Lifelock's Lost Combination

Court: Lifelock Using 'Unfair Business Practice' -The Red Tape Chronicles

Back in April 2008, APRPEH posted: Lifelock Getting Picked. At that time, Lifelock and its over-exposed CEO Todd Davis was at the beginning of a slew of legal issues. Well finally, the Experian case may have hammered the first nail into the coffin of Lifelock. According to the above story, Lifelock's procedure of proactively placing fraud alerts is an "unfair business practice". U.S. District Judge Andrew Guilford of the Central District of California ruled that

"Experian clearly incurs costs each time it must process a fraud alert made by LifeLock. These costs include the costs of allocating Experian’s electronic resources and employee time, plus the maintenance costs of Experian’s toll-free telephone number and Web page used to accept fraud alert requests," he said. "Experian also incurs postage and printing costs in mailing disclosure letters to each consumer on whose behalf a fraud alert is requested."

As was pointed out in the article, Lifelock will continue to place 90 day security alerts either with Trans Union or Equifax which pursuant to the Fair Credit Reporting Act, will also be automatically activated with Experian too. The big question is whether or not Trans Union and/or Equifax will press the issue and request Lifelock to stop automatically placing and renewing security alerts as well. Or, will either Trans Union or Equifax cut a deal with Lifelock? If I were forced to guess on this, I would expect both Equifax and Trans Union (which has worked with Lifelock in the past) to cut a deal provided there is adequate financial reason for the bureaus to do so. Lifelock claims that if they are prevented from performing their primary offering of automatically renewing security alerts they will continue to provide other services.

Lifelock's other services, besides the security alert include an internet privacy scan service and "Wallet Lock" which amounts to someone asking you, with apologies to Capital One, "Whats in your Wallet?" in the event you lose it and "help you contact each credit card, bank or document issuing company, cancel your affected accounts and complete the paperwork and steps necessary to replace your lost documents, including your credit/debit cards, driver's license, social security card, insurance cards, checkbook - even travelers checks...". Plenty of other companies offer internet scans and I suppose if you are not near a computer it is helpful to have someone look up telephone numbers and possibly conference call you in to the customer service of your credit card issuer.

Despite Lifelock's tremendous advertising effort, the product has always been lacking substance. As a result of this, Lifelock entered the business world with a guarantee and promise which they could never keep. While the product expectations, after much criticism were finally revised to more realistic levels, the question of why purchasing the coverage remained. The question now is still pressing. While the bureaus may force Lifelock from performing automatic security alert renewals, the bureaus would most certainly fail in an attempt to prevent consumers from doing the same proactively. Why continue to pay $10 a month for internet scanning and "Wallet lock"?

What is true is that other companies in the business of providing security services to consumers, those who provide honest and useful services to consumers, will read this story with a smirk. Lifelock's history of high-flying promises and service guarantee, both of which have been, in my opinion a stain on the industry coupled with the high profile advertising, - are not enviable but embarrassing. The most important question is what will all of our favorite radio talk shows do if Lifelock stops its radio advertising campaign?

Lifelock Getting Picked

Lifelock Getting Picked

Since February 2008, Lifelock, the company that guarantees that your identity will not be stolen has been hammered by legal problems. Lifelock charges consumers $10 a month for the privilege of allowing the company to manage your Fair Credit Reporting Act right to a free initial security alert and which automatically opts out a consumer from pre-approved credit offers for six months. The Lifelock website states:

LifeLock, the industry leader in proactive identity theft protection, offers a proven solution that prevents your identity from being stolen before it happens. We'll protect your identity and personal information for only $10 a month - and we guarantee our service up to $1,000,000. Lifelock website

A consumer must know what it is they are shopping for and buying. Part of the education of the consumer comes from the vendors or retailers where the consumer shops. Lifelock, as quoted above claims that their product “prevents your identity from being stolen before it happens”. Prevents? Come again? It would make sense to say, in the careful speech of legalese, “reduces the likelihood of identity theft” or “works to protect your identity”. The word “prevents” clearly implies a non-conditional protection. A consumer reading this, if he or she is able to overcome their natural inclination to say “too good to be true” might jump at the opportunity to purchase such protection.

But can Lifelock truly prevent your identity from being stolen. Three legal actions aimed at Lifelock beg to differ. First, on February 13, 2008, the Montana Attorney General, Mike McGrath opened a civil investigation of Lifelock based upon the appearance of CEO Todd Davis’s Social Security Number in a full page advertisement in the Great Falls Tribune. Assistant Attorney General Jesse Laslovich is quoted as saying in an article in the same newspaper “… there also are some businesses cropping up that may only claim to protect people from identity theft”, pointing out the nature of Lifelock’s business is the utilization of no-cost initial security alert placed on the credit file by the three credit repository agencies upon request. An additional concern implied by the Attorney General is that the advertisement including Davis’s Social Security Number may itself be contributing to attempted identity fraud, “The Social Security number in the advertisement is registered to numerous people, Laslovich said. Thats probably because people see it and try to use it to open lines of credit, he added.” Great Falls Tribune

Lifelock’s second blow came from the credit repository Experian filing a civil suit in the Federal District Court of Central California announced on February 21. press release

Experian’s suit alleges that Lifelock is abusing the Fair Credit Reporting Act right to an initial security alert, essentially comparing the use of the alert in a permanent fashion to crying wolf. The Fair Credit Reporting Act states in § 605A (a)(1) that “… a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft,…” is the definition of an initial alert’s purpose. FCRA text.

Experian also claims that Lifelock’s advertising is “false and misleading.” Another claim is that Lifelock’s ordering of credit reports for it’s customers (which are provided free of charge according to the Fair Credit Reporting Act when requesting an initial fraud alert, § 612. Charges for certain disclosures (d) Free disclosures in connection with fraud alerts ) is being conducted “without adequate disclosure”, meaning that consumers are unaware or are not told by Lifelock that the credit reports they receive are provided free by the credit repositories per federal law. Experian goes on to claim that companies are not legally able to place the fraud alerts for consumers which seems to be a stretch provided that consumers are authorizing the company to do so.

Experian’s most pertinent complaint involves the applying of initial fraud alerts without the imminent fear of or possibility of fraud. The credit bureau’s argument is that the protective nature of an initial security alert will be diminished if the alerts become too common place. Experian argues that creditors will essentially be forced to treat every initial alert as equal implying that eventually the alerts will be ignored.

Lifelock is counting on the practice that creditors will always place a telephone call to the consumer upon discovering the initial security alert. However, The Fair Credit Reporting Act does not require a creditor to make a telephone call to the consumer every time an initial security alert is found, but is permitted to “ take reasonable steps to verify the consumer's identity and confirm that the application for a new credit plan is not the result of identity theft” meaning that it is possible that the use of database to verify the personal identifying information of the consumer probably suffices to meet the requirements of the law. If the database does not reflect new fraudulent activity, the alert may not work. Another possibility is to mail a letter to the consumer. Experian seems to have a good point.

Fair Credit Reporting Act

§ 605A. Identity theft prevention; fraud alerts and active duty alerts [15 U.S.C. §1681c-1]

(h) Limitations on Use of Information for Credit Extensions

(1) Requirements for initial and active duty alerts-

(B) Limitation on Users

(ii) Verification. If a consumer requesting the alert has specified a

telephone number to be used for identity verification purposes, before

authorizing any new credit plan or extension described in clause (i) in

the name of such consumer, a user of such consumer report shall

contact the consumer using that telephone number or take reasonable

steps to verify the consumer's identity and confirm that the application

for a new credit plan is not the result of identity theft.

Lastly, on 28 March 2008 a class action suit was filed in Arizona against Lifelock alleging similar claims as the Experian suit:

The lawsuit alleges that the three-year-old company defrauds customers by offering services it cannot legally perform, and by touting a $1 million guarantee that the suit alleges is wildly misleading. press release

The class action suit based upon Arizona's Consumer Fraud Act and the Arizona Insurance Code alleges that Lifelock misleads the consumer by overstating the protection it affords and reiterates the Experian claim that Lifelock cannot legally order the consumer’s credit report. The class action suit also calls into question the highly advertised $1,000,000 guarantee. The press release reports that the guarantee’s actual language is:

LifeLock will not pay any losses directly to the consumer and does not cover consequential or incidental damages to identity theft. The guarantee is limited to fixing failures or defects in the LifeLock services and paying other professionals to attempt to restore losses.

So a consumer who does become a victim of identity theft at the very least can claim remuneration from Lifelock for professional identity restoration services, something that could have been purchased on a monthly basis for not too much more than Lifelock’s $10 fee from competitors of Lifelock.

Will Lifelock survive this legal onslaught? Are more suits or investigations coming? Only time will tell. What is for certain is that Lifelock’s attorneys are going to be very busy in 2008. Lifelock continues to secure funding from prominent industry financial leaders such as Goldman Sachs Group Inc most recently $25 million in January 2008. BizJournal. How much of this last funding round will be spent in legal fees or payouts remains to be seen.

Identity Protection Shopping

Lifelock Vs TrustedID

By Puripong Koomsin

Each year, the cost of Identity Theft amounts to over 50 Million US Dollars and these numbers are steadily rising. Identity theft has been one of the most expensive crimes in the United States, costing both the government and individuals such a huge amount of money. Even though the crime is rising in numbers, most people still think that it may just be a result of isolated cases that have been blown out of proportion by the government and agencies that tend to gain from them.

That may seem like a convenient reality, in which one does not have to face the facts that everyday, a significant number of Americans are affected by Identity Theft all over the country. With cases and awareness growing, more and more firms offering protecting against identity theft are also popping up. Two firms that offer Identity Theft Protection Services are Lifelock and TrustedID. These firms claim to help their clients by informing them once their credits have been breached. So, how is each one different from the other? How does a prospective client know which firm is best for him?

Lifelock is a company that is based in Arizona. They offer their services for a monthly fee of $10 and an annual fee of $110. This company protects their clients by setting up fraud alerts with their client's creditors as well as removes a client's name from the mailing lists of pre-approved credit cards and junk mail. The company has become controversial in a way because of on one of their ads, CEO Todd Davis gives out his Social Security Number claiming that he is confident on how Lifelock works. Such an action has resulted in his number being hit several times by pranksters trying to prove that the Lifelock system is not as fool proof as they advertise it to be. In one scenario, a fraudster was able to solicit $500 from a credit company that did not check with Davis' credit history. This resulted in a blow for the company, but they claim that they have recovered and still have the clients that they used to and even more.

Another firm that is in the Identity Theft protection business is that of TrustedID. Unlike Lifelock, TrustedID takes a more curt approach when it comes to dealing with new accounts in their client's name. Instead of a simple monitoring of the account, TrustedID proceeds to freeze a client's account until the client verifies the fact that the new set up is valid or not. Like Lifelock, TrustedID also offers to remove a client's name from junk mailing lists. The company charges it clients $12.95 a month for their services.

So which is better: Lifelock or TrustedID? The answer to such query solely depends on the consumer. The two agencies work on a similar field with only a slight difference when it comes to the way they deal with breaches and new accounts instituted in a client's name. But, no matter what a firm may offer, an individual does not have to pay extra for the credit protection. The solution to that is for credit card agencies to make their process of freezing as well as unfreezing accounts easier for their users. This way, a client may be able to protect himself against Identity Fraud without using the services of any Identity Theft Protection agencies.

---

The writer of the above article is comparing services offered by two companies to which a consumer pays an on-going fee and the company provides a service for the consumer which is either free to do on their own or upon paying a moderate fee, can be implemented without too much effort.

Both companies are literally banking their money on the back of the Fair and Accurate Credit Transactions Act, (FACTA) which was an amendment to the Fair Credit Reporting Act (FCRA).

15 U.S.C. § 1681
§ 605A. Identity theft prevention; fraud alerts and active duty alerts
(a)One-call Fraud Alerts
(1)Initial alerts. Upon the direct request of a consumer, or an individual acting on behalf of or as a personal representative of a consumer, who asserts in good faith a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft, a consumer reporting agency described in section 603(p) that maintains a file on the consumer and has received appropriate proof of the identity of the requester shall--

(A)include a fraud alert in the file of that consumer, and also provide that alert along with any credit score generated in using that file, for a period of not less than 90 days, beginning on the date of such request, unless the consumer or such representative requests that such fraud alert be removed before the end of such period, and the agency has received appropriate proof of the identity of the requester for such purpose; and

(B)refer the information regarding the fraud alert under this paragraph to each of the other consumer reporting agencies described in section 603(p), in accordance with procedures developed under section 621(f).

The credit repositories, Equifax, Trans Union, and Experian are required by federal law to place a "fraud alert" on a consumer's credit file for no less than 90 days for free for as long as the consumer wishes to retain them. The fraud alert is placed by calling one of the credit bureaus at:

Equifax
888-766-0008

Experian
888-397-3742

TransUnion
800-680-7289

For most people, one call is enough to activate the alerts at all three credit bureaus. Exceptions would be people who have moved recently, have changed a piece of identity recently, (name or SSN) or alternate between a PO Box and other address.

The only catch is for the consumer to call every 90 days to renew the alerts. In addition to the alert statement being placed on the credit report, the alerts entitle a consumer to a free credit report. Reports are limited to two every 12 months. However, a carefully planned credit screening schedule could be arranged so that the consumer requests one report every two months. Add to this the annual credit report disclosure which gives a consumer one free report per 12 months from each bureau and a consumer can have up to nine (9) free credit reports per year! A schedule such as this, while not perfect is pretty effective to determine whether or not an identity theft attack is underway. Credit monitoring would be the best way to watch the credit reports but most effective when it is triple bureau monitoring.

Having said all that, new account related identity theft is only between 25%-30% of all identity theft, with utility and telecommunication based identity theft picking up a sizable amount of the difference. Medical, employment and criminal identity theft also add to the total. Most of these types of fraud are not prevented by the presence of fraud alerts on a credit report. Both of the above companies stake their business on managing the fraud alert process for consumers and therefore a consumer should not go to bed at night thinking that Lifelock or TrustedID will keep the ID Theft monster out of their nightmares.

As far as the opt out process advertised by TrustedID, a consumer can use the available internet resources here assembled by the Privacy Rights Clearinghouse.

Credit Freezes

TrustedID sells a product called "IDFreeze". The company claims for $7.95 a month, the consumer can let TrustedID intervene in freezing and thawing their credit report in the states where credit reports are available. However, recent changes in operating procedures at the big three bureau now makes credit freezes available to all US consumers even in the states where credit freeze laws have not been passed. The bottom line, the consumer is again paying for a manager not a magician. Freezes can be implemented by the consumer simply by going online to the bureaus websites and following the instructions to mail in a written request, id documents and a check, voila - a credit freeze until the consumer wishes to thaw it. APRPEH wrote about the new credit freeze option in November.

See a list of state specific identity and credit related laws here.

My name is Todd Davis
My social security number is 457-55-5462
I'm Todd Davis, CEO of LifeLock, and yes, that’s my real social security number*. Identity theft is one of the fastest growing crimes in America, victimizing over 10 million people a year and costing billions of dollars. So why publish my social security number? Because I’m absolutely confident LifeLock is protecting my good name and personal information, just like it will yours. And we guarantee our service up to $1 million dollars."

As for Lifelock, the article's writer left out a few notes of interest. He mentioned CEO Todd Davis had become a victim of identity theft. This is true. What he failed to mention is that Lifelock found out who the perpetrator was and seeking to capitalize on the publicity of how the crime took place, botched the police investigation which was subsequently dropped. Hurray for law and order. The writer failed to mention entirely that the co-founder of Lifelock, Robert Maynard was forced to step down due to ethical and legal problems related to his previous business in the credit world. APRPEH discussed this back in June of 2007.

As far as insurance goes, one could suppose it's not such a bad thing. The average consumer that resolves their own identity theft matter spends less than $500 out of pocket. This is the amount that could be claimed under the insurance policy. The consumer must weigh the cost of the premium for the insurance versus the likelihood of 1) needing the insurance and 2) spending more than the expected average in the event of an identity theft problem. Probably not a good idea.

The best bet for a consumer who wants id theft protection is to keep alerts on their credit file, subscribe to triple bureau monitoring and possibly subscribing to one of the services that offers real protection for a consumer in the event that an identity theft event should happen. Don't shop for an advisor or advocate but for someone who will actually work your id theft matter for you in the way an accountant does your taxes for you. For many consumers, no services are necessary. Contrary to what is normally printed, it is not that hard to re-establish your identity with a police report and early discovery. Shop carefully.