Third Circuit Finds Debt Collector Violated FDCPA by Sending an Envelope With a QR Code That Revealed the Debtor’s Account Number When Scanned

The United States Court of Appeals for the Third Circuit recently affirmed a District Court’s decision granting a debtor’s motion for summary judgment and finding that a quick response (“QR”) code printed on the outside of an envelope that revealed the debtor’s account number when scanned violated the Fair Debt Collection Practices Act (“FDCPA”).  See DiNaples v. MRS BPO, LLC, 934 F.3d 275 (3d Cir. 2019).  In the case, the defendant debt collector sent a collection letter to the debtor, and the outside of the envelope included a QR code.  When scanned by a smartphone app, the code revealed the debtor’s internal reference number with the debt collector.  The debtor then brought this class action, alleging that the QR code on the envelope violated the FDCPA, which prohibits a debt collector from using “any language or symbol, other than the debt collector’s address, on any envelope when communicating with a consumer by use of the mails.”  See 15 U.S.C. 1692f(8).  The District Court granted the debtor’s motion for summary judgment.   

On appeal, the Court affirmed.  First, the Court addressed whether the debtor had standing to bring this action under the Spokeo standard, which requires the plaintiff to suffer an injury that is “concrete and particularized.”  See Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1547 (2016).  The Court found that she had suffered concrete harm:  “Disclosure of the debtor’s account number through a QR code, which anyone could easily scan and read, . . . ‘implicates core privacy concerns.’”  Second, the Court found that the presence of the QR code violated the FDCPA.  In doing so, the Court relied on its 2014 decision of Douglass v. Convergent Outsourcing, 765 F.3d 299 (3d Cir. 2014), in which it found that a letter that disclosed the debtor’s account number through the envelope’s clear plastic window violated the FDCPA.  The Court rejected the debt collector’s argument that the presence of a QR code is different from the presence of an account number, because the only way a third party could discover the account number from a QR code would be by “unlawfully scanning” the envelope, which would be “akin to opening a letter addressed to another.”  The Court found that “[t]here is no material difference between disclosing an account number directly on the envelope and doing so via QR code ––the harm is the same, especially given the ubiquity of smartphones. Whether it is illegal to scan someone’s mail, as [the debt collector] argues, is beside the point.”

For a copy of the decision, please contact Michael O’Donnell at, Michael Crowley at, or Dylan Goetsch at