Sunday, February 24, 2008

Will the Experian versus Lifelock law suit help identity theft victims?

Lifelock -- one of the companies that offers identity theft protection at a cost -- is being taken on by one of the big three credit bureaus. Last week, Experian filed a law suit seeking damages for their costs associated with placing and replacing credit alerts.

Before continuing on, it needs to be noted, as it has been by Lifelock CEO Todd Davis that Experian and the other members of the big three are involved in the identity theft protection business, also.

There is an interesting article by Terry Bibo at the PJStar.com about a Catepillar retiree, who was offered free credit monitoring after a data compromise. According to the article, the retiree tried to use the company provided protection service (ConsumerInfo.com), which is owned by Experian. The end result is seven months later all he has received is someone else's credit report and nothing has been done to protect him from becoming a victim.

It should also be noted that Lifelock isn't the only identity theft protection service that operates along the business model of charging people to place credit alerts or freezes on their reports.

Other companies, such as Debix and Trusted ID offer pretty much the same service.

Unfortunately, I'm not certain that any of this is necessarily going give any additional recourse to the millions of identity theft victims, who should be what this is all about. This law suit seems to be more about who is going to cash in on the identity theft protection industry, which by most estimates is showing double digit growth.

Lifelock has been under fire since it was disclosed by Ray Stern at the New Phoenix Times that one of the founders, Robert Maynard had been banned by the FTC to work in the credit repair industry and had been accused of identity theft by his father, who bears the same name he does.

At the time, Lifelock marketed their product by claiming it was inspired by Maynard being wrongfully arrested after his identity was stolen. The article revealed evidence that this wasn't true, and revealed that Maynard had been arrested for not paying his bill at a casino. The story was backed up with a booking photo of Maynard and a statement from an official source at the Clark County DA's office that Maynard had never claimed identity theft at the time of his arrest. In fact, according to the source at the DA, he made full restitution, which prevented the case from being prosecuted.

Shortly thereafter, CEO Todd Davis made headlines when he organized a "posee," complete with film crew to go after the person, who stole his identity to get a loan. The identity thief in question was described as mentally disabled by the authorities and the charges were dropped because of the questionable tactics used, referred to as coercion.

There are a lot of forms of identity theft and not all of them show up on a credit report. The fact that Todd Davis' social security number (which he plasters all over the universe as a marketing tool) is a pretty good indicator of this.

Stephen Lemons, who writes Feathered Bastard column for the New Phoenix Times wrote about the pending law suit. He pointed out that despite the negative publicity that Lifelock has received, it's business continues to grow.

The advertising campaign referred to consists of everything from television advertising to blogs. In fact, some of these blogs could probably be classified as splogs (my opinion). Recently, I've even seen e-mails touting the service that were caught in my spam filter. These e-mails have the following verbiage, "BBB: "LifeLock is the best Identity Theft Protection We Have Found."

When looking into this it was pointed out to me that the BBB (at least the Better Business Bureau?) doesn't provide endorsements.

Another thing, I noted in the several unsolicited e-mails I've received was that I was getting them because I had "opted in" at either Lifelock, or an affiliate. Strange, I don't remember ever opting in to receive e-mail campaigns from Lifelock? I do remember tracing a mysterious link from a Lifelock affiliate to this blog. When you tried to click on this link, which was set up on a Chinese domain, it redirected right to the main Lifelock website.

There are a lot of players in pay per credit alert business. Will this litigation eventually be the precedent for further litigation? I suspect Lifelock is the initial target because of some of the aggressive marketing tactics they use.

In November, the New York Times published an article by Brad Stone about Gideon Yu and his investment in Debix. In the article, he wrote:

Gideon Yu, the former chief financial officer of YouTube and current chief financial officer of Facebook, is one of the most notable new executives in Silicon Valley. But while Mr. Yu operated in high-tech’s highest circles over the last two years, an impersonator was quietly using his name and credit card number to make fraudulent purchases.

This is another testament that just about anyone can become an identity theft victim and it noted the frustration Mr. Yu went through trying to resolve his personal issue.

Another item mentioned in the article was that the credit bureaus make it difficult for the average person to protect themselves:

Other individual investors and venture capital firms also see opportunity in the business of combating identity theft. The big three credit agencies — Equifax, Experian and TransUnion — offer several tools for preventing ID theft, but generally make putting such measures in place difficult for consumers — requiring them to send requests by certified mail, for example, and making them renew fraud alerts every 90 days.

What's interesting about this is that most identity theft has been enabled by the buying and selling of too much personal information without protecting it very well (my opinion). It makes sense that those profiting from selling information and protecting us from the fall out wouldn't want to make identity theft protection easy. If they did, it probably would cut into some profit margins by making it harder to issue credit. Of course with the record amount of bad debt out there, this might not be such as bad idea (my opinion again)?

I'm not sure where this lawsuit will go, or if this action will spawn others in the future. The only thing I do know is that it would be nice to see the victim get a fair shake for once. There has to be a better way for the average consumer to protect themselves.

The article quotes Gail Hillebrand at the Consumers Union:

Many consumer advocates say that no one should have to pay anything to defend against identity theft. “Having to renew a fraud alert every 90 days is a pain, and I can see why there’s demand for these services,” said Gail Hillebrand, a senior lawyer at Consumers Union. “But the ultimate solution is not for consumers to pay someone extra. It’s for the credit agencies to make this an easier process and to extend fraud alerts for a year.”

NY Times article about Gideon Yu and Debix, here.

Feathered Bastard article, which contains a link with the actual Experian complaint, here.

In case you can't afford the extra money to protect yourself, or simply are frugal, here are two links on how to "do it yourself," I recommend taking a look at:

FTC site on how to deal with identity theft, here.

Information by the Privacy Rights Clearinghouse, here.

Consumers Union (quoted above) does a lot of work to advocate for better laws that will be more consumer friendly, also.


Click here to Guard your Identity

5 comments:

cary said...

So what it comes down to is:

Be aware of where and how your personal information is being used. There is an excellent article at Popular Science (http://www.popsci.com/scitech/article/2008-02/anonymity-experiment) that shows just how far you'd have to go to do this, however.

Anonymous said...

If you want a factual look at the story behind the story use the book "Silent Crime" by Michael McCoy.

Anonymous said...

The various divisions and subsidiaries of the Experian Group -- Experian Interactive, Experian Consumer Direct, consumerinfo.com, MetaReward, LowerMyBills.com, iPlace, qPlace, PriceGrabber.com, ClassesUSA.com, reecreditreport.com, CIC*Credit Report, and so on -- aren't just in the business of deceiving countless people into "taking advantage" of a "free" service for which the poor sucker is then charged, they're running a protection racket that would be the envy of any organized crime boss.

It's pretty simple. While one unit facilitates identify theft another sells "protection."

Recently my credit card was charged for somebody else's "free" credit report. Such fraud is apparently common because CIC / freecreditreport.com (or whatever the latest name they happen to be charging under on a given day) refuses require that the name of the subject of the "free" credit report be the same as the holder of the credit card provided.

A person who is legitimately seeking to review the status of their credit should have no problem with providing their own credit, debit, or bank account number for identification purposes. If they have no accounts, they don't have much of a record to review.

Any legitimate businessperson would recognize that the sort of identity verification that services like PayPal require (e.g., charge a card or bank account a dime and require the account holder to enter the code associated with the charge) is of absolute necessity when dealing with such sensitive information. By refusing so do so, Experian is declaring their intent to profit from fraudulent transactions.

When I contacted Experian they told me they would close the fraudulent account but refused to refund the fraudulent charges. And thus they make their intent to profit from fraud even clearer. They are banking on the fact that many people simply don't have the time or patience to engage in a lengthy battle for charges that are under $50.

It's greed run rampant. It's not like asking people to provide an account that has their own name on it would interfere with Experian's the bait and switch racket. (It's Free!. . .Not!) It would simply remove one means by which identity thieves get sensitive information on their targets.

Anonymous said...

The various divisions and subsidiaries of the Experian Group -- Experian Interactive, Experian Consumer Direct, consumerinfo.com, MetaReward, LowerMyBills.com, iPlace, qPlace, PriceGrabber.com, ClassesUSA.com, reecreditreport.com, CIC*Credit Report, and so on -- aren't just in the business of deceiving countless people into "taking advantage" of a "free" service for which the poor sucker is then charged, they're running a protection racket that would be the envy of any organized crime boss.

It's pretty simple. While one unit facilitates identify theft another sells "protection."

Recently my credit card was charged for somebody else's "free" credit report. Such fraud is apparently common because CIC / freecreditreport.com (or whatever the latest name they happen to be charging under on a given day) refuses require that the name of the subject of the "free" credit report be the same as the holder of the credit card provided.

A person who is legitimately seeking to review the status of their credit should have no problem with providing their own credit, debit, or bank account number for identification purposes. If they have no accounts, they don't have much of a record to review.

Any legitimate businessperson would recognize that the sort of identity verification that services like PayPal require (e.g., charge a card or bank account a dime and require the account holder to enter the code associated with the charge) is of absolute necessity when dealing with such sensitive information. By refusing so do so, Experian is declaring their intent to profit from fraudulent transactions.

When I contacted Experian they told me they would close the fraudulent account but refused to refund the fraudulent charges. And thus they make their intent to profit from fraud even clearer. They are banking on the fact that many people simply don't have the time or patience to engage in a lengthy battle for charges that are under $50.

It's greed run rampant. It's not like asking people to provide an account that has their own name on it would interfere with Experian's the bait and switch racket. (It's Free!. . .Not!) It would simply remove one means by which identity thieves get sensitive information on their targets.

Comrade said...

CIC warns aganist Fraud Immigration Consultants