ID-theft ruling: Set your own fraud alerts

May 29, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Companies that sell "identity-theft protection" present an alluring but questionable proposition.

For as much as about $100 per year, the main thing they do is set fraud alerts that force banks to call people before new lines of credit are opened in their names. The alerts can be useful - but people can set them themselves, for free.

Now even that function could be taken away from the ID theft-prevention services.

A federal court in California has blocked Tempe, Ariz.-based LifeLock, one of the industry's biggest players, from setting fraud alerts with Experian, one of the three main credit-reporting agencies that manage the fraud alerts.

Experian is suing LifeLock, claiming that LifeLock's automatic renewal of customers' fraud alerts - which happens every 90 days, when they expire - costs Experian millions of dollars in processing expenses.

In a ruling last week, a judge agreed with one of Experian's central arguments, which is that LifeLock isn't authorized to set alerts for consumers, and that federal law requires consumers to set alerts themselves by contacting credit bureaus directly.

The ruling has caused at least one ID-theft prevention service, Debix, to announce it plans to drop fraud alerts and offer credit monitoring instead. The trend is likely to play out across the industry.

"It's going to be a game changer," said Jay Foley, executive director of the Resource Center.

For consumers, this means "identity theft protection" services could get more expensive - and less useful. Credit monitoring services can cost $180 a year, and they don't always detect a fraud before it happens.

In contrast, fraud alerts are supposed to make it much harder for identity theft to be pulled off in the first place.

When a bank or retailer runs a credit check on someone for a new account, if a fraud alert pops up, the bank or retailer is required to call that person or use any other "reasonable policies and procedures" to verify their identity. That is meant to stop a scammer who goes into a retail store and tries, for example, to get instant credit under someone else's name and then walk out with a TV the other guy would be on the hook for.

LifeLock's CEO, Todd Davis, who is known for plastering his Social Security number on billboards in a dangerous advertising gimmick, says his company will fight the court ruling and won't stop setting fraud alerts with the other two credit bureaus, Equifax and TransUnion.

Placing an alert at one bureau means an alert is placed at all three, because they have to notify each other.

"It's going to be business as usual until we hear they don't agree with the way we're interpreting this," Davis said in an interview. "We're not worried that this is some catastrophic decision."

At least one of his competitors disagrees.

Bo Holland, the founder of Debix, which offers ID theft protection for $24 a year, said his company will now stop setting fraud alerts and sell credit monitoring instead. Holland said many of Debix's clients are corporations that subsidize the service for employees and customers after a breach.

Losing the ability to set fraud alerts is "definitely a step backward. It's been a very effective mechanism; creditors did a pretty good job of doing what they were supposed to do," he said. "Absolutely I'm sad to see it go."

Holland noted, though, that fraud alerts have weaknesses, because banks will sometimes ask "security questions" of credit applicants instead of calling a consumer before opening a new account. If criminals have enough personal information about their victims, the con artists might be able to answer those questions, and the consumer would never get a call.

Representatives for another big ID-theft protection service, TrustedID (which costs around $100 a year), did not return messages seeking comment.

Experian's lawsuit is not the first against LifeLock. Some customers have sued, saying they were misled about their level of protection.

The main thing services like LifeLock guard against is credit fraud. But there are other types of fraud, like using someone's Social Security number to get a job or medical coverage or giving it to police to impersonate someone innocent. A fraud alert on a credit report is powerless against those crimes.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: ID theft a concern for new year

Related Stories

ID theft a concern for new year

January 4, 2006

Forget about losing excess pounds -- what consumers really should resolve for the New Year is protecting their identity, security experts warn. The rise in identity theft has brought the issue to the forefront for both businesses ...

Second-Hand Computers Pose Identity Theft Threat

January 30, 2006

A new identity theft study conducted by leading University of Leicester criminologist, Professor Martin Gill found that second-hand computers - which account for one in 12 computers in use worldwide - can be a potential treasure ...

New alliance to study and combat ID theft

July 1, 2006

A dramatic increase in the number of investigations into identity theft and fraud over the past few years has sparked a partnership between law enforcement, government, the corporate world and academia.

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.