Skip to main content
Top Button

Fraud and Security Breaches May Warrant an Exemption from TCPA Liability for Text Messages from Bank

November 19, 2014 by Isaac J. Colunga, Partner

Fraud and Security Breaches May Warrant an Exemption from TCPA Liability for Text Messages from Banks to Customers

According to a recent FCC Petition, identity theft and fraud are at historically high levels as a result of data and security breaches.  Knowing this, when reacting to security breaches banks and retailers attempt to notify consumers immediately that their personal information either has been or may have been compromised.  Automated text messages serve that purpose, but at the moment such text messages may violate the TCPA. 

The American Bankers Association is trying to change this.  In October the ABA filed a petition with the FCC, explaining that some banks avoid sending their customers data security breach notifications “because of the legal risks posed by TCPA class-action litigation.”  The ABA therefore asked the FCC to create an exemption for four categories of automated calls and text messages: (1) alerts to consumers about possible fraud or identify theft; (2) data security breaches that may compromise consumers’ personal information; (3) remedial actions in the event of a security breach; and (4) money transfers. 

An exemption for these types of communications is merited to say the least.  Effective fraud prevention requires the earliest possible contact with the customer, and as the ABA Petition explains, banks rely on the efficiency of autodialers and other technologies to contact their customers quickly, with the goal of verifying identity and immediately assisting their customers in the event of a breach.  Not only that, but certain state and federal statutes require banks to establish response notification programs following data and security breaches.  To comply with such programs, and in light of the urgency with which the banks must respond, it makes sense that banks would utilize the most efficient and effective means to notify their customers.  A single bank may be responsible for up to 60,000 potential data breach notices per month.  Banks shouldn’t fear the TCPA when sending out such notices.  The FCC Petition is available at
Isaac J. Colunga has extensive experience in the TCPA and its corresponding regulations. He actively defends companies against class actions in federal courts nationwide stemming from fax advertisements, autodialed calls and texts to cell phones, and calls to registrants on the national Do Not Call list.  He can be reached at 312-726-1567 or   

View Full Site View Mobile Optimized