FTC proposes consent order against MoviePass for fraudulent operations and not securing data

In context: It was a very good experiment, but the theater-subscription service that was MoviePass was a fatally flawed business model. Its lack of sustainability led its executives to try some shady money-saving tactics. The FTC did not take kindly to the shenanigans. It concluded its probe into the company with a stifling consent order.

On Monday, The Federal Trade Commission (FTC) announced that it had concluded a study into the now-defunct subscription movie service MoviePass and had reached a settlement for its alleged actions. The FTC charged parent company Helios and Matheson Analytics and operators Mitchell Lowe and Theodore Farnsworth with blocking paying users from accessing the service as advertised and for not securing customer information.

“MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information, ” said Daniel Kaufman, the FTC’s Acting Director of the Bureau of Consumer Protection. “The FTC will continue attempting to protect consumers from deception and to ensure that businesses deliver on their promises. ”

In 2019, the struggling platform allegedly invalidated the passwords of “power users, ” citing “suspicious activity or potential fraud. ” Insiders claimed executives knew the move was wrong but were desperate to slow down their losses and blamed Mitch Lowe for the dishonest act.

“Before Mitch [Lowe] came on, it was, ‘How do we slow down those users? ‘” one insider said. “With Mitch, it absolutely was just, ‘F— those guys. ‘”

The FTC said the company used a buggy ticket verification system to discourage users from utilizing the service, employing a one-strike rule that allowed the company to cancel subscriptions when users did not submit verification on time.

The commission also found MoviePass guilty of using “trip wires” [sic] to block certain user groups. In general, they certainly were subscribers that viewed a lot more than three movies per month. The tripwires prevented users from using the service whenever the group collectively hit certain company loss levels in a given month.

These tactics violate the Restore Online Shoppers’ Confidence Act (ROSCA), which demands truth in advertising over the internet. Additionally, it requires user notification and consent when making changes to services in a subscription.

Finally, the FTC ruled that MoviePass failed to correctly secure user account information, including credit card numbers. The company allegedly stored all customer-related data in plain text and did not restrict access to the database. The 2019 data breach, which exposed at least 58, 000 records, is evidence of this claim. A sample of 1, 000 leaked database entries showed more than half included credit and debit card numbers and their expiration dates.

As part of the consent agreement, Lowe, Farnsworth, MoviePass, Helios, and all involved operators are prohibited from misrepresenting any prospective services under strict FTC oversight. They must have “a comprehensive security program” in place for almost any future businesses, which a third-party firm will audit biennially. Any breaches or security risks encountered must certanly be reported to the FTC immediately upon discovery. A senior executive must yearly notify the commission that all security requirements are met.

Unfortunately for disgruntled customers, the proposed order doesn’t contain any monetary compensation. Both MoviePass and Helios have filed Chapter 7 bankruptcy, dissolving both businesses shortly after shutting down the service with very little notice.

Image credit: Piotr Swat

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: