The class action claim bots are coming! (Actually, they’re already here)

By: Alison Frankel

Technology has made a brave new world of the class action claims process, helping plaintiffs’ lawyers and claims administrators locate and notify more class members than they ever could with the old blunderbuss methods of mailing out postcards or running ads in widely circulated magazines. That’s a fantastic development. But it’s not risk-free.

Here’s the proof. Last spring, when plaintiffs’ lawyers from Kerr & Wagstaffe and Phillips Erlewine Given & Carlin reached a $5.3 million settlement with eight app sellers accused of improperly accessing data stored on users’ Apple devices, they wanted to reach as many of the millions of people in the class as possible. From the defendants, including Instagram, Twitter, Foursquare and Yelp, they obtained email addresses for more than 13 million potential users. Those users all received email notice of the class settlement, along with instructions for filing a claim at the website set up by the claims administrator, KCC Class Action Services.

KCC also published notices about the settlement on Twitter. When class members filed claims, KCC could figure out whether they originated from emails or from Twitter because the email notices provided class members with a unique ID; class members who responded via Twitter didn’t have those individual claim IDs.

The Twitter campaign was a big success. In all, according to plaintiffs’ Nov. 30 motion for final approval of the settlement, about 88,000 class members filed claims, based on about 300,000 downloaded apps. More than half of those claims – about 46,000 claims, according to Michael von Loewenfeldt of Kerr & Wagstaffe – traced back to Twitter. The Twitter notices, in other words, doubled the claims rate, which plaintiffs’ lawyers calculated to be more than 4 percent (based on their estimate that 7 million app downloads were at issue in the case).

But there was a hitch, as plaintiffs’ lawyers disclosed in an administrative motion filed on the same day as their motion for final approval. About 6,000 Twitter-originated claims appeared to be fraudulent.

KCC senior project manager Lana Lucchesi explained how the administrator spotted the fakes in an accompanying declaration. The biggest giveaway: More than 5,400 of the suspicious claims were filed and submitted from the same IP address. Nearly 1,000 of the claims from that IP address were from people who purported to live in what turned out to be a single-family home in Toledo, Ohio. (The claims cited nonexistent apartment numbers going as high as 988.) The other 505 suspicious claims came from 11 IP addresses, some of which used botlike techniques of changing a single letter in names or street addresses to file multiple claims.

U.S. District Judge Jon Tigar of San Francisco directed KCC to send emails requesting additional information to all of the suspicious claimants. Only two responded, according to a Jan. 11 declaration from KCC’s Lucchesi. One response was from a real class member whose name was apparently also used by fraudsters who asserted claims. The other was from an IP address that used name variations such as “Stephen Galik Galik” and “S MC Galik Galik.” Spotting inconsistencies between the original claims and the followup response, KCC was unpersuaded the claims were bona fide. The administrator told Judge Tigar it believed all of the nearly 6,000 suspicious claims it had previously flagged were fraudulent.

On Wednesday, as the San Francisco Recorder was the first to report, Judge Tigar referred the apparently fraudulent claims to the U.S. Attorney’s office for investigation.

Interestingly, Lucchesi’s original declaration suggested KCC has run across the same fraud in other class actions. She said one of the telltale signs in the app case was the use of IP and street addresses “known to KCC” because they were “associated with prior fraudulent claims.”

She didn’t say anything else about fraud in other cases, but it seems fair to say, based only on what we know from the app class action, that claims administrators and class counsel are going to have to be wary of bots attempting to take advantage of class members.

It boggles my mind that anyone capable of designing a bot can’t think of a more effective way to run a scam than filing small-dollar claims in a class action. The small stakes in most consumer cases, in fact, have always been regarded as a disincentive for fraud: the average recovery for class members in the app case is expected to be $39.

But as class action notice expert Todd Hilsee pointed out in an interview Wednesday, the mass scale of bot fraud may provide economic justification. KCC and class counsel estimated the total size of the scam in the app case to be $400,000. Thirty-nine bucks isn’t much of a payoff for a fraudster, but nearly half a million dollars is.

Hilsee told me he’s worried that claims administrators, who are facing competitive pressure, don’t have the resources to keep up with the bots. “We’ve created a very difficult challenge,” he said. “The risk is great that we’re not catching this.”

App class action lawyer von Loewenfeldt, on the other hand, said the exposure of the apparently fake claims in his case shows administrators are doing a good job. Claims processes that are open to public always present a risk of fraud, he said, and after this case, “I’m going to be more than alert.” But the Twitter campaign that opened the door to scam artists, von Loewenfeldt said, also brought more than 40,000 legitimate claims into the case.

“The benefit of having broader notice vastly outweighed the inconvenience of sorting out 6,000 (fake) claims,” von Loewenfeldt said.

I have a feeling this won’t be the last case that forces us to test that balance.