Smart home security and monitoring company Vivint Smart Homes has agreed to pay $20 million to settle Federal Trade Commission allegations that the Utah-based firm misused credit reports to help unqualified customers obtain financing for the company’s products and services.

Under the settlement, Vivint will pay a $15 million civil penalty and an additional $5 million to compensate injured consumers.

In a complaint filed by the Department of Justice on behalf of the FTC, the FTC alleged that Vivint violated the Fair Credit Reporting Act (FCRA) by improperly obtaining credit reports in order to qualify potential customers for financing for its smart home monitoring and security products. The FTC also alleged that Vivint violated the FTC’s Red Flags Rule by failing to implement an identity theft prevention program, which is required of certain companies that regularly use or obtain credit reports.

“Vivint’s sales staff stole people’s personal information to approve others for loans,” said Daniel Kaufman, acting director of the FTC’s Bureau of Consumer Protection. “For misusing consumer credit reports and other sensitive data, and harming people’s credit, this company will pay $20 million.”

Vivint uses door-to-door sales representatives working on a commission-only basis to sell the company’s home security devices and monitoring services, according to the FTC complaint.

The FTC alleged that some Vivint sales representatives used a process known as “white paging,” which involved finding another consumer with the same or a similar name on the White Pages app and using that consumer’s credit history to qualify the prospective unqualified customer.

Vivint sales representatives also sometimes asked customers to provide the name of someone they knew who had better credit, such as a relative, then added that innocent third-party as a co-signer to the account without their permission, and used their credit history to qualify the prospective customer, according to the complaint.

If customers qualified using these deceptive tactics later defaulted on their loans, Vivint referred the innocent third party to its debt buyer, potentially harming that consumer’s credit and subjecting them to debt collectors, the FTC alleged. Many consumers whose credit reports were misused by Vivint sales representatives complained to the FTC that they were victims of identity theft after being contacted by Vivint’s debt collectors.  

The FTC alleged that Vivint was aware of the problem, and in fact terminated many sales representatives for misconduct only to rehire some of them shortly thereafter.

In addition to the monetary judgment — the largest to date for an FTC FCRA case — the settlement requires Vivint to implement an employee monitoring and training program, as well as an identity theft prevention program. The company must also establish a customer service task force to verify that accounts belong to the right customer before referring any account to a debt collector, and must assist consumers who were improperly referred to debt collectors.

In addition, Vivint must obtain biennial assessments by an independent third party to ensure the company is complying with the FCRA. Vivint is also prohibited from engaging in the types of improper conduct detailed in the complaint.

People who did not sign up for Vivint’s services but were contacted by debt collectors or found Vivint accounts improperly listed on their credit reports may be eligible for compensation from this settlement.

The commission vote to authorize the staff to refer the complaint to the Department of Justice and to approve the stipulated final order was 4-0, with Commissioner Rohit Chopra issuing a separate statement. The DOJ filed the complaint and stipulated final order on behalf of the commission in the U.S. District Court for the District of Utah.

In response, Vivint said it is “deeply committed to operating with integrity and delivering exceptional service to [its] customers.”

“We are pleased to have resolved this matter related to certain historical practices,” said a Vivint spokesperson. “We had already taken steps before the FTC began its review to strengthen our compliance policies, and will continue to make this a focus going forward.”