LifeLock, which touts itself as one of the largest providers of identity theft protection services in the U.S., is being sued by Experian for allegedly placing false fraud alerts on consumer credit-history files maintained by Experian as part of its credit reporting business.

Experian filed its lawsuit in the U.S. District Court for the Central District of California, which has its main office in Los Angeles. In the suit, the Costa Mesa, Calif.-based company claimed that LifeLock is itself engaging in deceptive and fraudulent behavior. Lifelock's business model is built around false and misleading advertising and fraudulent practices that are causing millions of dollars in monetary damages to Experian and that eventually could reduce the effectiveness of fraud alerts, according to the suit.

Experian asked the court to order LifeLock to pay it full restitution of the costs incurred as a result of the latter's alleged wrongful conduct, as well as a "disgorgement" of any profits that Lifelock may have earned as a result of that conduct. The credit reporting firm also is seeking unspecified punitive and compensatory damages, plus an injunction barring LifeLock from continuing to engage in its allegedly false and misleading advertising activities.

In an interview today, LifeLock CEO Todd Davis strongly refuted Experian's claims and contended that the lawsuit was a blatant attempt to prevent his company from expanding its credit monitoring business. Phoenix-based LifeLock is making it harder for Experian to make money off of the credit history files it maintains on individual consumers, Davis said. He added that he welcomes the opportunity to argue the legal issues in court, and that he may even see if there's a way to bring the other two major credit reporting firms into the case as well.

"We are not surprised [by the lawsuit]," Davis said. "We realized we would be hearing from them when we began taking some of their turf. We feel extremely strongly about our position."

As part of LifeLock's identity theft protection service, the company places fraud alerts on behalf of its subscribers with Experian and its two main rivals: Equifax Inc. and TransUnion LLC. For an annual subscription fee of US$110, LifeLock promises to keep renewing the fraud alerts every 90 days and to remove the names of subscribers from credit card and other junk mail lists (Compare Identity Management products).

LifeLock also offers to order free credit reports on behalf of its customers and to act on their behalf to cancel and renew cards that are lost or stolen. The company guarantees that it will pay up to $1 million over the course of a subscriber's lifetime to cover any fraud-related costs caused by a failure of its service.

Hundreds of thousands of individuals have signed up for the service thus far, according to LifeLock. Meanwhile, Davis has gained considerable attention for publicly disclosing his Social Security number on the company's Web site as part of a marketing campaign aimed at showing how foolproof the service is.

But Experian claimed in its 58-page complaint that LifeLock is illegally placing "hundreds of thousands of fraud alerts" in its consumer credit database every three months. Experian said that under the federal Fair Credit Reporting Act (FCRA), such alerts are meant to be placed only by consumers or by other individuals who they appoint to act in their interest. The credit reporting firm also claimed that alerts should be entered only when people have already been victimized by identity theft or have legitimate reasons to believe that they are at imminent risk.

In addition, Experian said that the FCRA specifically prohibits companies from placing fraud alerts in the credit files of consumers. According to the lawsuit, LifeLock's practice of placing such alerts on behalf of its subscribers is costing Experian millions of dollars in charges for calls to its toll-free 1-800 telephone numbers, which were set up specifically for use in submitting fraud alerts.

There are other costs as well, Experian claimed. "Once an initial fraud alert is placed, it triggers costly statutory obligations for consumer reporting agencies such as Experian," the company said in the lawsuit. For instance, the credit reporting firms are required to mail a notice to anyone who has a fraud alert placed in his or her file. They also have to provide a free credit report, in addition to the one that people are entitled to annually, the company noted.

"Such obligations were never intended to be triggered by a private company seeking to profit by illegally placing fraud alerts on behalf of consumers who do not have a genuine suspicion of imminent fraud," Experian said in the lawsuit. It described LifeLock's business model as a scheme to "game the system" and said the latter company was misleading consumers by giving them the false impression that it was authorized to act on their behalf in placing the fraud alerts and that those alerts could be renewed indefinitely.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.