This past weekend, Todd Davis, Lifelock's Chairman and CEO, announced in a video message the company's intention to release new services during the coming weeks. This was prompted by a court ruled in May 2009 in favor of Experian to stop companies like Lifelock from setting Fraud Alerts on behalf of its customers. Lifelock had appealed the decision.
In February 2008, I've Been Mugged reported the Experian v. Lifelock lawsuit. The fight between Experian and Lifelock was like two five-year-old kids arguing over who gets the last brownie on the kitchen table while there is a fire burning in the living room. There are bigger issues. Fraud Alerts are a relatively weak tool, since it doesn't force lenders to contact consumers. Credit monitoring service that include a Fraud Alert tool still do not stop:
- Criminal identity theft: when a criminal uses another person's identity during a crime
- Medical identity theft and fraud: when a person uses another person's identity to gain free medical care, and wrecks the victim's access to health care they rightfully paid for
- Data breaches and fraud at outsourcing vendors and at offshore outsourcing vendors
- Poor data security practices by companies and employees
- Insider identity theft and fraud
To be clear, I am no fan of Lifelock. Much of what the company charges for, consumers can (and should) do for themselves for free. In April of 2008 Consumer Reports gave Lifelock a less than stellar review.
However, on one point Davis and I agree. This court ruling is a setback for consumers. It limits choice in the marketplace at a time when data breaches and identity theft have increased. The ruling means that consumers must go directly to Experian (and other credit reporting agencies) to establish a Fraud Alert.
It will be interesting to hear during the coming weeks about Lifelock's new services. Hopefully, the company has done its homework and developed a set of truly innovative and more comprehensive identity protection tools.
It is in consumers' best interest for a comprehensive identity protection service. Why? Many consumers I've talked with have no idea what to do about identity after their sensitive personal data has been stolen. Many consumers need all the help they can get. Few know the difference between credit monitoring and credit restoration. Few understand the limitations (e.g., see the bullet list above) with credit monitoring services. Then, it's a rush to learn what to do to protect themselves, and establish some preliminary protections.
It is sad that the identity protection industry so fragmented and disorganized.
There's a gap in the marketplace and a truly comprehensive identity protection service would go a long way towards helping consumers. The credit reporting agencies don't offer a comprehensive service; they focus narrowly on monitoring (usually their own) credit reports, and providing credit scores. Regional credit reporting agencies are essentially ignored, along with insurance reporting services like ChoiceTrust.
All of these regional credit reporting and insurance companies' reports are high-value targets by identity criminals. The credit monitoring services by independent companies are somewhat better than the credit reporting agencies' service, but that is not a high bar to leap. As I wrote in May 2009:
Since I started this blog, I have searched for a truly comprehensive identity protection service, which should include:
- Unlimited access to the full text of all of my credit reports from both the major credit reporting agencies and from the smaller, regional credit reporting agencies (e.g., Innovis)
- Unlimited access to the full text of all of my C.L.U.E. insurance reports
- Unlimited access to the full text of all of my sensitive personal medical information
- Monitoring of my identity across social networking sites
- Instant e-mail, text messaging, Twitter, or RSS alerts about status changes to any of the above
- Tools and calculators to help me evaluate these reports
- The ability for to customize alerts based on my individual needs
- Options to add Fraud Alerts to any or all of the above reports
- Options to add Security Freezes to any or all of the above reports
- Criminal fraud monitoring (if my identity is used by thieves during a crime)
- Identity fraud assistance when traveling outside the USA
- Identity resolution services and insurance for all of the above reports
- 24/7, and easy access to a real person in customer service via phone
- Arrangements with employers so that after a data breach, I get reimbursed for my monthly fee for this service, rather than receive an offer for another credit monitoring service I don't need
Consumers can't get all of the above. To get large portions of it, you'd have to cobble together at least five or six different services. The Experian v. Lifelock court ruling adds to the problem, since Fraud Alerts will now be available only at the major credit reporting agencies.
It shouldn't be this hard for consumers. Maybe Lifelock has tackled this problem with their new services. We shall see during the coming weeks, and I've Been Mugged will report on it.