LifeBlocked
Podcast: Play in new window | Download
Internet-y as the next blogger, I’d like to point out how wired.com noticed that the Phoenix New Times figured out that LifeLock CEO Todd Davis (you know, Mr. 457-55-5462) who dares criminals to steal his identity has, in fact had his identity stolen at least 13 times. But in a repudiation of the Internet tendency to simply point at the findings of others and say “like he said, ” I’ll now explain how the identity thieves got away with it. Given that, as you know, LifeLock is “guaranteed. ”
What LifeLock does primarily when you subscribe is they put a fraud alert on your file at all three national credit monitoring agencies — Equifax, Experian, and Trans-Union. A fraud alert says “this person’s identity has been stolen, don’t approve any unusual expenditures without proper verification. ” So the cable bill you’ve been paying with a credit card for five years still goes through but any new request for credit or an unusual expenditure gets flagged. The problem with this is that the fraud alert isn’t real; there has been no fraud. You only signed-up with LifeLock, which is now screaming at the credit bureaus that you’ve been ripped-off when, in fact, you haven’t.
Credit bureaus hate LifeLock.
A fraud alert is like putting a chastity belt on your credit file, with the keys held only by three cranky eunuchs.
But wait, Todd Davis (Mr. 457-55-5462) was ripped-off 13 times despite being a member of LifeLock. With an fraud alert on his file, how was this even possible?
Because the frauds didn’t involve his credit file.
Worse still, Mr. 457-55-5462, didn’t even know his identity had been stolen 13 times, despite his LifeLock membership, until the bill collectors started calling. Maybe he should have applied for that $1 million insurance pay-off.
Oops. “Certain conditions apply.”
What happened to Mr. 457-44-5462 had nothing to do with the three national credit monitoring agencies and everything to do with the National Consumer Telecom & Utilities Exchange (NCTUE), a service managed by Equifax but completely separate from that company’s credit operation. The NCTUE is a sort of in-house credit-monitoring operation aimed solely at telephone, cable TV, gas, and electric customers. NCTUE came about because utilities and telcos have different needs than do banks or mortgage companies. Utilities specifically have lots of cash customers, their greatest exposure is to lost payment for a month or two of service, so they don’t really give a damn whether you are an illegal alien or not. All the NCTUE and its members’ care about is that you have an ID and a social security number, even if that number is borrowed. And, of course, they’d like you to pay your bill on time, please.
The NCTUE does a far superior job of monitoring creditworthiness than the bureaus if credit information is available given that it allows any of us to have multiple identities and thousands of people to share the same Social Security Number as long as they pay their bills.
LifeLock doesn’t have access to the NCTUE database so Mr. 457-44-5462 had no way of knowing that his identity had been used or is currently being used. The violations mainly involved Telco and utility accounts and none were for more than $1000. Furthermore often NCTUE is used as a stepping stone for creating false IDs in your actual credit file – but that can wait for another blog.
It turns out there are hundreds of such alternative databases, with the NCTUE being just the largest, and LifeLock doesn’t have access to any of them.
NCTUE is interesting not just because it is invisible to LifeLock but also because it isn’t (nor is it required to be) compliant with the Fair Credit Reporting Act (FCRA) which allows you to, for example, see your credit report for free if you’ve had a denial of credit and to contest any information you think is in error on the report.
Actually NCTUE is voluntarily FCRA compliant as far as it can be given the apples-and-oranges difference between what it does and what the credit bureaus do. If you work hard enough you can obtain a copy of your current file history and they will address and resolve issues.
NCTUE is currently in the middle of multi-year expansion that may actually eclipse the number of consumers in the credit file. Remember everyone has a cell phone even if they do not have a credit file or legal status to be in the USA.
Bummer for Lifelock, which has no access to this information.
Your NCTUE file today contains only negative information, by the way, because it isn’t a true credit rating. But it can still be used to steal your identity.
Just ask Mr. 457-55-5462.
Bob,
You say that, “everyone has a cell phone.” Funny, but I don’t have a cell phone. Guess I don’t count. Rats, I was having such a good time, but now I don’t even exist.
Yes, if you don’t have a cell phone, for a lot of purposes you *don’t* exist. Your behavior is so far outside the norm at this point in time that you can expect all sorts of problems, which will increase in frequency and severity over time from here on out. You’re pretty abnormal. It’s true.
I can relate. I have never had a valid driver’s license or state-issued ID card, and so for a lot of purposes *I* don’t exist. I’ve gotten a continuous stream of shocked reactions for decades now, and I don’t see that letting up. I’m pretty abnormal. It’s true.
Doug,
Yes, I’m probably abnormal, like you say. For example, everyone else in my immediate family smoked cigarettes most of their lives. Not me. I tried it and didn’t care for it. (You guessed it. All the life-long smokers ruined their health.)
All the “tough” kids in school thought smoking cigarettes made them look like grownups. Not me. I thought it made them look like pathetic losers.
I’ve never been one for going along with the crowd if it didn’t make sense. That’s just the way I see things. If something seems like a dumb idea, I usually don’t do it. (Okay, so I got stinko drunk several times. Hey, nobody is perfect.)
As for the cell phone thing, I’ve never had one. After retirement, I had to take care of some family members. Then the website project came along. And after my nephew moved in with me, he ran most of my errands. So I have been mostly homebound in my “golden” years. Do I need a cell phone? No way.
As for having problems due to the lack of a cell phone, I don’t agree. My remaining family members call me on the landline whenever they want. As for bill collectors and all those 800-number solicitors, who cares about them? Not me.
Of course, being somewhat abnormal is what enabled me to ask for and understand those revelations I received about the true nature of life and reality. ‘Nuff said.
Congrats, you win because you don’t smoke and the like.
No one said you have to follow the crowd with whatever they are doing.
I too, do not smoke, but I have a cell phone because nearly all of my waking time is spent outside of my home, and although I have a phone at work, we are discouraged from using it for personal use. Could I only stay in contact with my friends and family members from 8pm to 10pm at night, and then 6pm to 7pm in the morning? I could, but i like the benefit of being able to call my mom at noon. Does this mean I have given in to peer pressure and destroyed my health? No? So what is your point about the smoking, again?
ugh, 6 to 7am.
Julie,
No point. Just the rambling thoughts of an independent and somewhat abnormal person. (Wish your picture was larger.)
[...] Cringely does LifeLock. What LifeLock does primarily when you subscribe is they put a fraud alert on your file at all three national credit monitoring agencies — Equifax, Experian, and Trans-Union. A fraud alert says “this person’s identity has been stolen, don’t approve any unusual expenditures without proper verification. ” So the cable bill you’ve been paying with a credit card for five years still goes through but any new request for credit or an unusual expenditure gets flagged. The problem with this is that the fraud alert isn’t real; there has been no fraud. You only signed-up with LifeLock, which is now screaming at the credit bureaus that you’ve been ripped-off when, in fact, you haven’t. [...]
I wouldn’t be surprised if Todd Davis identity has been stolen far more than 13 times. As an example, it is fairly common for illegal aliens to use “borrowed” SSNs, and usually the real SSN owner doesn’t find out about it for years.
The real problem is that the person in whose name/number financial services were extended is the one who is liable for those services, not the company providing them. If they provide them to someone claiming to be you, the burden of proof and cleanup is on you not them. Consequently they don’t have that much of an incentive to verify it really is you.
Years ago, when you had a credit card, you were responsible for all charges, even fraudulent ones. Congress enacted a bill limiting your liability to only $50 of fraudulent charges. The credit card companies protested complaining that people would be less careful and would simply buy stuff and then later declare it as fraud.
In the end, it forced the credit card companies to care about fraud and to take the lead in fighting fraud. Maybe it is about time to apply the same logic to credit reporting agencies.
It is also time to state that my information is owned by me and you have to get my permission to use it. That would help stem the flow of information sharing without my knowledge. And, companies and fraudsters cannot peruse the credit agencies for information without my knowledge.
Well Now that is refreshing. I remember BobC saying that, just like the banks (these agencies should) require themselves to identify themselves to you, BEFORE you can trust them or log in. And just for shits and goggles I have my sensitive info in español as nonsense questions. Maybe it is my benefit. Or likely a false case of aspbergers but in the end I fully agree, I should own my ‘cloud’ data.
I find it strange that Americans, living in one of the hot-beds of democracy, have and always have had deep issues with Government-issues ID’s.
Whereas in European countries, of which most have experienced less-than-democratic regimes at some point in time, citizens have far fewer problems with them. In fact, such ID’s are commonplace across Europe.
Perhaps it is a consequence of accepting the fact that if Governments want to keep track of you they can do so, ID or not. And that the [lack of an] ID by itself is not the watchdog of liberty, the people are.
In the meantime, state-issued ID’s solve real problems, such as identity theft, which is an almost non-existent issue (except in the UK, which, well, doesn’t have those ID’s).
State-issued IDs do not solve anything; they can be, and are, easily forged like any other form of government identification. Worse yet, since you don’t have to actually prove you’re the person requesting the ID, it’s quite easy to get a phony ID even by stealing a driver license and using that information, even though you don’t match the description of the person on the driver license.
The REAL ID act that Congress thinks is going to work simply cannot work; it has already failed miserably, as it provides no funding for states to implement, and many states have simply said they’re not going to do it. The delusion in Washington that a national form of ID is going to solve a problem is misguided. It can’t work because it relies on using other forms of ID that can already be forged; thus, the new REAL ID can’t be trusted, either. Aside from that, it is designed to track your movements and store them in a database where you have no access to the information, and it could be used to imprison you at some point, without just cause. That’s taking away liberty under the guise of increased security, which is what the Founding Fathers warned about.
The dangers of spying on your citizens and keeping a massive government database with this information was warned about more than 40 years ago in The National Data Bank, in The Atlantic, November 1967.
Identity theft ISN’T a big issue in the UK. It’s just that the last government claimed it was, in the hopes of convincing people to accept ID cards.
About 7 years ago Bob’s mail was stolen. It was a big mess for him. He wrote about it in his PBS column at the time: http://www.pbs.org/cringely/pulpit/2003/pulpit_20030911_000785.html
Around that time we had just finished refinancing our home. Through the process we discovered a large number of “inquiries” on our credit. We contacted the 3 credit agencies and asked them to secure our credit information. We had to pay each of them for the service! A few months later we conducted a test. We were on a trip, 700 miles from home. We applied for a credit card. It was approved. The card was sent to us and no one at any of the three agencies stopped the transaction long enough to call us for a verification. The application should have been flagged and checked. It wasn’t. So much for the effectiveness of their service! We got our money back.
From the experience we learned the banks would give almost anyone a credit card. The banks are the biggest customers of the credit agencies, so in the end the credit agencies will do whatever the banks want. A bank somewhere wanted us to have that credit card. So all the rules were broken, despite the fact we were PAYING them to follow the rules.
A local tire store gave us a credit card a few years ago. If we applied for a card, they’d take 10% off of the price of our tire purchase. The card was managed by GE Money. We paid off our purchase immediately and requested the account be closed. It wasn’t. Periodically we would get a letter from GE Money on changes to their terms and conditions. In one letter they informed us the interest rate on the card was 29.84% !!! Over time GE noticed we were not using the card. They (and the tire store) started calling us to encourage us to use the charge card. My response would start with: “At 29.84% — are you nuts!” I’d then ask “By the way, why haven’t you closed my account?” A few weeks ago we did our annual free check of our credit. Guess what? The GE Money charge card is still alive and well. If THEY want me to have an active card and account, nothing I can say or do will get them to cancel it.
While I am disappointed by Lifelock’s methods, I am not surprised. They found a loophole that forces everyone to manage your identity properly. It is not the right way to do it, but it is probably the only way that will really work. If the banks and credit agencies would do their job right, we wouldn’t need firms like Lifelock. If they want someone to blame for the hassle Lifelock’ is causing them, then — look in a mirror.
No, no, and no. The credit bureaus do not evaluate each and every transaction (like the cable bill payment example) but rather requests for new credit. Putting an alert on the three bureaus for your profile should only cause those running a credit report to see the fraud alert and ask why a request for new credit is being made. It is imperfect and if the creditors are only looking for a credit score the fraud alert can be easily missed by their automated credit granting systems. As mentioned in the article there are numerous other bureaus and services that creditors may go to in order to validate the credit request and LifeLock does not protect against those.
There’s also something you can do – put a FREEZE on your credit. It’s not a fraud alert; it’s a notice in the file that no additional credit is to be extended to anyone period, not even you. You can still use your credit cards, pay your bills, etc; but no new credit cards, loans, etc. can be added.
If you want to apply for a loan, you have to call in, and provide a temporary unfreeze your credit; which you can do as a blanket (in case of multiple requests) or on a specific basis (e.g. just your bank so you can get the mortgage).
This very effective, and free. They’re required by law to allow you to do this. And if you travel overseas much, it is very much worth it. You don’t have to belong to LifeLock or any other service to do it either.
Sorry – but you can not put a freeze on our NCTUE records, it only works on your traditional credit file as maintained by Experion, Transunion and Equifax.
Thanks for exposing more of what Lifelock does (and doesn’t do). One point of clarification–as I understand it, Lifelock no longer sets fraud alerts. They are prevented from doing so as part of their settlement with Experian in October 2009.
Credit bureaus hate LifeLock, and are doing everthing thay can to put them out of business!
“As a result of litigation with the credit bureau, Experian, a Court has ruled that LifeLock must soon end the practice of setting fraud alerts on behalf of consumers.” 8/31/09
“In the coming days you will receive a letter from the Federal Trade Commission and your state’s Attorney General’s office regarding a recent settlement relating to our past advertising practices.” 4/11/10
FYI…
In general a credit FREEZE is only free if you are a victim of an identity theft. If you are not, it will cost you money.
Even after we paid for a credit freeze, we were still able to get credit and new charge accounts. The lender may or may not react to the freeze.
In the end we got our money back for the freeze’s that didn’t work.
FWIW I put 3 freezes on my credit with the 3 agencies. Each agency charges to unfreeze it for a specified period of time, so if you want to open a new cell phone account, for example, it helps to ask them which agency they use and to coordinate their call with the time and duration of the unfreeze. So it looks to me like even though you’re not applying for a credit card or paying with one, plenty of companies use those agencies before giving you the account. If it’s true that LifeLock can’t use fraud alerts, then they must now be using freezes. Does anyone know how the unfreeze process works with LifeLock?
Thanks in advance for your help!
I’ve been hunting all over for this particular marketing information… I’m sure glad anyone seriously has got the best solution to such a common subject. You possess no understanding the amount of internet sites I have recently been to over the last hour or so. Kudos for that information
Looks like spam’s coming! (see prev. message)
If you had bothered to read through the articles that you link to, you would have found out that LifeLock can no longer put a fraud alert flag on your credit file. You can’t be very “internet-y” if you don’t bother to read the links that you are writing about. Or maybe that is the essence of being “internet-y”.
It’s a very valid point that LifeLock is a ripoff, since it now can’t even do the one thing that conceivably could have helped customers, but your point is lost with such a massive mistake in the basic facts.
Bob provides way more background information and insight than most traditional journalists. His point in this case is that “fraud alerts” plus “insurance” made the company but that the insurance would likely never be paid regardless of the mechanism of “protection”.
Just like people are now asking of Facebook, I would like to see the credit reporting agncies operate on an opt-in basis. I.E. they can gather all the information they want about a person but they can only report that the information has been “locked” by default until the owner of the information says to whom and when it can be revealed. Credit Freeze by default. In other words it’s no one’s business how credit worthy I am until I ask them to extend credit to me. Then I temporarily or permanently open my information to them for the purpose of receiving the credit they are offering.
So… would’nt that defeat the whole purpose of a credit file? If you opt-in there will be no way to access risk because there would be not negative data.
If, after I obtain credit for the first time, my performance on that line of credit would be reported to the agencies who have always been allowed to collect it. If I wish to obtain credit again either from the same source or someone else, I would once again have to give permission for the new party to receive it or for the old party to see it again unless I previously gave them permanent access. Permission required to RECEIVE not to COLLECT. I would grant the receive permission to the company lending me money in order to obtain credit from them.
I think I may have come up with a solution for a lot of privacy issues. Doesn’t really cover this sort of identity theft but the general idea is to open source what information we give out and have a constant process monitoring what information goes where.
http://alexanderchalkidis.com/?p=258 is the more detailed exposition of the idea. How to beat Facebook at it’s own game through altruism.
I don’t think you came up with much. The whole point of facebook is to share your data with other people. If you don’t want people to see something don’t put it there… pretty simple concept if you ask me.
Facebook doesn’t go out and gather data on people… it gathers the data you (and your friends) gives it. Google is much the same way. If you don’t use google they don’t get information on you. Sure your name may come up a few times in searches (depending on where you name gets published online), but they have little actual data on you.
You are making it seem like these companies go out of their way to get your information. They don’t, you willingly provide it. As long as people give their information away someone is going to take it. Some open source system that’s monitored by these mythological trustworthy people isn’t going to change that. Nor is it any safer in the hands of some university professor and his research team.
The problem with FB is they claim you have control over who sees your data, but by default it’s all exposed to everyone until you access the 100+ privacy settings. Of course, now they claim to have simplified the process. The other completely separate problem and the “last straw” reason Leo Laporte closed his account is that they are trying to become the Internet in the sense that AOL did in the early days. In other words, if you don’t have a FB account, you won’t have access to the content of people who put it on FB and don’t bother to set up a separate website.
thank you for exposing waht exactly lifelock does…
One solution would be for credit to be eliminated and cash required for everything.
An equitable solution would be for the credit issuer to absorb all loses that they can’t prove you charged with forensic evidence that stands up in a court of law.
About the 1 million dollar protection. I remember for awhile in their commercials they had a qualification like, “….if through no fault of our own…”. That leaves a wide opening for them to wiggle out of. I seriously doubt LifeLock would ever pay up.
I can remember my credit card company calling me about buying credit card protection, so they could notify me of unusual activity. I turned them down, then a week or so later I get a call from their department about unusual activity on my card. Here the credit card company was wanting me to pay for something they already did for free!
Amazing.
[...] LifeBlocked – Cringely on technology (tags: lifelock credit fraud identity privacy security) [...]
For a more complete list of identity theft risks that an Initial Fraud Alert will not protect you against, see section 18 of the complaint filed by the FTC which cost LifeLock $11 million. http://www.wired.com/images_blogs/threatlevel/2010/03/lifelockcomplaint.pdf
[...] is an interesting service, but it actually doesn’t protect that well. I’ve seen a lot of articles on the subject, but the one I just linked has the best over-all [...]
cash mastercard…
This is my blog about auto cash mastercard…
I want to post quick hi and want to say thanks for enlightened letter. I found myself looking through the web for some kind of goodarticle. like this, or at least a website. That coveredwhat i looked in to
Thank you.
Thanks for such a kick but post, you rock!
Quite interesting post. Your own web-site is quickly turning into considered one of my favorite features.
Hello!I am checking your posts for some days now. I have to admit that it is very interesting . It is added in my bookmarks and i will try to follow it frequently. Thanks for the nice posts . In addition, i honestly like your theme and the way you have structured your categories/menus . Is it possible to tell me the name of your template ? Cheers