LifeLock Class Action Lawsuits

by Doug Pollack

This past week, there were two class action lawsuits filed against LifeLock, one in its home state of Arizona and one in New Jersey. Following on a recent lawsuit filed against LifeLock by Experian, one of three US credit bureaus, these class action lawsuits also assert that LifeLock is engaged in deceptive advertising relative to the level of protection provided by their service against identity theft. The LifeLock offering depends almost entirely upon the placement of perpetual fraud alerts as the means for protecting their subscribers from identity theft.

As noted by David Paris, an attorney involved in this matter, in an article on the CNBC website titled "N.J. Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Regarding Limited Level of Protection Against Identity Theft":

" 'While fraud alerts may be effective in limited instances, they certainly cannot provide the comprehensive identity protection that LifeLock deceptively advertises,' said Paris. 'For instance, fraud alerts cannot stop the use of existing account numbers, and contrary to LifeLock's advertisements, lenders are certainly not required to contact the subscriber before extending credit to a potential identity thief.' "

The article and comments from Mr. Paris also address the alleged deceptive nature a severe limitations on the highly publicized $1MM LifeLock Guarantee:

"According to the Complaint, LifeLock also misleads subscribers by advertising its $1 million service guarantee. 'Potential LifeLock subscribers are enticed by the 'safety net' of what appears to be a one-million dollar insurance policy against any losses sustained as a result of identity theft,' said Paris. 'In actuality, once you get beyond the limitations and disclaimers, you find that the guarantee is limited to fixing failures in LifeLock's services and paying third-parties to attempt to restore subscriber losses.' "

Hopefully these lawsuits will help bring visibility and clarity to consumers as to the differences in identity theft protection services. Most services, including those provided by the company that sponsors this blog, ID Experts, do not rely on fraud alerts as a primary or sole means of protection, nor do they make questionable or misleading large dollar guarantees. It is unfortunate that brash marketing tactics have made it difficult for consumers to make an informed product decision based on the facts related to differences in these services.

More on Experian vs. Lifelock

by Doug Pollack

There is a growing amount of legal commentary emerging in the discussion surrounding the Experian vs. LifeLock lawsuit. This week, Peter Bronson from The Union.com published an article titled "Business Law Bulletin: Experian vs. LifeLock Heats Up".

Relative to the false and misleading advertising issue, Mr. Bronson notes that:

"According to Experian's lawsuit, at least one Lifelock ad claims that the company's services make it virtually impossible for identity thieves to strike, but that fraud alerts are only effective against those particular types of fraud that require accessing a credit report. In other words, says Experian, Lifelock cannot protect against such forms of identity theft as an undocumented worker using someone's Social Security number to obtain a job; or against unauthorized use of a credit card."

It is interesting to see a credit bureau that advertises their credit monitoring services as a means to help deter identity theft relentlessly (who hasn't seen the FreeCreditReport.com ads on TV?) make the case for the inherent limitations in this area.

Mr. Bronson goes on to point out the ambiguities with LifeLock's famous $1 million guarantee:

"Lifelock does offer a $1 million guarantee that if a customer's identity is compromised, Lifelock will help restore the customer's credit standing and pay the cost of doing so. However, Lifelock's web site states that the guarantee comes into effect when a customer's identity is compromised "due to a failure or defect in our Service", a phrase that seems open to more than one interpretation. (If the service offers protection against only certain types of identity theft, does the guarantee only cover those specific types?)"

This is the first instance where I've seen someone dig into the specifics of this guarantee. The "service defect" provision certainly provides LifeLock with a get-out-of-jail-free card. Not to mention, given that it is the financial institutions who provide most of the financial fraud protection, how valuable really is a $1 million guarantee other than as a marketing gimic. I guess we'll all find out as this lawsuit unfolds.

Putting LifeLock to the Test

by Doug Pollack

Right on the heels of the lawsuit filed by Experian against LifeLock, the self-proclaimed leader in identity theft protection, which asserts that LifeLock uses deceptive advertising and misleading claims in advertising their service, as well as illegal means of setting fraud alerts on behalf of their customers, now a CBS news report by Jim Benemann has put LifeLock to the test, along with two other companies, Debix and TrustedID, that rely on credit bureau fraud alerts or freezes for protecting their customers.

It seems that based on this test, these products do not prevent identity theft as you might be led to believe based on LifeLock's advertising. So on to the test. The first thing he did was have three of his colleagues, Tom, Jillian, and Kristine, each sign up for one of the three services. Then...

"With their permission, CBS4's Jim Benemann took all of Tom, Jillian and Kristine's personal information including their social security numbers and dates of birth. Using that information, Benemann applied for the same major credit card in each of their names. The only little thing he changed was the address. Benemann asked for those credit cards to be mailed to his home address. Essentially, he stole Kristine's, Tom's and Jillian's identities.

The three testers weren't worried. They all figured they would get that phone call telling them that someone was applying for credit in their name and they would put a stop to it immediately. Tom waited, Jillian waited and Kristine waited close to their phones. They waited 24 hours, then 48 hours and then a week. Not one of them got a phone call from any creditor even though they had paid companies for credit protection."

It is worth noting, that a fraud alert can easily be placed by an individual for free, just by contacting the credit bureau. Unfortunately services like these make the fraud alert seem like a "silver bullet" for preventing identity theft. As this test proves, nothing could be further from the truth. The reporter goes on to note:

"And remember Kristine who signed up with LifeLock? A little more than a week after Benemann applied for a credit card in her name, that card arrived, mailed to him, at his home address. And that had Kristine all the more interested in finding out about LifeLock's $1 million guarantee...Here is what LifeLock had to say:

'The credit card companies have a contract with the credit bureaus that say they must honor fraud alerts. The fact that they chose not to is proof that the fraud alerts are not bulletproof. The good news is that this is where the LifeLock $1 million guarantee is most effective. LifeLock is not a credit monitoring service but a protection service in the event a fraud alert proves to be ineffective.' "

Having said that, LifeLock didn't clarify how they then provide "protection" for the victim of ID theft. In the past, LifeLock had outsourced victim recovery services to other companies. It would be instructive to know what they do for their victims today.

Experian vs. LifeLock Lawsuit

VS.
by Doug Pollack

The Red Tape Chronicles yesterday reported on a recently-filed lawsuit by Experian, a major US credit bureau, against Lifelock. This lawsuit represents the first "shot across the bow" for vendors of credit services that rely on placing continuous fraud alerts on consumer accounts with the credit bureaus.

About.com's identity theft site defines a fraud alert as a "flag that is put on your credit report through the consumer reporting agencies. This flag establishes that as part of any credit approval process, you need to be notified."

Lifelock's consumer service, which they tout as providing guaranteed protection against identity theft, relies solely on the setting of fraud alerts to provide consumers with the stated protection. The Experian lawsuit brings into question the efficacy of fraud alerts as a means to prevent identity theft.

The Red Tape Chronicles article highlights that a key assertion of the lawsuit is that LifeLock is using deceptive advertising practices and making misleading claims in order to persuade consumers to subscribe to their service. The article notes that the "credit bureau Experian is suing the identity theft prevention firm LifeLock, accusing it of deception and fraud in its familiar advertising campaign, which includes a spot in which CEO Todd Davis reveals his Social Security number and then brags about the effectiveness of the company’s protections. In the lawsuit, filed in U.S. District Court on Feb. 13, Experian contends that LifeLock's advertising is misleading and that the firm is breaking federal law in the way it goes about protecting consumers."

The Experian lawsuit also brings into question the legality associated with firms placing fraud alerts on behalf of consumers. The Red Tape Chronicles article notes that "Experian contends that LifeLock's chief ID theft prevention tool -- the placing of continuous fraud alerts on consumers' credit files – is illegal because, under the Fair Credit Reporting Act, fraud alerts can only be requested by the individual consumer or an individual acting on behalf of the consumer."

ID Safeguards provides corporations and consumers with identity theft services. Among these services are those that assist victims of identity theft with recovery of their identities taking a "fully managed" approach to recovery. Coincidentally, the company has handled identity theft recovery efforts for numerous LifeLock members who became victims of identity theft, despite the placement of fraud alerts by LifeLock.

The fact that LifeLock members do fall victim to identity theft should not be surprising. Fraud alerts do not prevent an identity thief from co-opting and using one of your credit cards. They also don't prevent someone from using your social security number to work. They further don't prevent thieves from signing up for utilities of telecommunications services using your identity. And they don't stop someone from using your personal information to get access to health care services.

Fraud alerts also don't prevent inquires for credit from showing up on a victims credit report. These "little dings" can have a detrimental effect on an person's credit score. Fraud alerts do have their place in dealing with a threat to your financial identity, but they are not a silver bullet and certainly are not a guarantee that individuals won't fall victim to identity theft.

Would You Notice $400,000 Missing From Your Checking Account?

by Rick Kam

In an article published in the New York Times by Sewell Chan on October 2, 2007, Chan reports that Mayor Bloomberg fell victim to Identity Theft.

"In early June, Mr. Bostic deposited a $190,000 forged check into the Sovereign account and a $230,000 forged check into PNC account, according to prosecutors. Both of the forged checks were drawn on Mr. Bloomberg’s personal account at the Bank of America and were issued in the name of the mayor’s financial manager, Geller & Company."

You might ask could this happen to me?

The answer is yes. There are many types of financial and non-financial ID theft. Credit card fraud and someone withdrawing money from your checking account happens a lot.

You might say, "I have a service that freezes my credit or automatically sets fraud alerts to guarantee against ID theft". The answer is, these solutions will prevent the issue that happened to Bloomberg - an ID thief stealing money being taken from his checking account.

There are new services on the horizon that monitor credit, checking, and other forms of financial and non-financial personal data to detect misuse of your information and provide 360 degree protection. You will see these new services become available in the market and be more effective, but cost roughly what consumers pay today for less effective solutions. More on this in a future post....

Can Sharing Music on the Web Expose You to ID Theft?

by Rick Kam

According to Brian Koemer who authored an article on September 10, 2007 titled "Peer-to-Peer Networks Used to Steal Identities", the answer is YES!

"In what federal authorities are calling the first of its kind, the arrest of Gregory Thomas Kopiloff of Seattle, who allegedly used P2P Software to steal the personally identifiable information (PII) of at least 83 people."

How many of you use P2P file sharing software like Kazaa or LimeWire?

If you have teenagers in the house, are they using these tools to share their favorite songs with friends?

There is a good chance that one of your computers have this tools installed. If you do, Brian Koemer provides tips on how to protect yourself online. Besides, these tips from Brian, We also suggest the following:

1. Make sure your computer has the firewalls enabled. A firewall will help reduce the risk of someone getting unauthorized access to your computer. If you bought a computer recently, most will come out of the box with the firewalls enabled (i.e. Windows Vista or MAC OSX).

2. Scan your computer regularly for viruses. You can schedule this function to run every week or once a month when you are not using it.

3. Make sure you obtain files from known sources (i.e. iTunes). Many versions of music files exist on the web. You can tell they are different because the file sizes differ. Some of these variations are legitimate and accommodate for various media players. Others contain viruses and other malware.

If you suspect any issues with files, just don't put it on your computer...

Lifelock Says You Can’t Stop All Forms of ID Theft

by Rick Kam

On June 11, 2007 an article in Wired Blog Network reports CEO of Lifelock, Todd Davis’ identity being stolen. Mike Prusinski, spokesman for Lifelock is quoted as saying,

“…there's no way to prevent all identity theft -- especially in cases in which a business (such as the check-cashing operation) doesn't run a credit report before providing someone with a loan or new credit card. It's a loophole," Prusinksi said. "We tell people that you can't stop every form of identity theft."”

Todd Davis was so confident in Lifelock’s identity theft protection solution, he regularly displayed his social security number on the company website. It was only a matter of time before an identity thief would use his social security number.

The Federal Trade Commission, Better Business Bureau, AARP, and law enforcement, as well as Identity Safeguards, all suggest protecting your social security number to reduce the risk of identity theft. It is the “key” to your identity. The ability to “freeze” or lock your credit will reduce the risk that an identity thief will be able to open fraudulent credit accounts, but it is not “fool proof” in stopping other growing forms of identity theft.

So how was Todd Davis’ identity stolen?

A plausible scenario would be that an identity thief saw Todd Davis’ social security number on the LifeLock website and decided to use it to commit the crime. There are many other ways an identity thief can access and use your personal information. For many individuals today, a government agency or company who has their information may lose it or have it stolen by identity thieves potentially exposing them to misuse.

While setting up fraudulent checking accounts or credit lines are the likely ways an identity thief will use stolen personal information, it is not the only way. Identity thieves also can set up cell phone accounts, obtain fraudulent driver’s licenses, or access medical services (note that medical ID theft is one of the fastest growing issues today). A credit freeze or fraud alert set by the credit bureaus (or Lifelock in Mr. Davis’s case) won’t necessarily protect them from these forms of identity theft.

The good news is you can reduce their risk of falling victim to many forms of identity theft by taking a few simple steps to protect your good name. The FTC offers good suggestions to reduce the risk and is a great consumer resource. My suggestion, consistent with that of many other security experts, is carefully protect your social security number in order to reduce your risk of identity theft.