Press "Enter" to skip to content

QR Codes Mean FDCPA Trouble Says Pa. Federal Court

A QR code visible on the face of an envelope embedded with an account number violates the Fair Debt Collection Practices Act, according to a recent decision from the United States District Court for the Middle District of Pennsylvania.

A QR or “Quick Response” code is a type of bar code that can contain any sort of information. But the information is not visible, instead the QR code looks more like a jumble of black and white lines or boxes. You can’t do much with a QR code unless you have a device that can read the code.

QR Codes Make Debtors ‘Susceptible to Privacy Intrusions’

In Styer v Professional Medical Management, Inc., the court granted summary judgment to the plaintiff, finding that a QR code on an envelope that when read using a decoder would reveal the debtor’s name, address and account number, violates § 1692f(8) of the FDCPA because it exposed to the public information about Styer’s “financial predicament.” Section 1692f(8) prohibits a debt collector from using “any language or symbol, other than the debt collector’s address” and its business name, “if such name does not indicate that he is in the debt collection business.”QR Code Tag Illustration

Some courts have refused to find liability under  § 1692f(8) where a symbol does not suggest the letter is seeking to collect a debt or otherwise threaten or humiliate the debtor — sometimes called the “benign language exception.” But here, the court wrote, the QR code is not benign because even though the debtor’s name, address and account number are encoded, the information is still accessible and “susceptible to privacy intrusions.”

Expansive Reading of FDCPA

Last year, in Douglass v. Convergent, the Third Circuit Court of Appeals decided that a debtor’s account number visible on the face of a debt collection letter violated  § 1692f(8). Styer expands the holding to QR codes containing such information because they too have “the potential to cause harm to a consumer” and that harm exists when an account number is disclosed to the public and “there for the taking.”

If you could decode the Styer QR code, here’s what you would see:

ONFIRI10,#K#02-12402280-[redacted]4408-2-NCOA, Monica Styer, 12 Tuttle St., Simpson, PA, 184071322129,45,0

Neither Douglass nor Styer had any evidence demonstrating that an account number could cause such harm. Absent such evidence, it makes more sense to read Styer and Douglass as going beyond the FDCPA’s prohibition against the use of certain symbols and markings on envelopes to instead impose liability where a debt collection account number appears on the face of the envelope, either in plain sight or embedded in a bar code.

Looking at the envelope in Styer,  it is hard to accept how the QR code harassed or threatened Monica Styer. And using a decoder, it remains equally implausible that this jumble of letters and numbers — ONFIRI10,#K#02-12402280-[redacted]4408-2-NCOA — would indicate to anyone the purpose behind the communication.

Perhaps recognizing this flaw, Douglass and Styer focus more on the “potential” harm that the incomprehensible string of numbers and letters could possibly cause if they got into the wrong hands. But no evidence has yet to be presented demonstrating how this information could lead to identity theft or a privacy intrusion. Plainly visible on any envelope will be a debt collector’s return address and even a debt collector’s name (“if such name does not indicate that he is in the debt collection business”). A quick Internet search against that information can tell anyone a lot more about the sender of a letter in far less time and effort.

Not all courts share the belief that these numbers and letters indicate a debt collection purpose behind the letter or invade a debtor’s privacy, describing the claim as an “unreasonable and peculiar interpretation.” As another court recently wrote, “the fact that many people, entities, and organizations abhor disclosure of personal information without permission does not mean the FDCPA creates a cause of action for such disclosure.”

But these decisions offer little protection for debt collectors whose letters become the subject of a complaint in the Third Circuit.

Print Friendly, PDF & Email

Donald Maurice provides counsel to the financial services industry, successfully litigating matters in the state and federal courts in individual and class actions. He has successfully argued before the Third, Fourth and Eighth Circuit U.S. Courts of Appeals, and has represented the financial services industry before several courts including as counsel for amicus curiae before the United States Supreme Court. He counsels clients in regulatory actions before the CFPB, and other federal and state regulators and in the development and testing of debt collection compliance systems. Don is peer-rated AV by Martindale-Hubbell, the worldwide guide to lawyers. In addition to being a frequent speaker and author on consumer financial services law, he serves as outside counsel to RMA International, on the governing Board of Regents of the American College of Consumer Financial Services Lawyers, and on the New York City Bar Association's Consumer Affairs Committee. From 2014 to 2017, he chaired the ABA's Bankruptcy and Debt Collection Subcommittee. For more information, see

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.