gave very detailed information. Here is what was collected on the loan applications that were sold or shared:

  • name
  • home address
  • email address
  • phone number
  • date of birth
  • SSN
  • bank account number
  • bank routing number
  • driver’s license number
  • employment
  • income
  • military history
  • home ownership
  • bankruptcy
  • approximate credit score

After Blue Global gathered this information, they transmitted it electronically and unredacted to data buyers as a “lead“ within seconds after consumers submitted the loan applications. The information, such as Social Security Numbers, drivers’ license numbers, and bank account numbers, was worth about $200 for each overall lead that Blue Global sold. The FTC court documents state that Blue Global entered into agreements that “expressly allowed their buyers to use purchased loan applications for any purpose.”

Consumers who filled out these forms have already suffered harm. After filling out the forms, debt collectors pursued consumers demanding repayment of phantom debts the consumers did not owe and had never heard of. The problem? The debt collectors had acquired the consumers’ SSNs and bank account information from the loan forms, which gave the collectors the ability to sound convincing, even when the debt was not real. According to the FTC, even after receiving consumer complaints about this problem, Blue Global “took no action to investigate or prevent the misuse of consumer information described in these complaints.”

Consumers have almost no way of knowing what happens to their data after they fill out forms online. This is particularly vexing today, because so much of the business we conduct is online. It is also vexing because there are legitimate lenders who have legitimate online loan forms.

How to tell the difference and how to protect your data? That’s not so simple. Whenever you fill out an online form with a Social Security Number, bank account number, and other sensitive financial and identity information, there is at least some risk. You can mitigate that risk by being sure you are giving your information directly to the lender of your choice. You can also mitigate your risk by watching for what we now know are key red flag phrases like: “loan matching,” “loan matching service,” and “find the loan with the lowest rate.”

There are companies like Blue Global who will work to convince you to give your SSN and other information to a lead generator/data broker. In order to avoid being fooled by the sales pitch, you would have to be a perfectly educated consumer in the ways of privacy, data brokers, data security, and lead generators, and that does not describe many people.

That is why it is important for regulators and legislators to establish clear rules that apply to any non-lender/non-financial sector company collecting consumers’ sensitive financial and identity information and prohibit these harmful acts. In the past, lawmakers have been reluctant to protect consumers in this area due to the complexity of the problem. The FTC case against Blue Global simplifies at least one course of action: if a non-lender asks for detailed loan application information, then consumers need to have protections from predatory data sales of their SSN, bank account number, and other financial, demographic, and identity information.

We know this practice is happening, and we know it clearly harms consumers. Let’s fix this. For at least 15 million people much harm has already been done and it is akin to the harms of identity theft. There is no reason to allow this kind of practice to continue.

-Pam Dixon


Related Documents: