NEW YORK — LifeLock Inc., an identity theft protection company that backed its guarantees by putting its CEO’s social security number on the side of its trucks will pay $12 million to settle claims it misrepresented its services, according to the Federal Trade Commission.
The State of Mississippi is involved in the settlement.
LifeLock will pay $11 million to the FTC to cover the cost of customer refunds, and another $1 million to the attorneys general of 35 states, the agency said. The FTC said LifeLock made false claims about its ability to prevent identity theft, as the services provide no protection against misuse of existing accounts, which is the most common type of identity theft, or medical or employment identity theft.
The agency described the agreement as one of the largest FTC-state coordinated settlements on record.
In a telephone interview, LifeLock CEO Todd Davis said the company was not acknowledging any wrongdoing. He said all of the company’s current advertising and infrastructure have been cleared by the FTC.
The FTC said LifeLock overstated its ability to prevent new account fraud, which accounts for about one out of every six identity thefts. The Tempe, Ariz., company responds to suspected identity theft by placing fraud alerts on accounts, but the FTC said those alerts do not provide absolute protection and they can be foiled by identity thieves.
“There’s still nothing that can stop all identity theft,” Davis said. “We still have that same position. No one can stop all identity theft.”
The agency said LifeLock misrepresented its own data security procedures. The company allegedly deceived customers in its ads by saying all its data was electronically encrypted and that highly secure procedures are used to protect the confidentiality of its customers. The FTC said claims that only authorized LifeLock employees would have access to customer information, and then only on a “need to know” basis, were also false.
The company also said it would prevent unauthorized changes to address information, that it constantly monitored activity on customer credit reports, and that it would ensure a customer would always get a phone call from a potential credit before a new account was opened. The FTC said all of those claims were false.
LifeLock and its co-founders, Davis and Robert Maynard Jr., are barred from making deceptive claims, misleading customers about LifeLock services and procedures, about the risks of identity theft, and degree of protection LifeLock provides.
Earlier in the company’s history, Davis put his own social security number on business cards and company trucks to advertise LifeLock’s $10 and $15 per month services.
As part of the settlement, the company is required to set up a comprehensive data security program. The program must be reviewed by a third party every other year for the next 20 years.
The Attorneys General of Alaska, Arizona, California, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, and West Virginia were involved in the lawsuit.