Curt Miller was just trying to get a free annual credit report, his right under both federal and New Jersey law, when he uncovered something disturbing.
Miller, of Moorestown, mistyped www.annualcreditreport.com - the Web address of the so-called Central Source established by the Big Three credit bureaus a decade ago to comply with a new federal mandate. He apparently made a simple error, just double-striking a key.
Where did he wind up instead? At www.FreeScore360.com, a website that sells credit reports, credit scores, and credit monitoring under the ScoreSense brand name. ScoreSense charges a $1 "processing fee" to provide credit scores and credit reports to consumers who agree to a seven-day "free trial." After seven days, customers are charged $29.95 a month by ScoreSense's owner, One Technologies L.P.
Last week, I told you about another consumer, Mel Kreiner, who accidentally landed at another site owned by One Technologies after using Google to search for "annual credit report." A search ad sent him not to the Central Source site, but to www.freescoreonline.com.
One Technologies identifies itself online as "the proud owner" of that site, as well as of ScoreSense, FreeScore360, and more than 40 other similarly named sites.
But One Technologies doesn't list all the websites being used to pitch its services. On Friday, company vice president Shon Dellinger told me that One Technologies wasn't even aware of at least 11 such sites until I contacted the company after Miller's complaint.
What Miller found is that One Technologies is drawing visitors via so-called typo-squatting websites - a problem that has bedeviled online commerce since the Web opened for business two decades ago.
Add an extra "n" to annual in www.annualcreditreport.com, and guess where you land. FreeScore360. An extra "u" or a double "a"? It doesn't matter where in the word, aannual or annuaal. Either mistake lands you in the same place: FreeScore360. So do at least seven other simple, double-strike typing errors.
Dellinger said One Technologies doesn't own the addresses in question, and said he believes they may be controlled by companies "attempting to send us traffic in violation of our third-party marketing guidelines." He promised to keep me posted on his investigation. Stay tuned, and I'll do the same.
Meanwhile, it's fair to say this much: Even if One Technologies is a victim, too, the problem Miller identified reflects broader problems on the Wild West Web, particularly around credit-file products.
With crucial traffic at stake, companies often spend big to lock up cybersquatters' domains, or to challenge them as trademark violations. Mistakenly double-strike any letter in Amazon and you still get to Amazon.com's website. The same thing happens if you miss the initial "a" and instead type an "s," next door on the keyboard.
On the other hand, big companies sometimes appear stuck - or perhaps just negotiate a share of the spoils. Type an extra "a" at the start of Apple's address, and you don't get to Apple.com. Instead, you land at Amazon.com's "authorized reseller" Apple store.
But with credit files, the normal marketplace incentives don't apply. The Big Three don't profit directly from your free reports, but they do profit indirectly if you pay for services such as ScoreSense, which have to purchase data from credit files the bureaus maintain.
Perhaps most disturbing is that regulators and the industry knew about this problem all along, and tried to address it early - apparently with limited success.
Before the Central Source's December 2004 launch, the Big Three and the Consumer Data Industry Association said they had bought more than 200 potentially confusing domains - sites that CDIA president Stuart Pratt said last week were still locked up.
Even after that, the nonprofit World Privacy Forum said it had identified 233 domains using some variant or near misspelling of www.annualcreditreport.com. The Federal Trade Commission then warned operators of at least 130 such sites about laws barring unfair and deceptive practices.
Nearly eight years later, consumers are still - or once again - being misdirected.
"It's a clear deception," said Pam Dixon, the privacy group's executive director.
It's time for the credit bureaus' regulators, the FTC, and the new Consumer Financial Protection Bureau to act.