Singletary: Holes in the fence of ID-theft protection

photophotoMichelle Singletary

Michelle Singletary

Your personal financial information can’t be completely protected.

Witness the recent news involving the Federal Trade Commission and LifeLock Inc., one of the leading companies in the identity-theft protection business.

The FTC has filed charges alleging that LifeLock violated a 2010 settlement in which the company vowed to stop making deceptive claims about its services and implement stronger measures to safeguard its own customers’ personal data, including credit card, Social Security and bank account numbers.

“We disagree with the substance of the FTC’s contentions and are prepared to take our case to court,” LifeLock said in a statement. “LifeLock takes the accuracy of our advertising materials very seriously. The alerting claims raised by the FTC did not result in any known identity theft for LifeLock members.”

Whatever happens this time (LifeLock previously shelled out $12 million), the case should serve as a reminder that identity-theft services are limited in what they can do and still can leave you exposed. Here’s how:

The claim: In its advertising, LifeLock says it “uses advanced technology to constantly monitor over a trillion data points to help detect suspicious uses of your identity information to get loans, credit and services in your name.”

The caveat: Let’s say that with all of its super-duper detection, LifeLock discovers that your information has been compromised. This means the data is already out there and perhaps being sold for goodness knows what. By the time a breach is detected, it’s too late. Oh, and by the way, in those ads — and in smaller print than the protection claim — is this disclosure: “Network does not cover all transactions.”

The claim: “At the center of all LifeLock services is the patented LifeLock Identity Alert system. Actionable alerts are sent in near real time as soon as LifeLock detects your Social Security number, name, address or date of birth in applications for credit and services within our extensive network. … You can choose alerts by text, phone or email.”

The caveat: Again, alerts only come after the fact. Also, the FTC noted in its original 2010 complaint that LifeLock’s alerts don’t protect you from some of the more common types of identity theft, such as misuse of an existing credit account, that typically do not involve obtaining consumer credit reports.

The claim: Identity-theft services may offer alerts of activity on your credit card, checking and savings accounts.

The caveat: You’re paying for something you can do yourself.

With so many data breaches, most financial institutions now allow you to sign up for free alerts. I have alerts on all my accounts.

The claim: You’ll get your alerts lickety-split.

The caveat: You may not get alerted as quickly as you think.

In its new complaint, the FTC said that from at least January 2012 through December 2014, LifeLock falsely claimed it protected consumers’ identity around the clock, 365 days a year, by sending alerts “as soon as” there was any indication there was a problem.

LifeLock says in its FAQs that it’s “possible that, due to a lender or service provider’s internal processing procedures, in limited circumstances an application made within our network may not result in an alert or may result in a delayed alert notification.”

As the FTC noted, even when you put a fraud alert on your credit files, creditors could overlook such notices. And many institutions simply don’t have sufficient protections within their systems to thwart identity thieves.

Even the best identity-theft protection service still leave you vulnerable because what they largely provide is an after-the-fact “defense.”

Article source:

Technorati Tags: ,

Tags: ,

Leave a Reply