Debt Collection Specialists | Sydney | LCollect
Debt Collection Agency | LCollect

Debt Collection News

At LCollect we believe that knowledge is power. Every month our debt collection blog gives you practical tips, stories and news from around Australia and the world.

Cash Converters Fined $650K For Breaching Guidelines

Thursday, June 28, 2018 - Posted by Michael McCulloch

Cash Converters has again found itself in the spotlight for all the wrong reasons with ASIC finding that the company failed to meet regulatory guidelines and breaching the ASIC and ACCC Debt Collection Guidelines.

An ASIC investigation found that the pay day lender routinely breached the frequency of contact guidelines of 3 times per week or less than 10 times a month -

5. Frequency of Contact
(c) Unnecessary or unduly frequent contacts may amount to undue harassment of a debtor. We recommend that you do not contact a debtor more than three times per week, or 10 times per month at most (when contact is actually made, as distinct from attempted contact) and only when it is necessary to do so. This recommendation does not apply to face-to-face contact which is specifically addressed below. 

The investigation also uncovered that a related company, Safrock Finance Corporation (QLD), was also found to have provided incorrect information to a credit reporting agency. The error resulted in 38,500 customer being reported  inaccurate amount owing over a 1 month period. According to ASIC the financier has since worked with Equifax to ensure all incorrect credit listings have been removed.

ASIC has since imposed licence conditions on Cash Converters which includes outsourcing all of their debt recovery to a 3rd party collection agency and must seek consent from ASIC prior to bringing these activities back in-house.

In retribution this time around, Cash Converters has paid $650,000 in community benefits payments to the National Debt Helpline for breaching the Guidelines.

Peter Kell, ASIC Deputy chair, said in a statement to the media, "Consumers expect to be treated fairly and in a manner that complies with consumer protection laws. ASIC expects all financial service providers to have appropriate systems and controls in place to ensure that debt collection practices are consistent with the guidelines. It is also critical that licensees ensure that credit information provided to credit bureaus is accurate."

This is not the first time that Cash Converters has been investigated by ASIC. You may recall that in our May 2017 blog post that Cash Converters were fined and paid $1.35 million in penalties for breaching responsible lending conduct provisions and refunded consumers $10.8 million in fees through a consumer remediation program.

You can download a copy of the ASIC and ACCC Debt Collection Guidelines from their website.

Source: TheAdvisor - May 2018

Small Business Face Bankruptcy For Data Breaches

Tuesday, February 27, 2018 - Posted by Michael McCulloch

With the new cyber data breach notifications having come into effect from 22 February a study by Xpotentia shows that up to 124,000 businesses over the $3 million threshold are not ready for the new rules.

Businesses with an annual turnover of more than $3 million that trade in personal information must notify affected individuals of any data breach that is likely to result in "serious harm". The business must also inform the Office of the Australian Information Commissioner ("OAIC"). A failure to comply may incur penalties of up to $420,000 for an individual and $2.1 million for companies which has triggered warnings that a failure to notify the OAIC could result in some businesses being made bankrupt.

The Xpotentia study noted a significant number of data breaches over the years with a survey in 2017 by Telstra showing 59% of Australian companies had detected a data security breach on a monthly basis. The study also showed that 1 in 4 Australians were targeted by hackers last year with almost 50,000 Australians and 5,000 public servants from the Department of Finance, the AEC and NDIS all having data exposed after a security breach by a private contractor.

Xpetentia Managing Director, Sorina Toma said of many small businesses, "They might actually have their entire customer data base on a simple PC. You are talking about ¬≠businesses that employ 10 to 12 people and they have a few computers and they are totally exposed. A lot of the time, a small business might not know a breach has happened". Mr Toma recommended that many small businesses look at securing their data with additional software and hardware such as firewalls and encouraged business owners to invest in a chief information security officer to identify threats and vulnerabilities.

Cyber Security Minister, Angus Taylor, said, "Not knowing how to protect client or customer data is becoming a poor excuse. There is a lot of information now available on cyber sec¬≠urity. The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches.”

Learn more about the changes, preparation and response at Data Breach Preparation and Response - A Guide to Managing Data Breaches in Accordance with the Privacy Act 1988.

Source: The Australian - February 2018

CIO Releases Credit Reporting Fact Sheet

Wednesday, November 29, 2017 - Posted by Michael McCulloch

The Credit & Investments Ombudsman ("CIO") has this month released a new fact sheet, "Credit Reporting: Enquiries".

The fact sheet covers:

  • What is a credit enquiry?
  • Why would a credit provider need to access my credit report?
  • What information is included in a credit enquiry?
  • Is my consent needed for a credit provider to access my credit report?
  • How long does a credit enquiry stay on my credit report?
  • What if I did not make an application, and the enquiry is incorrect?
  • Do credit enquiries negatively affect my credit report?
  • Can my application be declined because of the information in my credit report?
You can download a copy via our website here.

OAIC Introduces New NDB Scheme

Monday, October 30, 2017 - Posted by Michael McCulloch

The Office of the Australian Information Commissioner ("OAIC") has recently published new draft resources for the Notifiable Data Breaches ("NDB") scheme which commences on 22 February 2018.

The resources include:

  • Assessing a suspected data breach;
  • What to include in an eligible data breach statement;
  • New online forms to assist organisations in preparing a statement about an eligible breach to the OAIC; and
  • A new chapter in the OAIC's Guide to Privacy Regulatory Action on data breach incidents.

The NDB obligations apply to business, the Australian Government and other organisations already bound by the Privacy Act to keep information secure. Generally, small businesses with a turnover of less than $3 million will not have any obligations under the scheme.

Feedback can be provided to the OAIC regarding the draft changes via email before 23 October 2017.

Source: - 29 September 2017

Recording Payment Defaults

Thursday, June 29, 2017 - Posted by Michael McCulloch

It has now been 3 years since we covered the process involved in recording a payment default with a Credit Reporting Body ("CRB") such as Equifax.

While the process has not changed we believe that it would be an ideal time as a refresher for those that may not be familiar with the process.

Assuming that a clause exists in your Contract or Agreement to record a payment default with a CRB, any debt regulated by the National Consumer Credit Protection Act 2009 (Cth), must be issued with a series of code compliant Notices before a payment default can be recorded.


What Is It?
The s88 Default Notice advises the customer that their account is in arrears, the amount currently in arrears and the time in which they have to remedy the default. The Form 12A which is attached to the s88 Default Notice provides the customer with information about their rights including information about financial hardship and the dispute resolution options available.

When It Must Be Given
The s88 Default Notice must be issued 30 days prior to commencing enforcement action. This includes listing default information with a CRB. The CR Code recommends that an additional 5 days be added (35 days in total) for postage.

Can It Be Combined?
The s88 Default Notice can be combined with a s6Q Notice however it cannot be combined with a s21D Notice.


What Is It?
The s6Q Notice informs the customer of the overdue payment amount and requests payment of that amount. This Notice indicates to the customer that the amount can be reported to a CRB once that amount is 60 days overdue.

When It Must Be Given
The s6Q Notice must be given prior to disclosing default information to a CRB.

Can It Be Combined?
The s6Q Notice can be combined with the s88 Default Notice however it cannot be combined with a s21D Notice.


What Is It?
The s21D Notice advises the customer that the credit providers intends to disclose default information to a CRB.

When It Must Be Given
The s21D Notice must be given at least 14 days prior to disclosing information to a CRB and not more than 3 months prior to disclosure.

Can It Be Combined?
The s21D Notice cannot be combined with a s88 Default Notice or s6Q Notice.


  • If a s6Q Notice is combined with the s88 Default Notice once the s21D Notice has expired only the arrears can be listed with a CRB.
  • If a creditor provider intends to list the full outstanding debt with a CRB a separate s6Q Notice must be issued and allow 30 days for this Notice to expire.
  • To issue a s6Q Notice the amount in arrears under the Credit Contract must be in excess of $150.
  • Before a default can be listed with a CRB the default amount must have been outstanding for more than 60 days.
  • The payment default must be reported to the CRB within 90 days after issue of the s21D Notice.
  • A payment default cannot be reported with a CRB where the customer is claiming financial hardship.
  • A payment default cannot reported with a CRB where the matter is before an External Dispute Resolution ("EDR") board nor 14 days after the dispute is determined.


You can download our suggested flowchart of this process here.


This article does not constitute legal advice and should not be used as such. You should obtain your own independent legal advice before acting on or relying on the content of this article.

Veda To Refund Customer After Privacy Rule Breach

Monday, February 27, 2017 - Posted by Michael McCulloch

Veda Advantage has recently been forced to refund thousands of customers after an investigation by the Office of the Australian Information Commissioner.

This follows a series of complaints made in late 2014 to the Financial Rights Legal Centre, Consumer Action Law Centre, Financial Counselling Australia and the Australian Privacy Foundation where consumers elected to utilise the paid service to obtain copies of their credit reports under Veda's expedited delivery.

The Privacy Commissioner found that Veda breached a series of privacy rules including:

  • Charging for “expedited delivery” of a credit report where the consumer had not sought access to a credit report in the previous 12 months;
  • Failing to prominently state on its websites that consumers have a right to obtain their credit reporting information free of charge;
  • Did not take reasonable steps on its websites and phone line to ensure that the option of free access to a credit report was as available and easy to identify as access to paid credit reports; and
  • Used personal information it held on consumers for the purposes of direct marketing in breach of privacy rules.

Kat Lane, Financial Rights Legal Centre Acting Coordinator said in a statement, "This is a big win for consumers who simply want free access to their credit report as is their entitlement under the law. The Privacy Commissioner has confirmed that consumers are entitled to a free report and gaming of the system to advantage the commercial interests of credit reporting agencies is not allowed."

A small number of other allegations were not upheld by the Commissioner. These related to:

  • Veda not including ‘Vedascore’ information in free reports: the Commissioner found that the Veda Score was not information ‘held’ by Veda, rather it is dynamically generated at the point of application;
  • Veda not providing the credit report within 10 days: the Commissioner found that there was no evidence of a systemic problem rather the incident complained of was a singular breach;
  • Veda charging for credit reports when a consumer hadn’t received a free report: The Commissioner found that if a consumer has had the opportunity to choose a free credit report but chooses a paid report in the hope for additional value, then this is not a breach; and
  • Veda excessively charging for credit reports after a free report has been provided: The commissioner found that there was not enough information to know whether $79.95 is excessive.

Ms Lane went on to say, "While we are disappointed with the findings on these points, the central principles hold: consumers are entitled to a free credit report and credit reporting agencies can’t manipulate the system for their own commercial advantage. We expect the Privacy Commissioner to oversee both Veda’s refund process and implementing the required changes to their phone service and websites.”

In response to the investigation a Veda spokeperson said, "Veda will be taking action in relation to two complaints: Within six months we will enable phone requests for free credit files, in the same way as may be made for premium products. Customers who purchased a $69.95 MyCreditFile express credit report on or after 12 March 2014 may be eligible for a refund - Veda will be alerting eligible customers."

Read the decision and reason for decision of Australian Privacy Commissioner, Timothy Pilgrim, here.

Source: The Sydney Morning Herald - Credit Reporting Bureau Veda to Refund Customer After OAIC Found It Breached Privacy Rules

Veda Stops Removing Court Judgments

Thursday, September 29, 2016 - Posted by Michael McCulloch

Earlier this month we received an enquiry where a Judgment had not been removed from a credit file. As the process hasn't changed for some time we thought that we would investigate this further.

Historically if a Notice of Discontinuance was filed, Veda Advantage would remove the adverse Judgment from the credit file once notification from the Court was received.

With the introduction of  Comprehensive Credit Reporting we believe that Veda Advantage found this to be inappropriate as this avenue could potentially allow a previously bad debtor to be advanced further credit and significantly improve their risk profile which has the potential to mislead a future credit provider.

Having made enquiries we have confirmed that Veda Advantage have made a recent decision not to remove Default Judgment from a credit file even after the filing of a Notice of Discontinuance or Consent Orders. This will effectively mean that any Default Judgment will remain on a credit file for the mandatory 5 years with no avenue for removal unless a complaint is lodged with the Office of the Australian Information Commissioner and it is proven that the Default Judgment was listed in error.

We will continue to monitor this situation as time goes on to ascertain if Veda Advantage change their stance.

SA Government Names And Shames Fine Defaulters

Thursday, September 29, 2016 - Posted by Michael McCulloch

The South Australian State Government currently has a public listing of names supplying details of debtors that have unpaid fines.

The listings, launched in  2014, currently lists 116 individuals and 2 companies that have failed to address their debt and have either failed to make payment in full or made payment arrangements. The list currently totals debts of $3.1 million with the average debt $26,295. Overall over $400 million in unpaid fines and defaults are owing. You can view the list here.

In addition to the "name and shame" file the South Australian State Government has also commenced seizing motor vehicles, vehicle clamping and referring debts to debt recovery companies. To date 4 vehicles have been seized with another sold in which to partly satisfy a debt.

We are assuming that after reasonable attempts to collect the debt have been undertaken that the debtor is given advance warning of the debt being recorded on a publicly available database so as every opportunity is afforded to the debtor to avoid what could be seen as public humiliation.

At the time of publishing the Office of the Australian Information Commissioner had not responded to a request for their take on publicly listing fine defaults.

Christians Against Poverty Data Breach

Friday, August 12, 2016 - Posted by Michael McCulloch

We have today received correspondence from Christians Against Poverty ("CAP") advising of a data breach at the beginning of the month where some systems were compromised in their UK data centre.

In a message on their website Aimee Mai, CEO of CAPI Australia and New Zealand, said:

"On 1 August 2016 CAP UK identified some suspicious activity on the computer systems that are responsible for the development of CAP Australia's systems. This presents a potential security risk for those whose data is held by Christians Against Poverty.

Investigations show that some, but not all, of our systems were compromised last week. As soon as we identified this IT security experts were called in. They confirmed that although the servers and systems were well protected, we have fallen victim to a sophisticated, illegal, external attack.

Unfortunately, this means that details belonging to supporters and clients (both current and former) may have been accessed. These details could include full or partial names, addresses, email, phone numbers, and in some instances, bank account and credit card numbers. I’m really disappointed that this has happened, and we are taking immediate steps to address this issue.

We are in the process of contacting all affected people and have set up a web page to answer many common questions. We also have a dedicated email address and phone line for anyone with further queries or concerns".

We have confirmed that a page has been setup on their website here that answers some questions and provides an email address and contact number for those that may be concerned about their data.

What we have found alarming is that the correspondence sent to us was dated Tuesday, 9 August which is over a week since the breach was known and subsequent searches of media outlets across Australia has failed to locate any reference to the breach.

So what should you do if there is a breach of personal and / or sensitive information? The Office of the Australian Information Commissioner has some great information that you can download here.

Update 16/08/2016: On 2 occasions prior to the release of our August 2016 newsletter we have asked the OAIC for a response to the breach. This was done via email and social media and to date we have not received a response. We will update this blog post if / when a response is received.

Update 25/08/2016: We have now received a written response from OAIC which we have reproduced below:

Thank you for your email.

Data breach notifications are generally provided on a confidential basis and it is not standard practice for the OAIC to make a data breach notification public. The intention of the notification is for the OAIC to review the steps taken to contain, evaluate, notify affected individuals and prevent future breaches and to consider if they are appropriate in the circumstances.

For more information on how the OAIC expects an APP entity to respond to a data breach, please see our DBN Guide.

Credit Reporting Information

Thursday, August 11, 2016 - Posted by Michael McCulloch

How long will this stay on my credit report?

It is a question that anyone that works in the debt collection industry will no doubt be asked several times a week and one that if you get wrong could cause some problems.

This month we delved into the archives and did some research of the Office of the Australian Information Commissioner ("OAIC") website which has a host of information and fact sheets that you can download to assist you.

The answer to our question lies in Privacy Fact Sheet 36 which you can download here or you can view our quick summary below:


Listing Type

Retention Period

Repayment History Information

2 Years

Payment Default

5 Years

Court Judgments

5 Years


5 Years

Part IX Debt Agreement

5 Years

Part X Debt Agreement

5 Years

Serious Credit Infringements

7 Years

For further information we recommend that you contact the OAIC or your credit reporting agency.

Recent Posts



Copyright © LCollect 2019 | All Rights Reserved | Licensed Mercantile Agent License #409661517 | ABN 44 089 892 688 |
Australian Credit Licence #430659
HomeSite Information | Privacy Policy