Banking Exchange Magazine Logo

Considering the CFPB's card complaints database...

The Bureau has an interesting concept, but are there risks?

The Consumer Financial Protection Bureau is proposing to disclose certain credit card complaint data that it collects through its complaint system. The Bureau is proposing a new Policy Statement to describe this information-sharing process, and seeks comments by Jan. 30, 2012.


Considering the Bureau's complaints process

Consumer complaints are received by the Bureau via an online format for collecting information about the consumer; the applicable credit card and issuer; and a description of the complaint. (A similar approach is used for mortgages.)


Information from the complaints received would be made available to the public in an effort to enable interested third parties to identify trends and patterns that could help consumers make better decisions about credit cards.


Not all of the information collected from complainants would be made available. The proposed Policy Statement speaks to the intention to only make available non-narrative fields of information about each complaint that do not contain confidential personal information. The proposal lists the following non-narrative fields of information that would be made available, though this is not an all-inclusive list:


  • • Type of complaint
  • • Subject of the complaint
  • • Issuer name
  • • Complaint date
  • • Consumer's zip code
  • • Whether and how the issuer responded to the complaint


Other non-narrative fields of information that may or may not be made available, at the discretion of the Bureau, would include the dollar amount of the consumer's loss, whether or not the consumer believes the issues involves credit discrimination; who the consumer has contacted about the complaint (the issuer, another government agency, an attorney, etc.), the consumer's age; and whether the consumer is a servicemember.


The complainant's name, full address, email address, telephone number, and credit card number are also in the database, but the Bureau says that it wouldn't release or make available any confidential personal information.


Concerns about confidentiality

The narrative fields of information would not be available to the public. For example, the fields where the consumer enters a description of the problem and what he or she wants the resolution to be would not be available.


The Bureau also claims that it will not release or make available confidential and proprietary business information that issuers provide to the Bureau in response to complaints. However, what constitutes "confidential and proprietary business information" will be left to the Bureau to determine.


My big concern with this whole plan is the risk that the confidential information contained in this database could be disclosed or breached. I am sure that the Bureau intends to put safeguards in place to prevent hacking and computer intrusions and old-fashioned employee dishonesty, and intends that the confidential consumer information and proprietary business information will be protected.


However, confidential, safeguarded databases are compromised on a regular basis.


Track records cause worries

Go to and you can see listings of reported computer breaches going back to 2005. According to this website, there have been 516 reportable computer breaches since 2005 just at government agencies, including the Veteran's Administration, IRS, the Social Security Administration, and the Federal Reserve.


As a consumer, I would not want to file a credit card complaint with the Bureau, because of the risk that the information that is required as part of the complaint submission is maintained in a database that can be partially accessed by the public, even if parts of the database are restricted.


Let's just take it one step further and suppose, hypothetically, that this complaint database is breached. A group of consumers' names and credit card numbers are obtained. Someone uses the consumers' credit cards to make unauthorized transactions.


Guess who absorbs the cost for those unauthorized credit card transactions? 


The credit card issuers, because that's the law.

Disclaimer: This blog represents the opinions of the author and does not necessarily reflect ABA policy.

Nancy Derr-Castiglione

"Lucy and Nancy’s Common Sense Compliance” is blogged by both Lucy Griffin and Nancy Derr-Castiglione, both Banking Exchange contributing editors on compliance. Nancy, a Certified Regulatory Compliance Manager, is owner of D-C Compliance Services, an independent regulatory compliance consulting services business that has provided expertise in compliance training, monitoring, risk assessment, and policies and procedures to financial institutions since 2002. Previously, Nancy held compliance positions with Bank One Corporation and with United Banks of Colorado. In addition to serving as a Contributing Editor of Banking Exchange, Nancy has served on the ABA Compliance Executive Committee; National and Graduate Compliance Schools board; conference planning committees, and the Editorial Advisory Board for the ABA Bank Compliance magazine. She can be reached at [email protected]

back to top


About Us

Connect With Us



How to get the most out of Data and AI
with Ravi Loganathan from Sardine
and President of Sonar

Wednesday, July 24, 2024 at 11 AM ET / 8 AM PT

In this webinar we will cover:


This webinar is brought to you by:

SardineBanking Exchange