When it comes to oversight of third-party collection vendors, most creditors naturally focus on the standards: compliance, data security, and proper payment processing. These are critical boxes to check—no question. But while compliance ensures safety, it doesn’t guarantee success.
To truly understand whether your collection partner is working effectively on your behalf, you need to look beyond compliance. You need to evaluate performance.
On September 22, the U.S. Court of Appeals for the 3rd Circuit affirmed a lower court’s decision to sanction two attorneys and their law firm for allegedly orchestrating a scheme to manufacture FDCPA violations. The court found that the attorneys sent fabricated, handwritten dispute letters to debt collectors, intending to provoke technical violations of the statute and collect attorney’s fees. The attorneys purportedly directed their firm’s lawyers and paralegals to send obfuscating, handwritten letters designed to be difficult for debt collectors’ automated systems to recognize, increasing the likelihood that the debts would not be marked as disputed. If a debt collector failed to respond appropriately, the attorneys would file lawsuits seeking statutory damages of up to $1,000 per violation, plus costs and attorney’s fees.
On September 23, the CPPA announced that the California Office of Administrative Law approved final regulations covering cybersecurity audits, risk assessments, automated decision-making technology, insurance companies, and updates to existing California Consumer Privacy Act (CCPA) regulations. The regulations are set to take effect January 1, 2026, but businesses have additional time to comply with certain requirements, including those related to cybersecurity audits, risk assessments, and automated decision-making technologies. As previously covered by InfoBytes, the CPPA initially released its regulations in July 2025 following the expiration of the 45-day comment period.
Last month, New York Attorney General Letitia James sued Early Warning Services, LLC (EWS), the company that operates the Zelle Network, for allegedly failing to protect its users from fraud. The complaint, much of which was filed under seal, claims that EWS harmed consumers by creating “a payment network that was highly susceptible to fraudulent activity, that lacked the basic network safeguards, and that exposed millions of consumers to widespread fraud.” Although filed under different legal authority, the suit is thematically similar to the federal complaint that the CFPB filed last year and later dismissed with prejudice in March 2025.
Quick analysis: Everything Down in August; Most Still Up YTD
Similar to April of this year, we are seeing a month where everything dipped for the month, but not enough to change the trajectory of the upward year to date trends.
TCPA (-15%) took the biggest hit, followed by FDCPA (-3.9%) and FCRA (-2%), while CFPB complaints dropped a tiny -.8%.
YTD, however, only FDCPA is still down (-5.7%) while TCPA is still up a lot (-52.1%) followed by FCRA (+27.6%). CFPB complaints are still up over 100% from this time last year, 102.8% to be exact.
.jpg)
.jpg)