Daily Alert

22 May 2008

Lifelock's Todd Davis: Identity for Sale

Fraud-prevention pitchman becomes ID theft victim

CNN via AP

Story Highlights:

  • Man reportedly obtained loan using Social Security number of LifeLock spokesman

  • Todd Davis regularly gives out Social Security number in ads for ID security company

  • Customers file lawsuit, claiming Lifelock did not provide protection as advertised

SAN JOSE, California (AP) -- Todd Davis has dared criminals for two years to try stealing his identity: Ads for his fraud-prevention company, LifeLock, even offer his Social Security number next to his smiling mug.

Now, LifeLock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn't work as promised and he knew it wouldn't, because the service had failed even him.

Attorney David Paris said he found records of other people applying for or receiving driver's licenses at least 20 times using Davis' Social Security number, though some of the applications may have been rejected because data in them didn't match what the Social Security Administration had on file.

Davis acknowledged in an interview with The Associated Press that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday loan operation last year into giving him $500 using Davis' Social Security number.

Paris said the fact Davis' records were compromised at all supports the claim that Tempe, Arizona-based LifeLock doesn't provide the comprehensive protection its advertisements say it does.

"It's further evidence of the ineffectiveness of the services that LifeLock advertises," said Paris, who is lead attorney on the three new lawsuits, the latest of which was filed this month.

Davis learned about the fraud in Texas when the payday-loan outfit called to collect on the loan, he said. He didn't get an alert beforehand because the company didn't go through one of the three major credit bureaus before approving the transaction.

Davis said it's possible driver's licenses have been issued to other people in his name because of the widespread availability of his personal information -- and because of what he described as the flimsy mechanisms in place to report that kind of fraud.

Paris noted that LifeLock charges $10 a month to set fraud alerts with credit bureaus, even though consumers can do it themselves for free.

But Davis stands by his company and his advertising gimmick, which has appeared in newspapers and on billboards, radio and MTV. He even broadcasts it by bullhorn on walking tours through crowded downtowns.

"There's nothing on my actual credit report about uncollected funds, no outstanding tickets or warrants or anything," he said. "There's nothing to indicate my identity has been successfully compromised other than the one instance. I know I'm taking a slightly higher risk. But I'll take my risk for the tremendous benefit we're bringing to society and to consumers."

The lawsuits, for which Paris is seeking class-action status, highlight the fundamental limits on how much security identity-theft companies can provide.

Companies like LifeLock can help guard against only certain types of financial fraud by helping consumers set up alerts with credit bureaus, which inform them when someone tries to open a new line of credit or boost their credit limit to finance a buying binge, for example.

The services don't guard against many types of identity theft such as use of a stolen Social Security number on a job application or for medical services, or even the instance of an arrestee giving police a stolen Social Security number to shield his own identity.

LifeLock is also being sued in Arizona over its $1 million service guarantee, which the plaintiffs claim is misleading because it only covers a defect in LifeLock's service, and in California by the Experian credit bureau. Experian accuses LifeLock of deceiving consumers about the breadth of its protection and abusing the system for attaching fraud alerts to credit reports.

Security experts say complaints about the company reinforce the time-honored wisdom of keeping your Social Security number secret.

"There's been a lot of marketing, a lot of hype about LifeLock," said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization. "The question is, 'How much protection does it really buy you?"'

"There is no company that can guarantee they can protect you (completely) against identity theft," Stephens said. "Absolutely nobody can do that."




"There's nothing on my actual credit report about uncollected funds, no outstanding tickets or warrants or anything," he said. "There's nothing to indicate my identity has been successfully compromised other than the one instance. I know I'm taking a slightly higher risk.

Have you ever seen such a self serving comment as this? "My identity" is safe, nevermind the fouled up records of state DMVs, the inaccurate records and safety concerns of who knows how many illegally licensed drivers acquired a motor vehicle operator's license using the PII of Todd Davis, creep in chief of Lifelock. Whether it is illegal workers or terrorists or felons, Todd Davis's lust for competitive greed has served well the needs of the "bad guys", perpetrators of identity theft seeking to skirt the law to illegally obtain motor vehicle operator permits.

Then he has the audacity to say:
But I'll take my risk for the tremendous benefit we're bringing to society and to consumers."
I hope Lifelock customers are carefully watching how callous and cavalier the creep in chief of Lifelock is concerning the law of the land. APRPEH has discussed the mis-adventures of Lifelock in previous posts and pointed out that the fraud alert will cure all hysterics will not prevent identity theft and should never be considered blanket protection against identity theft. Based upon the article above, the word may be getting out now that identity theft is more than credit accounts:
Companies like LifeLock can help guard against only certain types of financial fraud by helping consumers set up alerts with credit bureaus, which inform them when someone tries to open a new line of credit or boost their credit limit to finance a buying binge, for example.

The services don't guard against many types of identity theft such as use of a stolen Social Security number on a job application or for medical services, or even the instance of an arrestee giving police a stolen Social Security number to shield his own identity.


To all those companies out there selling services similar to what Lifelock does, and there are plenty of others, I say watchout, a class action suit is coming your way. A simple reading of paragraph 605A of the Fair Credit Reporting Act using the logic of a layman will render that fraud alerts are for intended for "the consumer{that} has been or is about to become a victim of fraud or related crime, including identity theft.." and for their protection:
a user of such consumer report shall contact the consumer using that telephone number or take reasonable steps to verify the consumer's identity and confirm that the application for a new credit plan is not the result of identity theft.
The whole subsection is below or see the FCRA in it's entirety. Anyone selling fraud alerts as the way to guarantee protection against identity theft is a fraud.

To recap, there are two main problems with the Lifelock approach:
1) credit issuers do not have to make a telephone call to verify the credit application
2) only about 20%-25% according to the FTC of all identity theft will be reported to a credit bureau meaning the fraud alert will not be read and no verification of the consumer's interest in the transaction, whatever transaction it might be, will be made.

FCRA 605A
(B) Limitation on Users
(i) In general. No prospective user of a consumer report that includes an
initial fraud alert or an active duty alert in accordance with this section
may establish a new credit plan or extension of credit, other than under
an open-end credit plan (as defined in section 103(i)), in the name of
the consumer, or issue an additional card on an existing credit account
requested by a consumer, or grant any increase in credit limit on an
existing credit account requested by a consumer, unless the user
utilizes reasonable policies and procedures to form a reasonable belief
that the user knows the identity of the person making the request.
(ii) Verification. If a consumer requesting the alert has specified a
telephone number to be used for identity verification purposes, before
authorizing any new credit plan or extension described in clause (i) in
the name of such consumer, a user of such consumer report shall
contact the consumer using that telephone number or take reasonable
steps to verify the consumer's identity and confirm that the application
for a new credit plan is not the result of identity theft.

previous APRPEH Id theft articles related to Lifelock:

Lifelock Brainblock Lifeblock Brainlock
Lifelock Getting Picked
Identity Protection Shopping
Minors and Identity
As G. Gordon Liddy Would Say..Suckers

Stumble Upon Toolbar

No comments:

Sderot QassamCount - via Daled Amos

Nice Jerusalem Video from Yeshiva Beit Orot

The Path To The Final Solution

 
Who links to my website?