The Pros and Cons of LifeLock

LifeLock, one of the companies that offers identity-theft protection in the United States, has been taking quite a beating recently. They’re being sued by credit bureaus, competitors and lawyers in several states that are launching class action lawsuits. And the stories in the media … it’s like a piranha feeding frenzy.

There are also a lot of errors and misconceptions. With its aggressive advertising campaign and a CEO who publishes his Social Security number and dares people to steal his identity — Todd Davis, 457-55-5462 — LifeLock is a company that’s easy to hate. But the company’s story has some interesting security lessons, and it’s worth understanding in some detail.

In December 2003, as part of the Fair and Accurate Credit Transactions Act, or Facta (.pdf), credit bureaus were forced to allow you to put a fraud alert on their credit reports, requiring lenders to verify your identity before issuing a credit card in your name. This alert is temporary, and expires after 90 days. Several companies have sprung up — LifeLock, Debix, LoudSiren, TrustedID — that automatically renew these alerts and effectively make them permanent.

This service pisses off the credit bureaus and their financial customers. The reason lenders don’t routinely verify your identity before issuing you credit is that it takes time, costs money and is one more hurdle between you and another credit card. (Buy, buy, buy — it’s the American way.) So in the eyes of credit bureaus, LifeLock’s customers are inferior goods; selling their data isn’t as valuable. LifeLock also opts its customers out of pre-approved credit card offers, further making them less valuable in the eyes of credit bureaus.

And, so began a smear campaign on the part of the credit bureaus. You can read their points of view in this New York Times article, written by a reporter who didn’t do much more than regurgitate their talking points. And the class action lawsuits have piled on, accusing LifeLock of deceptive business practices, fraudulent advertising and so on. The biggest smear is that LifeLock didn’t even protect Todd Davis, and that his identity was allegedly stolen.

It wasn’t. Someone in Texas used Davis’s SSN to get a $500 advance against his paycheck. It worked because the loan operation didn’t check with any of the credit bureaus before approving the loan — perfectly reasonable for an amount this small. The payday-loan operation called Davis to collect, and LifeLock cleared up the problem. His credit report remains spotless.

The Experian credit bureau’s lawsuit basically claims that fraud alerts are only for people who have been victims of identity theft. This seems spurious; the text of the law states that anyone “who asserts a good faith suspicion that the consumer has been or is about to become a victim of fraud or related crime” can request a fraud alert. It seems to me that includes anybody who has ever received one of those notices about their financial details being lost or stolen, which is everybody.

As to deceptive business practices and fraudulent advertising — those just seem like class action lawyers piling on. LifeLock’s aggressive fear-based marketing doesn’t seem any worse than a lot of other similar advertising campaigns. My guess is that the class action lawsuits won’t go anywhere.

In reality, forcing lenders to verify identity before issuing credit is exactly the sort of thing we need to do to fight identity theft. Basically, there are two ways to deal with identity theft: Make personal information harder to steal, and make stolen personal information harder to use. We all know the former doesn’t work, so that leaves the latter. If Congress wanted to solve the problem for real, one of the things it would do is make fraud alerts permanent for everybody. But the credit industry’s lobbyists would never allow that.

LifeLock does a bunch of other clever things. They monitor the national address database, and alert you if your address changes. They look for your credit and debit card numbers on hacker and criminal websites and such, and assist you in getting a new number if they see it. They have a million-dollar service guarantee — for complicated legal reasons, they can’t call it insurance — to help you recover if your identity is ever stolen.

But even with all of this, I am not a LifeLock customer. At $120 a year, it’s just not worth it. You wouldn’t know it from the press attention, but dealing with identity theft has become easier and more routine. Sure, it’s a pervasive problem. The Federal Trade Commission reported that 8.3 million Americans were identity-theft victims in 2005. But that includes things like someone stealing your credit card and using it, something that rarely costs you any money and that LifeLock doesn’t protect against. New account fraud is much less common, affecting 1.8 million Americans per year, or 0.8 percent of the adult population. The FTC hasn’t published detailed numbers for 2006 or 2007, but the rate seems (.pdf) to be declining.

New card fraud is also not very damaging. The median amount of fraud the thief commits is $1,350, but you’re not liable for that. Some spectacularly horrible identity-theft stories notwithstanding, the financial industry is pretty good at quickly cleaning up the mess. The victim’s median out-of-pocket cost for new account fraud is only $40, plus ten hours of grief to clean up the problem. Even assuming your time is worth $100 an hour, LifeLock isn’t worth more than $8 a year.

And it’s hard to get any data on how effective LifeLock really is. They’ve been in business three years and have about a million customers, but most of them have joined up in the last year. They’ve paid out on their service guarantee 113 times, but a lot of those were for things that happened before their customers became customers. (It was easier to pay than argue, I assume.) But they don’t know how often the fraud alerts actually catch an identity thief in the act. My guess is that it’s less than the 0.8 percent fraud rate above.

LifeLock’s business model is based more on the fear of identity theft than the actual risk.

It’s pretty ironic of the credit bureaus to attack LifeLock on its marketing practices, since they know all about profiting from the fear of identity theft. Facta also forced the credit bureaus to give Americans a free credit report once a year upon request. Through deceptive marketing techniques, they’ve turned this requirement into a multimillion-dollar business.

Get LifeLock if you want, or one of its competitors if you prefer. But remember that you can do most of what these companies do yourself. You can put a fraud alert on your own account, but you have to remember to renew it every three months. You can also put a credit freeze on your account, which is more work for the average consumer but more effective if you’re a privacy wonk — and the rules differ by state. And maybe someday Congress will do the right thing and put LifeLock out of business by forcing lenders to verify identity every time they issue credit in someone’s name.

This essay originally appeared in Wired.com.

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank

7 Responses to “The Pros and Cons of LifeLock”

  1. I am regular reader, how are you everybody?
    This post posted at this website is truly pleasant.

    Here is my web site Ikea kitchen island

  2. Can I just say what a relief to find somebody that really knows
    what they are talking about on the web. You definitely
    realize how to bring a problem to light and make it important.
    More and more people ought to look at this and understand this side of the story.
    I can’t believe you aren’t more popular given that you most certainly have
    the gift.

    Look at my web page – vit quay vit nuong

  3. My family members every time say that I am wasting my time here
    at net, however I know I am getting experience
    everyday by reading thes pleasant articles or reviews.

  4. I got this site from my friend who informed me on the topic of this web site
    and now this time I am browsing this web site and reading very informative articles or
    reviews here.

  5. Chân gà vịt được chọn lựa một cách kỹ lưỡng đem đi làm sạch và tẩy
    mùi bằng bí quyết riêng của người Hoa sinh sống tại Lạng sơn sau đó đem tẩm ướp một số gia vị như hoa hồi thảo quả
    và mấy loại dễ cây,.,.nguyên liệu để muối chân gà là dấm, muối, tỏi, ớt, quả mắc mật với chân gà vịt đem trộn lẫn và
    cho vào chum sành ủ khoảng từ 30-45 ngày là ăn được,đặc trưng của
    món này ăn giòn sật sật nhai cả xương rất đã ngon nhưng hơi cay hương vị độc đáo của các loại rễ cây
    khi tẩm ướp ngấm đều mùi vị rất lạ càng
    nhai càng ngon.

  6. The main target is on information, further education, co-ordination of the work performed by
    handicraft consultants, comply with-up and evaluation in addition to investigatory work
    and initiation of improvement initiatives. The handicraft consultants
    work in both advisory and informative capacity. Their mission is to advertise handicrafts
    by arousing people´s interest and increasing their information of what handicraft work entails.
    The handicraft guide´s activities embody organizing instructional packages,
    programs and exhibitions, documenting old handicrafts, initiating improvement initiatives in collaboration with designers and
    craftsmen and promoting craft activities among kids
    and younger people. Responsible authorities for the handicraft consultants are handicraft societies,
    regional councils or county museums.

  7. Hmm it appears like your site ate my first comment (it was super
    long) so I guess I’ll just sum it up what I submitted and say,
    I’m thoroughly enjoying your blog. I too am an aspiring blog blogger but I’m still
    new to everything. Do you have any recommendations for rookie blog
    writers? I’d genuinely appreciate it.

Leave a Reply