LifeLock Inc. agreed today to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services.
The company widely advertised those services by displaying its chief executive's Social Security number on the side of a truck.
LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.
"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it," said FTC Chairman Jon Leibowitz in a statement.
Since 2006, LifeLock’s ads have claimed that it could prevent identity theft for consumers willing to sign up for its $10-a-month service. According to the FTC’s complaint, LifeLock claimed: "By now you've heard about individuals whose identities have been stolen by identity thieves . . . LifeLock protects against this ever happening to you. Guaranteed."
Other claims: "Please know that we are the first company to prevent identity theft from occurring." "Do you ever worry about identity theft? If so, it's time you got to know LifeLock. We work to stop identity theft before it happens."
The FTC’s complaint charged that the fraud alerts that LifeLock placed on customers' credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs.
Even for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection. They alert creditors opening new accounts to take reasonable measures to verify that the individual applying for credit actually is who he or she claims to be, but in some instances, identity thieves can thwart even reasonable precautions.
LifeLock Chairman and CEO Todd Davis, in a statement, said the company is pleased with the agreement. "...for the very first time, [this] works to set advertising guidelines for the entire industry. We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft," he said.
The company said it rolled out a new generation of identity theft protection services last October. The actions reviewed by the FTC and state attorneys general looked at "old practices and products, [and] has no impact on LifeLock's current services," according to the company. "Nothing changes because this was based on activity from over two years ago."
For nine straight years, identity theft and fraud has led all complaints filed with the FTC. Losses to Americans now exceed $1.8 billion annually, (see related story). New account fraud, the type of identity theft for which fraud alerts are most effective, comprised only 17% of identity theft incidents, according to an FTC survey released in 2007.
The FTC’s complaint further alleged that LifeLock also claimed that it would prevent unauthorized changes to customers’ address information, that it constantly monitored activity on customer credit reports, and that it would ensure that a customer always would receive a telephone call from a potential creditor before a new account was opened. The FTC charged that those claims were false.
In addition to its deceptive identity theft protection claims, LifeLock allegedly made claims about its own data security that were not true. According to the FTC, LifeLock routinely collected sensitive information from its customers, including their Social Security numbers and credit card numbers.
The FTC will use the $11 million it receives from the settlements to provide refunds to consumers. It will be sending letters to the current and former customers of LifeLock who may be eligible for refunds under the settlement, along with instructions for applying.
The Attorneys General of Alaska, Arizona, California, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, and West Virginia participated in this settlement.
Illinois Attorney General Lisa Madigan released a statement about settlement. "This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft. Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.
Davis, CEO at LifeLock, added: "Because of LifeLock's marketing efforts over the years, many more Americans now know of the risks of identity theft. More than one and a half million consumers rely on us 24 hours a day to help protect their identities."
He noted that LifeLock members are "very satisfied with the company's innovative products and services." Of the members who enrolled within the first 18 months of the start-up of LifeLock more than 75% are members today. Ninety percent of LifeLock customers renewed their subscriptions last year.