You have seen the ads for a company called LifeLock. They’re the ones with the CEO’s Social Security number. It must be a very effective campaign. The company currently has 1.5 million subscribers at $10 a month each.
And what do you get for your $120 a year? Well, a few things, but the major one is that LifeLock will place a "fraud alert" on your credit reports. These warn potential grantors of credit that something is fishy and tell them to contact you directly to confirm that it was really you that asked for the loan. Fraud alerts expire after 90 days, so LifeLock dutifully renews them for you four times a year.
That’s a nice little business they’ve got. $180 Million in recurring annual revenue for not a lot of work. But before you slap your forehead and ask why you didn’t think of it first, you should know that it looks like the party’s over.
LifeLock’s use of fraud alerts is pretty clearly abusive. They were created by federal law as a way for consumers to place a red flag on their credit reports if they were currently involved in fraud, not as a precautionary step to be taken by millions. (The LifeLock website says that to use the service you must "confirm that you have a good faith suspicion that you have been or are about to become a victim of identity theft." Wink wink.)
From the point of view of the credit reporting agencies, what LifeLock does is not just annoying, it costs money. They are processing 6 million fraud alerts a year and getting paid nothing at all to do it. And the cost is larger than you might think. You might assume that LifeLock periodically sends over some kind of computer file with a list of names for whom fraud alerts were to be set, but apparently this is not so. At least in the case of Experian, they had employees making phone calls to the credit bureau’s 800 number. So somewhere there was a sea of cubicles whose job was to call another sea of cubicles and read off information from one computer screen to be transcribed onto another.
Moreover, there is an even more serious "cry wolf" problem with this abuse. Companies that use credit reports are under no obligation to do anything about a fraud alert. If they are very rare and mean that somebody has recently been using the credit info fraudulently, the company has every incentive to tread carefully. But if there are millions of fraud alerts with no actual fraud involved, the constant false alarms are likely to convince companies to just ignore them altogether.
Experian sued LifeLock and two weeks ago won a summary judgment in federal court. Turns out that the law is clear that consumers, and only consumers, can place a fraud alert on their credit reports. The judge ruled that "Congress expressly excused Experian and other credit reporting agencies from placing fraud alerts requested by companies like LifeLock." Game over.
LifeLock’s CEO, Todd Davis, Mr. 457-55-5462 himself, put a brave face on and said that they will appeal the decision and continue to file fraud alerts with the other two credit bureaus, Equifax and TransUnion. As if those two will waste any time applying to the nearest federal judge for the same ruling.
LifeLock does provide some other services for its $120 a year, but the fraud alert was the centerpiece. Right now it looks like the company is set to go away as fast as it arrived.