The days of paying companies $10 a month to place fraud alerts on your credit report every three months may be numbered, thanks to a recent U.S. District Court ruling. Two identity theft protection companies have already stopped placing the paid alerts.
In late May, Judge Andrew Guilford, of the U.S. District Court for the Central District of California, ruled that the federal Fair Credit Reporting Act (FCRA) prohibits commercial enterprises from placing fraud alerts on paying consumers’ credit reports. The partial summary judgment was in favor of Experian, one of the big three credit bureaus, which had sued LifeLock, one of the first fraud alert placement companies.
As the Consumer Reports Money Adviser first reported in December, 2007, LifeLock made a big business out of charging consumers $10 a month to place fraud alerts on their credit reports, which are supposed to stop ID thieves. When a crook tries to open a new credit account in your name, the prospective lender is supposed to see the alert when he pulls your credit report, and to call you to check whether the person who says he’s you really is you.
Problem was, we pointed out, the FCRA gives consumers the right to place fraud alerts themselves for free. What’s more, fraud alerts are no guarantee against ID theft, since some lenders don’t see them and let crooks open accounts in other people’s names anyway. "We know this isn’t 100 percent bulletproof," LifeLock CEO Todd Davis told us. "You can still be a victim. If that happens, we’re there to clean up the mess" with a $1 million guarantee.
Davis was not available to comment on the ruling, but a company spokesman said, “We have filed our motion for the court to reconsider its ruling in light of new evidence we have uncovered since the hearing in January of 2009. We have provided the court with extensive arguments and expert information, which we believe prove that the court's initial ruling should be changed.” LifeLock did not respond to our request for a copy of its motion and new evidence.
“Experian is pleased with the ruling of the court, as it upholds the regulations outlined by the Fair Credit Reporting Act,” an Experian spokesperson said. “Experian believes that the court has rightly recognized Lifelock’s unfair business practices. This ruling is not just positive for Experian, but for consumers. Experian will continue to work with consumers to provide education and services to assist them with understanding the credit reporting system.”
One other identity protection company, Debix, already has stopped providing fraud alerts. (See more on Debix’s better fraud-alert system in my next blog.) And IdentitySecure has shifted to letting consumers place their own alerts directly with the credit bureaus through a simple web interface and sending customers a reminder e-mail every 90 days so they can renew the alert.
Equifax also has stopped accepting fraud alerts from LifeLock. “Our decision to stop accepting LifeLock generated fraud alerts is based completely and solely on our interpretation and understanding of FCRA and is consistent with the recent interpretation by the U.S. District Court for the Central District of California. And in that interpretation there is what we consider an unequivocal ruling that LifeLock’s practices are in violation of public policy,” an Equifax spokesman said.
What will happen to LifeLock now? The company wouldn’t answer further questions. But a customer service representative on LifeLock’s toll free line told me that the company continues to place fraud alerts through TransUnion, which, in turn, told me, “We are aware of the litigation and the decision of the court as to LifeLock's practices related to Experian. Pending a specific ruling in this matter from the court, we have continued to operate as in the past, in support of each consumer’s right to choose.” –Jeff Blyskal