PatrickPretty.com

Tag: settlement

  • FTC Charges Founder, CEO Of LifeLock In Deceptive Claims And Privacy Case; Company Agrees To $12 Million Settlement With Agency, 35 State Attorneys General

    Screen shot: From Exhibit 1 in FTC case against LifeLock, whose CEO, Todd Davis, appeared in ads that published his Social Security number to demonstrate his confidence in the company's services. (The PP Blog added the red highlight. Court filings obscure the number, which LifeLock published openly while prompting customers of its $10-a-month service to "Always protect your social security number. Do not share it unless necessary.")

    LifeLock Inc. and its principals have been barred from making deceptive claims and required to take more stringent measures to safeguard the personal information collected from customers, the FTC said.

    The FTC charged LifeLock and its co-founders — CEO Richard Todd Davis and former COO Robert J. Maynard Jr. — in the civil case. The case, which has been settled in U.S. District Court for the District of Arizona, alleged that LifeLock “used false claims to promote its identity theft protection services” and “made claims about its own data security that were not true.”

    LifeLock agreed to pay $12 million to settle the case, which the FTC described as “one of the largest FTC-state coordinated settlements on record.” The company, Davis and Maynard settled without admitting the allegations were true.

    “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

    LifeLock said it welcomed the settlement.

    “LifeLock is pleased with this agreement, which, for the very first time, works to set advertising guidelines for the entire industry,” said LifeLock Chairman and CEO Todd Davis. “We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft.”

    In court filings, the FTC said LifeLock did not take adequate steps to protect data it collected from customers — even though Davis appeared in ads that published his own Social Security number to demonstrate his confidence in the company’s ability to prevent identity theft.

    “I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number,” the ad read.

    Illinois Attorney General Lisa Madigan said there is no foolproof way to protect against identity theft.

    “This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”

    The FTC said LifeLook “routinely collected sensitive information from its customers, including their social security numbers and credit card numbers,” but did not adequately protect the data.

    Among the LifeLock claims, according to FTC court filings:

    • “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
    • “All stored personal data is electronically encrypted.”
    • “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”

    But the FTC alleged that “LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a ‘need to know’ basis. In fact, the agency charged, the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.”

    Employees and vendors “working from their homes or other locations beyond the Defendants’ headquarters could access the network remotely,” the FTC alleged.

    “[U]ntil at least September 2007, Defendants engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security to prevent unauthorized access to personal information stored on its corporate network, in transit through its corporate network or over the internet, or maintained in Defendants’ offices,” the FTC alleged.

  • BREAKING NEWS: Money-Services Business To Pay $18 Million To Settle FTC Claim It Facilitated International Fraud

    David C. Vladeck, FTC
    David C. Vladeck, FTC

    So, you want to offer a money-services business to U.S. customers and not take international fraud seriously?

    Be prepared to pony up $18 million to settle fraud claims when they start rolling in.

    In a stunning announcement today, the Federal Trade Commission said “at least 79 percent of all MoneyGram transfers of $1,000 or more from the United States to Canada over a four-month period in 2007 were fraud-induced.”

    MoneyGram International Inc. is the second-largest money-transfer service in the United States. The Minnesota-based company has agreed to pay $18 million in “consumer redress” to settle claims it turned a blind eye to fraud and permitted “fraudulent telemarketers to bilk U.S. consumers out of tens of millions of dollars,” the FTC said.

    Using pointed language, an FTC official said MoneyGram simply could not say no to fees it earned from scammers, including scammers its agents employed.

    “Money transfer services have a responsibility to make sure their systems don’t become conduits to rip people off,” said David C. Vladeck, director of the FTC’s Bureau of Consumer Protection. “In this case, MoneyGram not only ducked this responsibility, but also looked the other way while its agents took part in the scams.”

    Con artists knew a good thing when they saw it, the FTC said.

    “MoneyGram operates through a worldwide network of approximately 180,000 agent locations in 190 countries and territories,” the FTC said. “Con artists prefer to use money transfer services because they can pick up transferred money immediately, the payments are often untraceable, and victimized consumers have no chargeback rights or other recourse.”

    In 2007, 72 percent of all complaints received by the FTC involving Canadian-based fraud reported using money transfer services to make payments, the agency said.

    And it was not a small sampling of complaints, the FTC stressed.

    “Based on the more than 20,600 fraud complaints MoneyGram itself received, U.S. consumers lost more than $44 million to cross-border money-transfer frauds between 2004 and 2008 alone,” the FTC said. “When combined with losses reported by U.S. consumers on money transfers within the United States, that number grows to $84 million.”

    At least 65 MoneyGram agents have been charged by Canadian or U.S. authorities or are under investigation in the United States for fraud, the FTC said.

    MoneyGram made excuses as complaints piled up, the agency said.

    “MoneyGram ignored warnings from law enforcement officials and even its own employees that widespread fraud was being conducted over its network, claiming that proposals to deal with the problem were too costly and were not the company’s responsibility,” the FTC said.

    “The company even discouraged its employees from enforcing its own fraud prevention policies or taking action against suspicious or corrupt agents,” the FTC said. “Some employees who raised concerns were disciplined or fired.”

    Read the FTC complaint against MoneyGram.

    Read the stipulated settlement in which MoneyGram does not acknowledge wrongdoing but agrees to pay $18 million to settle the case and to implement a comprehensive anti-fraud and agent-monitoring program.