The Consumer Financial Protection Bureau (CFPB) made its database of complaints against mortgage issuers, student loan firms, credit bureaus and other kinds of lenders available to the public for the first time on Thursday. 

The database covers 90,000 complaints with more than 1 million data points covering 450 companies.

The CFPB spreadsheet allows consumers to find the most complained-about banks in highly specific categories. For example, Capital One received the most complaints about credit cards, and Bank of America received the most complaints about traditional adjustable-rate mortgages.

It's important to note that the data isn't normalized and that banks with more customers receive more complaints.

Data can be sorted at the bureau's website by state or company. It can also be downloaded for free and used in privately developed applications. 

The agency's complaint database was released on a limited scale last year, and included only 19,000 credit card-related complaints. Thursday's announcement represents a large expansion of publicly available data. 

The bureau hopes consumers can use the information to make more informed choices about banks they do business with. "By sharing these complaints with the public, we are creating greater transparency in consumer financial products and services,” said CFPB Director Richard Cordray. “The database is good for consumers and it is also good for honest businesses."

Complaints are listed in the CFPB database only after the company responds to the complaint or after they have had the complaint for 15 days. Records include the type of complaint, the consumer's ZIP code, the company, and the resolution. Consumers' names and other personal information are not shared.

Among student loans and mortgages, about two-thirds of the complaints involve consumers who are having trouble repaying their loans, according to an analysis provided by the CFPB of complaints filed through February. Many of the mortgage complaints reflect consumers' paperwork-related frustrations when attempting loan modifications. 

Nearly three-quarters of the 6,700 complaints filed against credit bureaus involve inaccurate information. Credit card complaints are more scattered, with billing disputes making up 15 percent. A common gripe, the bureau says: Consumers don't realize they have to dispute a suspicious item on their credit card bills within 60 days.

In a blog post that accompanied the release of the data, CFPB official Scott Pluta said he hoped consumers would be creative and find new ways to examine and use the data.

"From infographics to iPhone apps, we’ve seen people do amazing things with the credit card complaint data that was available before today," Pluta said. "We encourage the public, including consumers, analysts, data scientists, civic hackers and companies that serve consumers, to analyze, augment, and build on the information in the database to develop ways for consumers to use the complaint data or mash it up with other public data sets to reveal potential trends."

The bureau plans to expand the data to other complaint categories in the future, he added.

Follow Bob Sullivan on Facebook or Twitter

More from Red Tape Chronicles:

• Celebrity hackers stole data from AnnualCreditReport.com, Equifax says
• Google pays $7 million to settle 'Wi-Spy' case filed by states
• Why consumer agency must go, and why it should be saved

The Equifax credit bureau confirmed Tuesday that criminals have stolen credit reports from AnnualCreditReport.com, the website designed to allow consumers free access to their own credit reports.

Follow @RedTapeChron

The theft  suggests criminals have outfoxed AnnualCreditReport.com’s defenses, potentially giving them access to potentially 200 million Americans’ credit reports. According to the Consumer Financial Protection Bureau, 16 million consumers use AnnualCreditReport.com annually.

The nation's three largest credit bureaus -- Equifax, Experian and TransUnion -- were required by federal legislation passed in 2003 to offer consumers one free credit report every year. The three jointly operate AnnualCreditReport.com to fulfill that obligation.

Entertainment news website TMZ first reported Monday that highly detailed personal information on international celebrities and political figures – including Jay-Z, Beyonce, Attorney General Eric Holder and Hillary Clinton – had been published on a website, and that the FBI was investigating. The same website identified in that report published additional data on Tuesday, including details about first lady Michelle Obama and Vice President Joe Biden, leading to a flurry of interest in the source of the data.  Later Tuesday, Equifax confirmed that some of the data associated with those identity thefts had been stolen from AnnualCreditReport.com.

"Equifax can confirm that fraudulent and unauthorized access to four consumer credit reports has occurred through the AnnualCreditReport.com channel, a free public service that allows all consumers to get annual access to their credit report," the company said in a statement.  "Our initial investigation shows the perpetrators had the (personal information) of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter."

The statement did not identify which credit reports had been accessed through the website or explain why more than four reports had been published on the website. 

TransUnion and Experian also confirmed unauthorized persons had managed to access the credit report data.

"TransUnion’s systems were not hacked or compromised in any way," the firm said in a statement to CNBC. "The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports. TransUnion is taking steps to assist the individuals affected to help minimize any potential impact. We are conducting our own internal investigation and working closely with law enforcement."

Experian also said its systems weren't hacked, adding that "this looks to be an isolated situation."

Consumers who attempt to obtain their credit reports from AnnualCreditReport.com must answer a series of authentication questions. Many of these are what's known as "out-of-wallet" questions -- questions that a criminal who had stolen a wallet couldn't answer -- such as, "which bank holds your mortgage" or "which of these former addresses are valid."

That means the criminals who stole the credit reports probably had access to a host of personal information about their targets, allowing them to successfully answer the authentication questions. Some of that data can be purchased from other online data brokers, culled from web pages or even determined through guesswork and the process of elimination.

The Federal Trade Commission regulated the creation of AnnualCreditReport.com and its security procedures. 

FTC spokesman Jay Mayfield said the data theft serves as another reminder to consumers that they should protect their personal information, but said the agency still recommends that consumers visit AnnualCreditReport.com or call the credit bureaus to get a free copy of their credit report every year. He would not comment specifically about the theft of the celebrity credit reports, or about the security of AnnualCreditReport.com

Consumers who hear that AnnualCreditReport.com has been compromised might be dissuaded from using the site in the future, and perhaps paying another third-party firm for their credit reports. Doing so would not enhance their security, however.  The data available at AnnualCreditReport.com could be accessed by criminals, even if the consumer never asks for it.

Issues with the authentication procedures at credit report websites have been raised in the past. Last year, security analyst Dan Clements of CloudEyez.com gave NBCNews.com a tour of websites that sell stolen credit reports. Several of the stolen credit reports viewed at the time indicated they'd been taken from AnnualCreditReport.com or other third-party websites that charge a fee for access to credit reports.

"I'm selling super prime credit reports and scores which include all three bureaus and other information," bragged one advertisement on a credit reports for-sale site.

Most of the websites were hosted in the .su domain, assigned to the former Soviet Union. The recently celebrity credit reports are also hosted on a .su web site.

In one how-to posted on a hacker bulletin board, a hacker describes one brute-force attack used to gain access to credit report websites. Most sites are protected by "challenge" questions such as, "Which bank holds the mortgage on your home?"  But there's a critical flaw, the hacker said:

"Normally all ... of them will ask you the same question," the hacker wrote.

Because the sites use the multiple choice format, it's easy to use the process of elimination and determine the correct answers, he claims.

The hacker explained that the trick is to open several credit report sites and keep trying random answers until one set works.

The recipe is highly detailed, including helpful tips such as, "Take a shot of screen to remember what answers you gave. After that click the submit button and see what it says."

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Why consumer agency must go, and why it should be saved
• Study: Facebook users want more privacy, but are nudged toward less
• Stock market gains? Not if you sold everything during the recession

Paul J. Richards / AFP/Getty Images

A Google street view mapping and camera car cruises the streets of Washington, D.C.

Google has agreed to pay $7 million to settle a lawsuit filed by 37 states and the District of Columbia over the firm’s vacuuming of data from home Wi-Fi networks around the world. The settlement ends a long chain of U.S. government legal actions against Google in what has become known as the "Wi-Spy" scandal, but Google still faces numerous legal challenges in Europe and elsewhere.

Follow @RedTapeChron

Between 2008 and 2010, Google's Street View cars, designed to take detailed block-by-block pictures, had an added feature -- they collected data broadcast out of users' homes from unsecured Wi-Fi networks.  At the time, most home routers didn't come equipped with encryption by default, so the data haul was enormous, and raised numerous privacy issues.

Google has admitted its mistake, but maintained that the collection wasn't illegal because the data was collected from public locations and broadcast by the victims in plain text. Still, the episode has been embarrassing for the company, and it has repeatedly said it has implemented new procedures to prevent a similar episode.

The most disturbing part of the Wi-Spy scandal is that Google blames it on a rogue engineer, though according to an investigation conducted by the Federal Communications Commission, the engineer told others at the company about the data collection.  It's alarming to think about the privacy disasters that could be created by a rogue employee or group of employees who work inside a company with massive data collection power, like Google. The FCC fined Google $25,000 for allegedly obstructing its investigation, but took no further action against the company.

“Consumers have a right to protect their vital personal and financial information from improper and unwanted use by corporations like Google,” said New York Attorney General Schneiderman in a statement about the attorneys general settlement. “This settlement addresses privacy issues and protects the rights of people whose information was collected without their permission. My office will continue to hold corporations accountable for violating the rights of New Yorkers.” 

Google agreed to destroy the data as part of the settlement and to launch an employee privacy training program that it must continue for 10 years. 

"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue," Google said in a statement to NBC News. "The project leaders never wanted this data, and didn't use it or even look at it. We're pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement."

The Electronic Privacy Information Center maintains a detailed list of legal actions in the Wi-Spy scandal, including links to details on ongoing investigations around the globe.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Why consumer agency must go, and why it should be saved
• Study: Facebook users want more privacy, but are nudged toward less
• Stock market gains? Not if you sold everything during the recession

If the Consumer Financial Protection Bureau disappeared tomorrow, would anyone notice?

What is expected to be a contentious Senate Banking Committee confirmation hearing Tuesday for Rich Cordray, who has been temporarily leading the bureau, offers an opportunity to examine the need for a federal agency designed to protect consumers in their financial dealings. If confirmed, Cordray gets a five-year term, but he’s certain to face a major fight from Republicans, who say the bureau is ill-conceived. We spoke to one of the agency's biggest supporters and perhaps its fiercest opponent to get some perspective. But first, a little background:

Follow @RedTapeChron

Born out of the financial crisis, the first new federal consumer protection agency since the Depression, the CFPB has had a rocky start. Republicans railed against the idea but couldn't stop Democrats from passing the financial reform legislation that created it, so instead they blocked appointment of Cordray in 2011, effectively putting the bureau into limbo. President Barack Obama then used a recess appointment to seat Cordray, setting off a battle that is still going on.

The political dispute didn't stop the bureau from shooting out the gate, however. It its 15 months of existence, it has written a host of new rules for lenders, set up a huge public database of consumer complaints and generally irritated most of the financial industry.

Many in the banking industry are still hopeful they can dismantle the CFPB, unseat Cordray and potentially undo everything the bureau has accomplished with a single court victory.

A federal court ruling in January found that another recess appointment by Obama was improper, creating the possibility that it might agree with Republicans who argue Cordray’s recess appointment was illegitimate, too. Some opponents argue that would make everything the bureau has done since his appointment void.

Expect bickering

That legal battle is still in the future, but Tuesday's confirmation hearing serves as a proxy for the fight and another chance for political posturing by both sides. There will be plenty of "Your regulations are killing jobs" vs. "Do you want a repeat of the 2008 recession?" bickering.

The discussion has potential to be a little more elevated, however, as this time the CFPB has a track record to examine.  As far as federal agencies go, it's just  a baby. But as long as we're fighting about it, it’s worth asking what the CFPB has done to prove its worth. 

In one corner ...

Todd J. Zywicki, a law professor at George Mason University with expertise in bankruptcy and contracts, says the CFPB has become exactly the monster he predicted three years ago when Congress debated its creation.

"It's turned out to be an extremely political agency,” he said. “... It's turned out to be really aggressive and arrogant in the way it behaves.”

When one of Obama’s recess appointments was invalidated, the agency response was "typical,” he said.

"They said that ruling doesn't apply to us,” Zywicki said. “What that shows is an agency that is very arrogant and out of control.”

The CFPB has unusual power among federal agencies. Unlike the Federal Trade Commission, the Federal Communications Commission and other agencies which are run by members of a commission with mixed political affiliations, the CFPB has a single agency head. It also does not have to submit its annual budget for congressional review the way other regulators must.

"They've created an unaccountable super-regulator that can and has acted as a highly political agency," Zywicki said. "If the CFPB were to go away tomorrow, it would be a boon for consumers and the economy."

Zywicki's most specific concern about the agency before its creation was that it would hurt lenders, and therefore hurt  consumers who were trying to borrow money. That has happened, he said.

"Our concern from the beginning was that it would act in a manner that would restrict credit and hurt the economy," he said. "Look at its rules on qualifying for mortgages (which impose stricter requirements on borrowers). ... It's stifling innovation (by banks) and restricting consumer choices."

He also said that the agency's new rules are disproportionately impacting the nation's smaller banks, which have smaller legal staffs to deal with them.  

"Because of the massive regulatory burden it is imposing on the economy, (the agency) is promoting a consolidation of the banking industry" by burdening small banks, Zywicki said. He could not point to a bank that closed or was sold because of CFPB rules but said that smaller community banks across the country are consistently complaining about the rules.  "It's the overall effect of regulations," he said. "It's not just the CFPB, but it is piling on."

And in the other ...

Taking the opposing view is Ed Mierzwinski, consumer program director for the consumer advocacy agency Public Interest Research Group and a vocal supporter of the CFPB creation and of Cordray. He gives the agency an "A-minus" for its work so far and has no trouble rattling off a list of accomplishments in its short life. Among them, he said, the bureau has:

• Successfully brought enforcement cases against three large credit card issuers for allegedly unfairly "upselling" products such as credit card insurance, and returned $400 million to 6 million U.S. consumers after a settlement.
• Created new mortgage disclosure documents, promoted awareness among college students about school loan debt and launched a separate effort to protect soldiers and veterans from predatory lenders, all through its “Know Before You Owe” program.
• Become the first federal agency to supervise so-called “non-bank banks” and begun to focus on products such as payday loans, title loans and other non-traditional borrowing products, as well as private student lenders.
• Worked to increase transparency, including creation of a public disclosure website that lists consumer complaints and, unlike similar databases at other agencies, allows anyone to browse the complaints, including information on the companies targeted.  Agencies such as the Federal Trade Commission do not make complaints pubic.

"The CFPB data allows (observers) to rank the companies involved. No one wants to be No. 1 on that list," Mierzwinski said. Public shaming is an effective regulatory tool, he argued, one that hasn't been used by other agencies.

When asked about the theoretical possibility that the agency could disappear, Mierzwinski said consumers would lose the benefit of actions he expects in the next 15 months, specifically related to the CFPB's recently acquired new power to regulate credit bureaus and debt collectors.

"The FTC never had the tools to go after them,” he said. “... Now for the first time, a federal agency can go into the credit bureaus and debt collectors and say, 'Show me your books.'"

Mierzwinski said the FTC has never held the credit bureaus financially accountable for credit report errors and predicted CFPB enforcement would lead to more accurate credit reports.

In a more general way, he says enforcement actions and additional regulatory oversight help all consumers, even if they haven't received a refund check based on a bureau lawsuit.

"I'm convinced that many banks eliminated those kinds of practices," such as selling credit card insurance, after a CFPB lawsuit,” he said.  "So going forward, you will see fewer unfair offers from banks. ... If you have a mortgage, going forward your servicing rules will be fairer."

Mierzwinski’s chief argument for preserving the CFPB: All other banking regulators are charged with simultaneously protecting the safety and soundness of banks on one hand, while mandating fairness to consumers on the other. That's why, for example, excessive overdraft fees were allowed for years -- when regulators weighed the interests of making banks profitable against treating consumers fairly, they often chose the former. 

"They had a conflict of interest ... and often sided with bank safety over consumer protection," Mierzwinski said.

Zywicki, the CFPB critic, said he isn't fundamentally opposed to a consumer protection agency focused on financial products, but he says he believes evidence shows that Cordray's agency is acting recklessly.

"They made a political decision that the entire financial crisis was a consumer protection problem, ignoring evidence that there were other causes," he said. "I see no indication to date that they have a serious understanding of economics or unintended consequences. Sure, there are concerns about these products. People misuse mortgages. But their behavior to date raises questions about how seriously they take economic evidence."

He disagreed that payday and other non-traditional lenders had slipped through regulatory cracks before creation of the CFPB -- they were regulated at the state level, he noted. And even in this area, he said he was concerned about the new agency's actions against high-interest lenders. 

"The concern is the same, that they will blunder based on their belief in what's going on, rather than use sound economic science,” he said. “By over-regulating those products, they could drive them out of business and could end up hurting consumers. ... Before we had alternative lending products ... we had loan sharking. We could end up there again."

It works, or it doesn't

While Zywicki wouldn't mind a dismantling of the agency, his preference would be a radical restructuring, with Corday replaced by a slate of mixed-party commissioners with less power.

"The optimal solution is a more accountable, more reasonably constructed agency along the lines of the FTC," he said. "We've been doing independent regulatory agencies for a century, and we know what works."

But Mierzwinski said the housing bubble and the recession show that the system that was in place didn't work, and says he fears that a diluted CFPB wouldn’t be able to take firm action against the powerful financial services industry.

"We would lose … the one regulator that has protecting consumers as its only job," he said. "Payday lenders could run roughshod over American consumers again without the CFPB, and credit bureaus wouldn't be brought into line."

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

Facebook, real world data brokers team up to pick online ads for you

One latte away from millions? Don't bank on it, author says

ID theft on the rise again: 12.6 million victims in 2012, study shows

What impact will Facebook's new redesign have on users' privacy? It's far too soon to tell, but a study published this week by Carnegie-Mellon University suggests that prior design changes to the social media site have nudged users into sharing more information than they want to. 

The long-term study, which followed thousands of Facebook users and their privacy choices over seven years, found that users steadily shared less information with strangers over time. But it also found that they shared more with friends, which ultimately means they shared more with Facebook and third parties like app developers, which the researchers call "silent listeners."

Follow @RedTapeChron

"People are trying to reveal less publicly ... but in fact are disclosing more to these silent listeners," report author Alessandro Acquisti told NBC News, adding that the research is the first so-called “longitudinal study” to examine Facebook user behavior.

There was one sudden reversal in the trend toward more privacy-centric choices in 2009-10, during which users who had been sharing less suddenly began sharing more, the study found. The reversal corresponded to major changes in Facebook's design.

"These findings highlight the tension between privacy choices as expressions of individual subjective preferences, and the role of the environment in shaping those choices," the report says.

Facebook had an entirely different interpretation of the data produced by the researchers.

"Independent research has verified that the vast majority of the people on Facebook are engaging with and using our straightforward and powerful privacy tools, allowing them to control what they're sharing, and with whom they're sharing,” the firm said in a statement. It would not answer additional questions about the study on the record.

Acquisti, along with fellow authors Ralph Gross and Fred Stuzman, examined the public sharing habits of 5,000 Carnegie Mellon students between 2005-2011, focusing on how frequently they posted information that any stranger could see, such as birthday, high school, political affiliation, phone, address and interests. The trend lines on open sharing of personal information like birthday and political affiliation fell steadily over the course of the study. For example, those sharing birthday information sank from 86 percent to 13 percent. 

But for other items, public sharing ticked up in 2010. The percentage of those telling the world their hometown, for example, shrank steadily until 2010, when the percentage nearly tripled, from 13 percent to 33 percent.  Those sharing their high school, address, or the favorite music and movies jumped similarly.

The authors argue that Facebook's introduction of additional privacy controls during this time actually led to consumers oversharing. Facebook also introduced pages that could be “liked,” which were linked to users’ interests, schools and other information. Links to these pages were public, by default, increasing the amount of information users shared.

"Through the addition of highly granular privacy controls, Facebook argued that individuals would be better able to share information with audiences of their choice. However, Facebook's new privacy interface proved to be confusing to users, resulting in public retractions and updates by the company," the report said. “Changes implemented by Facebook … countered privacy-seeking behavior by arresting and in some cases inverting the trend.”

Carnegie Mellon University

Charts of user information disclosure.

The report’s main finding, however, is that there are two equal but opposite trends on Facebook – users trying to share less with strangers, but also sharing more with friends and, as a result, more with Facebook and its partners.

Information shared on Facebook with friends, but not with the general public, is also shared with Facebook, which may choose to release the information to law enforcement or other entities in the future, the authors argue. Such data is also shared with third-party app creators when they obtain a one-time consent from users.

“Users aren’t reminded every time they share something with friends that they might be sharing it with an app, too,” Acquisti said.

The data is also indirectly shared with advertisers. Firms that advertise on Facebook through programs such as its new “custom audiences” platform do not receive personally identifiable information about users, but can target groups of users with particular characteristics, such as new young mothers in California.

“The fact that advertisers don't get direct access to the data is some protection, but it does not change the reality that advertisers can indirectly get at you through the data you are revealing about yourself on Facebook,” Acquisti said. “Is your privacy violated only when someone gets your name and birthdate, or if they know you are pregnant and try to send you advertisements that use this information?”

Jules Polonetsky, director of the Future of Privacy Forum, a privacy-related think tank that is supported by corporations, said he saw more positive than negative in the Carnegie-Mellon report.

“I think the most interesting thing about the report is that it shows that Facebook started out as a very public place, and over time it evolved into a place where you primarily share things with your friends, and that's a good thing,” he said. 

He disagreed with the description of third-party app developers as “silent listeners,” noting that users give permissions to apps so they can automate tasks that they could do manually, such as finding out if a friend is playing “Worlds with Friends.” He also said that Facebook is doing a good job at keeping advertisers at arm’s length from the data it has on users, and the firm has learned that it doesn’t need to nudge users into oversharing to make them useful to advertisers.

“Ironically, the success of their advertising model may be dependent on more people doing more and more, and sharing more, but doing it privately,” he said. “The sweet spot Facebook has started finding is users don’t need to share things publicly for it to be able to monetize them in an advertising-supported network.”

The crux of the debate lies along this razor’s edge: Just how private is information shared privately with Facebook? And are users being induced to share more than they want to?

In previous studies, Acquisti’s research has shown that more granular privacy controls actually encourage users to share more information about themselves, and they can also distract users from noticing important privacy choices. He calls this the “paradox of control.”  

“I don’t want to say it’s a seduction, but you could call it a nudge,” he said. “…The consequence of providing granular control settings is that users become more comfortable with revealing more and more sensitive data. People focus when they are about to put up a new post on whether they want to share that with friends or friends of friends. But you don’t get the option to say, ‘I don’t want Facebook to see this, or I don’t want a third-party app to see this.’”

*Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

 Facebook, real world data brokers team up to pick online ads for you

One latte away from millions? Don't bank on it, author says

ID theft on the rise again: 12.6 million victims in 2012, study shows

Plenty of investors are celebrating as the Dow Industrial Average set a record on Tuesday … but some Americans aren’t invited to the party.

Families who were forced to raid their retirement savings during the recession because of unemployment lost more than the money they withdrew.

The Dow has more than doubled since the low point of the 2008 recession. But families like Jacquelyn and Chris Goss, both in their mid-40s, have missed out on all of that.

The Gosses, who live in Point Pleasant, N.J., aren't doing badly. But they aren't doing well, either. 

The couple has three children and a mortgage, and despite Chris's new job, the family still seems to run out of money before the end of every month.

"Compared to many couples our age we are very fortunate, but I am always kind of surprised that we are not further ahead or even remotely where we thought we would be by now," Jacquelyn said recently, writing to the Red Tape Chronicles to ask for help with her family's finances. 

Adding to their financial anxiety -- Chris was out of work last year, and they raided their retirement accounts to survive.

Staring at three potential college students and still paying off Jacquelyn's student loans, they have no idea how they can even start saving for their retirement.

"I can never understand why no matter how much you make … every raise, promotion … never seems to make a difference," she wrote. "As you can see, we could use some guidance."

Click play above to see their story, and discover some of the ways we discussed putting their family on more solid financial footing.

*Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Facebook, real world data brokers team up to pick online ads for you
• One latte away from millions? Don't bank on it, author says
• ID theft on the rise again: 12.6 million victims in 2012, study shows

Desperate consumers who are out of borrowing options are using their automobiles as collateral and paying $3.5 billion a year in interest for the so-called "title loans," the Center for Responsible Lending said in a report issued this week.  The average loan is $950, and borrowers take on average 10 months to repay the loans, meaning they'll spend $2,140 to borrow the money, the report said.

The size of the title loan market is roughly equal to the size of the payday loan market, which has received far more attention from regulators, according to the report. Title loans are only allowed in roughly half of U.S. states, making the size of the market even more surprising, said report author Uriah King.

"The market size is comparable because of the sheer size of the title loans," said King, adding that title loans are, on average, roughly three times larger than payday loans: Some 7,730 lenders make $1.6 billion in title loans annually, the group estimates.

The consumer group estimated the size of the market, and drew other conclusions about title loans, based on loan-level data from a lender made public as the result a lawsuit filed against the industry.

Aggressive late-night television ads pitch title loans as a solution for consumers who find themselves needing short-term loans but can't use standard options, such as credit cards. Generally, consumers can borrow up to 26 percent of the assessed value of their car, which they must own free and clear. Loans are often issued at 25 percent interest per month: In other words, it costs $250 to borrow $1,000 for a month.  The risk, of course, is that borrowers can lose their cars to repossession if they default. Borrowers must often leave a copy of their car key with the lender to make repossession easy.

Another unique and concerning characteristic of title loans: Issuers often don't make any assessment of a borrower's ability to repay the loan.  In fact, some brag in advertisements that they don't run credit checks, and borrowers don't need to prove employment to obtain the loans. 

To lenders, there is almost no risk in the loans, because they are "completely collateralized," King said.  Borrowers are highly motivated to repay the loan because their automobiles are usually their most valuable piece of property – most borrowers are renters -- and cars are needed for transportation to work. 

Repossession, which costs an additional $300 to $400 in fees, means outstanding loans nearly always are repaid.

"This is a loan of virtually no risk," King said. "I heard one branch manager say these are 'all blue sky' loans, because as soon as one interest payment is made, the rest is all (profit)."

Title loans, like payday loans, have long fallen into a gray area for regulators because they are non-traditional, short-term lending products. Until the creation of the Consumer Financial Protection Bureau (CFPB), lenders did not have to answer to federal lending regulators and were governed only by state laws. When the CFPB was created, its regulatory powers were extended to such short-term loan instruments.

Payday lenders argue that annual percentage rates and other standard loan measures are unfairly applied to their product because consumers often borrow money for only a few weeks.  So expressing a $20 fee for a two-week $200 loan as having a 2000 percent APR, for example, doesn't fairly represent the true cost of the lending product, they say.

However, the Pew Center for the States reported recently that the average payday borrower takes five months to repay a loan, arguing that annual percentage interest rates are indeed relevant to assessing those loans. 

There is no such debate in title loans, however, King argues, because of the size of the loans.

"There's no way this loan is getting repaid in a month, it's just not going to happen," he said. "A lot of middle-class families would struggle to pay off a $1,200 loan (average interest plus principal) in a month." Instead, the loans typically are renewed each month for an average of 10 months, he said.

Calls and e-mails to the two top title loan issuers, Title Max and Loan Max, went unanswered. On its website, Title Max says it has more than 1,000 title lending stores across 12 states and provides car title loans to more than 2,000 people daily,

A chat operator for TitleMax said she would pass on NBC News' inquiry to officials at the company.

"I have done all that I can do. This is the sales chat, like I have stated before. Your best option would be to contact customer care all I can do is pass this information to them," said the operator, who identified herself as "Tiffany."  Calls to customer service went unanswered.

The title loan industry set up a trade group and political action committee, the American Association of Responsible Auto Lenders, several years ago to champion its product. The group's website is no longer functional, and calls to former board members went unanswered.  It did submit a public comment in 2011 to the Consumer Financial Protection Bureau, arguing against that agency's intentions to regulate the industry. A copy of the comment letter was provided to NBC News by the Center for Responsible Lending.

In the letter, the group argues that title loans are a good alternative for consumers who can't borrow money from other sources.

"Our customers prefer auto title loans to alternatives such as overdraft fees, bounced check fees or late fees that may also have negative credit consequences," said the association.

The letter claimed that 1 million consumers obtain title loans worth $6 billion annually, but also said the industry was substantially smaller than the payday loan business, which it pegged at $38 billion annually. The size of the payday loan industry is disputed because of how consumer groups and industry groups count recurring loans.

The association said the average title loan was under $1,000, and was typically repaid in six months. 

"Auto title loans are often the only legitimate option that individual and small business owners have, since in many cases their low credit scores would exclude  them from doing business with commercial banks and credit unions even if these institutions were willing to lend in the amounts typically sought by auto title borrowers," the association wrote.

It also argued that only 6 to 8 percent of cars used as title loan collateral are repossessed. The Center for Responsible Lending reported that nearly 17 percent of title loan customers face repossession fees. King said it has no way of knowing how many of those cars are ultimately repossessed.

"I'm actually surprised that repossessions aren't higher," King said.

The Center for Responsible Lending argues that title loan firms should be required to assess borrowers’ ability to repay before issuing loans, and that interest rates be capped at 36 percent.

 *Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

• Facebook, real world data brokers team up to pick online ads for you
• One latte away from millions? Don't bank on it, author says
• ID theft on the rise again: 12.6 million victims in 2012, study shows