ValueClick to pay $2.9 million to settle spam complaint

Online advertiser ValueClick has agreed to pay a record $2.9 million to settle a U.S. Federal Trade Commission complaint that it sent deceptive advertising claims in spam e-mail and failed to secure consumers' sensitive financial information.
ValueClick subsidiary Hi-Speed Media used deceptive e-mails, banner ads and pop-ups to drive Internet users to its Web sites, the FTC said Monday. The e-mails and ads promised that consumers were eligible for free gifts, including laptops, iPods and gift cards. The ads included promises such as "Free PS3 for survey," and "CONGRATULATIONS! Select your FREE Plasma TV," the FTC said.

Consumers who went to ValueClick's Web sites because of these promises were led through a "maze of expensive and burdensome" third-party offers, including car loans and satellite television subscriptions, which they were required to "participate in" at their own expense in order to receive the promised merchandise, the FTC alleged.

ValueClick's use of deceptively labeled e-mail messages offering free gifts and its failure to disclose that consumers must spend substantial sums of money to obtain the promised merchandise violated the Can-Spam Act and the FTC Act, the FTC said.

The settlement with ValueClick and subsidiaries Hi-Speed Media and E-Babylon was filed with the U.S. District Court for the Central District of California last Thursday. In addition to the $2.9 million fine, the largest ever for violations of the 2003 antispam law the Can-Spam Act, the settlement requires ValueClick to clearly disclose the costs and obligations consumers must incur to receive the products it touts as free. It also bars deceptive claims about the security of the consumer information collected at the company's Web sites.

ValueClick announced last month it had agreed to a settlement with the FTC. It recorded a $2.9 million charge on its financial results in the fourth quarter of 2007 in anticipation of the settlement, the company said in a February news release.

"We have worked with the FTC and have reached an agreement on the standards and practices that will govern our lead generation business going forward," David Yovanno, chief operating officer of ValueClick's U.S. media, said in a statement. "We believe this settlement will also help set the guidelines for the lead generation industry as a whole, and we will continue to participate in the Interactive Advertising Bureau to help establish best practices to that end."

In addition to the spam-related complaints, the FTC charged that ValueClick, Hi-Speed Media and E-Babylon misrepresented that they secured customers' sensitive financial information consistent with industry standards. The companies claimed in online privacy policies that they encrypted customer information, but either failed to encrypt the information or used a nonstandard and insecure form of encryption, the FTC said. Several of the companies' Web sites were vulnerable to SQL injection, a commonly known form of hacker attack, contrary to claims that the companies implemented reasonable security measures, the FTC said.

The settlement bars ValueClick, Hi-Speed Media and E-Babylon from making misrepresentations about the use of encryption or other electronic measures to protect consumers' information. The order also requires the companies to establish and maintain a comprehensive security program, and obtain independent third-party assessments of their security for 20 years.

This is the FTC's third case targeting the use of deceptive promises of free merchandise by Internet-based lead generation operations, and the commission's 18th case challenging data security practices by a company handling sensitive consumer information.