LifeLock (LOCK), the most well known identity theft protection company had its initial public offering Wednesday. The 7% decline it experienced may only be a taste of things to come.
What does LifeLock protect you from?
LifeLock defines identity fraud in their prospectus as, "misuse of personally identifiable information for financial gain". They cite four major reasons you can expect them to do well (i.e. for reasons to expect more identity theft and fraud). They are; increasing numbers of data breaches, increase in e-commerce, use of social networks, and proliferation of mobile devices.
Why then, given these obviously true factors for growth, would I suppose LifeLock is poised not to grow, but to fade away? LifeLock itself has a few reasons listed in their prospectus under risk factors. Most of the risk factors are exactly what every company puts in for completeness; need to turn a profit, need to protect intellectual property, directors and officers have concentrated power, etc. But a couple stand out.
"we face intense competition in our business, and we may not be able to compete effectively..."
"we could lose access to our data sources..."
These don't sound like minor risks that may cause a bad quarter, they sound like things that could sink the whole ship.
How are earnings?
But if the reward is right the risk is something a smart investor can stomach. So what is the reward?
That's right. Earnings have never been positive. Things look bright for 2012 until you look at the line above and see why.
But that's not so bad, things are getting better, right?
Maybe not. Maybe things are very bad and are getting worse.
Not every indicator of financial health is bad, just the major ones. LifeLock did achieve positive free cash flow for the first time in 2011, which is a positive sign.
Into the numbers
Other positive signs include LifeLock's growing customer base and high retention rate. However, given that they are in a sector with "intense competition," I do not think these can be taken for granted. A typical year for LifeLock sees them retain 80% of their customers and acquire 33% of their previous year's total as new customers. This 13% growth they achieve is profitable given the 80% and 33% numbers. We find that things look very different if they achieve 13% growth with worse retention due to the high cost of reaching new customers.
This makes LifeLock not only risky, but something you have to keep a close eye on every quarter to make sure the headline numbers aren't staying the same while the underlying drivers of profit slip away.
What is wrong with LifeLock's model?
Earlier I gave you the four reasons LifeLock thinks they will continue to be relevant.
"increasing numbers of data breaches, increase in e-commerce, use of social networks, and proliferation of mobile devices."
Addressing these points is of course a bit of a matter of opinion, so please weigh your own as you read.
The first point, that there are more data breaches, I think has to do with the fact that there is more data on the internet, not more vulnerable data. As companies become more savvy with their security I think we will see a fall in these numbers.
The next point, increase in e-commerce, is interesting, but I think wrong. With the advent of e-banking people can check their own accounts every single day. They do not have to wait for mail to come as late as 30 days after the fraud and then go through it to catch it. By the same token, banks are becoming better at catching fraud themselves.
This third point is, I think, largely irrelevant. They actually put this in their prospectus, and a large part of their argument is that social networks put the answers to common security questions out in public. However most users are not aware of this and have changed privacy settings, and most websites are aware of this and have changed security practices. The famous Sarah Palin Incident is probably not enough to justify this being a driver of sustained growth.
Their fourth point is one which, much like the first point, I think will fade out almost entirely in time. Cell phone companies and service providers will get better and better at protecting their consumer's data.
What's the verdict?
Sell LifeLock. There's not much here.
However, if you read closely you probably came to the same conclusion I did. LifeLock is going to be pushed out of the space because companies will increase their own e-security. Who is going to do well from this development? The e-security companies that serve other businesses.
Companies know that people don't want to wonder if their information is secure, so they will pay for the best. This means the real winner is a company like Raytheon (RTN) who focuses on cybersecurity on a company scale rather than an individual one like LifeLock.