If you’ve tried to return or exchange a product lately and were denied for unknown or unspecified reasons, a new lawsuit might hold the answer as to why.
The possible reason? Two companies that supply consumer “risk scores” to retailers at the start of a return or exchange have been accused of inaccurately evaluating whether the shopper is trying to commit fraud or another criminal act, leading a number of people to be falsely branded as fraudsters and denied their exchange or store credit.
By generating and/or relying upon a person’s risk score in processing a return or exchange, The Retail Equation (TRE), parent company Appriss Inc. and a number of big-name retail clients—including Advance Auto Parts, Best Buy, Buy Buy Baby, Dick’s Sporting Goods and Famous Footwear operator Caleres—have violated privacy, credit reporting and state consumer protection laws, the 30-page filing contends.
The suit alleges that when a retail client, such as those named above, requests a consumer’s risk score, a wealth of identifying information is shared and collected without the consent or knowledge of the individual.
Regular consumers, the five plaintiffs allege, have no way of seeing their own risk scores, much less fighting adverse decisions from retailers or fixing any inaccuracies.
“There is no ability of consumers to request their own risk score, to appeal TRE and the retailer’s decision to refuse a return or exchange, or to review or correct the data that forms the basis for TRE’s risk score,” the lawsuit out of Pennsylvania federal court claims. “Furthermore, TRE and retailers do not disclose to consumers the factors they consider in determining the risk score, or the minimum risk score a consumer must maintain to ensure their returns and exchanges will be accepted.”
In addition to unlawfully and invasively collecting and sharing consumer data, the defendants have harmed retail shoppers in that an unfavorable risk score equates to an unerasable “scarlet letter of merchandise returns,” which deprives consumers of their ability to shop freely and without judgment and forces them to bear the economic cost of retaining unwanted goods.
“This danger is not hypothetical,” the lawsuit asserts. “Each Retail Defendant refused a valid return or exchange based on TRE’s scarlet letter concerning one of the Plaintiffs. There was no appeal process, no human to whom Plaintiff could explain the return, nor any advance notice that a ‘risk score’ declaring them a fraudster would be generated.”
The lay of the land
TRE targets retail clients looking to “identify and curb employee dishonesty, consumer fraud and organized crime” within their stores, the suit begins. In providing its services, TRE uses a number of data collection technologies in conjunction with stored data, including shopper information collected from merchants, the lawsuit relays.
According to the complaint, the retail defendants have, without customers’ knowledge or consent, continuously collected and shared with TRE “large amounts of data” about their shoppers. This information is typically gathered during checkout, a return, or an exchange, but can also be collected by the retailers during online e-commerce interactions, the suit says.
The consumer information passed between TRE and its retail clients falls into two categories: consumer commercial activity data and consumer ID data, the lawsuit says. All of this information, according to the suit, is non-anonymized and contained in individual data sets, “as opposed to anonymized and collective data sets.”
The lawsuit says consumer commercial activity data collected by retailers and shared with TRE includes, but is not limited to, each customer’s unique purchase, return and exchange history—i.e., what someone buys, when it was bought, where it was purchased, how much it cost, how often it is purchased, and what form of payment was used. Similar data is also collected on customers during their returns and exchanges, the case adds.
Consumer ID data, also collected by retailers and shared with TRE, includes all unique identification information contained on or within an individual’s driver’s license, government-issued ID card or passport—e.g., name, data of birth, race, sex, photograph, street address and zip code, the lawsuit says.
Put simply, retailers and TRE know exactly who shoppers are – and this is “only the tip of the iceberg,” the lawsuit says.
Per the case, TRE’s filings with the U.S. Patent and Trademark Office reveal that the company’s data collection activities are “far wider, deeper, and more intrusive” than it admits. According to the complaint, the data used when considering whether a consumer might be engaging in fraud comes not just from their transaction history, but from a far broader set of connections (emphasis added):
TRE’s filings with the Patent and Trademark Office indicate that, when evaluating the return behavior of a consumer, TRE uses not just data related to that consumer but also ‘transaction data collected at points of return from other customers thought to be related to this customer by home address, family name, or other connecting data.’ In other words, TRE factors into its analysis whatever data it has on people thought to be related to the customer by any ‘connecting data,’ i.e., individuals found in a customer’s social network. Thus, for example, if TRE believes (rightly or wrongly) that one of your Facebook friends is a fraudster, TRE may label you a likely fraudster as well.”
The lawsuit further alleges TRE considers “information about other customers in the merchant location during the time of the requested return transaction” in determining whether a customer’s return should be rejected. This means that simply being in the same store as another consumer suspected of fraud “could lead TRE to associate the conduct of an otherwise entirely innocent consumer with that of a suspected criminal,” the suit says.
How consumer “risk scores” allegedly work
If you’ve ever wondered why an ID is sometimes needed when you attempt to return or exchange something you’ve bought, the lawsuit suggests an answer for that as well.
As far as this case is concerned, consumers are supposedly identified and their unique shopping history is generated each time a retail defendant processes their driver’s license, government-issued ID, passport or the original sales receipt for a return or exchange. This information, the suit says, is transmitted to and shared with TRE without a consumer’s knowledge or consent.
It’s with this data that a shopper’s risk score—i.e., an assessment of whether a return or exchange is fraudulent or in some other way criminal—is calculated, the complaint elaborates (emphasis added):
TRE then uses this data to identify the consumer, analyzes the data in combination with the other data it has collected on the consumer described above, and then generates a consumer report containing a ‘risk score’ for each consumer attempting to return or exchange merchandise at one of Retail Defendants’ stores (or any retailer unnamed herein that is using TRE’s service). The ‘risk score’ is TRE’s assessment of the likelihood the return or exchange consumer is committing fraud, or other organized crime within retail. Then, using the consumer’s ‘risk score’ as a pretext, TRE notifies the Retail Defendant that the attempted returns or exchanges should be denied as a consequence of suspected ‘fraudulent and abusive’ behavior by the consumer, implicitly labeling the consumer a fraudster. ‘Risk scores’ identifying consumers as fraudsters occur even when the return or exchange is valid and there is no criminal, or even improper, conduct by a consumer.”
According to the lawsuit, TRE makes no effort to verify with the customer “the actual circumstances of the return or the accuracy of the data on which the rejection is based.” Overall, the defendants’ use of consumer “risk scores” violate shoppers’ basic assumption of how the retail marketplace works, in particular the ability to freely exchange or return a product with minimal fuss.
“Consumers do not expect that the retailer will decide whether to allow a return or exchange based on a ‘risk score’ created by a third-party ‘big data’ aggregator based on information like the consumer’s personal data and shopping history, let alone information about other individuals ‘thought to be related’ to the consumer or ‘other customers in the merchant location’ at the time of return,” the filing scathes.
A consumer branded as a fraudster by TRE or any of its retail clients is left not only with the fear that a simple return or exchange might be rejected, but also the embarrassment of being identified as a “criminal and a fraud risk,” the suit rounds out.
Who’s included in the lawsuit?
The lawsuit looks to cover all persons in the United States who had their data transmitted by Advance Auto Parts, Advance Stores Company, Best Buy, Buy Buy Baby, Caleres, BG Retail or Dick’s Sporting Goods to The Retail Equation.
How do I join?
There’s generally nothing you need to do to join or be considered included in a class action lawsuit. It’s typically only when and if a case settles that consumers covered by the lawsuit, called “class members,” can file claims for whatever compensation, if any, the court deems appropriate.
These types of cases take time to work their way through the legal process, usually toward a settlement, dismissal or, increasingly, to binding arbitration outside of court. This means it may be a while before we see how things shake out.
In the meantime, staying informed is priority number one. Sign up for ClassAction.org’s free weekly newsletter—containing the latest class action news and settlement details—right here.