Government groups and credit bureaus warn average citizens never to share their Social Security Numbers unless it’s absolutely necessary, but that hasn’t stopped Todd Davis from plastering his all over cyberspace and the airwaves on radio and TV.
His number: 457-55-5462.
Davis, CEO of LifeLock, an identity theft prevention company based in Tempe, Ariz., temps fate by putting his personal information out there to prove the point that his firm’s service can keep the data safe.
For $10 per month, the company vows to prevent customer identities and personal information from being stolen before the crimes even occur. The company backs these promises with a $1 million guarantee—and vows to pay up to $1,000,000 to cure failures or defects in its service for all incidents, regardless of circumstance.
Unfortunately, however, LifeLock has come under fire recently for promising a kind of safety that no company can deliver. A variety of customers and outsiders are suing LifeLock for everything from false advertising and abusing the credit reporting system.
The most recent round of lawsuits was filed in May when LifeLock customers in Maryland, New Jersey and West Virginia sued Davis and claimed his service didn’t work as promised because the service had failed even him.
The suits allege that other people applied for or received driver’s licenses at least 20 times using Davis’ Social Security number. In an interview with The Associated Press, Davis acknowledged that his stunt has led to at least 87 instances in which people have tried to steal his identity.
Davis admitted that one of these incidents was successful: a man in Texas last year duped an online payday loan operation into giving him $500 using Davis’s Social Security number. Tami Nealy, a spokesperson for LifeLock, explained that in this particular case, the LifeLock service worked flawlessly.
“Todd was called from collection agency looking to collect on that money, but that’s where our system kicked in,” she explains. “They called, he denied the credit, the guarantee covered the money and the case was closed.”
These pending lawsuits against LifeLock don’t exist in a vacuum. The company is being sued in Arizona over its $1 million service guarantee, which the plaintiffs claim is misleading because it only covers a defect in LifeLock’s service. LifeLock also is being sued in California by the Experiancredit bureau, which accuses LifeLock of deceiving consumers about the breadth of its protection and abusing the system for attaching fraud alerts to credit reports.
Nealy defended the guarantee by saying that in the company’s three years, 125 customers have called to invoke the $1 million guarantee. She put this number into perspective by offering that LifeLock now has more than one million customers, meaning that 0.0125 percent of all customers have had to invoke the guarantee.
These numbers mean nothing to David Paris, the lead lawyer on three of the customer lawsuits. Paris said the cases highlight the limits on how much protection identity-theft companies can provide. “[The cases are] evidence of the ineffectiveness of the services that LifeLock advertises,” Paris told CNN earlier this year.
Experts agree that LifeLock and other companies such as Debix, TrustedID and MyTrustoncan help guard against certain types of financial fraud by informing them when someone tries to open a new line of credit or boost their credit limit.
Beyond that, however, the very same experts say LifeLock and similar services don’t guard against many of the more complicated types of identity theft.
Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization based in San Diego, advised that consumers should be skeptical of any company that promises 100 percent protection against fraud and identity theft.
“There is no company that can guarantee they can protect you (completely) against identity theft,” he told the A.P. earlier this year.
Even Davis admits that no fraud detection solution is flawless. On the company’s Web site, he is quoted as saying, “No one can stop all identity theft, and don’t believe anyone who says they can.”
Many experts added that LifeLock and its competitors all offer services consumers can accomplish on their own—for free. Congress passed laws several years ago allowing consumers to get free annual credit reports from Experian and other credit bureaus such as TransUnion and Equifaxso people can see exactly what is happening with their credit at all times.
The government also allows consumers to place free fraud alerts on their credit reports if they have been victimized or believe they have been or are about to become a victim of identity theft.
“The issue really is with today’s culture of ‘time is money,’” said Ryan Barnett, director of application security at Breach Security, a web application security vendor in Carlsbad, Calif. “Most people don’t want to deal with these kinds of vigilant monitoring or clean-up efforts.”
Nealy, the LifeLock spokesperson, conceded that the essence of her company’s service is setting fraud alerts on behalf of its customers every three months, and monitoring the alerts for unusual activity.
She added that despite what lawsuits might allege, the company’s $1 million guarantee is a promise to customers that if the LifeLock service falters, its customers are covered for up to $1 million of loss.
Considering these words, is LifeLock guilty of false advertising? Do the lawsuits have merit?
According to LifeLock’s Davis, the answer to both questions is a resounding no. The man who publishes his Social Security Number for all to see scoffs at the pending litigation, and notes on the company Web site that he has asked courts to have the cases thrown out.
“We believe the suits will be proved to be without merit because we follow the law and do exactly what we say we do,” he wrote. “I don’t see where anyone has come even close to proving different or doing the job better.”