LifeLock Settles with FTC on I.D.-Theft Protection ‘False Claims’

LifeLock — whose CEO brashly displayed his Social Security number in commercials  — has settled with the Federal Trade Commission on charges it used false claims in promoting anti-identity theft services.

The FTC called it one of its largest “coordinated settlements on record.” LifeLock has agreed to pay $11 million to the FTC and $1 million to a group of 35 state attorneys general.

The FTC will use the $11 million to provide refunds to consumers. It will be sending letters to current and former customers of LifeLock, who may be eligible for refunds under the settlement. It will also provide instructions for applying.

Customers do not have to contact the FTC to be eligible for refunds, the agency said. The FTC said current information about the redress program can be obtained by calling 202-326-3757 and at http://ftc.gov/lifelock.

LifeLock, which charges about $10 per person for its service, and its principals are now barred from “making deceptive claims and required to take more stringent measures” to protect personal information they collect from customers. The FTC complaint also named co-founders Richard Todd Davis and Robert J. Maynard, Jr.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

Davis, LifeLock CEO, said the FTC and state Attorneys General action resulted from an examination of “old practices and products” and has “no impact on LifeLock’s current services.”

“LifeLock is pleased with this agreement, which, for the very first time, works to set advertising guidelines for the entire industry,” Todd said. “We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft.”

In October 2009, LifeLock said it rolled out new I.D. theft protection services that provide broader protection to its valued members.  The new system has prevented more than 5,000 fraudulent credit applications before they could be processed and approved, Todd said.

The FTC had charged that the fraud alerts LifeLock placed on customers’ credit files protected only against certain forms of identity theft, and did not provide protection against “the misuse of existing accounts, the most common type of identity theft.”

“It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs,” the federal agency said.

LifeLock alerts did cover “new account fraud” – when a thief tries to apply for a credit card impersonating a targeted consumer.  But that type of identity theft for which fraud alerts are most effective, comprised only 17 percent of identity theft incidents, according to an FTC survey released in 2007.

The FTC also charged that LifeLock’s data was not encrypted and that the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.

“This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Illinois Attorney General Lisa Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”