Lifelock to Experian: Thank You!

I've been asked recently about Friday's court ruling in favor of Experian's claim that Lifelock's practice of setting fraud alerts on behalf of its subscribers is an unfair competitive practice in California.

In 2003 Congress legislated that credit bureaus must apply fraud alerts at the consumer's request, so that creditors would take extra steps to validate the identity of a credit applicant. So as part of its identity theft protection service, Lifelock has been requesting these alerts on behalf of subscribers. Experian has never liked the fraud alert because it requires work on their part, it makes it harder to sell consumer data to pre-approved credit card lenders and junk mailers, and it makes their credit monitoring service less competitive. So they convinced a California judge that, based on a technicality in the law, companies can serve as our attorneys of record, as trustees, and as agents of all types except when it comes to requesting fraud alerts -- that such a practice is, literally, "unfair" to Experian.

The judge will likely follow up with some kind of injunction to cease the practice, which will make fraud alerts harder to get -- at least in California -- until the ruling has been fully appealed or until Congress clarifies the language.

The development is an unfortunate setback for consumers, but not so much for Lifelock. As we perceived the rising risk of such a ruling, we accelerated our usual pace of service innovation, successfully identifying and developing a new technology that replaces and improves upon fraud alerts. Our new proactive system monitors millions of data sources often in real time to identify and obstruct fraudulent credit applications while they are in process. Unlike fraud alerts, our new system does not slow down the credit application process in any way (unless, of course, you're a thief). While fraud alerts cover the credit bureaus, Lifelock's new system covers a much broader set of lenders including retail, healthcare, mortgages and utilities.

That's why I should really thank Experian for compelling Lifelock to develop this better service mechanism!

So now you have the background for yesterday's message from CEO Todd Davis to Lifelock's subscribers:

Blogged with the Flock Browser

Open Letter to Ron Lieber

Dear Ron,

A month ago Experian sued Lifelock, and soon after some enterprising class action attorneys filed their own lawsuits. The lawsuits certainly make some disparaging claims about Lifelock. Since we at Lifelock know the claims to be false, we satisfied ourselves to gracefully wait for our day in court to present the compelling evidence, even though we expected the plaintiffs to sling mud at us in the meantime.

And sure enough, eager for a juicy story, a parade of journalists (and I use the term generously) lapped up the mud, seizing the opportunity to disparage a successful business (always an attention grabber). But what surprised me today is that you--a New York Times columnist--joined the lynch mob, and did so in a particularly naive way. Such fluky foolishness hurled from the bastion of good journalism demands a response.

In today's column on Your Money, you follow the herd in reporting Experian's claims as though they were true. You imply that Lifelock's service doesn't work because our CEO is one of the several dozen Lifelock customers (out of a million!) who once had to resort to our service guarantee for protection when a lender screwed up. (You do acknowledge that the CEO's single $500 exposure came after a year of publicizing his social security number on radio and TV.)

But then you add some original analysis, distinguishing yourself as a trustful friend of Experian:

"And if the alert repeatedly fires off false alarms, forcing creditors to constantly double-check the identities of LifeLock customers who have never been victims of fraud, it is possible that those credit issuers will pay less attention to them. Experian is so worried about this, along with other issues, that it has filed suit against LifeLock."

That is so sweet! Those kind-hearted execs at Experian were so concerned for consumer privacy that they launched a legal campaign to shut down Lifelock. That's just the sort of philanthropy we have come to expect from a fine credit bureau like Experian (who just reported $4 Billion in revenue last year primarily from selling consumer data). Someone should give those darlings a medal!

Unless... neah, there couldn't have been another motive to sue, could there?

Experian's juiciest market is the community of spammy direct marketers who push pre-approved credit cards on our debt-junkie nation. These loan sharks are so busy, er, serving the public that they can't bother themselves to verify the identities of the people to whom they're sending all those credit cards. (Who has time for this?) So naturally, they won't buy credit reports "crippled" with fraud alerts. Perhaps then, as a New York Times reporter, you might suspect that Experian is just a wee concerned about their $4 billion share of the industry.

And if that isn't motive enough, consider that Congress had to pass a law forcing the credit bureaus to issue fraud alerts. Obviously Experian doesn't want the expense and hassle of accommodating these consumer requests. (Again, who has time for this?) But now, thanks mostly to Lifelock, fraud alerts are common, and Experian is forced to actually incur the expense that Congress mandated. Shouldn't that motive also intrigue the Times?

Not only was your inference naive, but your basic point about the false alarms is also wrong. A fraud alert is not an alarm--it is a process check. And not even a double-check, as you call it, but the only one in the process. Don't we want lenders to verify the identities of ALL their applicants, even those not already reported as victims?

You conclude that Lifelock's service isn't worth $10 a month because you can simply protect yourself by following these 10 easy steps:

1. Mail all three credit bureaus a letter and pay each one a fee to issue a credit freeze on your account. (Oh, and you forgot to mention that the letters have to be certified.)
   
2. Anytime you get a new job, or credit card, or a cell phone, or a mortgage, etc, first call the credit bureaus three days in advance, give them your password, and pay a fee to lift the credit freeze. (You'll also need to do this on your way to the hospital if you ever need to be admitted.)
3. In some states, call the bureaus again and pay a fee each time to restore the credit freeze.
4. Replace your mailbox with a secure mailbox (on sale now for only $445).
5. Contact all your service providers and ask them for online accounts instead of paper bills (because no one can ever get to your online data).
6. Buy a shredder (they range in price from $100 to $800).
7. Every day shred all your mail. (Who has time for this?)
8. Lock up your social security card.
9. Stop carrying a checkbook. (Er, isn't that a bit inconvenient?)
10. Keep an eye on any relatives having financial difficulties. (Really, it's what you wrote.)

Thank you, Ron, for demonstrating just how valuable Lifelock's service really is!

But please tell me: do you still think that Experian is sincerely acting openly in the consumer's interest, or furtively in its own? Who's the real villain in this story? If I have given you cause to re-consider, I hope you'll follow through in print.

Yours truly (and you can call the number on my fraud alert to check),
David Cowan

Blogged with the Flock Browser

Bessemer Bamboozled?

Valleywag is delighting in a string of negative press accounts this week about Lifelock, a company we funded late last year. The online gossip column goes so far as to say that Bessemer and our co-investor Kleiner Perkins Caufied & Byers were shamefully bamboozled by the company's founder Robert Maynard.

Normally I don't respond to vicious personal attacks--after all there are so many, Who Has Time For This? But to the extent that anyone questions Lifelock's integrity and consumer utility, I feel obliged to weigh in as an insider with some answers...

Is Lifelock founder Robert Maynard a bad guy?

Robert suffers from bipolar disease, a serious mental health disorder that invariably leads to impaired thinking and erratic behavior when untreated. Sufferers of bipolar disease commonly have manic episodes that end with dire financial and legal consequences. Anyone experienced in bipolar (as I became years ago, when someone close to me was diagnosed) understands the negative behavior for what it is--a treatable medical symptom. It is no more a character flaw than President Roosevelt's polio.

With a diagnosis and proper treatment, Robert has built his third company responsibly. Self-aware, he recruited a professional team and an independent board of directors from which he disqualified himself. To protect the company, Robert retained no control through ownership, board participation, or office. During my time as an investor in Lifelock, Robert has impressed me as a brilliant, creative thinker whom other Bessemer entrepreneurs continue to call upon for advice. Robert is kind and thoughtful, and after 15 years as a VC, I haven't seen a founder more loved and respected by his company's employees. (A former U.S. Marine who champions liberal causes, Robert reminds me of another great entrepreneur, Dan Farmer.) Though it would be more profitable to distance myself from such a controversial figure, nonetheless I am proud to call Robert my friend.

Was Bessemer bamboozled?

Yes, many times. But not by Lifelock.

During our investigation of the company, the CEO was up front in every way, including disclosure of Robert Maynard's past, his bankruptcies, his medical condition, and the FTC order against his participation in the credit repair industry (where Lifelock doesn't play). I understood the baggage Robert Maynard has been carrying with him--he isn't the first entrepreneur treated for bipolar disease whose startup I have backed, and he may not be the last.

Furthermore, we feel anything but bamboozled. The Company's financial performance has more than doubled the revenue and cash flow forecasted in Lifelock's business plan. Customer churn is way below any subscription service I have seen, and persists at less than half the rate Lifelock had projected.

Was I embarrassed, as Valleywag insists?

Yes, many times. But not by Lifelock.

It's actually funny (and a little flaterring, really) to see Valleywag go after me so personally in their column, but I'm surprised they couldn't dig up any better dirt on me (really, they just missed the whole atheist angle). Yes, it's true that I'm a director of the "troubled Flock", and it's true that Flock is behind schedule releasing the best browser software in the world (which you'll all get your hands on later this year). It's not true that I'm leading a round in TechCrunch (but I'd like to, Michael, if I can).

Can consumers trust Lifelock?

As a veteran investor of Verisign, Postini, Counterpane, Cyota and several other security service providers, I know what a challenge it is to overcome the suspicions raised by sensational journalism, and the allegations of competitors who covet success. Lifelock embraces every practice we can to operate transparently and in the best interest of the customer--including ISO 27001 certification of our call center and data infrastructure--and surely we still have many lessons yet to learn. But even when we do, we will always have to endure conspiracy theories.

So rather than fight the storm of bad press, Robert Maynard simply resigned from the company this past Monday. It's a shame to lose the vision and day-to-day involvement of a great founder, but I share Robert's hope that his past will no longer be a lightning rod for Lifelock's detractors.

I subscribed my own family to Lifelock long before I invested. From 1995 to 2005, there were over 8 reported breaches of personal credential data for every American adult, and so it's reasonable to fear ID theft. As I've explained, nothing protects me better than Lifelock's rigorous maintenance of fraud alerts for my credit profiles.

Blogged with Flock