Skip to main content

You know that phrase “If it quacks like a duck. . . “?  It’s applicable in the Fair Credit Reporting Act context, too.  If a company meets the legal definition of a “consumer reporting agency,” it’s a consumer reporting agency.  Including a disclaimer that says, in effect, “But we’re not a CRA!” won’t change that.  That’s one important takeaway tip from the FTC’s settlement with Filiquarian Publishing, the agency’s first FCRA case involving mobile apps.

Filiquarian advertised that people who bought its apps — available for 99 cents from app stores like iTunes and Google Android (now GooglePlay) — could conduct a “quick criminal background check for convictions” in specific states.  Filiquarian also said that its apps could access hundreds of thousands of criminal records, and that users could conduct searches on potential employees as part of the hiring process.  But according to the FTC, Filiquarian, owner Joshua Linsk, and Choice Level, LLC (a related company that provided the criminal records) made a major mistake: They failed to comply with the FCRA.

A company is a “consumer reporting agency” under the law if it assembles and evaluates consumer report information for the purpose of providing those reports to third parties.  Reports include information that relate to a person’s character, reputation, or personal characteristics.  Typically, they’re used — or are expected to be used — for employment, housing, credit, or the like.  That’s what triggers a company’s obligations under the FCRA.  But a business that uses consumer reports for employment purposes has to comply with the FCRA, too.  Failing to implement any of the accuracy, dispute, or other safeguards required by the law could harm people’s reputations and employment prospects.

So how does the FTC determine if a business has reason to believe that its information is being used for employment or other FCRA purposes?  Lots of factors may be relevant, but one approach is to look at what the company says in its own ads.  In Filiquarian’s case, it specifically advertised that its reports could be used for hiring decisions on potential employees:

Are you hiring somebody and wanting to quickly find out if they have a record? Then Texas Criminal Record Search is the perfect application for you.

Here’s an interesting point for disclaimer mavens.  Filiquarian and Choice Level included statements in their apps and on their website that their background screening reports weren’t to be considered screening products for insurance, employment, loans, and credit applications (among other things) and that they weren’t FCRA-compliant.  That disclaimer didn’t cut much ice with the FTC, especially since it contradicted express representations in Filiquarian’s ads urging people to use the reports to screen potential employees.  Just saying that the info can’t be used for FCRA purposes doesn’t absolve a company from liability, concluded the FTC.

If you’ve been following  mobile apps and the FCRA, you should feel a sense of déjà vu.  Last year the FTC sent public warning letters to developers of six apps telling them:

If you have reason to believe that your reports are being used for employment or other FCRA purposes, you and your customers who are using the reports for such purposes must comply with the FCRA. This is true even if you have a disclaimer on your website indicating that your reports should not be used for employment or other FCRA purposes.

Sound familiar?

According to the FTC, what Filiquarian produced were “consumer reports” under the FCRA.  Specifically, the complaint charged three key FCRA violations:  failure to maintain reasonable procedures to verify who their users are and that the information would be used for a permissible purpose; failure to have procedures to ensure that the information they provided in consumer reports was accurate; and failure to provide notices to users and to those who furnished Filiquarian with information that was included in consumer reports.

The consent order contains provisions designed to ensure future compliance and requires the respondents to circulate the order to staffers with FCRA responsibilities.

What should businesses take from the case?  The mobile app angle offers a 21st century twist, but the message remains the same:  Companies offering background screening products for employment or other FCRA purposes — and the businesses that use them — have to stay in line with the law.  Another tip:  It’s wise to pay attention to what the FTC says in warning letters to other companies.

For more information, visit the BCP Business Center’s Credit Reporting page.


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

January 12, 2013
That is FANTASTIC that the FTC protects consumers info and how its used. The FTC catching companies like that really show just how much they do. The FTC is all about the ppl, which is an awesome feeling. Ty
Kenneth Ford
March 20, 2013
The topic seems fairly straight forward. When a company seeks background information for any reason, on an individual, then they're acting in a capacity as a CRA. But not all marketers are aware of this fact, or even that they need to be in compliance with the FTC's regulation. Perhaps the FTC should create an app...I do have a concern about the distribution of information on directory sites by individuals. Companies have started using systems and processes for Reputation Marketing but individuals are at the mercy of CRAs and other sources which may be flawed. I am concerned that big brother, while watching, may be missing quite a bit.
May 10, 2013
That is good for the consumer....
August 01, 2013
There is no question about it that there is a warm fuzzy feeling that comes with knowing that we are protected as consumers. Unfortunately, not every independent agency out there is following the rules. Use caution and report anybody you suspect is involved in wrong doing to the FTC. Thanks. For some good related information, please go here [link deleted]
michael brennan
August 15, 2014
Lets talk real world. Companies are outsourcing the background checks and the people they are paying are cutting the corners for them. On a standard arrest you need to goto the local courthouse and check the disposition of the case.(they simply will not do this as it cost too much money) This is not happening. The application is simply thrown out when certain charges show up. The companies trying to protect themselves by using subcontractors to run the checks are now getting hammered by lawsuit after lawsuit. Dismissed charges and very old misdemeanors need to just drop off the arrest records.....some states have modified the laws on background checks however the ones that have not are contributing to crime as these people cannot find work so they turn back to feed themselves... the system is broken------
Kirk Allen
September 21, 2015

In reply to by michael brennan

Michael, your statement was the case years ago, but digitization is making data such as dispositions accessible online. I was trained to conduct background checks the right way - using a data provider as a starting point, ssn validation, residential history and checking all divisions of each county court individually. Verifying records by name and date of birth, looking at the dispositions and sentencing, and sometimes it required me to go to the courthouse and look through hard copy records.I still do the same thing, and many states and counties are still not offering the information online, but typically the clerk's allow me to request via fax or email, except for the few old school districts that require in-person requests. But I do agree that many companies are cutting corners - the class actions lawsuits speak for themselves, that's why I take satisfaction from the thoroughness that I still adhere to today.
January 04, 2016
What if a company runs a background check for an employer, that us not in the business of running background checks? They still have to know and follow the law, correct?
January 08, 2016
How would a software startup become a consumer reporting agency? Imagine Filiquarian could roll back time, what should have been their first step?
Chris Barnes
January 09, 2017
I just received a notice from a job I just applied to, stating they decided to move forward to other candidates based on my background employment information. I relied to the company asking for the adverse information report that was done on me. I was never interviewed only to received their email. Should the company provide me with the information.
April 07, 2018
I went to volunteer with a little OR beach town. They said I 'flunked' the background check, but refused to provide me with the acknowledgement of such report, which they may not have even done. Do they HAVE to show me what came up?? very unfair not to. Never been arrested, never spent a nite in jail. never been to court-had one 'notice of trespass' two years ago. but zero case, zero court, but "criminal record" YES!!!!! Q: do they have to show it to me???
FTC Staff
December 30, 2019

In reply to by paul

  When an employer gets a background report about you from a company that's in the business of compiling background information, special rules apply. The employer has to tell you it's going to use the information from the report to make a decision, and get your written permission. If the employer thinks it might not hire you because of information in the report, it must give you a copy of the report and a Summary of Rights. Read more about background checks and your rights.