Pennsylvania Federal Court Holds that Envelope with Visible Bar Code That Could Be Scanned To Reveal Consumer’s Account Number May Violate the FDCPA

By Diana Eng and Joe Patry

In Kostik v. ARS National Services, 3:14-cv-02466, an opinion issued July 22, 2015, the United States District Court for the Middle District of Pennsylvania refused to enter judgment on the pleadings on a complaint where the sole allegation is that the debt collector violated the federal Fair Debt Collection Practices Act (“FDCPA”) because it had sent a letter with the consumer’s account number embedded in a bar code.

The court noted that the bar code was not physically printed on the envelope, but was visible through a clear plastic envelope window on the front of the envelope that exposed the letter’s return address.  When scanned, the bar code would reveal the borrower’s account number.  Because smart phones have apps to easily read “QR” (“quick response”) bar codes, the court reasoned that having the bar code visible by scanning made the account visible to the general public, which could make the consumer a victim of identity theft.

The debt collector argued that the bar code was a benign symbol, which would be exempt from FDCPA liability.  Further, it noted that anyone who scanned the consumer’s mail would be violating federal criminal statutes that prevent unauthorized access to items placed in the U.S. mail and that the FDCPA does not cover illegal actions by unrelated third parties.  In addition to federal criminal statutes, the debt collector noted that the Domestic Mail Manual specifically prohibits postal employees from reading or disclosing the contents of any items placed in the mail.

The court rejected these arguments, relying on prior cases that found that an envelope which had a printed account number on the outside of the envelope or an account number within the viewing area of clear plastic envelope windows violated the FDCPA.  (These cases are Douglass v. Convergent Outsourcing,765 F.3d 299 (3d Cir. 2014),  and Styer v. Prof’l Med. Mgmt., 2015 U.S. Dist. LEXIS 92349 (M.D. Pa. July 15, 2015).)

The Court reasoned that disclosing an account number raises privacy concerns for the consumer and is not benign because it could be used by a third party to harm the consumer.  Consequently, while leaving open the possibility that the barcode disclosure could ultimately be shown to be benign at a later stage in the case, the court found that the borrower’s complaint was sufficient to survive a motion for judgment on the pleadings.

In light of this decision, and as discussed in a prior post discussing the Douglass case, entities collecting consumer debt should avoid the use of QR codes on envelopes or within the viewing area of clear plastic envelope windows.  Revealing such information on envelopes or through clear plastic envelope windows may expose debt collectors to liability under the FDCPA.

Leave a Reply