Is LifeLock a Good Way to Protect Your Identity?
Image via Wikipedia
Bruce is a noted commentator on security issues.
Bruce writes that Lifelock has been given a rough ride:
"The biggest smear is that LifeLock didn't even protect Todd Davis, and that his identity was allegedly stolen.It wasn't. Someone in Texas used Davis's SSN to get a $500 advance against his paycheck. It worked because the loan operation didn't check with any of the credit bureaus before approving the loan -- perfectly reasonable for an amount this small.
The payday-loan operation called Davis to collect, and LifeLock cleared up the problem. His credit report remains spotless."
Hmm, so the problem was with the loan operation? How widespread is this?
Bruce claims:
Basically, there are two ways to deal with identity theft: Make personal information harder to steal, and make stolen personal information harder to use.We all know the former doesn't work, so that leaves the latter.
If Congress wanted to solve the problem for real, one of the things it would do is make fraud alerts permanent for everybody. But the credit industry's lobbyists would never allow that.
Current fraud alerts expire after 90 days, and companies like LifeLock exist because they can continue the fraud alert. After saying some nice things about the company, Bruce surprising concludes:
"LifeLock's business model is based more on the fear of identity theft than the actual risk."
Bruce's conclusion is that the $120/year isn't worth it because you can effectively achieve the same thing by renewing the fraud alerts.
But would you regret a) forgetting to renew the alert and getting burned more than b) paying $120/year to forget about it?
After all, the entire home alarm industry is based upon selling insurance against regret, why should the identity theft protection industry be any different? Buying insurance assures peace of mind, not winning the gamble.
Comments
Ed;
I agree with you that there is no 100% protection - there never is.
But, how much of the attacks on LifeLock, which is admittedly overpriced, oversold, and not as extensive as it should be, are due to envy from other less successful business models?
I have no horse in this race. And Lifelock's advertising leaves me cold - but are we seeing a scam or an aggressive business model?
Success will attract litigation.
Perhaps the whole business model in this area is just too grey to call?
Thanks, as always, for your intelligent and experienced input.
Posted by: michael webster
|
June 23, 2008 11:54 PM
I written a few posts on Lifelock. First of all, I agree the service isn't worth the money. There are a lot of reasons, Lifelock (and a lot of other pay for protection services) aren't going to make anyone bulletproof from dumpster divers, hackers and assorted financial criminals.
Some of the reasons there is no way Lifelock (and many others) can guarantee 100 percent protection from identity theft is that not all of it shows up on credit bureaus. Examples of this are medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and last, but not least, when it is used to commit crimes of other than a financial nature.
Some of their advertising is pretty misleading, also.
Just today, I saw a Lifelock ad asking parents if their children are sharing files (think they are referring to P2P) to sell the service.
It is true that malware (crimeware)-- software designed to steal information -- is dropped on a lot of systems via P2P. Nowadays this occurs by clicking on spam links and can even happen by just visiting a rogue site (referred to as a drive-by).
What is misleading is that a fraud alert on a credit bureau offers little to no protection in these cases. Most of the time, hackers steal access information to existing accounts and drain them.
More often than not, your account will be drained a long time before a credit bureau finds out about it. In fact, one has to call the credit bureau and report the fraud before any sort of flag will show up in a credit bureau.
It will be the victim -- not Lifelock or the credit bureau -- who will be the first to discover the fraud when they find out their account was drained or they start getting bills for items they never bought.
The ad (my opinion) seems to mis(?)represent that if you sign up for Lifelock - you are safe (???). I don't think so!
While it is true that information could be stolen to open new accounts. The problem is that it is much easier to take over an account than open a new one in these instances. The people who do this go after thousands of victims at a time (normally using botnets) and are unlikely to bother with opening new accounts, which is a lot more work.
So far as the reason Likelock is being targeted with litigation - I've wondered about this, also. There are a lot of companies offering pretty much the same service, including a lot of financial institutions and the credit bureaus, themselves.
I've seen theories on this ranging from competition trying to knock Lifelock out to that these cases will set the precedent for ones in the future (probably more likely).
So far as myself, I recommend learning how to surf safely (P2P sites are always a bad idea) and using the free services found in places like the FTC site and Privacy Rights Clearinghouse.
Of interest, whenever I've written about Lifelock, a lot of these other services send me e-mails and or leave spam comments on the post directing people to their service.
Posted by: ed dickson | June 21, 2008 11:57 PM