10-K 1 lock-20141231x10k.htm 10-K LOCK-2014.12.31-10K


UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
ý
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2014
OR
¨
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from                     to                     
Commission file number: 001-35671 
LifeLock, Inc.
(Exact name of registrant as specified in its charter)
Delaware
 
56-2508977
(State or other jurisdiction of
incorporation or organization)
 
(I.R.S. Employer
Identification No.)
60 East Rio Salado Parkway, Suite 400
Tempe, Arizona 85281
(Address of principal executive offices and zip code)
(480) 682-5100
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
Title of Each Class
 
Name of Each Exchange on Which Registered
Common Stock, $0.001 par value
 
The New York Stock Exchange
Securities registered pursuant to Section 12(g) of the Act:
None
 
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ý No ¨
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ¨    No ý
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ý    No ¨
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes ý    No ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ¨
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act. (Check one):
Large accelerated filer
 
ý
  
Accelerated filer
 
¨
 
 
 
 
Non-accelerated filer
 
¨  (Do not check if a smaller reporting company)
  
Smaller reporting company
 
¨
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ¨    No ý
As of June 30, 2014, the last business day of the registrant’s most recently completed second fiscal quarter, the aggregate market value of the registrant’s voting common stock held by non-affiliates of the registrant was approximately $1.1 billion based on the closing price of such stock as reported on The New York Stock Exchange on such date.
As of February 13, 2015, there were outstanding 94,026,708 shares of the registrant’s common stock, $0.001 par value.
DOCUMENTS INCORPORATED BY REFERENCE
 
Portions of the registrant’s definitive Proxy Statement for its 2015 Annual Meeting of Stockholders are incorporated by reference in Part III of this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant’s fiscal year ended December 31, 2014.




TABLE OF CONTENTS
 
 
Page
 
 
 
 

i



SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains “forward-looking statements” that involve substantial risks and uncertainties. The statements contained in this Annual Report on Form 10-K that are not purely historical are forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act, including, but not limited to, statements regarding our expectations, beliefs, intentions, strategies, future operations, future financial position, future revenue, projected expenses, and plans and objectives of management. In some cases, you can identify forward-looking statements by terms such as “anticipate,” “believe,” “estimate,” “expect,” “intend,” “may,” “might,” “plan,” “project,” “will,” “would,” “should,” “could,” “can,” “predict,” “potential,” “continue,” “objective,” or the negative of these terms, and similar expressions intended to identify forward-looking statements. However, not all forward-looking statements contain these identifying words. These forward-looking statements reflect our current views about future events and involve known risks, uncertainties, and other factors that may cause our actual results, levels of activity, performance, or achievement to be materially different from those expressed or implied by the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in the section entitled “Risk Factors” included in this Annual Report on Form 10-K. Furthermore, such forward-looking statements speak only as of the date of this Annual Report on Form 10-K. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements. We qualify all of our forward-looking statements by these cautionary statements. In addition, the industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors including those described in the section entitled “Risk Factors.” These and other factors could cause our results to differ materially from those expressed in this Annual Report on Form 10-K.
Unless otherwise indicated, information contained in this Annual Report on Form 10-K concerning our industry and the markets in which we operate, including our general expectations and market position, market opportunity, and market size, is based on information from various sources, on assumptions that we have made that are based on those data and other similar sources, and on our knowledge of the markets for our services. These data involve a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. In addition, projections, assumptions, and estimates of our future performance and the future performance of the industry in which we operate are necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the section entitled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. These and other factors could cause results to differ materially from those expressed in the estimates made by third parties and by us.
Unless the context otherwise requires, references in this Annual Report on Form 10-K to the “company,” “LifeLock,” “we,” “us,” and “our” refer to LifeLock, Inc. and, where appropriate, its subsidiaries.
“LifeLock,” our logo, and other trade names, trademarks, and service marks of LifeLock appearing in this Annual Report on Form 10-K are the property of LifeLock. Other trade names, trademarks, and service marks appearing in this Annual Report on Form 10-K are the property of their respective holders.

ii



PART I
ITEM 1.
BUSINESS
Overview
We are a leading provider of proactive identity theft protection services for consumers and consumer risk management services for enterprises. We protect our members by monitoring identity-related events, such as new account openings and credit-related applications. If we detect that a member’s personally identifiable information is being used, we offer notifications
and alerts, including actionable alerts for new account openings and applications, in order to provide our members peace of mind that we are monitoring use of their identity and allow our members to confirm valid or unauthorized identity use.  If a member confirms that the use of his or her identity is unauthorized, we can take actions designed to help protect the member’s identity and help determine whether there has been an identity theft. In the event that an identity theft has actually occurred, we can take actions designed to help restore the member’s identity through our remediation services. Our remediation service team works directly with government agencies, merchants, and creditors to remediate the impact of the identity theft event utilizing our remediation expertise on behalf of our members. We protect our enterprise customers by delivering on-demand identity risk, identity authentication, and credit information about consumers. Our enterprise customers utilize this information in real time to make decisions about opening or modifying accounts and providing products, services, or credit to consumers to reduce financial losses from identity fraud.
The foundation of our identity theft protection services is the LifeLock ecosystem. This ecosystem combines large data repositories of personally identifiable information and consumer transactions, proprietary predictive analytics, and a highly scalable technology platform. Our members and enterprise customers enhance our ecosystem by continually contributing to the identity and transaction data in our repositories. We apply predictive analytics to the data in our repositories to provide our members and enterprise customers actionable intelligence that helps protect against identity theft and identity fraud. As a result of our combination of scale, reach, and technology, as well as our comprehensive transaction and new account alerting, remediation services, and $1 million service guarantee backed by an identity theft insurance policy, we believe that we have the most proactive and comprehensive identity theft protection services available, as well as the most recognized brand in the identity theft protection services industry.
We offer our consumer services on a monthly or annual subscription basis. As of December 31, 2014, we served approximately 3.6 million paying members. During 2014, our cumulative ending member base grew 21% and, as of December 31, 2014, our annual member retention rate was 87.7%, which was our ninth consecutive quarter above 87%. Our enterprise customers typically pay us based on their monthly volume of transactions with us. As of December 31, 2014, we served more than 300 enterprise customers, including four of the top five retail card issuers, four of the top five U.S. wireless service providers, and seven of the top eight U.S. credit card issuers, as ranked based on assets, subscribers, and purchase volume, respectively. We also offer the LifeLock Wallet mobile application, which allows consumers to replicate and store a digital copy of their personal wallet contents on their smart device for records backup, as well as mobile use of items such as credit, identification, ATM, insurance, and loyalty cards. The LifeLock Wallet mobile application also offers our members access to our identity theft protection services.
We generated revenue of $476.0 million in 2014, an increase of $106.4 million from $369.7 million in 2013. The increase was driven primarily by organic growth in our consumer segment of approximately 32.1%.
Industry Overview
Identity theft and identity fraud are significant problems for both consumers and enterprises and are becoming more pervasive as transactions and communications become increasingly digital and mobile. Identity theft typically occurs when an unauthorized party gains access to an individual’s personally identifiable information, such as the individual’s social security number, name, address, phone number, or date of birth. Identity fraud is the actual misuse of the personally identifiable information for financial gain, including purchasing products or services, making withdrawals, modifying existing accounts, or creating false accounts.
As consumers and enterprises become increasingly interconnected and engage in a large number of daily activities that involve personal or financial information, including e-commerce, m-commerce, online banking, social networking, and electronic sharing and storage of records, the risk of identity theft significantly increases. Even seemingly harmless activities, such as sharing personally identifiable information with merchants, employers, doctors, dentists, schools, banks, or insurance companies, can lead to identity theft, as professional thieves now have more sophisticated and creative methods and a broader variety of places from which to steal personal and financial information. Because the most sensitive personally identifiable information, such as a social security number, does not expire, once compromised, it may continue to be at risk of being used for fraud and may be bought and sold repeatedly by criminals.

1



Identity theft has been the most reported consumer complaint in the United States for the past 14 years, according to the Federal Trade Commission, or the FTC. Forrester Consulting estimates that there were 26 million identity theft victims in the United States - or a victim every two seconds - in the 12-month period preceding a LifeLock commissioned survey fielded in May 2014. According to the Bureau of Justice Statistics, the estimated cost of identity fraud in the United States in 2012 was $25 billion.
A number of trends are contributing to an increased rate of identity theft and identity fraud, including the following:
Increasing number of data breaches. Enterprises that act as custodians of personally identifiable information are increasingly subject to hacking, data breaches, and loss of mobile devices with stored personal information, as we saw at the end of 2013 and throughout 2014 with a series of breaches at a number of large retailers. According to the Data Protection & Breach Report published by Online Trust Alliance in 2015, 904 million records were exposed by data breaches during 2014, leaving millions of consumers exposed to an increased risk of identity theft. A commissioned study by Forrester Consulting on our behalf in May 2014 estimates that one out of three of those who were notified that their personal information may have been compromised in a data breach in the 12 months preceding the study reported that they experienced identity theft during such period.
Increase in e-commerce and Internet-based transactions. As more banking, e-commerce transactions, and account openings are conducted over the Internet and through mobile devices, consumers and enterprises are becoming more exposed to an increased risk of identity theft. The increasingly simple nature of online transactions and the ease of e-commerce and online banking allow identity thieves from almost anywhere in the world to conduct numerous fraudulent transactions using the same credit or debit card or other personally identifiable information across a large number of enterprises in a short time span.
Use of social networks. The increasing use of social networking has encouraged consumers to share significant amounts of personally identifiable information online, which exposes them to a greater risk of identity theft. Social networking users often share their birthdays, high school names, e-mail addresses, and other information about themselves or their family members that can be accessed easily by identity thieves and used to answer knowledge-based authentication questions, crack passwords, compromise identity security, or gain access to accounts.
Proliferation of mobile devices. The rapid adoption of smartphones, laptops, tablets, and other mobile devices by consumers and enterprises is increasing the risk of identity theft because these devices often contain personally identifiable information, are easy to steal or misplace, and are typically not password protected.
Challenges in Effectively Protecting Against Identity Theft and Identity Fraud
Consumers and enterprises have historically struggled to protect themselves effectively against identity theft and identity fraud. The most commonly used service by consumers is credit monitoring provided by credit bureaus. Credit monitoring services were originally developed to help consumers monitor their credit ratings by tracking changes to their credit profiles, but as identity theft became a larger problem for consumers, the credit bureaus began marketing these services as identity theft protection. However, the credit bureaus have continued their focus primarily on credit and often sell personal consumer information to third parties. Additionally, some enterprises have attempted to develop their own identity risk assessment capabilities, but these internally developed systems are often based solely on the enterprise’s own records of personal information and customer transactions, sometimes supplemented by credit reports and other third-party information.
We believe that in order to provide the most proactive and comprehensive protection against identity theft and identity fraud, solutions must overcome the following limitations that are common in the market:
Reactive response. Credit monitoring services are typically not proactive and can sometimes take days, weeks, or up to even a month to alert consumers that their identities have been compromised; however, damage from identity theft may occur either within minutes or hours of the identity theft or sometimes years later.
Credit focus. Traditional solutions that rely on credit monitoring or credit reports do not identify non-credit-related fraud, such as bank account fraud or new telephone account fraud, or provide transaction monitoring. As a result, credit monitoring and credit reports do not assess a complete spectrum of fraud risk.

2



Limited visibility. Traditional solutions lack the visibility into transaction data across multiple industries and a direct linkage to consumers for account openings and applications. While enterprises closely track their own customer transaction data, they typically have limited access to transaction data from other enterprises, even transactions that could potentially involve the same personally identifiable information. For consumers, traditional credit monitoring services typically do not have the capability to provide actionable alerts to a consumer that his or her personally identifiable information is being used, authenticate whether such use is fraudulent, and provide that feedback to enterprises.
Lack of predictive intelligence. Traditional solutions lack the capability to analyze the connections between consumers, transactions happening across enterprises, and historical fraudulent activities to predict and identify high-risk activities. As a result, traditional solutions cannot accurately predict the likelihood that an identity theft or identity fraud has occurred or may occur.
Ineffective remediation. Traditional solutions often do not offer consumers effective remediation services in the event of an identity theft, leaving consumers on their own during the frustrating remediation process. Because identity theft can result in the creation of multiple fraudulent accounts and transactions, the process of notifying relevant parties and restoring a consumer’s identity can be time consuming and sometimes expensive and require expertise to remediate effectively, as stolen personally identifiable information does not expire and can be reused again by identity thieves in the future.
Market Opportunity
We believe that there is a significant, underpenetrated market opportunity for proactive identity theft protection services for consumers and consumer risk management services for enterprises. Based on our research indicating that two-thirds of U.S. adults are concerned about identity theft, we believe the total addressable market for our consumer identity theft protection services is approximately 148 million adults in the United States alone. We focus our efforts on adults with a household income in excess of $50,000 per year and who are concerned about identity theft, of which we estimate there are approximately 78 million in the United States. Additionally, international markets could provide substantial opportunities for us in the future. We believe the total addressable market for our enterprise consumer risk management services includes approximately 3.4 billion transactions per year, based on our analysis of industry research, public filings, industry trade publications, and U.S. government studies.
Our Solution
We are a leading provider of proactive identity theft protection services for consumers and consumer risk management services for enterprises. The foundation of our identity theft protection services is the LifeLock ecosystem that combines large and constantly expanding data repositories of personally identifiable information and consumer transactions that we collect from our enterprise customers, members, and third-party fulfillment partners; proprietary predictive analytics; and a highly scalable technology platform that allows us to interact with our customers and to deliver actionable alerts to, and receive feedback from, our members and enterprise customers about potentially suspicious activity. Each day, we collect and analyze millions of data elements impacting personally identifiable information, factor in responses from our customer base to determine risk-based metrics, and enable our customers to protect against identity theft and significantly reduce the risk of identity fraud. The strength of the LifeLock ecosystem, as depicted in the diagram below, and the effectiveness of our services are enhanced with every actionable alert and transaction that we process and every new data element that we acquire.

3



In our consumer business, we protect our members by monitoring identity-related events, such as new account openings and applications, that may present a risk of identity theft. If we detect that a member’s personally identifiable information is being used, we send notifications and alerts, including actionable alerts for new account openings and applications, to the member via text message, phone call, mobile application, or e-mail through our LifeLock Identity Alert system that allows the member to confirm valid or unauthorized identity use. However, we only issue phone alerts between 9 am and 9 pm in order to be respectful of our members. Phone alerts that would otherwise be sent after 9 pm are sent at 9 am the following morning. If a member confirms that the use of his or her identity is unauthorized, we can take actions designed to help protect the member's identity and help determine whether there has been an identity theft. Member responses to our alerts provide information that enhance the member’s profile in the LifeLock ecosystem, which helps improve the identity protection we can provide that member in the future. In addition, we notify our members of events or potential threats and exposures related to their personally identifiable information, such as a change of a member’s address or the appearance of a member’s personally identifiable information on a known criminal website or a peer-to-peer network. Although our network covers a large number of financial institutions, merchants, banks, and wireless carriers, it does not cover every institution or transaction, and therefore a member may not receive a LifeLock alert every time that his or her personally identifiable information is being used. In the event that an identity theft has actually occurred, we can take actions designed to help restore the member's identity through our remediation services. Our remediation service team works directly with government agencies, merchants, and creditors to remediate the impact of the identity theft event utilizing our remediation expertise on behalf of our members. This includes our $1 million service guarantee, which is backed by an identity theft insurance policy, under which we will spend up to $1 million to cover certain third-party expenses incurred in connection with the remediation, such as legal and investigatory fees. This insurance also covers certain out-of-pocket expenses to the member, such as loss of income, replacement of fraudulent withdrawals, and costs associated with child and elderly care, travel, stolen purse/wallet, and replacement of documents.
In our enterprise business, we provide consumer risk management services, including delivering our on-demand identity risk, identity-authentication, and credit information about consumers to our enterprise customers in their daily transaction flows. Our enterprise customers utilize this information in real time to authenticate their customers, assess their risk profile, and enhance the enterprise’s decision making process on which to base account opening, lending, credit, and other risk-based decisions. By integrating our services into their business processes, our enterprise customers can reduce potential financial losses from identity fraud. Information generated from the transaction flow at our enterprise customers is transmitted back to our data repositories, which continually enhances the LifeLock ecosystem and helps strengthen the services we can provide to our customers in the future.

4



Our Competitive Strengths
We believe that the LifeLock ecosystem enables us to provide proactive and comprehensive identity theft protection services for consumers and consumer risk management services for enterprises and provides us with numerous competitive strengths that differentiate us and that are critical to our success, including the following:
Breadth and depth of our data repositories. The LifeLock ecosystem includes data repositories that contain over one trillion identity elements, including personally identifiable information, transaction data, and fraud instances across multiple industries. In addition, our enterprise customers provide us with an average of over 50 million new identity elements per day. The LifeLock ecosystem is augmented with data from third-party fulfillment partners and by the feedback from actionable alerts sent to our members through our LifeLock Identity Alert system. We believe that the breadth and depth of our proprietary data, which has been generated over more than ten years, would be difficult to replicate and creates a substantial barrier to entry.
Strong network effects. We believe that the LifeLock ecosystem provides strong network effect benefits to our members and enterprise customers. Transactions that flow through our enterprise business generate actionable alerts for our members. Our members are then able to confirm back to us whether or not they are participating in the identified transactions, which creates a bona fide and deterministic check that enhances the identity information in our data repositories. This feedback loop strengthens our data repositories and creates a network effect that improves the precision and sophistication of our ecosystem as we continue to add more customers, acquire more data, process more actionable alerts, and analyze more transactions.
Patented and proprietary analytics. The LifeLock ecosystem utilizes our patented and proprietary predictive analytics to evaluate current and past consumer transaction data, analyze connections between personally identifiable information of individuals, and assess the stability and authenticity of an individual’s identity. We leverage our patented analytics to provide our enterprise customers with a sub-second assessment of risks associated with transacting based on identity information presented to them. We believe that our analytical capabilities differentiate the quality and effectiveness of the services we provide and help drive subscriptions by new members and adoption by enterprise customers.
Most comprehensive service offerings. The LifeLock ecosystem, as well as our comprehensive transaction and new account alerting, remediation services, and $1 million service guarantee backed by an identity theft insurance policy, has enabled us to develop what we believe to be the most proactive and comprehensive identity theft protection services for consumers and consumer risk management services for enterprises. The breadth and depth of our data and our predictive analytics coupled with the confirmatory alert feedback from our members provides our enterprise customers with a more effective risk assessment of their customers.
Leadership position. We believe that we have the leading brand in the identity theft protection services industry. Ongoing surveys commissioned by us since 2010 indicate that our unaided brand awareness is between two and three times higher than our nearest competitor. We have developed our highly recognized brand through our core value proposition, comprehensive service offerings, marketing strategy, and emphasis on customer service. We believe that our brand awareness, technology, and service offerings contribute to our ability to maintain and grow our leadership position in the identity theft protection and consumer risk management services markets.
Our Strategy
Our goal is to be the leading provider of proactive identity theft protection services for consumers and consumer risk management services for enterprises. The key elements of our strategy to achieve this goal include the following:
Extend our leadership position through continued enhancement of our services. The identity theft protection services industry is large and expanding and provides a significant growth opportunity. We intend to grow our business by introducing new services and expanding the services we offer, such as the LifeLock Wallet mobile application. We believe there are many additional areas in which protection and authentication of personally identifiable information is important, such as password management and protection and tax return fraud protection, and we intend to explore and consider these markets.
Expand our data repositories and analytics. We intend to expand our data repositories with valuable and differentiated data from new and existing enterprise customers and continue to supplement our repositories with data from third-party fulfillment partners. As we grow our membership base, we expect an increase in the number of alerts and responses to such alerts flowing through the LifeLock ecosystem to reinforce the breadth and depth of our data and visibility into consumer behavior. We intend to continue to enhance our algorithms to apply more sophisticated analytics to more types of consumer transactions and to improve our ability to detect potential identity theft attempts more effectively.

5



Grow our customer base. We intend to leverage our marketing campaigns and existing and new strategic partners as well as the relationships with our enterprise customers to grow our membership base. We believe that continued investments in these areas will allow us to enhance our premium brand and product superiority message, increase awareness of the need for our consumer services, and enhance our ability to efficiently acquire new members. We also intend to leverage the effectiveness of the LifeLock ecosystem to demonstrate to potential new enterprise customers the benefits of becoming part of our ecosystem with the goal of expanding our enterprise customer base.
Continue our focus on customer retention. We plan to invest in increasing member retention by optimizing and expanding the number of value-added, actionable alerts we send to our members to provide them peace of mind and convenience and to demonstrate the value of our services. For our enterprise customers, we plan to invest in making our services easy to integrate into their business processes and expanding the types of risk assessment services we provide to our enterprise customers.
Increase sales to existing customers. We believe the strong customer satisfaction we maintain with our members provides us with the opportunity to provide new services to them. We also believe a substantial opportunity exists to increase the penetration of our premium-level consumer services. Over time, we plan to add additional service offerings for our members to further drive monetization. In our enterprise business, we believe we have the opportunity to attain deeper penetration of our existing customers’ organizations by expanding across various departments and new lines of business within enterprises that already use our service and by adding new services.
The LifeLock Ecosystem
The core of our solution is the LifeLock ecosystem, which enables us to offer what we believe to be the most proactive and comprehensive approach to identity theft protection and consumer risk management services available. In addition to our extensive network of members, enterprise customers, and third-party fulfillment partners, the key components of our ecosystem include the following:
Proprietary Data Repositories
Our data repositories contain over one trillion identity elements, including personally identifiable information, transaction data, and fraud instances across multiple industries. This data has been collected over many years and is continually enhanced by new data provided by our enterprise customers. Our enterprise customers provide us with an average of over 50 million new identity elements per day. The LifeLock ecosystem is further enhanced by data we source from third-party fulfillment partners and by the feedback from actionable alerts sent to our members through our LifeLock Identity Alert system. More importantly, our data repositories contain contextual information on how, where, and when these identity elements were used.
Our data repositories include the aggregation of relevant data on consumer transactions and behavior that expands over time as consumers engage in ongoing transactions, which enables us to identify potentially suspicious behavior in real-time related to new transactions for our customers in our enterprise business. For example, our repositories include information associated with credit card applications, wireless accounts, mortgage applications, and other transactions, and this information can be used to assess risk. Additionally, the repositories enable analysis of the interconnectedness of individuals. For example, if an individual has the same address as five different individuals, or shares a cell phone with ten other people, the repositories can identify this information for further risk analysis.
In our enterprise business, the personally identifiable information in our data repositories is not shared with our enterprise customers except under certain circumstances with specific services as permitted under the Fair Credit Reporting Act, or FCRA, and the Gramm-Leach-Bliley Act.  We employ data governance procedures in accordance with applicable laws and our own policies for the collection, use, sharing, and storage of data including, where applicable, the segregation of enterprise customer and/or consumer data that may be subject to specific restrictions or requirements.
Predictive Analytics
We apply patented and proprietary predictive analytics to the data in our repositories to generate actionable intelligence that helps protect against identity theft and identity fraud. We leverage these patented analytics and other related processes to provide real-time visibility into personal data topologies, which we define as a collection of unique identity elements and the connectedness of these elements to each other and to other people, and transactions that indicate risk. Analysis of these data topologies reveals patterns that can be used to evaluate stability and authenticity of consumers as well as identify anomalies that suggest identity risk. For example, our analytics will not only reveal information about a consumer’s link to a known fraud or credit loss, but also to potential associations with identity thieves through sharing of an address or phone number or using the same personally identifiable information to attempt to establish new accounts at multiple enterprises at the same time. This information can be used by our enterprise customers to determine the identity risk of customers and potential fraud.

6



Technology Platform
We have built a technology platform that enables connectivity between our internal systems and our members, users of the LifeLock Wallet mobile application, and enterprise customers. Our technology platform enables our enterprise customers to share transaction and performance data with us on an ongoing basis and allows us to deliver on-demand, proprietary risk scores and other identity risk-related metrics and reason codes for each transaction our enterprise customers run through the LifeLock ecosystem. Direct connection to our technology platform allows our enterprise customers to determine risk associated with a particular transaction on a sub-second basis. The technology behind our LifeLock Identity Alert system enables us to deliver alerts to our members and provides them with the ability to confirm back to us whether or not they are participating in a transaction. Based on a member’s response regarding participation in a transaction, we can take actions designed to protect both the member and the enterprise customer from becoming victims to a fraudulent transaction.
Our Services
We are a leading provider of proactive identity theft protection services for consumers and consumer risk management services for enterprises.
Consumer Services
We currently offer our identity theft protection services to consumer subscribers under our LifeLock Standard, LifeLock Advantage, and LifeLock Ultimate Plus services, which we launched at the end of July 2014. We will also continue to offer our LifeLock Junior Services and, on a limited basis and for a limited time in connection with certain of our partnerships, our basic LifeLock, LifeLock Command Center, and premium LifeLock Ultimate services. We will continue to provide services to our existing members currently enrolled in our basic LifeLock, LifeLock Command Center, and premium LifeLock Ultimate services. At the heart of our consumer service offerings is our LifeLock Identity Alert system, which provides our members with notifications and alerts, including actionable alerts for new account openings and applications, and a response system for identity threats via text message, phone call, mobile application, or e-mail. We have continued to see success with our premium service offerings, including LifeLock Advantage, LifeLock Ultimate, and LifeLock Ultimate Plus, which accounted for more than 40% of our gross new members enrolled during 2014. As of December 31, 2014, over 25% of our cumulative ending members were enrolled in one of our premium service offerings. The following table summarizes the identity theft protection and remediation services that we currently offer to our members.
Feature
LifeLock
Standard
LifeLock
Advantage
LifeLock Ultimate Plus
LifeLock Identity Alert System
Ÿ
Ÿ
Ÿ
Lost Wallet Protection
Ÿ
Ÿ
Ÿ
Address Change Verification
Ÿ
Ÿ
Ÿ
Reduced Pre-Approved Credit Card Offers
Ÿ
Ÿ
Ÿ
Black Market Website Surveillance
Ÿ
Ÿ
Ÿ
Live Member Support 24/7/365
Ÿ
Ÿ
Ÿ
Remediation Services During Normal Business Hours
Ÿ
Ÿ
Ÿ
$1 Million Total Service Guarantee backed by Zero Deductible Identity Theft Insurance Policy
Ÿ
Ÿ
Ÿ
Fictitious Identity Monitoring
 
Ÿ
Ÿ
Court Records Scanning
 
Ÿ
Ÿ
Data Breach Notifications
 
Ÿ
Ÿ
Credit Card, Checking and Savings Account Activity Alerts
 
Ÿ
Ÿ
Investment Account Activity Alerts
 
 
Ÿ
Online Annual Credit Report(s)
 
1 Credit Bureau
3 Credit Bureaus
Online Annual Credit Score(s)
 
1 Credit Bureau
3 Credit Bureaus
File-Sharing Network Searches
 
 
Ÿ
Sex Offender Registry Reports
 
 
Ÿ
Monthly Credit Score Tracking
 
 
Ÿ
Credit Inquiry Activity
 
 
Ÿ
Checking and Savings Account Application Alerts
 
 
Ÿ
Bank Account Takeover Alerts
 
 
Ÿ
Retail list pricing
$9.99 per month
$109.89 per year
$19.99 per month
$219.89 per year
$29.99 per month
$329.99 per year

7



Once enrolled in our services, a member may also purchase our LifeLock Junior service, which provides identity theft protection services for minors.  In addition, the LifeLock Wallet mobile application allows consumers to replicate and store a digital copy of their personal wallet contents on their smart device for records backup, as well as mobile use of items such as credit, identification, ATM, insurance, and loyalty cards. The LifeLock Wallet mobile application also offers our members access to our identity theft protection services. As part of our consumer services, we offer 24x7x365 member service support. In addition, in the event that an identity theft has actually occurred, we can take actions designed to help restore the member's identity through our remediation services. Our remediation service team works directly with government agencies, merchants, and creditors to remediate the impact of the identity theft event utilizing our remediation expertise on behalf of our members. This includes our $1 million service guarantee, which is backed by an identity theft insurance policy, under which we will spend up to $1 million to cover certain third-party costs and expenses incurred in connection with the remediation, such as legal and investigatory fees. This insurance also covers certain out-of-pocket expenses, such as loss of income, replacement of fraudulent withdrawals, and costs associated with child and elderly care, travel, stolen purse/wallet, and replacement of documents.
Our consumer services are enhanced by services provided by our third-party fulfillment partners. In January 2014, we entered into a Technology Services Agreement with CSIdentity Corporation, or CSID, which was amended in November 2014. Pursuant to this Technology Services Agreement, which replaced and superseded in its entirety the Amended and Restated Reseller Agreement with CSID dated November 12, 2008, as amended, we purchase certain CSID services. These services comprise a part of our identity theft protection services for consumers and include, among others, non-credit related reports, certain credit reports and scores, and monitoring services. Our agreement with CSID expires on February 15, 2018 and will renew automatically for consecutive 12-month periods, unless we notify CSID of our intent not to renew at least 90 days prior to the expiration of either the initial term or a renewal term or CSID notifies us of its intent not to renew at least 180 days prior to the expiration of either the initial term or a renewal term. In July 2011, we entered into an Identity Protection Service Provider Agreement with Early Warning Services, LLC, or EWS, pursuant to which we market certain alerts generated from data gathered by EWS. These alerts consist of information regarding the checking and savings accounts of our members and the use of our members’ personally identifiable information in connection with checking and savings accounts, a key feature of our consumer service offerings. Our agreement with EWS, as most recently amended in July 2014, expires in July 2017 and is subject to automatic renewal for one-year terms unless either party provides prior written notice of non-renewal.
Enterprise Services
Our consumer risk management services provide real-time visibility into consumer behavior that enables our enterprise customers to better assess the risk of identity fraud. Our flagship identity risk service, ID Score, delivers an accurate, on-demand assessment of the risk of an individual at account opening and throughout the customer lifecycle. Our consumer risk management services are designed to provide our enterprise customers with visibility into consumer behavior to enable them to better assess the risk of an individual and potential fraud, including the following:
Fraud detection and identity verification. Our services separate legitimate and suspicious identities in order to detect fraud and avoid customer friction and abandonment. Enterprises can quickly discern legitimate consumers from potentially risky individuals with our consumer risk management services designed to deliver a complete picture of the risk of an individual and potential fraud at any point in the customer lifecycle. This assessment enables enterprises to answer two fundamental questions: is the consumer who the consumer claims to be, and what is the risk of doing business with this consumer?
Identity-related compliance. Our services reduce the regulatory compliance costs normally associated with regulations, such as the Patriot Act and FTC Red Flags regulations, which require the review of identities presented by applicants. Our services address regulatory compliance requirements by utilizing unique data across multiple industries to help clear and remediate identities, ultimately reducing the volume of manual reviews.
These capabilities help prevent our enterprise customers from providing products or services to an individual misrepresenting the individual’s identity by, among other things, using another individual’s social security number, name, address, phone number, or date of birth.
We also offer credit risk services that are designed to provide real-time visibility into consumer stability and that augment and enhance traditional credit scores. Our credit risk services utilize our proprietary data repositories, which include alternative credit data typically not reported to the traditional credit bureaus such as wireless customer and payday lending data. This provides our enterprise customers with better information on which to base account opening, lending, and credit decisions throughout the customer lifecycle to maximize revenue opportunities and reduce risk.
We offer our enterprise services through an on-demand platform under multi-year contracts with monthly transaction-based pricing. We believe these services enable our enterprise customers to reduce fraud and credit losses, improve collection performance, increase revenue, reduce decision making time, protect customers, and minimize customer friction.

8



Sales and Marketing
Consumer Services
We pursue a multi-channel member acquisition and brand marketing program. This program is designed to grow our member base by increasing brand awareness, driving our product superiority message, and maximizing our reach to prospective members.
Consumer marketing. We utilize consumer advertising and direct response marketing to elevate our brand, attract new members, and generate significant demand for our services, with an increased utilization of digital media.
We use a variety of marketing programs to target members, including radio, television, and print advertisements; direct mail campaigns; our LifeLock Wallet mobile application; press coverage for our company and our services; online display advertising; paid search and search-engine optimization; third-party endorsements; and education programs. In 2014, we derived just over half of our gross new members from our consumer marketing programs.
Partner distribution channels. We utilize strategic and affiliate partner distribution channels to refer prospective members to us and assist us in selling our consumer services to our partners’ and affiliates’ customer bases. We have developed and implemented a national sales organization that targets new partners to enhance our partner distribution channels. In 2014, we derived just under half of our gross new members from our partner distribution channels. These channels include the following:
Co-marketing. In this channel, our co-marketing partners, such as airline affinity rewards programs, send co-branded advertisements through direct mail, e-mail, or other communication means to their customer bases.
Embedded product. In this channel, our partners, such as AOL, embed our consumer services into their products and services and pay us on behalf of their customers.
Employee benefit. In this channel, our partners offer our consumer services as an optional employee benefit as part of their employee benefit program.
Online affiliates. In this channel, our online affiliates, at their own cost, create independent websites and marketing materials to drive prospective members to our consumer service offerings.
Data breach. In this channel, enterprises that have experienced a data breach pay us to provide our services free of charge to the victims of the data breach.
Enterprise Services
We utilize a combination of direct and indirect sales and marketing strategies to market our enterprise services. Our internal sales organization is structured based on strategic accounts and industry verticals and is supported by account management, customer service, and customer implementation support teams. We have and continue to develop strategic partnerships with key industry verticals. As part of our sales strategy, we typically offer our prospective enterprise customers the opportunity to provide us with historical data so that we can demonstrate the return on investment had our services been deployed over a specific period of time.
Customer Service
We focus on retention of our current members and believe our ability to establish and maintain long-term relationships with our members depend, in part, on the strength of our member services organization. We have more than 200 employees in our member services organization. Our Tempe, Arizona member service center is open 24x7x365, and we provide remediation services during normal business hours. Our members can communicate with our member service representatives by e-mail or telephone. We also leverage frequent communication and feedback from our members and enterprise customers to continually improve our services.
Customers
Members. As of December 31, 2014, we had approximately 3.6 million members. Our members range from those looking to minimize the risk of identity theft and identity fraud to those who have experienced the personal traumatic event of an identity theft and want the protection and services and peace of mind we provide. Most of our members are paying subscribers who have enrolled in our consumer services directly with us on a monthly or annual basis. A small percentage of our members receive our consumer services through a third-party enterprise that pays us directly, often as a result of a breach within the enterprise or by embedding our service within a broader third-party offering.

9



Enterprise Customers. We have approximately 50 direct enterprise customers, which include leading financial institutions, telecommunication and cable services providers, government agencies, and technology companies. Through our direct enterprise customers, we also provide our enterprise services to more than 250 indirect enterprise customers, including large retailers, automobile and mortgage lenders, and e-commerce providers. No single enterprise customer accounted for 10% or more of our total enterprise revenue in 2013 or 2014.
Competition
We operate in a highly competitive and rapidly evolving business environment. We believe that the competitive factors in our market include access to a breadth of identity and consumer transaction data, broad and effective service offerings, brand recognition, technology, effective and cost-efficient customer acquisition, customer satisfaction, price, quality and reliable customer service, and accurate identification of appropriate target markets for our business. Our primary competitors are the credit bureaus that include Experian, Equifax, and TransUnion, as well as others, such as Affinion, EWS, Intersections, CSID, and LexisNexis. Some of our competitors have substantially greater financial, technical, marketing, distribution, and other resources than we possess that afford them competitive advantages. As a result, they may be able to devote greater resources to the development, promotion, and sale of services, to deliver competitive services at lower prices or for free, and to introduce new solutions and respond to market developments and customer requirements more quickly than we can.
We believe that the combination of our brand awareness, industry experience, strong retention rate, growing customer base, quality customer service, and extensive data repositories and analytics capabilities provide us with significant competitive advantages. These advantages include our ability to detect and address risk more proactively and comprehensively; our growing data repositories of personally identifiable information and consumer transactions that would be difficult to replicate; our enhanced capability to assess the probability of identity threats; our enhanced visibility into consumer stability and behavior to detect the recurrence of identity threats; our ability to protect both consumers and enterprises against identity threats; our ability to reach an expanding total addressable market concerned about identity theft; and our ability to offer additional services to protect consumers and enterprises against identity theft and identity fraud.
Intellectual Property
We protect our intellectual property rights primarily through a combination of foreign, federal, state, and common law rights, as well as contractual restrictions. We control access to our proprietary technology by entering into confidentiality and invention assignment agreements with our employees and contractors and confidentiality agreements with third parties.
In addition to these contractual arrangements, we also rely on a combination of patents, trademarks, service marks, domain names, copyrights, and trade secrets to protect our intellectual property. As of December 31, 2014, we held six U.S. patents covering various systems and methods for identity based fraud detection, and also had four U.S. patent applications pending. We pursue the registration of our trademarks, service marks, and domain names in the United States and in certain locations abroad. Our registered trademarks in the United States include “LifeLock,” “LifeLock Identity Alert,” our logo, “ID Analytics,” and “ID Score.”
Circumstances outside our control could pose a threat to our intellectual property rights. Effective intellectual property protection may not be available, and the efforts we have taken to protect our proprietary rights may not be sufficient or effective. Any significant impairment of our intellectual property rights could harm our business or our ability to compete. In addition, protecting our intellectual property rights is costly and time consuming. Any unauthorized disclosure or use of our intellectual property could make it more expensive to do business and harm our operating results.
Companies in the technology industry may own a large number of patents, copyrights, and trademarks and may frequently request license agreements, threaten litigation, or file suit against us based on allegations of infringement or other violations of intellectual property rights. From time to time, we face, and we expect to face in the future, allegations that we have infringed the trademarks, copyrights, patents, and other intellectual property rights of third parties, including our competitors. As we face increasing competition and as our business grows, we will likely face more claims of infringement.
Governmental Regulation
Our business and the information we use in our business is subject to a wide variety of federal, state, foreign, and local laws and regulations, including the FCRA, the Gramm-Leach-Bliley Act, the FTC Act and comparable state laws that are patterned after the FTC Act, and similar laws. We also are subject to federal and state laws and regulations relating to the channels in which we sell and market our services. In addition, our business is subject to the FTC Stipulated Final Judgment and Order for Permanent Injunction and Other Equitable Relief, which we refer to as the FTC Order, as well as the companion orders with 35 states’ attorneys general that we entered into in March 2010. We incur significant costs to operate our business and monitor our compliance with these laws, regulations, and consent decrees. Any changes to the existing applicable laws or regulations, or any determination that other laws or regulations are applicable to us, could increase our costs or impede our ability to provide our services to our customers, which could have a material adverse effect on our business, operating results, financial condition, and prospects. In addition, any of these laws or regulations is subject to revision, and we cannot predict the

10



impact of such changes on our business. Further, any determination that we have violated any of these laws, regulations, or consent decrees may result in liability for fines, damages, or other penalties, which could have a material adverse effect on our business, operating results, financial condition, and prospects.
We also are subject to federal, state, and foreign laws regarding privacy and protection of data. We post on our website our privacy policy and our terms and conditions, which describe our practices concerning the collection, use, transmission, and disclosure of data. Any failure by us to comply with our posted privacy policy or privacy-related laws and regulations could result in proceedings against us by governmental authorities or others, which could harm our business. In addition, the interpretation of data protection laws, and their application to the Internet, is unclear and in a state of flux. There is a risk that these laws may be interpreted and applied in conflicting ways from state to state, country to country, or region to region, and in a manner that is not consistent with our current data protection practices. Complying with these varying requirements, the evolving nature of all of these laws and regulations, the evolving nature of various governmental bodies’ enforcement efforts, and the possibility of new laws in this area, could increase our costs or impede our ability to provide our services to our customers, which could have a material adverse effect on our business, operating results, financial condition, and prospects. Further, any failure by us to adequately protect our members’ privacy and data could result in a loss of member confidence in our services and ultimately in a loss of members and enterprise customers, which could adversely affect our business.
In March 2010, we and Todd Davis, our Chairman and Chief Executive Officer, entered into the FTC Order. The FTC Order was the result of a settlement of the allegations by the FTC that certain of our advertising and marketing practices constituted deceptive acts or practices in violation of the FTC Act, which settlement made no admission as to the allegations related to such practices. The FTC Order imposes on us and Mr. Davis certain injunctive provisions relating to our advertising and marketing of our identity theft protection services, such as enjoining us from making any misrepresentation of “the means, methods, procedures, effects, effectiveness, coverage, or scope of” our identity theft protection services. However, the bulk of the more specific injunctive provisions have no direct impact on the advertising and marketing of our current services because we have made significant changes in the nature of the services we offer to consumers since the investigation by the FTC in 2007 and 2008, including our adoption of new technology that permits us to provide protection against identity theft and identity fraud. The FTC investigation of our advertising and marketing activities occurred during the time that we relied significantly on the receipt of fraud alerts from the credit reporting agencies for our members. The FTC believed that such alerts had inherent limitations in terms of coverage, scope, and timeliness. Many of the allegations in the FTC complaint, which accompanied the FTC Order, related to the inherent limitations of using credit report fraud alerts as the foundation for identity theft protection. The FTC Order also imposes on us and Mr. Davis certain injunctive provisions relating to our data security for members’ personally identifiable information. At the same time, we also entered into companion orders with 35 states’ attorneys general that impose on us similar injunctive provisions as the FTC Order relating to our advertising and marketing of our identity theft protection services. In addition, the FTC Order imposes on us and Mr. Davis certain compliance requirements, including the delivery of an annual compliance report. We and Mr. Davis have timely submitted these annual compliance reports, but the FTC has not accepted or approved them to date.
The FTC Order provided for a consumer redress payment of $11 million, which we made in 2010 to the FTC for distribution to our members. The FTC Order also provided for an additional consumer redress payment of $24 million, which was suspended based on our then-current financial condition on the basis of financial information we submitted to the FTC. The FTC Order specifies that in the event the FTC were to find that the financial materials submitted by us to the FTC at the time of the FTC Order were not truthful, accurate, and complete, the court order entering the settlement could be re-opened and the suspended judgment in the amount of the additional $24 million would become immediately due in full.
As previously disclosed, on January 17, 2014, we met with FTC Staff, at our request, to discuss issues regarding allegations that were asserted in a whistleblower claim against us relating to our compliance with the FTC Order. On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the FTC Order. On October 29, 2014, we completed our responses to the FTC’s March 13, 2014 request for information. On January 5, 2015, we completed our responses to the FTC’s subsequent requests for clarification regarding certain information that we previously submitted. We have engaged in ongoing discussions with the FTC Staff regarding the FTC's inquiry into our compliance with the FTC Order. On February 4, 2015, we made a $20 million settlement offer to the FTC Staff and we remain in ongoing discussions with the FTC Staff regarding a possible settlement of this inquiry. There is no guarantee that we will settle this inquiry for $20 million, if at all, and any settlement with the FTC regarding this inquiry, in addition to the payment of the settlement amount, could result in liability for damages and other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.

11



In addition, on May 16, 2014, we announced that we had determined that certain aspects of the LifeLock Wallet mobile application were not fully compliant with applicable payment card industry (PCI) security standards. As a result, we temporarily suspended the LifeLock Wallet mobile application, and deleted the affected data from our servers. On May 15, 2014, on our own initiative, we informed the FTC Staff of these issues with the LifeLock Wallet mobile application. Those aspects of the LifeLock Wallet mobile application previously identified by us as not meeting applicable PCI security standards were confirmed as meeting applicable PCI security standards on October 28, 2014, and we do not expect to receive further requests for information from the FTC about this. On October 29, 2014, we relaunched the LifeLock Wallet mobile application. A determination that we are in violation of the FTC Order as a result of the FTC’s review of our PCI non-compliance in connection with the LifeLock Wallet mobile application could result in liability for fines, damages, or other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
Given the heightened public awareness of data breaches as well as attention to identity theft protection services like ours, it is also possible that the FTC, at any time, may commence an unrelated inquiry or investigation of our business practices and our compliance with the FTC Order. We believe the increased regulatory scrutiny will continue in our industry for the foreseeable future and could lead to additional meetings or inquiries or investigations by the agencies that regulate our business, including the FTC.
On December 26, 2012, ID Analytics, along with eight other companies, received an information request from the FTC in conjunction with the FTC’s policy study of the operation of the data broker industry. ID Analytics was advised that this request was not an investigation of its business practices but would be the basis of consideration by the FTC whether to recommend to the Congress a legislative extension of FCRA-based consumer safeguards to the use of consumer personal information in the non-FCRA context. In May 2014, the FTC released its “Data Broker Report,” which established, among other things, that the FTC considers ID Analytics to be a “data broker” in the area of “risk mitigation” services.  In the report, the FTC advocated for Congress to pass additional legislation governing the business practices of different categories of data brokers and for data brokers themselves to adjust certain practices.  We expect that the FTC will continue to focus on “data brokers” and their activities for the foreseeable future.
With the growing public concern regarding privacy and the collection, distribution, and use of consumer personal information, we believe we are in an environment in which there is an increased regulatory scrutiny concerning data collection and use practices and the provision and marketing of services, like ours, that seek to protect that information. We expect that kind of scrutiny to continue as the marketplace for services like ours continues to develop. In addition, we believe there has been a recent increase in whistleblower claims made to regulatory agencies, including whistleblower claims made by former employees, which we believe will likely continue, in part because of the provisions enacted by the Dodd-Frank Wall Street Reform and Consumer Protection Act, or the Dodd-Frank Act, that may entitle persons who report alleged wrongdoing to the Securities and Exchange Commission, or SEC, to cash rewards. Often, the allegations underlying such claims to regulatory agencies result in federal and state inquiries and investigations.
Employees
As of December 31, 2014, we employed 669 people. At that date, we had 527 employees in our consumer business, of which 224 were engaged in member service and support, 90 in products and technology, 100 in marketing and strategic partnerships, and 113 in general and administration; and 142 employees in our enterprise business, of which 91 were engaged in information technology, product development, and sales and marketing, 32 in software development and operations, and 19 in general and administration. We consider our relationship with our employees to be good, and none of our employees are represented by a union in collective bargaining with us.
Technology Infrastructure
We employ a range of information technology solutions, controls, procedures, and processes to protect the confidentiality, integrity, and availability of our critical assets, including our data and information technology systems. We have implemented and tested our information security program to guide and coordinate the people, processes, and technology that protect our core services. This program has been designed to implement oversight efforts, administrative activities, and technical controls in an effort to effectively combat the threats to our critical assets.
We use technologies, such as network firewalls, intrusion prevention systems, application firewalls, and anti-malware, to protect network locations and applications from attacks. We also use encryption technologies and strategies to protect our data. We maintain strictly controlled physical environments. Our information technology systems are housed in a secure data center, where access is limited. Our corporate locations are protected with a two-factor badge and biometric reader system. We also put in place additional physical controls to limit visibility to sensitive customer data. We provide our employees with data security education and training.

12



We regularly assess the effectiveness of our information security practices and technical controls. In addition to regular external audits, we conduct internal security testing of current practices in order to determine the effectiveness against emerging threats. Additionally, outside penetration tests are conducted on a regular basis. We conduct regular vulnerability scans and penetration tests of our systems in order to determine whether there are any critical vulnerabilities. We also remain aware of publicly disclosed vulnerabilities in commercial and open source products in order to remediate issues in a timely manner. We monitor our systems and environments for suspicious or unusual events, including intrusion detection systems and central security event correlation technologies. We have implemented an incident response process in order to provide a quick and effective response to any potential issue.
We received our annual PCI-DSS Level 1 certifications for our enterprise business in June of 2014 and for our consumer business in July of 2014. Additionally, we obtained a SOC I report in our enterprise business for our information security systems in April 2014 and a SOC II report for our consumer business in October 2014.
Financial Information About Segments and Geographic Areas
See Note 17 to the consolidated financial statements in Item 8 of this Annual Report on Form 10-K for financial information about our segments and geographic areas.
Available Information
We were incorporated in Delaware in April 2005. Our principal executive offices are located at 60 East Rio Salado Parkway, Suite 400, Tempe, Arizona 85281, and our telephone number is (480) 682-5100. Our website address is www.lifelock.com. The information on our website is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC.
We file reports with the SEC, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any other filings required by the SEC. Through our website, we make available free of charge our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and all amendments to those reports, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC.
The public may read and copy any materials we file with, or furnish to, the SEC at the SEC’s Public Reference Room at 100 F Street, NE, Washington, DC 20549. The public may obtain information on the operation of the Public Reference Room by calling the SEC at 1-800-SEC-0330. The SEC maintains an Internet site (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.
ITEM 1A. Risk Factors
Certain factors may have a material adverse effect on our business, financial condition, and results of operations. You should consider carefully the risks and uncertainties described below, in addition to other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and related notes. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks actually occurs, our business, financial condition, results of operations, and future prospects could be materially and adversely affected. In that event, the trading price of our common stock could decline, and you could lose part or all of your investment.
Risks Related to Our Business and Industry
We have been profitable in our last three fiscal years after incurring significant net losses from our inception through fiscal 2011, but we may not be able to maintain profitability on an annual basis in the future.
We have been profitable in our last three fiscal years after incurring significant net losses from our inception through 2011, but we cannot predict whether we will be able to maintain profitability on an annual basis in the future. We had net income of $2.5 million in 2014, including a $20.0 million legal reserve for a possible settlement with the FTC in connection with its inquiry into our compliance with the FTC Order, net income of $54.5 million in 2013, including a $37.5 million income tax benefit resulting from the release of substantially all of our valuation allowance associated with our deferred tax assets, and net income of $23.5 million in 2012, including a $14.2 million income tax benefit resulting from our acquisition of ID Analytics. We had net losses of $4.3 million and $15.4 million in 2011 and 2010, respectively.
Our recent growth, including our growth in revenue and customer base, may not be sustainable or may decrease, and we may not generate sufficient revenue to maintain annual profitability. Moreover, we expect to continue to make significant expenditures to maintain and expand our business and to operate as a consolidated entity with ID Analytics and Lemon. We also expect to incur additional costs associated with our regulatory and public company compliance, including costs related to our compliance with Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act. These increased expenditures will make it more difficult for us to maintain future annual profitability. Our ability to maintain annual profitability depends on a number of factors, including our ability to attract and service customers on a profitable basis. If we

13



are unable to maintain annual profitability, we may not be able to execute our business plan, our prospects may be harmed, and our stock price could be materially and adversely affected.
If the security of confidential information used in connection with our services is breached or otherwise subject to unauthorized access, our reputation and business may be materially harmed.
Our services require us to collect, store, use, and transmit significant amounts of confidential information, including personally identifiable information, credit card information, and other critical data. We employ a range of information technology solutions, controls, procedures, and processes designed to protect the confidentiality, integrity, and availability of our critical assets, including our data and information technology systems. While we engage in a number of measures aimed to protect against security breaches and to minimize problems if a data breach were to occur, our information technology systems and infrastructure may be vulnerable to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or due to other circumstances, such as error or malfeasance by employees or third party service providers or technology malfunction. The occurrence of any of these events, as well as a failure to promptly remedy these events should they occur, could compromise our systems, and the information stored in our systems could be accessed, publicly disclosed, lost, stolen, or damaged. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to suffer negative publicity, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services. Techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are difficult to recognize and react to effectively and are constantly evolving. We may be unable to anticipate these techniques or to implement adequate preventive or reactive measures. Several recent, highly publicized data security breaches at other companies have heightened consumer awareness of this issue and may embolden individuals or groups to target our systems or those of our strategic partners or enterprise customers.
Security technologies and information, including encryption and authentication technology licensed from third parties, are a key aspect of our security measures designed to secure our critical assets. While we routinely seek to update these technologies and information, advances in computer capabilities, new discoveries in the field of cryptography, or other developments may result in the technology we use becoming obsolete, breached, or compromised and cause us to incur additional expenses associated with upgrading our security systems. In addition, security information provided to us by third parties may be inaccurate, incomplete, or outdated, which could cause us to make misinformed security decisions and could materially and adversely affect our business.
Under payment card rules and our contracts with our card processors, we could be liable to the payment card issuing banks for their cost of issuing new cards and related expenses if there is a breach of payment card information that we store. In addition, if we fail to follow payment card industry security standards, even if there is no compromise of customer information, we could incur significant fines or lose our ability to give customers the option of using payment cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be materially harmed.
Many states have enacted laws requiring companies to notify individuals of data security breaches involving their personal data. In the United States, federal and state laws provide for over 45 laws and notification regimes, all of which we are subject to, and additional requirements may be instituted in the future. In the event of a data security breach, these mandatory disclosures often lead to widespread negative publicity. In addition, complying with such numerous and complex regulations in the event of a data security breach is often expensive, difficult, and time consuming, and the failure to comply with these regulations could subject us to regulatory scrutiny and additional liability and harm our reputation.
Any actual or perceived security breach, whether successful or not and whether or not attributable to the failure of our services or our information technology systems, as well as our failure to promptly and appropriately react to a breach, would likely harm our reputation, adversely affect market perception of our services, and cause the loss of customers and strategic partners. Our property and business interruption insurance may not be adequate to compensate us for losses or failures that may occur. Our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost, and our decisions with respect to risk retention.

14



Our business is highly dependent upon our brand recognition and reputation, and the failure to maintain or enhance our brand recognition or reputation would likely have a material adverse effect on our business.
Our brand recognition and reputation are critical aspects of our business. We believe that maintaining and further enhancing our LifeLock and ID Analytics brands as well as our reputation will be critical to retaining existing customers and attracting new customers. We also believe that the importance of our brand recognition and reputation will continue to increase as competition in our markets continues to develop. Our success in this area will be dependent on a wide range of factors, some of which are out of our control, including the following:
the efficacy of our marketing efforts;
our ability to retain existing and obtain new customers and strategic partners;
the quality and perceived value of our services;
actions of our competitors, our strategic partners, and other third parties;
positive or negative publicity, including material on the Internet;
regulatory and other governmental related developments; and
litigation related developments.
Sales and marketing expenses have historically been our largest operating expense, and we anticipate these expenses will continue to increase in the foreseeable future as we continue to seek to grow our business and customer base and enhance our brand. These brand promotion activities may not yield increased revenue and the efficacy of these activities will depend on a number of factors, including our ability to do the following:
determine the appropriate creative message and media mix for advertising, marketing, and promotional expenditures;
select the right markets, media, and specific media vehicles in which to advertise;
identify the most effective and efficient level of spending in each market, media, and specific media vehicle; and
effectively manage marketing costs, including creative and media expenses, in order to maintain acceptable customer acquisition costs.
Increases in the pricing of one or more of our marketing and advertising channels could increase our marketing and advertising expenses or cause us to choose less expensive but possibly less effective marketing and advertising channels. If we implement new marketing and advertising strategies, we may utilize marketing and advertising channels with significantly higher costs than our current channels, which in turn could adversely affect our operating results. Implementing new marketing and advertising strategies also would increase the risk of devoting significant capital and other resources to endeavors that do not prove to be cost effective. Further, we may over time become disproportionately reliant on one channel or strategic partner, which could limit our marketing and advertising flexibility and increase our operating expenses. We also may incur marketing and advertising expenses significantly in advance of the time we anticipate recognizing revenue associated with such expenses, and our marketing and advertising expenditures may not generate sufficient levels of brand awareness or result in increased revenue. Even if our marketing and advertising expenses result in increased revenue, the increase might not offset our related expenditures. If we are unable to maintain our marketing and advertising channels on cost-effective terms or replace or supplement existing marketing and advertising channels with similarly or more effective channels, our marketing and advertising expenses could increase substantially, our customer base could be adversely affected, and our business, operating results, financial condition, and reputation could suffer.
Furthermore, negative publicity, whether or not justified, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. Damage to our reputation and loss of brand equity may reduce demand for our services and have an adverse effect on our business, operating results, and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands may be costly and time consuming, and such efforts may not ultimately be successful.
 We face intense competition, and we may not be able to compete effectively, which could reduce demand for our services and adversely affect our business, growth, reputation, revenue, and market share.
We operate in a highly competitive business environment. Our primary competitors are the credit bureaus that include Experian, Equifax, and TransUnion, as well as others, such as Affinion, EWS, Intersections, CSID, and LexisNexis. Some of our competitors have substantially greater financial, technical, marketing, distribution, and other resources than we possess that afford them competitive advantages. As a result, they may be able to devote greater resources to the development, promotion, and sale of services, to deliver competitive services at lower prices or for free, and to introduce new solutions and respond to market developments and customer requirements more quickly than we can. In addition, some of our competitors may have data that we do not have or cannot obtain without difficulty. Any of these factors could reduce our growth, revenue, access to valuable data, or market share.

15



Our ability to compete successfully in our markets depends on a number of factors, both within and outside our control. Some of these factors include the following:
access to a breadth of identity and consumer transaction data;
breadth and effectiveness of service offerings, including designing and introducing new services;
brand recognition;
technology;
effectiveness and cost-efficiency of customer acquisition;
customer satisfaction;
price;
quality and reliability of customer service; and
accurate identification of appropriate target markets for our business.
Any failure by us to compete successfully in any one of these or similar areas may reduce the demand for our services and the robustness of the LifeLock ecosystem, as well as adversely affect our business, growth, reputation, revenue, and market share. Moreover, new competitors, alliances among our competitors, or new service introductions by our competitors may emerge and potentially adversely affect our business and prospects.
We could lose our access to data sources, which could cause us competitive harm and have a material adverse effect on our business, operating results, and financial condition.
Our services depend extensively upon continued access to and receipt of data from external sources, including data received from customers and fulfillment partners. Our data providers could stop providing data, provide untimely data, or increase the costs for their data for a variety of reasons, including a perception that our systems are insecure as a result of a data security breach, budgetary constraints, a desire to generate additional revenue, or for competitive reasons. In addition, upon the termination of the contracts we have with certain of our enterprise customers, we are required to remove from our repositories the data contributed by and through those customers. We could also become subject to legislative, regulatory, or judicial restrictions or mandates on the collection, disclosure, or use of such data, in particular if such data is not collected by our providers in a way that allows us to legally use the data. If we were to lose access to a substantial number of data sources or certain key data sources or certain data already in the LifeLock ecosystem, or if our access or use were restricted or became less economical or desirable, our ability to provide our services and the efficacy and attractiveness of the LifeLock ecosystem could be negatively affected, and this would adversely affect us from a competitive standpoint. This would also adversely affect our business, operating results, and financial condition. We may not be successful in maintaining our relationships with these external data source providers and may not be able to continue to obtain data from them on acceptable terms or at all. Furthermore, we cannot provide assurance that we will be able to obtain data from alternative or additional sources if our current sources become unavailable.
We may lose customers and significant revenue and fail to attract new customers if our existing services become less desirable or obsolete, or if we fail to develop and introduce new services with broad appeal or fail to do so in a timely or cost-effective manner.
The introduction of new services by competitors, the emergence of new industry standards, or the development of new technologies could render our existing or future services less desirable or obsolete. In addition, professional thieves continue to develop more sophisticated and creative methods to steal personal and financial information as consumers and enterprises today become increasingly interconnected and engage in a large number of daily activities that involve personal or financial information. Consequently, our financial performance and growth depends upon our ability to enhance and improve our existing services, develop and successfully introduce new services that generate customer interest, and sell our services in new markets. As our existing services mature, encouraging customers to purchase enhancements or upgrades becomes more challenging unless new service offerings provide features and functionality that have meaningful incremental value. To achieve market acceptance for our services, we must effectively anticipate and offer services that meet changing customer demands in a timely manner. Customers may require features and capabilities that our current services lack. In addition, any new markets in which we attempt to sell our services, including new industries, countries, or regions, may not be receptive to our service offerings. If we fail to enhance our existing services in a timely and cost-effective manner, successfully develop and introduce new services, or sell our services in new markets, our ability to retain our existing or attract new customers and our ability to create or increase demand for our services could be harmed, which would have an adverse effect on our business, operating results, and financial condition.

16



We will be required to make significant investments in developing new services. We also will be subject to all of the risks inherent in the development of new services, including unanticipated technical or other development problems, which could result in material delays in the launch and acceptance of the services or significantly increased costs. In some cases, we may expend a significant amount of resources and management attention on service offerings that do not ultimately succeed in their markets. Because new service offerings are inherently risky, they may not be successful and may harm our operating results and financial condition.
Our inability to develop and offer services that are attractive to the growing number of consumers who utilize wireless devices other than personal computers to access online services could adversely affect our business.
The number of people who access services through devices other than personal computers, including mobile phones, smart phones, handheld computers, tablets, and other mobile devices, has increased dramatically in recent years and is projected to continue to increase.  The services we develop for users of these alternative devices may not be attractive for users.  In December 2013, in connection with our acquisition of Lemon, we launched the LifeLock Wallet mobile application.  On May 16, 2014, we announced that we had determined that certain aspects of the LifeLock Wallet mobile application were not fully compliant with applicable payment card industry (PCI) security standards. As a result, we temporarily suspended the LifeLock Wallet mobile application, and deleted the affected data from our servers.  Those aspects of the LifeLock Wallet mobile application previously identified by us as not meeting applicable PCI security standards were confirmed as meeting applicable PCI security standards on October 28, 2014. On October 29, 2014, we relaunched the LifeLock Wallet mobile application. The success of our mobile application is unproven, and we have prioritized the quality of user experience with our mobile application over short-term monetization.  Despite the expected growth in mobile devices, there is no guarantee that we will be able to effectively monetize our mobile application and generate meaningful revenue in the future.  If our mobile application is not widely adopted or sufficiently profitable, or if we fail to continue to innovate and introduce enhanced mobile applications and other services for users of these alternative devices, our business could be adversely affected.
As new devices, platforms, and technologies are continually being released, it is difficult to predict the problems we may encounter in developing versions of our services for use with those devices, platforms, and technologies, and we may need to devote significant resources to the creation, support, and maintenance of such offerings.  We are dependent on the interoperability of our mobile application with popular mobile operating systems that we do not control, such as Android and iOS, and any changes in such systems that degrade our application’s functionality or give preferential treatment to competitive products could adversely affect usage of our mobile application.  Additionally, if we are slow to develop new services and technologies that are compatible with these devices, platforms, and technologies, or if our competitors are able to achieve those results more quickly than us, we will fail to capture a significant share of an increasingly important portion of the market for online services, which could adversely affect our business.
Our revenue and operating results depend significantly on our ability to retain our existing customers, and any decline in our retention rates will harm our future revenue and operating results.
Our revenue and operating results depend significantly on our ability to retain our existing customers. In our consumer business from which we derive a significant portion of our revenue, we sell our services to our members on a monthly or annual subscription basis. Our members may cancel their membership with us at any time without penalty. In our enterprise business, our customers have no obligation to renew their agreements with us after the contractual term expires, and approximately 70% of our direct enterprise customers do not have monthly transaction minimums and, accordingly, may reduce their utilization of our services during the contractual term. We therefore may be unable to retain our existing members and enterprise customers on the same or on more profitable terms, if at all, and may generate lower revenue as a result of less utilization of our services by our enterprise customers. In addition, we may not be able to predict or anticipate accurately future trends in customer retention or enterprise customer utilization or effectively respond to such trends. Our customer retention rates and enterprise customer utilization may decline or fluctuate due to a variety of factors, including the following:
our customers’ levels of satisfaction or dissatisfaction with our services;
the quality, breadth, and prices of our services;
our general reputation and events impacting that reputation;
the services and related pricing offered by our competitors;
our customer service and responsiveness to any customer complaints;
customer dissatisfaction if they do not receive the full benefit of our services due to their failure to provide all relevant data;
customer dissatisfaction with the methods or extent of our remediation services;
our guarantee may not meet our customers’ expectations; and
changes in our target customers’ spending levels as a result of general economic conditions or other factors.

17



If we do not retain our existing customers, our revenue may grow more slowly than expected or decline, and our operating results and gross margins will be harmed. In addition, our business and operating results may be harmed if we are unable to increase our retention rates.
We also must continually add new customers both to replace customers who cancel or elect not to renew their agreements with us and to grow our business beyond our current customer base. If we are unable to attract new customers in numbers greater than the percentage of customers who cancel or elect not to renew their agreements with us, which we call “churn,” our customer base will decrease, and our business, operating results, and financial condition will be adversely affected. Churn negatively impacts the predictability of our subscription revenue model and the efficacy and attractiveness of the LifeLock ecosystem by decreasing the amount of data being added to our data repositories.
We depend on strategic partners in our consumer business, and our inability to maintain our existing and secure new relationships with strategic partners could harm our revenue and operating results.
We have derived, and intend to continue to derive, a significant portion of our revenue from members who subscribe to our consumer services through one of our strategic partners. In 2014, we derived just under half of our gross new members from our partner distribution channels. These distribution channels involve various risks, including the following:
we may be unable to maintain or secure favorable relationships with strategic partners;
our strategic partners may not be successful in expanding our membership base;
our strategic partners may seek to renegotiate the economic terms of our relationships;
our strategic partners may terminate their relationships with us;
bad publicity and other issues faced by our strategic partners could negatively impact us; and
our strategic partners, some of which already compete with us, may present increased competition for us in the future.
 Our inability to maintain our existing and secure new relationships with strategic partners could harm our revenue and operating results.
Many of our key strategic partnerships are governed by agreements that may be terminated without cause and without penalty by our strategic partners upon notice of as few as 30 days. Under many of our agreements with strategic partners, our partners may cease or reduce their marketing of our services at their discretion, which may cause us to lose access to prospective members and significantly reduce our revenue and operating results.
Some of our strategic partners possess significant resources and advanced technical abilities. Some offer services that are competitive with our services and more may do so in the future, either alone or in collaboration with other competitors. Those strategic partners could give a higher priority to competing services or decide not to continue to offer our services at all. If any of our strategic partners discontinue or reduce the sale or marketing of our services, promote competitive services, or, either independently or jointly with others, develop and market services that compete with our services, our business and operating results may be harmed. In addition, some of our strategic partners may experience financial or other difficulties, causing our revenue through those strategic partners to decline, which would adversely affect our operating results.
In order for us to implement our business strategy and grow our revenue, we must effectively manage and expand our relationships with qualified strategic partners. We expend significant time and resources in attracting qualified strategic partners, training those partners in our technology and service offerings, and then maintaining relationships with those partners. In order to continue to develop and expand our distribution channels, we must continue to scale and improve our processes and procedures that support our strategic partnerships. Those processes and procedures could become increasingly complex and difficult to manage. Our competitors also use arrangements with strategic partners, and it could be more difficult for us to maintain and expand our distribution channels if they are more successful in attracting strategic partners or enter into exclusive relationships with strategic partners. If we fail to maintain our existing or secure new relationships with strategic partners, our business will be harmed.

18



We are subject to extensive government regulation, which could impede our ability to market and provide our services and have a material adverse effect on our business.
Our business and the information we use in our business is subject to a wide variety of federal, state, and local laws and regulations, including the FCRA, the Gramm-Leach-Bliley Act, the FTC Act and comparable state laws that are patterned after the FTC Act, and other laws governing credit information, consumer privacy and marketing, servicing of consumer products and services, and insurance products and services. In addition, our business is subject to the FTC Order, as well as the companion orders with 35 states’ attorneys general that we entered into in March 2010. These laws, regulations, and consent decrees cover, among other things, advertising, automatic subscription renewal, broadband residential Internet access, consumer protection, content, copyrights, credit card processing procedures, data protection, distribution, electronic contracts, member privacy, pricing, sales and other procedures, tariffs, and taxation. In addition, it is unclear how existing laws and regulations governing issues such as property ownership, sales and other taxes, and personal privacy apply to the Internet. We incur significant costs to operate our business and monitor our compliance with these laws, regulations, and consent decrees. Any of these laws and regulations is subject to revision, and we cannot predict the impact of such changes on our business. Complying with these varying requirements, the evolving nature of all of these laws and regulations, the evolving nature of various governmental bodies’ enforcement efforts, and the possibility of new laws in this area, could increase our costs or impede our ability to provide our services to our customers, which could have a material adverse effect on our business, operating results, financial condition, and prospects.
In addition, various governmental agencies have the authority to commence investigations and enforcement actions under these laws, regulations, and consent decrees, and private citizens also may bring actions, including class action litigation and whistleblower claims, under some of these laws and regulations. As described in more detail in Item 3 of this Annual Report on Form 10-K, we are currently subject to certain class action lawsuits filed against us.
As previously disclosed, on January 17, 2014, we met with FTC Staff, at our request, to discuss issues regarding allegations that were asserted in a whistleblower claim against us relating to our compliance with the FTC Order. On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the FTC Order. On October 29, 2014, we completed our responses to the FTC’s March 13, 2014 request for information. On January 5, 2015, we completed our responses to the FTC’s subsequent requests for clarification regarding certain information that we previously submitted. We have engaged in ongoing discussions with the FTC Staff regarding the FTC's inquiry into our compliance with the FTC Order. On February 4, 2015, we made a $20 million settlement offer to the FTC Staff and we remain in ongoing discussions with the FTC Staff regarding a possible settlement of this inquiry. There is no guarantee that we will settle this inquiry for $20 million, if at all, and any settlement with the FTC regarding this inquiry, in addition to the payment of the settlement amount, could result in liability for damages and other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
In addition, on May 16, 2014, we announced that we had determined that certain aspects of the LifeLock Wallet mobile application were not fully compliant with applicable payment card industry (PCI) security standards. As a result, we temporarily suspended the LifeLock Wallet mobile application, and deleted the affected data from our servers. On May 15, 2014, on our own initiative, we informed the FTC Staff of these issues with the LifeLock Wallet mobile application. We have no indication that the data included in the LifeLock Wallet mobile application servers was compromised. The LifeLock Wallet mobile application storage processes are separate and independent from our core identity theft protection services business, including the enrollment and related credit card storage processes used in our services. As such, we do not believe the suspension of the LifeLock Wallet mobile application impacted in any manner the core functionality or utility of the identity theft protection services we provide to our members.  Those aspects of the LifeLock Wallet mobile application previously identified by us as not meeting applicable PCI security standards were confirmed as meeting applicable PCI security standards on October 28, 2014, and we do not expect to receive further requests for information about this. On October 29, 2014, we relaunched the LifeLock Wallet mobile application. A determination that we are in violation of the FTC Order as a result of the FTC’s review of our PCI non-compliance in connection with the LifeLock Wallet mobile application could result in liability for fines, damages, or other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
Given the heightened public awareness of data breaches and well as attention to identity theft protection services like ours, it is also possible that the FTC, at any time, may commence additional inquiries or investigations of our business practices and our compliance with the FTC Order. We believe the increased regulatory scrutiny will continue in our industry for the foreseeable future and could lead to additional meetings or inquiries or investigations by the agencies that regulate our business, including the FTC.

19



Responding to these investigations and actions may cause us to incur significant expenses and could divert our management and key personnel from our business operations. Any determination that we have violated any of these laws, regulations, or consent decrees may result in liability for fines, damages, or other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects. In addition, the media recently is increasingly covering perceived noncompliance with consumer protection regulations and violations of notions of fair dealing with customers, and our industry is susceptible to peremptory charges by the media and others of regulatory noncompliance and unfair dealing.
On December 26, 2012, ID Analytics, along with eight other companies, received an information request from the FTC in conjunction with the FTC's policy study of the operation of the data broker industry. ID Analytics was advised that this request was not an investigation of its business practices but would be the basis of consideration by the FTC whether to recommend to the Congress a legislative extension of FCRA-based consumer safeguards to the use of consumer personal information in the non-FCRA context. In May 2014, the FTC released its “Data Broker Report,” which established, among other things, that the FTC considers ID Analytics to be a “data broker” in the area of “risk mitigation” services.  In the report, the FTC advocated for Congress to pass additional legislation governing the business practices of different categories of data brokers and for data brokers themselves to adjust certain practices.  We expect that the FTC will continue to focus on “data brokers” and their activities for the foreseeable future. Any future legislation or additional regulation that is enacted as a result of the FTC's "Data Broker Report" may result in increased compliance costs or require us to make changes to our services and business practices, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
With the growing public concern regarding privacy and the collection, distribution, and use of consumer personal information, we believe we are in an environment in which there is an increased regulatory scrutiny concerning data collection and use practices and the provision and marketing of services, like ours, that seek to protect that information. We expect that kind of scrutiny to continue as the marketplace for services like ours continues to develop. In addition, we believe there has been a recent increase in whistleblower claims made to regulatory agencies, including whistleblower claims made by former employees, which we believe will likely continue, in part because of the provisions enacted by the Dodd-Frank Act that may entitle persons who report alleged wrongdoing to the SEC to cash rewards. Often, the allegations underlying such claims to regulatory agencies result in federal and state inquiries and investigations.
Marketing laws and regulations may materially limit our ability to offer our services to members.
We market our consumer services through a variety of marketing channels, including mass media, direct mail campaigns, online display advertising, paid search and search-engine optimization, and inbound customer service and account activation calls. These channels are subject to both federal and state laws and regulations. Over the past several years, there has been proposed legislation in several states that may interfere with our marketing practices. For example, over the past several years many states have proposed legislation that would allow customers to limit the amount of unsolicited direct mail they receive. Additionally, several bills have been proposed in Congress that could restrict the collection and dissemination of personal information for marketing purposes. If such legislation is passed in one or more states or by Congress, it could limit our ability to market to new members or offer additional services to existing members, which may have a material adverse effect on our ability to sell our services.
 The Dodd-Frank Wall Street Reform and Consumer Protection Act authorizes the newly created Bureau of Consumer Financial Protection to adopt rules and take actions that could have a material adverse effect on our business.
In 2010, the Dodd-Frank Act  was enacted to reform the practices in the financial services industry. Title X of the Dodd-Frank Act established the Bureau of Consumer Financial Protection, or the CFPB, to protect consumers from abusive financial services practices. Among other things, the CFPB has broad authority to write rules affecting the business of credit reporting companies as well as to supervise, conduct examinations of, and enforce compliance as to federal consumer financial protection laws and regulations with respect to certain “non-depository covered persons” determined by the CFPB to be “larger participants” that offer consumer financial products and services.
The CFPB has broad regulatory, supervisory, and enforcement powers and may exercise authority with respect to our services, or the marketing and servicing of those services, by overseeing our financial institution or credit reporting agency customers and suppliers, or by otherwise exercising its supervisory, regulatory, or enforcement authority over consumer financial products and services. On July 20, 2012, the CFPB issued a final rule that became effective on September 30, 2012, that includes certain of our credit reporting agency customers and suppliers that meet the definition of a “larger participant” under the CFPB nonbank supervision program. The CFPB also created a section of its consumer complaint database for credit reporting complaints that became effective on October 22, 2012. Further, we believe that the CFPB has commenced review of certain of our financial institution customers, including their offering of some or all fee-based products. These or other actions by the CFPB could cause our credit agency customers and suppliers and financial institution customers to limit or change their business activities, which could have a material adverse effect on our operating results. It is not certain whether the CFPB has,

20



or will seek to exercise, supervisory or other authority directly over us or our services. Supervision and regulation of us or our enterprise customers by the CFPB could have a material adverse impact on our business and operating results, including the costs to make changes that may be required by us, our enterprise customers, or our strategic partners, and the costs of responding to examinations by the CFPB. In addition, the costs of responding to or defending against any enforcement action that may be brought by the CFPB, and any liability that we may incur, may have a material adverse impact on our business, results of operations, and financial condition. In the future, the CFPB may choose to enact new rules or amend currently existing rules which could further extend the scope of its jurisdiction with respect to our business activities or those of our customers and suppliers.
Changes in legislation or regulations governing consumer privacy may affect our ability to collect, distribute, and use personally identifiable information.
There has been increasing public concern about the use of personally identifiable information. As a result, many federal, state, and foreign government bodies and agencies have adopted or are considering adopting laws and regulations regarding the collection, disclosure, and use of personally identifiable information. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that apply to us. Because the interpretation and application of privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our services. If this is the case, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify our service offerings, which could have a material adverse effect on our business. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations, and policies, could result in additional cost and liability to us, damage our reputation, affect our ability to attract new customers and maintain relationships with our existing customers, and adversely affect our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our enterprise customers and strategic partners may limit the use and adoption of, and reduce the overall demand for, our services. Privacy concerns, whether valid or not, may inhibit market adoption of our services.
 Laws requiring the free issuance of credit reports by credit reporting agencies, and other services that must be provided by credit reporting agencies, could impede our ability to obtain new members or retain existing members and could have a material adverse effect on our business.
The Fair Credit Reporting Act provides consumers the ability to receive one free consumer credit report per year from each major consumer credit reporting agency and requires each major consumer credit reporting agency to provide the consumer a credit score along with the consumer’s credit report for a reasonable fee as determined by the FTC. In addition, the Fair Credit Reporting Act and state laws give consumers other rights with respect to the protection of their credit files at the credit reporting agencies. For example, the Fair Credit Reporting Act gives consumers the right to place “fraud alerts” at the credit reporting agencies, and the laws in approximately 40 states give consumers the right to place “freezes” to block access to their credit files. The rights of consumers to obtain free annual credit reports and credit scores from consumer reporting agencies, and to place fraud alerts and credit freezes directly with them, could cause consumers to perceive that the value of our services is reduced or replaced by those benefits, which could have a material adverse effect on our business.
The FTC Order, as well as the companion orders with 35 states’ attorneys general, imposes on us injunctive provisions that could subject us to additional injunctive and monetary remedies.
In March 2010, we and Todd Davis, our Chairman and Chief Executive Officer, entered into the FTC Order. The FTC Order was the result of a settlement of the allegations by the FTC that certain of our advertising and marketing practices constituted deceptive acts or practices in violation of the FTC Act, which settlement made no admission as to the allegations related to such practices. The FTC Order imposes on us and Mr. Davis certain injunctive provisions relating to our advertising and marketing of our identity theft protection services, such as enjoining us from making any misrepresentation of “the means, methods, procedures, effects, effectiveness, coverage, or scope of” our identity theft protection services. However, the bulk of the more specific injunctive provisions have no direct impact on the advertising and marketing of our current services because we have made significant changes in the nature of the services we offer to consumers since the investigation by the FTC in 2007 and 2008, including our adoption of new technology that permits us to provide proactive protection against identity theft and identity fraud. The FTC investigation of our advertising and marketing activities occurred during the time that we relied significantly on the receipt of fraud alerts from the credit reporting agencies for our members. The FTC believed that such alerts had inherent limitations in terms of coverage, scope, and timeliness. Many of the allegations in the FTC complaint, which accompanied the FTC Order, related to the inherent limitations of using credit report fraud alerts as the foundation for identity theft protection. The FTC Order also imposes on us and Mr. Davis certain injunctive provisions relating to our data security for members’ personally identifiable information. At the same time, we also entered into companion orders with 35 states’ attorneys general that impose on us similar injunctive provisions as the FTC Order relating to our advertising and marketing of our identity theft protection services. In addition, the FTC Order imposes on us and Mr. Davis certain compliance

21



requirements, including the delivery of an annual compliance report. We and Mr. Davis have timely submitted these annual compliance reports, but the FTC has not accepted or approved them to date.
The FTC Order provided for a consumer redress payment of $11 million, which we made in 2010 to the FTC for distribution to our members. The FTC Order also provided for an additional consumer redress payment of $24 million, which was suspended based on our then-current financial condition on the basis of financial information we submitted to the FTC. The FTC Order specifies that in the event the FTC were to find that the financial materials submitted by us to the FTC at the time of the FTC Order were not truthful, accurate, and complete, the court order entering the settlement could be re-opened and the suspended judgment in the amount of the additional $24 million would become immediately due in full.
As previously disclosed, on January 17, 2014, we met with FTC Staff, at our request, to discuss issues regarding allegations that were asserted in a whistleblower claim against us relating to our compliance with the FTC Order. On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the FTC Order. On October 29, 2014, we completed our responses to the FTC’s March 13, 2014 request for information. On January 5, 2015, we completed our responses to the FTC’s subsequent requests for clarification regarding certain information that we previously submitted. We have engaged in ongoing discussions with the FTC Staff regarding the FTC's inquiry into our compliance with the FTC Order. On February 4, 2015, we made a $20 million settlement offer to the FTC STaff and we remain in ongoing discussions with the FTC Staff regarding a possible settlement of this inquiry. There is no guarantee that we will settle this inquiry for $20 million, if at all, and any settlement with the FTC regarding this inquiry, in addition to the payment of the settlement amount, could result in liability for damages and other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
The outcome of litigation or regulatory proceedings could subject us to significant monetary damages, restrict our ability to conduct our business, harm our reputation, and otherwise negatively impact our business.
From time to time, we have been, and in the future may become, subject to litigation, claims, and regulatory proceedings, including class action litigation and litigation arising from contract disputes with vendors, partners, and customers. In addition, as described in more detail in Item 3 of this Annual Report on Form 10-K, we are presently engaged in ongoing discussions with the FTC Staff regarding the FTC’s inquiry into our compliance with the FTC Order, and we are presently subject to various securities and consumer class action complaints.
We cannot predict the outcome of these actions or proceedings, or any other actions or proceedings filed against us in the future, and the cost of defending such actions or proceedings could be material. Furthermore, defending such actions or proceedings could divert our management and key personnel from our business operations. If we are found liable in any actions or proceedings, we may have to pay substantial damages or change the way we conduct our business, either of which may have a material adverse effect on our business, operating results, financial condition, and prospects. There may also be negative publicity associated with litigation or regulatory proceedings that could harm our reputation or decrease acceptance of our services. Moreover, we utilize contractors and third parties for various services, including certain advertising, which may increase these risks. A former service provider claimed that she was misclassified as an independent contractor, and we may be subject to other claims of this nature from time to time. These claims may be costly to defend and may result in imposition of damages, adverse tax consequences, and harm to our reputation.
We believe there has been a recent increase in whistleblower claims across our industry, including whistleblower claims arising after employee terminations, which will likely continue, in part because of the provisions enacted by the Dodd-Frank Act that may entitle persons who report alleged wrongdoing to the SEC to cash rewards. We anticipate that these provisions will result in a significant increase in whistleblower claims, and dealing with such claims could generate significant expenses and take up significant management and board time, even for frivolous and non-meritorious claims. Any investigations of whistleblower claims may impose additional expense on us, may require the attention of senior management and members of our board of directors, and may result in fines and/or reputational damage whether or not we are deemed to have violated any regulations. We believe there also has been a recent increase in claims made to regulatory agencies by former employees. Often the allegations underlying such claims to regulatory agencies lead to meetings, inquiries, or investigations by the regulatory agencies about such claims.
We believe the increased regulatory scrutiny will continue in our industry for the foreseeable future and could lead to additional meetings or inquiries or investigations by the agencies that regulate our business, including the FTC. Inquiries or investigations by regulatory agencies about such claims could generate significant expenses and take up significant management and board time.

22



A limited number of enterprise customers provide a significant portion of our enterprise revenue, and our inability to retain these customers or attract new customers could harm our revenue and operating results and the efficacy and attractiveness of the LifeLock ecosystem.
ID Analytics has historically derived, and continues to derive, a significant portion of its revenue from a limited number of enterprise customers. For example, in 2014, 2013, and 2012, sales derived through ID Analytics’ top ten customers accounted for approximately 71%, 65%, and 70%, respectively, of ID Analytics’ revenue for those periods. Some of these customers also provide services that compete with our consumer services and, accordingly, may seek alternative services in the future. The loss of several of our enterprise customers, or of any of our large enterprise customers, could have a material adverse effect on our revenue and results of operations, as well as the efficacy and attractiveness of the LifeLock ecosystem.
In addition, new customer acquisition in our enterprise business is often a lengthy process requiring significant up-front investment. Accordingly, we may devote substantial resources in an effort to attract new enterprise customers that may not result in customer engagements or lead to an increase in revenue, which could have a material adverse effect on our business.
If we experience system failures or interruptions in our telecommunications or information technology infrastructure, it may impair the availability of our services, our revenue could decrease, and our reputation could be harmed.
Our operations depend upon our ability to protect the telecommunications and information technology systems utilized in our services against damage or system interruptions from natural disasters, technical failures, human error, and other events. We send and receive credit and other data, as well as key communications to and from our members, electronically, and this delivery method is susceptible to damage, delay, or inaccuracy. A portion of our business involves telephonic customer service and online enrollments, which depends upon the data generated from our computer systems. Unanticipated problems with our telecommunications and information technology systems may result in data loss, which could interrupt our operations. Our telecommunications or information technology infrastructure upon which we rely also may be vulnerable to computer viruses, hackers, or other disruptions.
We rely on our network and data center infrastructure and internal technology systems for many of our development, operational, support, sales, accounting, and financial reporting activities, the failure of which could disrupt our business operations and result in a loss of revenue and damage to our reputation.
We rely on our network and data center infrastructure and internal technology systems for many of our development, operational, support, sales, accounting, and financial reporting activities. We routinely invest resources to update and improve these systems and environments with the goal of better meeting the existing, as well as the growing and changing requirements of our customers. If we experience prolonged delays or unforeseen difficulties in updating and upgrading our systems and architecture, we may experience outages and may not be able to deliver certain service offerings and develop new service offerings and enhancements that we need to remain competitive. Such improvements and upgrades often are complex, costly, and time consuming. In addition, such improvements can be challenging to integrate with our existing technology systems or may result in problems with our existing technology systems. Unsuccessful implementation of hardware or software updates and improvements could result in outages, disruption in our business operations, loss of revenue, or damage to our reputation. Our systems and data are hosted by third-party data centers, and certain applications are hosted by other third-party cloud providers. If one or more of these third-party data centers or cloud providers experience any disruptions, outages, or catastrophes, it could disrupt our business and result in a loss of customers, loss of revenue, or damage to our reputation.
Natural or man-made disasters and other similar events may significantly disrupt our and our strategic partners’ or service providers’ businesses, and negatively impact our results of operations and financial condition.
Our enterprise business headquarters and the back-up data centers and cloud providers for our enterprise business are located in Southern California, which is situated on or near earthquake fault lines. Our primary data center for our enterprise business is located in Nevada. In our consumer business, we have data centers in Northern California and Arizona. Any of our or our strategic partners’ or service providers’ facilities may be harmed or rendered inoperable by natural or man-made disasters, including earthquakes, tornadoes, hurricanes, wildfires, floods, nuclear disasters, acts of terrorism or other criminal activities, infectious disease outbreaks, and power outages, which may render it difficult or impossible for us or our strategic partners or service providers to operate our respective businesses for some period of time. Our and our strategic partners’ or service providers’ facilities would likely be costly to repair or replace, and any such efforts would likely require substantial time. Any disruptions in our or our strategic partners’ or service providers’ operations could negatively impact our business and results of operations and harm our reputation. In addition, we and our strategic partners or service providers may not carry business insurance or may not carry sufficient business insurance to compensate for losses that may occur. Any such losses or damages could have a material adverse effect on our business, results of operations, and financial condition.

23



Changes in the economy may significantly affect our business, operating results, and financial condition.
Our business may be affected by changes in the economic environment. Our services, particularly our consumer services, are discretionary purchases, and members may reduce or eliminate their discretionary spending on our services during a difficult economic environment. Although we have not yet experienced a material increase in membership cancellations or a material reduction in our member retention rate, we may experience such an increase or reduction in the future, especially in the event of a prolonged recessionary period or a worsening of current conditions. In addition, during an economic downturn consumers may experience a decline in their credit, which may result in less demand for our services. Conversely, consumers may spend more time using the Internet during an economic downturn and may have less time for our services in a period of economic growth. In addition, media prices may increase in a period of economic growth, which could significantly increase our marketing and advertising expenses. As a result, our business, operating results, and financial condition may be significantly affected by changes in the economic environment.
Our rapid development and growth in an evolving industry make evaluating our business and future prospects difficult and may increase the risk of an investment in our company.
Our business, prospects, and growth potential must be considered in light of the risks, expenses, delays, difficulties, uncertainties, and other challenges encountered by companies that are rapidly developing and are experiencing rapid growth in evolving industries. We may be unsuccessful in addressing the various challenges we may encounter. Our failure to do so could have a material adverse effect on our business, prospects, reputation, and growth potential as well as the value of an investment in our company.
Despite our historic predictable subscription revenue model, as a result of our rapid development and growth in an evolving industry, it is difficult to accurately forecast our revenue and plan our operating expenses, and we have limited insight into trends that may emerge and affect our business. In the event that our actual results differ from our forecasts or we adjust our forecasts in future periods, our operating results and financial position could be materially and adversely affected and our stock price could decline.
These risks are increased by our acquisitions of ID Analytics and Lemon and will be further increased by any acquisitions we may make in the future.
We restated certain prior consolidated financial statements, which may lead to additional risks and uncertainties, including shareholder litigation, loss of investor confidence, and negative impacts on our stock price.
In November 2014, we restated our audited consolidated financial statements for the year ended December 31, 2013, our unaudited condensed consolidated financial statements for the quarters ended March 31, 2013, June 30, 2013, and September 30, 2013, and our unaudited condensed consolidated financial statements for the quarters ended March 31, 2014 and June 30, 2014. The determination to restate these financial statements was made by our Audit Committee, after discussion with management and Ernst & Young LLP, following the identification of an error related to our calculation of the volatility assumption within the Black-Scholes option pricing model used to compute our share-based compensation expense since our initial public offering in October 2012, which resulted in a higher volatility and, accordingly, we materially overstated share-based compensation expense for the impacted periods described above. As a result of these events, we have become subject to a number of additional risks and uncertainties, including potential shareholder litigation. If litigation did occur, we would incur substantial defense costs regardless of the outcome of such litigation. Likewise, such events may cause a diversion of our management’s time and attention. If we do not prevail in any such litigation, we could be required to pay substantial damages or settlement costs. In addition, the fact that we have completed a restatement may lead to a loss of investor confidence and have negative impacts on the trading price of our common stock.
If we are unable to maintain effective internal control over financial reporting in the future, the accuracy and timeliness of our financial reporting may be adversely affected.
Pursuant to Section 404 of the Sarbanes-Oxley Act, we are required to furnish a report by our management on our internal control over financial reporting. The report contains, among other matters, an assessment of the effectiveness of our internal control over financial reporting as of the end of our fiscal year, including a statement as to whether or not our internal control over financial reporting is effective. This assessment must include disclosure of any material weaknesses in our internal control over financial reporting identified by management.
In connection with the restatement of our audited consolidated financial statements for the year ended December 31, 2013, our unaudited condensed consolidated financial statements for the quarters ended March 31, 2013, June 30, 2013, and September 30, 2013, and our unaudited condensed consolidated financial statements for the quarters ended March 31, 2014 and June 30, 2014, management, including our Chief Executive Officer and Chief Financial Officer, reassessed the effectiveness of our internal control over financial reporting as of December 31, 2013. Based on this reassessment using the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in Internal Control - Integrated Framework

24



(1992 framework), management concluded that we did not maintain effective internal control over financial reporting as of December 31, 2013 because of a deficiency in the control over the calculation of the volatility assumption within the Black-Scholes option pricing model used to compute our share-based compensation expense that management concluded was a material weakness. This control deficiency resulted in the misstatement of share-based compensation expense and net income available to common stockholders and the related financial disclosures for the year ended December 31, 2013 (and the restatement of the unaudited quarterly condensed consolidated financial information for the quarters ended March 31, 2013, June 30, 2013, September 30, 2013, and December 31, 2013). Although we have remediated this material weakness, and while we have determined that our internal control over financial reporting was effective as of December 31, 2014, as indicated in Management's Annual Report on Internal Control over Financial Reporting included in this Annual Report on Form 10-K, if we are otherwise unable to maintain adequate internal controls for financial reporting, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal controls as required pursuant to the Sarbanes-Oxley Act, it could result in another material misstatement of our financial statements that would require a restatement, investor confidence in the accuracy and timeliness of our financial reports may be impacted, or the market price of our common stock could be negatively impacted.
The failure to manage our growth may damage our brand recognition and reputation and harm our business and operating results.
We have experienced rapid growth in a relatively short period of time. Our revenue grew from $18.9 million in 2007 to $476.0 million in 2014, and our members increased from approximately 30,000 on December 31, 2006 to approximately 3.6 million on December 31, 2014. In addition, our acquisitions of ID Analytics in March 2012 and Lemon in December 2013 increased our revenue, facilities, and number of employees, and we will likely hire additional employees in the future. We must successfully manage our growth to achieve our objectives. Our ability to effectively manage any significant growth of our business will depend on a number of factors, including our ability to do the following:
introduce new service offerings that are attractive to our customers and enhance our gross margins;
develop and pursue cost-effective marketing and advertising campaigns that attract new customers;
satisfy existing and attract new customers;
hire, train, retain, and motivate additional employees;
enhance our operational, financial, and management systems;
enhance our intellectual property rights;
effectively manage and maintain our corporate culture; and
make sound business decisions in light of the scrutiny associated with operating as a public company.
These enhancements and improvements will require significant expenditures and allocation of valuable management and employee resources, and our growth will continue to place a strain on our operational, financial, and management infrastructure. Our future financial performance and our ability to execute on our business plan will depend, in part, on our ability to effectively manage any future growth. There are no guarantees we will be able to do so in an efficient or timely manner, or at all. Our failure to effectively manage growth could have a material adverse effect on our business, reputation, operating results, financial condition, and prospects.
Any future acquisitions that we undertake could disrupt our business, harm our operating results, and dilute stockholder value.
From time to time, we may review opportunities to acquire other businesses or other assets that would expand the breadth of services that we offer, strengthen our distribution channels, enhance our intellectual property and technological know-how, augment the LifeLock ecosystem and our data repositories, or otherwise offer potential growth opportunities. For example, in March 2012, we completed our acquisition of ID Analytics, and in December 2013, we completed our acquisition of Lemon. We may in the future be unable to identify suitable acquisition candidates or to complete the acquisition of candidates that we identify. Increased competition for acquisition candidates or increased asking prices by acquisition candidates may increase purchase prices for acquisitions to levels beyond our financial capability or to levels that would not result in the returns required by our acquisition criteria. Acquisitions also may become more difficult in the future as we or others, including our competitors, acquire the most attractive candidates. Unforeseen expenses, difficulties, and delays that we may encounter in connection with rapid expansion through acquisitions could inhibit our growth and negatively impact our operating results.

25



Our ability to grow through acquisitions will depend upon various factors, including the following:
the availability of suitable acquisition candidates at attractive purchase prices;
the ability to compete effectively for available acquisition opportunities;
the availability of cash resources, borrowing capacity, or stock at favorable price levels to provide required purchase prices in acquisitions;
diversion of management’s attention to acquisition efforts; and
the ability to obtain any requisite governmental or other approvals.
As a part of our acquisition strategy, we frequently engage in acquisition discussions. In connection with these discussions, we and potential acquisition candidates often exchange confidential operational and financial information, conduct due diligence inquiries, and consider the structure, terms, and conditions of the potential acquisition. Potential acquisition discussions frequently take place over a long period of time and involve difficult business integration and other issues, including, in some cases, management succession and related matters. As a result of these and other factors, a number of potential acquisitions that from time to time appear likely to occur do not result in binding legal agreements and are not consummated, despite the expenditure of time and resources, which affect our results.
Any borrowings made to finance future acquisitions could make us more vulnerable to a downturn in our operating results, a downturn in economic conditions, or increases in interest rates on borrowings. If our cash flow from operating activities is insufficient to meet our debt service requirements, we could be required to sell additional equity securities, refinance our obligations, or dispose of assets in order to meet our debt service requirements. Adequate financing may not be available if and when we need it or may not be available on terms acceptable to us. The failure to obtain sufficient financing on favorable terms and conditions could have a material adverse effect on our growth prospects and our business, financial condition, and operating results.
If we finance any future acquisitions in whole or in part through the issuance of common stock or securities convertible into or exercisable for common stock, existing stockholders will experience dilution in the voting power of their common stock and earnings per share could be negatively impacted. The extent to which we will be able or willing to use our common stock for acquisitions will depend on the market price of our common stock from time to time and the willingness of potential sellers to accept our common stock as full or partial consideration for the sale of their businesses. Our inability to use our common stock as consideration, to generate cash from operations, or to obtain additional funding through debt or equity financings in order to pursue an acquisition program could materially limit our growth.
 Any acquisitions that we undertake could be difficult to integrate, which could disrupt and harm our business.
In order to pursue a successful acquisition strategy, we will need to integrate the operations of any acquired businesses into our operations, including centralizing certain functions and pursuing programs and processes aimed at leveraging our revenue and growth opportunities. The integration of the management, operations, and facilities of acquired businesses with our own could involve difficulties, which could adversely affect our growth rate and operating results.
Our experience in acquiring other businesses is limited. Our only acquisitions to date have been the acquisition of ID Analytics in March 2012 and the acquisition of Lemon in December 2013. We may not realize all of the benefits anticipated with such acquisitions and may experience unanticipated detriments as a result of such acquisitions. As with any acquisition, we may be unable to complete effectively an integration of the management, operations, facilities, and accounting and information systems of the acquired business with our own; to manage efficiently the combined operations of the acquired business with our operations; to achieve our operating, growth, and performance goals for the acquired business; to achieve additional revenue as a result of our expanded operations; or to achieve operating efficiencies or otherwise realize cost savings as a result of anticipated acquisition synergies.
For example, we have an ongoing lawsuit against certain former executives of Lemon, including its former General Manager, alleging breaches of employment related contracts, breaches of fiduciary duty, and fraud involving work for third party Xapo, Inc. and/or Xapo, Ltd. during their employment with Lemon. The outcome of this matter is unclear and although no counterclaims have been asserted against us, it is possible that they will be asserted in the future. In addition, in December 2014, we settled certain indemnification claims that we previously made with respect to our acquisition of Lemon, which resulted in a $5.0 million payment to us out of the escrow account established in connection with that acquisition.

26



The integration of acquired businesses, including our acquisitions of ID Analytics and Lemon, involves numerous risks, including the following:
integrating the different businesses, operations, locations, and technologies;
communicating to customers our perceived benefits of the acquisition and addressing any related concerns they might have;
the potential disruption of our core businesses;
risks associated with entering markets and businesses in which we have little or no prior experience;
diversion of management’s attention from our core businesses;
adverse effects on existing business relationships with suppliers and customers;
failure to retain key customers, suppliers, or personnel of acquired businesses;
adjusting to changes in key personnel post-combination;
adjusting to increased governmental regulations;
in connection with the acquisition of companies with foreign operations, integrating operations across different cultures and languages and addressing the particular economic, currency, political, and regulatory risks associated with specific countries;
managing the varying intellectual property protection strategies and other activities of the acquired company;
the potential strain on our financial and managerial controls and reporting systems and procedures;
greater than anticipated costs and expenses related to the integration of the acquired business with our business;
potential unknown liabilities associated with the acquired company;
potential post-closing claims against or litigation with sellers of the acquired company;
challenges inherent in effectively managing an increased number of employees in diverse locations;
failure of acquired businesses to achieve expected results;
the risk of impairment charges related to potential write-downs of acquired assets in future acquisitions; and
difficulty of establishing uniform standards, controls, procedures, policies, and information systems.
We may not succeed in addressing these or other risks or any other problems encountered in connection with the integration of any acquired business. The inability to integrate successfully the operations, technology, and personnel of any acquired business, or any significant delay in achieving integration, could have a material adverse effect on our business, results of operations, reputation, and prospects, and on the market price of our common stock.
We depend on key personnel, and if we fail to retain and attract skilled management and other key personnel, our business may be harmed.
Our success depends to a significant extent upon the continued services of our current management team, including Todd Davis, our Chairman and Chief Executive Officer. We maintain a "key person" policy on Mr. Davis. The loss of Mr. Davis or one or more of our other key executives or employees could have a material adverse effect on our business. We also maintain a “key person” policy on Dr. Stephen Coggeshell, Chief Analytics and Science Officer at ID Analytics. Other than Mr. Davis and Dr. Coggeshell, we do not maintain "key person" policies on the lives of our executive officers or any of our other employees. We employ all of our executive officers and key employees on an at-will basis, and their employment can be terminated by us or them at any time, for any reason and without notice, subject, in certain cases, to severance payment rights. In order to retain valuable employees, in addition to salary and cash incentives, we provide stock options or other share-based compensation that vests over time. The value to employees of share-based compensation that vests over time will be significantly affected by movements in our stock price that are beyond our control and may at any time be insufficient to counteract offers from other companies.
Our success also depends on our ability to attract, retain, and motivate additional skilled management personnel. We plan to continue to expand our work force to continue to enhance our business and operating results. We believe that there is significant competition for qualified personnel with the skills and knowledge that we require. Many of the other companies with which we compete for qualified personnel have greater financial and other resources than we do. They also may provide more diverse opportunities and better chances for career advancement. Some of these characteristics may be more appealing to high-quality candidates than those which we have to offer. If we are not able to attract and retain the necessary qualified personnel to accomplish our business objectives, we may experience constraints that will impede significantly the achievement of our business objectives and our ability to pursue our business strategy. New hires require significant training and, in most cases, take significant time before they achieve full productivity. New employees may not become as productive as we expect,

27



and we may be unable to hire or retain sufficient numbers of qualified individuals. If our recruiting, training, and retention efforts are not successful or do not generate a corresponding increase in revenue, our business will be harmed.
A failure of the insurance companies that underwrite the identity theft insurance provided as part of our consumer services, or refusal by those insurance companies to provide the expected insurance, or failure of our products to comply with applicable state insurance regulations, could harm our business.
Our consumer services include identity theft insurance for our members that provides coverage for certain out-of-pocket expenses to our members, such as loss of income, replacement of fraudulent withdrawals, and costs associated with child and elderly care, travel, stolen purse/wallet, and replacement of documents. This identity theft insurance also backs our $1 million service guarantee. Any failure or refusal of our insurance providers to provide the expected insurance benefits, or failure of our products to comply with applicable state insurance regulations, could damage our reputation, cause us to lose members, expose us to liability claims by our members, negatively impact our sales and marketing efforts, and have a material adverse effect on our business, operating results, and financial condition.
Events such as a security breach at a large organization that compromise a significant number of our members’ personally identifiable information could result in a large number of identity-related events that in turn could severely strain our operations and have a negative impact on our business.
Events such as a security breach at a large organization (including major financial institutions, retailers, and Internet service providers) could compromise the personally identifiable information of a significant number of our members. Any such event could in turn result in a large number of identity-related events that we must address, placing severe strain on our operations. Any failure in our ability to appropriately and timely process and address a large number of identity-related events taking place at the same time could result in a loss of members, harm to our reputation, and other damage to our business. Moreover, any related remediation services we provide may not meet member expectations and further exacerbate these risks. Furthermore, if these events result in significant claims made under our identity theft insurance, this could negatively impact our insurance premiums and our ability to continue to provide what we refer to as our guarantee on a cost-effective basis, or at all.
We may require significant capital to fund our business, and our inability to generate and obtain such capital could harm our business, operating results, financial condition, and prospects.
To fund our expanding business, we must have sufficient working capital to continue to make significant investments in our service offerings, advertising, technology, and other activities. As a result, in addition to the revenue we generate from our business, we may need additional equity or debt financing to provide the funds required for these endeavors. If such financing is not available on satisfactory terms or at all, we may be unable to operate or expand our business in the manner and at the rate desired. Debt financing increases expenses, may contain covenants that restrict the operation of our business, and must be repaid regardless of operating results. Equity financing, or debt financing that is convertible into equity, could result in additional dilution to our existing stockholders, and any new securities we issue could have rights, preferences, and privileges superior to those associated with our common stock.
In addition, the current economic environment may make it difficult for us to raise additional capital or obtain additional credit, when needed, on acceptable terms or at all.
Our inability to generate or obtain the financial resources needed to fund our business and growth strategies may require us to delay, scale back, or eliminate some or all of our operations or the expansion of our business, which may have a material adverse effect on our business, operating results, financial condition, and prospects.
 If we are unable to protect our intellectual property, including our LifeLock brand, the value of our brand and other intangible assets may be diminished, and our business may be adversely affected.
The success of our business depends in part on our ability to protect our intellectual property and the LifeLock brand. We rely on a combination of federal, state, and common law trademark, patent, and trade secret laws, confidentiality procedures, and contractual provisions to protect our intellectual property. However, these measures afford only limited protection and might be challenged, invalidated, or circumvented by third parties. The measures we take to protect our intellectual property may not be sufficient or effective, and in some instances we have not undertaken comprehensive searches with respect to certain of our intellectual property. We have limited protections in countries outside the United States, such as registrations for key trademarks. Moreover, our competitors may independently develop similar intellectual property.
While we generally obtain non-disclosure agreements from each of our employees and independent contractors, there are former independent contractors from whom we have not obtained these agreements. Therefore, these former independent contractors may inappropriately disclose our confidential information or use that confidential information illegally, which could harm our business.

28



We currently have a number of issued and pending patents and trademarks, many of which were procured in connection with our acquisition of ID Analytics. We cannot assure you that any patents will issue from our currently pending patent applications in a manner that gives us the protection that we seek, if at all, or that any future patents issued to us will not be challenged, invalidated, or circumvented. Any patents that may issue in the future from pending or future patent applications may not provide sufficiently broad protection or may not prove to be enforceable in actions against alleged infringers. We also cannot assure you that any future trademark or service mark registrations will be issued from pending or future applications or that any registered trademarks or service marks will be enforceable or provide adequate protection of our proprietary rights.
We may find it necessary to take legal action in the future to enforce or protect our intellectual property rights, and such action may be expensive and time consuming. In addition, we may be unable to obtain a favorable outcome in any such intellectual property litigation.
Our services may infringe the intellectual property rights of others, which may cause us to pay unexpected litigation costs or damages or prevent us from selling our services.
From time to time, third parties may claim that our services infringe or otherwise violate their intellectual property rights. We may be subject to legal proceedings and claims, including claims of alleged infringement by us of the intellectual property rights of third parties. Any dispute or litigation regarding intellectual property could be expensive and time consuming, regardless of the merits of any claim, and could divert our management and key personnel from our business operations.
If we were to discover or be notified that our services potentially infringe or otherwise violate the intellectual property rights of others, we may need to obtain licenses from these parties in order to avoid infringement. We may not be able to obtain the necessary licenses on acceptable terms, or at all, and any such license may substantially restrict our use of the intellectual property. Moreover, if we are sued for infringement and lose the lawsuit, we could be required to pay substantial damages or be enjoined from offering the infringing services. Our intellectual property portfolio may not be useful in asserting a counterclaim, or negotiating a license, in response to a claim of intellectual property infringement. Any of the foregoing could cause us to incur significant costs and prevent us from selling our services.
Our business depends on our ability to utilize intellectual property, technology, and content owned by third parties, the loss of which would harm our business.
Our services utilize intellectual property, technology, and content owned by third parties. From time to time, we may be required to renegotiate with these third parties or negotiate with other third parties to include or continue using their intellectual property, technology, or content in our existing service offerings, in new versions of our service offerings, or in new services that we offer. We may not be able to obtain the necessary rights from these third parties on commercially reasonable terms, or at all, and the third-party intellectual property, technology, and content we use or desire to use may not be appropriately supported, maintained, or enhanced by the third parties. If we are unable to obtain the rights necessary to use or continue to use third-party intellectual property, technology, and content in our services, or if those third parties are unable to support, maintain, and enhance their intellectual property, technology, and content, we could experience increased costs or delays or reductions in our service offerings, which in turn may harm our financial condition, damage our brand, and result in the loss of customers.
We are building our intellectual property portfolio internally and through acquisitions, such as our acquisitions of ID Analytics. We may be required to incur substantial expenses to do so, and our efforts may not be successful.
Our use of “open source” software could negatively affect our ability to sell our services and subject us to possible litigation.
Software code that is freely shared in the software development community is referred to as open source software. A portion of the technologies licensed by us incorporates such open source software, and we may incorporate open source software in the future. Such open source software is generally licensed by its authors under open source licenses. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses, such as the GNU General Public License, require that source code subject to the license be disclosed to third parties, grant such third parties the right to modify and redistribute that source code and a requirement that the source code for any software derived from it be disclosed. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar services and platforms with lower development effort and time and ultimately could reduce or eliminate our ability to commercialize or profit from our services.
Although we have established internal review and approval processes with respect to the use of open source software to avoid subjecting our technologies to conditions we do not intend, we cannot be certain that all open source software is submitted for approval prior to use in our services. The terms of many open source licenses have not been interpreted by the U.S. courts, and there is a risk that these licenses could be construed in a way that imposes unanticipated conditions or restrictions on our ability to commercialize our services. In this event, we could be required to seek licenses from third parties

29



to continue offering our services, to make generally available, in source code form, our proprietary code, or to discontinue the sale of our services, any of which could adversely affect our business, operating results, and financial condition.
Our operating results may vary significantly and be unpredictable, which could cause the trading price of our stock to decline, make period-to-period comparisons less meaningful, and make our future results difficult to predict.
We may experience significant fluctuations in our revenue, expenses, and operating results in future periods. Our operating results may fluctuate in the future as a result of a number of factors, many of which are beyond our control. These fluctuations may result in declines in our stock price. Moreover, these fluctuations may make comparing our operating results on a period-to-period basis less meaningful and make our future results difficult to predict. You should not rely on our past results as an indication of our future performance. In addition, if revenue levels do not meet our expectations, our operating results and ability to execute on our business plan are likely to be harmed. In addition to the other factors listed in this “Risk Factors” section, factors that could affect our operating results include the following:
our ability to expand our customer base and the market for our services;
our ability to generate revenue from existing customers;
our ability to establish and maintain relationships with strategic partners;
our expense and capital expenditure levels;
service introductions or enhancements and market acceptance of new services by us and our competitors;
pricing and availability of competitive services;
our ability to address competitive factors successfully;
changes in the competitive landscape as a result of mergers, acquisitions, or strategic alliances that could allow our competitors to gain market share, or the emergence of new competitors;
changes or anticipated changes in economic conditions; and
changes in legislation and regulatory requirements related to our business.
Due to these and other factors, our financial results for any quarterly or annual period may not meet our expectations or the expectations of investors or analysts that follow our stock and may not be meaningful indications of our future performance.
Because we recognize revenue in our consumer business from our members over the term of their subscription periods, fluctuations in sales or retention may not be immediately reflected in our operating results.
We recognize revenue in our consumer business from our members ratably over the term of their subscription periods. As a result, a large portion of the revenue we recognize in any period is deferred revenue from memberships purchased during previous periods. Consequently, a decline in new members or a decrease in member retention in any particular period will not necessarily be fully reflected in the consumer revenue in that period and will negatively affect our revenue in future periods. In addition, we may be unable to adjust our cost structure to reflect this reduced revenue. Accordingly, the effect of significant fluctuations in new members or member retention and market acceptance of our services may not be fully reflected in our operating results until future periods. Our subscription model also makes it difficult for us rapidly to increase our revenue through additional sales in any period, as revenue from new members is recognized ratably over the applicable subscription periods.
We may be subject to assertions that taxes must be collected based on sales and use of our services in various states, which could expose us to liability and cause material harm to our business, financial condition, and results of operations.
Whether sales of our services are subject to state sales and use taxes is uncertain, due in part to the nature of our services and the relationships through which our services are offered, as well as changing state laws and interpretations of those laws. In 2012 we entered into a settlement agreement with the New York State Department of Taxation and Finances regarding our historic and ongoing tax collection obligations.  We currently collect and remit sales tax in several states related to the sale of our consumer services. Additional states or one or more countries or other jurisdictions may seek to impose sales or other tax collection obligations on us in the future. A successful assertion by any state, country, or other jurisdiction that we should be collecting sales or other taxes on the sale of our services could, among other things, increase the cost of our services, create significant administrative burdens for us, result in substantial tax liabilities for past sales, discourage current members and other consumers from purchasing our services, or otherwise substantially harm our business and operating results.

30



 Increases in credit card processing fees would increase our operating expenses and adversely affect our operating results, and the termination of our relationship with any major credit card company would have a severe, negative impact on our business.
A substantial majority of our members pay for our services using credit cards. From time to time, the major credit card companies or the issuing banks may increase the fees that they charge for each transaction using their cards. An increase in those fees would require us to either increase the prices we charge for our services or suffer a negative impact on our margins, either of which could adversely affect our business, operating results, and financial condition.
In addition, our credit card fees may be increased by credit card companies if our chargeback rate, or the rate of payment refunds, exceeds certain minimum thresholds. If we are unable to maintain our chargeback rate at acceptable levels, our credit card fees for chargeback transactions, or for all credit card transactions, may be increased, and, if the problem significantly worsens, credit card companies may further increase our fees or terminate their relationship with us. In addition, changes in billing systems in the future could increase the per transaction cost that we pay. Any increases in our credit card fees could adversely affect our operating results, particularly if we elect not to raise the retail list price for our consumer services to offset the increase. The termination of our ability to process payments on any major credit card would significantly impair our business.
Any indebtedness could adversely affect our business and limit our ability to expand our business or respond to changes, and we may be unable to generate sufficient cash flow to satisfy our debt service obligations.
As of December 31, 2014, we had no outstanding debt. We may incur indebtedness in the future, including borrowings available under our $85 million credit facility with Bank of America. Any substantial indebtedness and the fact that a substantial portion of our cash flow from operating activities could be needed to make payments on this indebtedness could have adverse consequences, including the following:
reducing the availability of our cash flow for our operations, capital expenditures, future business opportunities, and other purposes;
limiting our flexibility in planning for, or reacting to, changes in our business and the industries in which we operate, which would place us at a competitive disadvantage compared to our competitors that may have less debt;
limiting our ability to borrow additional funds;
increasing our vulnerability to general adverse economic and industry conditions; and
failing to comply with the covenants in our debt agreements could result in all of our indebtedness becoming immediately due and payable.
Our ability to borrow any funds needed to operate and expand our business will depend in part on our ability to generate cash. Our ability to generate cash is subject to the performance of our business as well as general economic, financial, competitive, legislative, regulatory, and other factors that are beyond our control. If our business does not generate sufficient cash flow from operating activities or if future borrowings are not available to us under our senior credit facility or otherwise in amounts sufficient to enable us to fund our liquidity needs, our operating results, financial condition, and ability to expand our business may be adversely affected. Moreover, our inability to make scheduled payments on our debt obligations in the future would require us to refinance all or a portion of our indebtedness on or before maturity, sell assets, delay capital expenditures, or seek additional equity.
 Covenants in our senior credit facility impose, and any future debt arrangements may impose, significant operating and financial restrictions that may adversely affect our business and ability to operate our business.
The agreement governing our senior credit facility with Bank of America contains covenants that limit various actions that we may take, including the following:
incurring additional indebtedness;
granting additional liens;
making certain investments and distributions;
merging, dissolving, liquidating, consolidating, or disposing of all or substantially all of our assets;
prepaying and modifying debt instruments; and
entering into transactions with affiliates.
These restrictions could limit our ability to finance our future operations or capital needs, make acquisitions, or pursue available business opportunities. Our senior credit facility also requires us to maintain specified financial ratios and satisfy financial condition tests at the end of each fiscal quarter. Our ability to meet these financial ratios and tests can be affected by events beyond our control, and we may not meet those tests. We may be required to take action to reduce our indebtedness or to

31



act in a manner contrary to our business objectives to meet these ratios and satisfy these covenants. We could also incur additional indebtedness in the future having even more restrictive covenants.
Failure to comply with any of the covenants under our senior credit facility, or any other indebtedness we may incur, could result in a default under such agreements, which could result in an acceleration of the timing of payments on all of our outstanding indebtedness and other negative consequences. In addition, since our senior credit facility with Bank of America is secured by substantially all of our assets, a default under that facility could result in Bank of America exercising its lien on substantially all of our assets. Any of these events could have a material adverse effect on our business, operating results, and financial condition.
The requirements of being a public company may strain our resources, divert management’s attention, and affect our ability to attract and retain qualified board members.
We will incur significant legal, accounting, and other expenses as a public company, including costs resulting from public company reporting obligations under the Exchange Act and the rules and regulations regarding corporate governance practices, including those under the Sarbanes-Oxley Act, the Dodd-Frank Act, and the listing requirements of the stock exchange on which our securities are listed. Compliance with these reporting requirements, rules, and regulations has increased and will continue to increase our legal and financial compliance costs, make some activities more difficult, time-consuming, or costly, and increase demand on our systems and resources.   As a result, management’s attention may be diverted from other business concerns, which could harm our business and operating results.
In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time consuming.  These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies.  This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices.  We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards are unsuccessful, regulatory authorities may initiate legal proceedings against us and our business may be harmed.
We also expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. These factors could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, particularly to serve on our audit and compensation committees, or as executive officers.
 Our ability to use our net operating loss carry-forwards and certain other tax attributes may be limited, which could potentially result in increased tax liabilities to us in the future.
As of December 31, 2014, we had approximately $165.1 million of federal and approximately $86.9 million of state net operating loss carry-forwards. Under Section 382 of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, if a corporation undergoes an “ownership change” (generally defined as a greater than 50% change (by value) in its equity ownership over a three year period), the corporation’s ability to use its pre-change net operating loss carry-forwards and other pre-change tax attributes (such as research tax credits) to offset its post-change income may be limited. In 2013, we completed an analysis of prior year ownership changes and determined that in prior years we had experienced an “ownership change” as defined by Section 382 of the Internal Revenue Code. However, we determined that none of our federal and state net operating loss carry-forwards will expire solely as a result of our prior ownership changes. Additionally, with our initial public offering, or IPO, and other transactions that have occurred over the past three years, we may also experience an “ownership change” in the future as a result of subsequent shifts in our stock ownership. As a result, if we earn net taxable income, our ability to use our pre-change net operating loss carry-forwards to offset taxable income may be subject to limitations, which could potentially result in increased future tax liability to us.

32



Risks Related to Ownership of Our Common Stock
Our stock price has been and will likely continue to be volatile, and the value of an investment in our common stock may decline.
The trading price of our common stock has been, and is likely to continue to be, volatile. In addition to the risk factors described in this section and elsewhere in this Annual Report on Form 10-K, factors that may cause the price of our common stock to fluctuate include the following:
actual or anticipated fluctuations in our quarterly or annual financial results;
the financial guidance we may provide to the public, any changes in such guidance, or our failure to meet such guidance;
the failure of industry or securities analysts to maintain coverage of our company, changes in financial estimates by any industry or securities analysts that follow our company, or our failure to meet such estimates;
various market factors or perceived market factors, including rumors, whether or not correct, involving us, our customers, our strategic partners, or our competitors;
sales, or anticipated sales, of large blocks of our stock;
short selling of our common stock by investors;
additions or departures of key personnel;
announcements of technological innovations by us or by our competitors;
introductions of new services or new pricing policies by us or by our competitors;
regulatory or political developments;
litigation and governmental or regulatory investigations;
acquisitions or strategic alliances by us or by our competitors; and
general economic, political, and financial market conditions or events.
Furthermore, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These and other factors may cause the market price and demand for our common stock to fluctuate substantially, which may limit or prevent investors from readily selling their shares of common stock and may otherwise negatively affect the price or liquidity of our common stock. In addition when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. For example, as described in more detail in Item 3 of this Annual Report on Form 10-K, we are subject to a securities class action lawsuit filed against us. As a result of this class action complaint, or if any of our stockholders were to bring a lawsuit against us in the future, we could incur substantial costs defending the lawsuits or paying for settlements or damages. Such lawsuits could also divert the time and attention of our management from our business.
Future sales of our common stock in the public market by our existing stockholders, or the perception that such sales might occur, could depress the market price of our common stock.
The market price of our common stock could decline as a result of sales of a large number of shares of our common stock in the market, and even the perception that these sales could occur may depress the market price. As of December 31, 2014, we had approximately 93.9 million shares of common stock outstanding. These shares may be sold in the public market, subject to prior registration or qualification for an exemption from registration, including, in the case of shares held by affiliates, compliance with the volume restrictions of Rule 144. In addition, shares issued or issuable upon the exercise of options and warrants, and shares delivered under restricted stock unit or restricted stock awards, are also eligible for sale. Sales of stock by these stockholders could have a material adverse effect on the trading price of our common stock.
Former holders of our preferred stock are entitled, under contracts providing for registration rights, to require us to register our securities owned by them for public sale. Registration of these shares under the Securities Act would result in the shares becoming freely tradable without restriction under the Securities Act, except for shares held by our affiliates. Any sales of securities by these stockholders could have a material adverse effect on the trading price of our common stock.
Sales of common stock as restrictions end or pursuant to registration rights may make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate.

33



Future sales and issuances of our common stock or rights to purchase common stock by us, including pursuant to our equity incentive plans, could result in additional dilution of the percentage ownership of our stockholders and could cause our stock price to fall.
We intend to issue additional securities pursuant to our equity incentive plans and may issue equity or convertible securities in the future. To the extent we do so, our stockholders may experience substantial dilution. We may sell common stock, convertible securities, or other equity securities in one or more transactions at prices and in a manner we determine from time to time. If we sell common stock, convertible securities, or other equity securities in more than one transaction, investors may be materially diluted by subsequent sales and new investors could gain rights superior to our existing stockholders.
Anti-takeover provisions could impair a takeover attempt and adversely affect existing stockholders.
Certain provisions of our certificate of incorporation and bylaws and applicable provisions of Delaware law may have the effect of rendering more difficult, delaying, or preventing an acquisition of our company, even when this would be in the best interest of our stockholders.
Our certificate of incorporation and bylaws include provisions that provide for the following:
authorize our board of directors to issue, without further action by the stockholders, up to 10,000,000 shares of undesignated preferred stock;
require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, our chief executive officer, or our president (in the absence of a chief executive officer);
establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
establish that our board of directors is divided into three classes, Class I, Class II, and Class III, with each class serving three-year staggered terms;
prohibit cumulative voting in the election of directors;
provide that our directors may be removed only for cause;
provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum; and
require the approval of our board of directors or the holders of a supermajority of our outstanding shares of capital stock to amend our bylaws and certain provisions of our certificate of incorporation.
In addition, we are subject to Section 203 of the Delaware General Corporation Law, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with an interested stockholder for a period of three years following the date on which the stockholder became an interested stockholder, unless such transactions are approved by our board of directors. This provision could have the effect of delaying or preventing a change of control of our company, whether or not it is desired by or beneficial to our stockholders. In addition, other provisions of Delaware law may also discourage, delay, or prevent someone from acquiring us or merging with us.
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management. Any provision of our certificate of incorporation or bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock and could also affect the price that some investors are willing to pay for our common stock.
If securities or industry analysts do not publish or cease publishing research or reports about us, our business, or our market, or if they adversely change their recommendations regarding our stock, our stock price and trading volume could decline.
The trading market for our common stock will be influenced by the research and reports that securities or industry analysts may publish about us, our business, our market, or our competitors. If adequate research coverage is not established or maintained on our company or if any of the analysts who may cover us downgrade our stock or publish inaccurate or unfavorable research about our business or provide relatively more favorable recommendations about our competitors, our stock price would likely decline. If any analyst who may cover us were to cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline.

34



Since we do not expect to pay any cash dividends for the foreseeable future, our stockholders may be forced to sell their stock in order to obtain a return on their investment.
We have never declared or paid any cash dividends on our capital stock and do not anticipate declaring or paying any cash dividends in the foreseeable future. In addition, our senior credit facility with Bank of America restricts our ability to pay cash dividends. We plan to retain any future earnings to finance our operations and growth plans discussed elsewhere in this Annual Report on Form 10-K. Accordingly, investors must rely on sales of shares of their common stock after price appreciation, which may never occur, as the only way to realize any return on their investment.
ITEM 1B.
UNRESOLVED STAFF COMMENTS
None.
ITEM 2.
PROPERTIES
Our corporate headquarters is located in Tempe, Arizona, where we lease approximately 85,000 square feet of office space under a lease that expires in 2024. We also lease an aggregate of approximately 23,000 square feet in Irvine, California, Mountain View, California, and San Francisco, California.  We also have data centers for our consumer business in Arizona and Northern California.
Our enterprise business headquarters is located in San Diego, California, where we lease approximately 39,000 square feet under a lease that expires in 2018. We also have data centers for our enterprise business located in Nevada and Southern California.
We believe that our existing facilities are sufficient for our operational needs for the foreseeable future.
ITEM 3. LEGAL PROCEEDINGS
On September 25, 2012, Denise Richardson filed a complaint against our company and Todd Davis in the United States District Court for the Southern District of Florida. Ms. Richardson claimed that she was improperly classified as an independent contractor instead of an employee and that we breached the terms of an alleged employment agreement. Ms. Richardson claimed she was entitled to equitable relief, compensatory damages, liquidated damages, statutory penalties, punitive damages, interest, costs, and attorneys’ fees. On March 31, 2014, our motion to dismiss was granted in part and denied in part with the court dismissing nine of the ten counts that were subject to the motion to dismiss, including the single count against Mr. Davis.  On April 23, 2014, Ms. Richardson filed an amended complaint against our company and Mr. Davis again claiming that she was improperly classified as an independent contractor instead of an employee and that we breached the terms of an alleged employment agreement. Ms. Richardson claimed she was entitled to equitable relief, compensatory damages, liquidated damages, statutory penalties, punitive damages, interest, costs, and attorneys’ fees.  On April 29, 2014, Mr. Davis and we filed a motion to dismiss all but one of the counts in the amended complaint. On June 11, 2014, Ms. Richardson filed a Notice of Voluntary Dismissal by which she voluntarily dismissed her ERISA claims against us, as well as her only claim against Mr. Davis. As to the remaining claims, the court denied our motion to dismiss on September 23, 2014 and we answered the amended complaint on October 14, 2014. On January 9, 2015, we entered into a full and final settlement agreement with Ms. Richardson and, on January 20, 2015, the case was dismissed with prejudice.
On March 3, 2014, Dawn B. Bien, representing herself and seeking to represent a class of persons who acquired our securities from February 26, 2013 to February 19, 2014, inclusive, filed a class action complaint in United States District Court for the District of Arizona alleging violations of Sections 10(b) and 20(a) of the Exchange Act against us, Todd Davis, and Chris Power.  We refer to this complaint as the Bien Complaint. On March 10, 2014, Joseph F. Scesny also filed a class action complaint in the same court against the same parties that made substantively similar allegations and requested substantially similar relief as the Bien Complaint.  We refer to this complaint as the Scesny Complaint. On June 16, 2014, the court consolidated the Bien Complaint and Scesny Complaint into a single action captioned In re LifeLock, Inc. Securities Litigation.  The court also appointed a lead plaintiff and lead counsel.  On August 15, 2014, the lead plaintiff filed the Consolidated Amended Class Action Complaint, or the Consolidated Amended Complaint, against us, Mr. Davis, Mr. Power, and Hilary Schneider seeking to represent a class of persons who acquired our securities from February 26, 2013 to May 16, 2014, inclusive, or the Class Period.  The Consolidated Amended Complaint alleged that we, along with Ms. Schneider and Messrs. Davis and Power, violated Sections 10(b) and 20(a) of the Exchange Act by making materially false or misleading statements, or failing to disclose material facts regarding certain of our business, operational, and compliance policies, including with regard to certain of our services, our data security program, and our and Mr. Davis’ compliance with the FTC Order.   The Consolidated Amended Complaint alleged that, as a result, certain public statements made by Ms. Schneider and Messrs. Davis and Power during the Class Period, and certain of our financial statements issued during the Class Period, were false and misleading.  The Consolidated Amended Complaint sought certification as a class action, compensatory damages, and attorneys’ fees and costs.  On September 15, 2014, we, along with Ms. Schneider and Messrs. Davis and Power, filed a motion

35



to dismiss the Consolidated Amended Complaint.   On October 15, 2014, the lead plaintiff filed a Memorandum In Opposition to our motion to dismiss. Pursuant to the court’s order of September 17, 2014, a hearing on our motion to dismiss was held on December 1, 2014.   On December 17, 2014, the court dismissed the Consolidated Amended Complaint and gave the lead plaintiff 21 days to seek leave to amend. The lead plaintiff filed his Second Consolidated Amended Complaint, on January 16, 2015. The Second Consolidated Amended Complaint no longer names Ms. Schneider as a defendant, but otherwise makes substantively similar allegations as the Consolidated Amended Complaint. It alleges that we, along with Messrs. Davis and Power, violated Sections 10(b) and 20(a) of the Exchange Act by making materially false or misleading statements, or failing to disclose material facts regarding certain of our business, operational, and compliance policies, including with regard to certain of our services, our data security program, and our and Mr. Davis’ compliance with the FTC Order. The Second Consolidated Amended Complaint alleges that, as a result, certain public statements made by Messrs. Davis and Power during the Class Period, and certain of our financial statements issued during the Class Period, were false and misleading. The Second Consolidated Amended Complaint seeks certification as a class action, compensatory damages, and attorney’s fees and costs. We, along with Messrs. Davis and Power, filed a motion to dismiss the Second Consolidated Amended Complaint on January 30, 2015. A hearing on our motion to dismiss will be held on March 16, 2015.
On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the FTC Order. Prior to our receipt of the FTC’s request, we met with FTC Staff on January 17, 2014, at our request, to discuss issues regarding allegations that have been asserted in a whistleblower claim against us relating to our compliance with the FTC Order. On October 29, 2014, we completed our responses to the FTC’s March 13, 2014 request for information. On January 5, 2015, we completed our responses to the FTC’s subsequent requests for clarification regarding certain information that we previously submitted. We have engaged in ongoing discussions with the FTC Staff regarding the FTC's inquiry into our compliance with the FTC Order. On February 4, 2015, we made a $20 million settlement offer to the FTC Staff and we remain in ongoing discussions with the FTC Staff regarding a possible settlement of this inquiry.
On March 20, 2014, Michael D. Peters filed a complaint in United States District Court for the District of Arizona against our company, Kim Jones, and Cristy Schaan.  Mr. Jones is not affiliated with us.  Ms. Schaan is our Chief Information Security Officer.  In his complaint, Mr. Peters alleges that we violated the whistleblower protection provisions of the Sarbanes-Oxley Act and the Dodd-Frank Act by terminating Mr. Peters’ employment as a result of alleged disclosures that he made to us, and that Ms. Schaan defamed Mr. Peters.  Mr. Peters seeks from us two times his back pay, two times the value of certain stock options and bonus, moving expenses, damages for emotional harm and anxiety, damages for harm to reputation, litigation costs including attorneys’ fees, and interest, and sought from Ms. Schaan actual damages, punitive damages, and interest.  On April 21, 2014, we filed an answer, affirmative defenses, and counterclaims, answering Mr. Peters’ claim under the Sarbanes-Oxley Act and asserting counterclaims against Mr. Peters for fraud, negligent misrepresentation, breach of contract, and unjust enrichment, based on our allegations that we were induced to hire Mr. Peters by his false statements and misrepresentations regarding his employment history and seeking to recover actual and consequential damages, punitive damages, attorneys’ fees, and the signing bonus paid to Mr. Peters.  Mr. Peters answered our counterclaims on May 7, 2014.  On April 21, 2014, we also filed a motion to dismiss Mr. Peters’ claim under the Dodd-Frank Act.  On April 25, 2014, Ms. Schaan filed a motion to dismiss Mr. Peters’ claim against her.  On June 2, 2014, Mr. Peters filed a motion for judgment on the pleadings directed to our unjust enrichment counterclaim, one of the four counterclaims we brought against Mr. Peters.  The court ruled on all of the pending motions on September 19, 2014.  Ms. Schaan’s motion to dismiss the defamation claim against her was granted and she was dismissed from the case. Our motion and the motion filed by Mr. Peters and LifeLock were denied. In addition, Mr. Peters dismissed his claim against Mr. Jones pursuant to a settlement. On October 3, 2014, we filed an amended answer responding to both of the claims Mr. Peters asserted against us. On January 22, 2015, the court entered a scheduling order containing certain deadlines for the case, including the completion of all discovery by October 30, 2015, the filing of any dispositive motions by December 4, 2015, and the filing of certain pre-trial submissions by March 4, 2016. A status hearing is set in the case for August 14, 2015.
On August 1, 2014, our subsidiaries Lemon and Lemon Argentina, S.R.L. (Lemon Argentina, and together, the Lemon Entities) filed a lawsuit in Santa Clara Superior Court in San Jose, California against Wenceslao Casares, former General Manager of Lemon, Cynthia McAdam, former General Counsel of Lemon, and Federico Murrone, Martin Apesteguia and Fabian Cuesta, each a former employee and former member of the Board of Directors of Lemon Argentina (the Argentine Executives). The complaint alleges breaches of employment-related contracts and breaches of fiduciary duty involving each named individual’s work for third-party Xapo, Inc. and/or Xapo, Ltd. during their employment by the applicable Lemon Entity.  Mr. Casares and Ms. McAdam have been served.  The Lemon Entities are in the process of serving the Argentine Executives through the procedures set forth in the Hague Convention.  Mr. Casares and Ms. Cynthia McAdam, through their counsel, have demanded that we and Lemon defend them against the claims brought by the Lemon Entities and advance them the costs of their attorneys’ fees.  We and Lemon have rejected those demands.  The parties, including the Argentine Executives, engaged in mediation in August 2014 in Buenos Aires, Argentina, and again in December 2014 in San Francisco, California but were unable to settle any claims. On January 30, 2015, the Lemon entities filed a second amended complaint alleging breaches of employment-related contracts, breaches of fiduciary duties and fraud, and seeking declatory relief against Mr. Casares, Ms.

36



McCadam and the Argentine Executives. Although no counterclaims have been asserted against us or the Lemon Entities to date in connection with this matter, it is possible that they will be asserted in the future.
On January 19, 2015, plaintiffs Napoleon Ebarle and Jeanne Stamm filed a nationwide putative consumer class action against us in the United States District Court for the Northern District of California.  The plaintiffs allege that we have engaged in deceptive marketing and sales practices in connection with our membership plans in violation of the Arizona Consumer Fraud Act, and are seeking declaratory judgment under the Federal Declaratory Judgment Act.  The plaintiffs also seek certification of a nationwide class of consumers who are or were subscribers of  our identity theft protection services since January 19, 2014, compensatory damages, and attorneys’ fees and costs. We were served with the complaint on January 22, 2015.   An answer or other responsive pleading is due on March 2, 2015.
On January 29, 2015, plaintiff Etan Goldman filed a California putative consumer class action complaint against us in Santa Clara Superior Court in San Jose, California. The complaint alleges that we violated California’s Automatic Renewal Law and Unfair Competition Law by failing to provide required disclosures concerning our auto renewal terms and cancellation policies.  The complaint also seeks certification of a class consisting of all persons in California who have purchased subscriptions to identity theft protection services from us since December 1, 2010, injunctive relief, compensatory damages, restitution, and attorneys’ fees and costs.  Our answer or other response is due on March 4, 2015. 
On February 2, 2015, plaintiff Thomas A. Trax filed a class action complaint against us in United States District Court for the Southern District of California.  This complaint asserts that we violated California’s Automatic Renewal Law and Unfair Competition Law by failing to provide required disclosures concerning our auto renewal terms and cancellation policies. The complaint seeks certification of a class consisting of all persons in California who have purchased products and/or services from us as part of an automatic renewal plan or continuous service offer since February 2, 2011, injunctive relief, compensatory damages, restitution, a constructive trust and/or disgorgement, and attorneys’ fees and costs.  We have not yet been served with the complaint.
ITEM  4.
MINE SAFETY DISCLOSURES
Not applicable.

37



PART II
ITEM 5.
MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Our common stock has been listed on The New York Stock Exchange under the symbol “LOCK” since October 3, 2012. Prior to that time, there was no public market for our common stock. The following table sets forth, for the periods indicated, the high and low sales price of our common stock as quoted on The New York Stock Exchange.
  
High
 
Low
Fiscal Year Ended December 31 2014:
 
 
 
First Quarter
$
22.85

 
$
15.50

Second Quarter
$
17.73

 
$
10.48

Third Quarter
$
15.93

 
$
12.30

Fourth Quarter
$
19.15

 
$
13.64

Fiscal Year Ended December 31, 2013:
 
 
 
First Quarter
$
12.49

 
$
7.94

Second Quarter
$
11.88

 
$
8.31

Third Quarter
$
15.21

 
$
10.49

Fourth Quarter
$
17.79

 
$
13.16

On February 13, 2015, the closing price per share of our common stock as reported on The New York Stock Exchange was $14.10 per share. As of February 13, 2015, there were 44 holders of record of our common stock.
Dividend Policy
We have never declared or paid, and do not anticipate declaring or paying in the foreseeable future, any cash dividends on our capital stock. Any future determination as to the declaration and payment of dividends, if any, will be at the discretion of our board of directors and will depend on then existing conditions, including our operating results, financial condition, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant. Our senior credit facility restricts our ability to pay cash dividends.
Equity Compensation Plan Information
For equity compensation plan information, refer to Item 12 in Part III of this Annual Report on Form 10-K.
Performance Graph
This performance graph shall not be deemed “soliciting material” or to be “filed” with the SEC for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that section, and shall not be deemed to be incorporated by reference into any filing of LifeLock, Inc. under the Securities Act or the Exchange Act.
The following graph shows a comparison from October 3, 2012 (the date our common stock commenced trading on The New York Stock Exchange) through December 31, 2014 of the total cumulative return of our common stock with the total cumulative return of the NASDAQ Composite Index, the NASDAQ Computer Index, and the Dow Jones US Technology.  The comparison assumes that $100.00 was invested in our common stock, the NASDAQ Composite Index, the NASDAQ Computer Index, and the Dow Jones US Technology, and assumes reinvestment of dividends, if any. The graph assumes the initial value of our common stock on October 3, 2012 was the closing sale price on that day of $8.36 per share and not the initial offering price to the public of $9.00 per share. The performance shown on the graph below is based on historical results and is not intended to suggest future performance.


38



Purchases of Equity Securities by the Issuer and Affiliated Purchasers
The following table provides information regarding our repurchases of common stock during the three months ended December 31, 2014. All of the shares of common stock were surrendered to us to satisfy tax withholding obligations associated with the vesting of restricted stock.
Period
 
Total Number of Shares Purchased
 
Average Price Paid Per Share
 
Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs
 
Maximum Number (or Approximate Dollar Value) of Shares that May Yet Be Purchased Under the Plans or Programs
October 1, 2014 - October 31, 2014
 

 

 

 

November 1, 2014 - November 30, 2014
 

 

 

 

December 1, 2014 - December 31, 2014
 
3,429

 
$
17.09

 

 

ITEM 6.
SELECTED FINANCIAL DATA
The following selected financial data should be read together with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that should be expected in the future and the selected financial data is not intended to replace the consolidated financial statements.
We have derived the consolidated statements of operations data for the years ended December 31, 2014, 2013, and 2012 and the consolidated balance sheet data as of December 31, 2014 and 2013 from our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K. We have derived the consolidated statements of operations data for the years ended December 31, 2011 and 2010 and the consolidated balance sheet data as of December 31, 2012, 2011, and 2010 from our audited consolidated financial statements not included in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that should be expected in the future and the selected financial data is not intended to replace the consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K.

39



On December 11, 2013, we completed our acquisition of Lemon.  On March 14, 2012, we completed our acquisition of ID Analytics. The consolidated statements of operations data for the years ended December 31, 2013 and 2012 only include the results for Lemon and ID Analytics since the respective dates of acquisition. 
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Consolidated Statements of Operations Data:
(in thousands, except per share data)
Revenue:
 
 
 
 
 
 
 
 
 
Consumer revenue
$
449,193

 
$
340,121

 
$
254,678

 
$
193,949

 
$
162,279

Enterprise revenue
26,823

 
29,537

 
21,750

 

 

Total revenue
476,016


369,658


276,428


193,949


162,279

Cost of services (1)
120,422

 
100,065

 
79,916

 
62,630

 
51,445

Gross profit
355,594


269,593


196,512


131,319


110,834

Costs and expenses:
 
 
 
 
 
 
 
 
 
Sales and marketing (1)
213,984

 
162,363

 
122,989

 
91,217

 
78,844

Technology and development (1)
50,973

 
40,015

 
29,543

 
17,749

 
21,338

General and administrative (1)
75,673

 
42,125

 
24,629

 
17,510

 
23,306

Amortization of acquired intangible assets
8,898

 
7,909

 
6,258

 

 

Total costs and expenses
349,528


252,412


183,419


126,476


123,488

Income (loss) from operations
6,066

 
17,181

 
13,093

 
4,843

 
(12,654
)
Other income (expense):
 
 
 
 
 
 
 
 
 
Interest expense
(353
)
 
(353
)
 
(3,677
)
 
(231
)
 
(1,368
)
Interest income
281

 
124

 
30

 
8

 
28

Change in fair value of warrant liabilities

 

 
3,117

 
(8,658
)
 
(1,333
)
Change in fair value of embedded derivative

 

 
(2,785
)
 

 

Other
(137
)
 
(21
)
 
(5
)
 
(5
)
 
(41
)
Total other expense
(209
)

(250
)

(3,320
)

(8,886
)

(2,714
)
Income (loss) before provision for income taxes
5,857


16,931


9,773


(4,043
)

(15,368
)
Income tax expense (benefit)
3,362

 
(37,524
)
 
(13,730
)
 
214

 
8

Net income (loss)
2,495


54,455


23,503


(4,257
)

(15,376
)
Accretion of convertible redeemable preferred stock

 

 
(9,378
)
 
(18,926
)
 
(16,145
)
Beneficial conversion feature on convertible redeemable preferred stock

 

 
(2,452
)
 

 

Net income allocable to convertible redeemable preferred stockholders

 

 
(5,504
)
 

 

Net income available (loss attributable) to common stockholders
$
2,495


$
54,455


$
6,169


$
(23,183
)

$
(31,521
)
Net income available (loss attributable) per share to common stockholders:
 
 
 
 
 
 
 
 
 
Basic
$
0.03

 
$
0.61

 
$
0.18

 
$
(1.24
)
 
$
(1.74
)
Diluted
$
0.03

 
$
0.57

 
$
0.09

 
$
(1.24
)
 
$
(1.74
)
Weighted-average common shares outstanding:
 
 
 
 
 
 
 
 
 
Basic
92,733

 
88,636

 
35,082

 
18,725

 
18,068

Diluted
99,102

 
96,047

 
62,191

 
18,725

 
18,068


40



(1) Share-based compensation included in the consolidated statements of operations data above was as follows:
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
 
(in thousands)
Cost of services
$
1,258

 
$
758

 
$
648

 
$
309

 
$
262

Sales and marketing
3,150

 
1,340

 
1,053

 
655

 
690

Technology and development
5,074

 
2,825

 
1,711

 
783

 
845

General and administrative
8,665

 
6,188

 
3,346

 
1,538

 
1,454

Total share-based compensation
$
18,147


$
11,111


$
6,758


$
3,285


$
3,251

 
 
As of December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Consolidated Balance Sheet Data:
(in thousands)
Cash and cash equivalents
$
146,569

 
$
123,911

 
$
134,197

 
$
28,850

 
$
17,581

Marketable securities
127,305

 
48,688

 

 

 

Property and equipment, net
24,204

 
16,504

 
9,701

 
4,049

 
6,534

Working capital (deficit), excluding deferred revenue
234,610

 
166,235

 
119,030

 
13,947

 
(10,915
)
Total assets
563,316

 
461,665

 
339,588

 
42,060

 
31,360

Deferred revenue
145,206

 
119,106

 
90,877

 
70,020

 
56,580

Long-term debt, including current portion

 

 

 

 
13,010

Convertible redeemable preferred stock

 

 

 
145,207

 
126,281

Total stockholders' equity (deficit)
332,836

 
300,571

 
219,966

 
(214,267
)
 
(196,121
)
 
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Consolidated Statements of Cash Flows Data:
(in thousands)
Net cash provided by (used in)
 
 
 
 
 
 
 
 
 
Operating activities
$
109,178

 
$
77,373

 
$
48,423

 
$
24,344

 
$
(14,510
)
Investing activities
(98,029
)
 
(102,208
)
 
(163,180
)
 
(1,531
)
 
(1,484
)
Financing activities
11,509

 
14,549

 
220,104

 
(11,544
)
 
27,964

 
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Other Financial and Operational Data:
(in thousands, except percentages and per member data)
(Unaudited)
Cumulative ending members (1)
3,633

 
2,999

 
2,480

 
2,075

 
1,748

Gross new members (2)
1,164

 
944

 
762

 
704

 
517

Member retention rate (3)
87.7
%
 
87.8
%
 
87.1
%
 
82.7
%
 
79.1
%
Average cost of acquisition per member (4)
$
173

 
$
160

 
$
150

 
$
130

 
$
152

Monthly average revenue per member (5)
$
11.13

 
$
10.32

 
$
9.28

 
$
8.54

 
$
7.94

Enterprise transactions (6)
244,885

 
216,729

 
227,039

 
184,012

 
108,707

Adjusted net income (loss) (7)
$
47,132

 
$
36,931

 
$
19,184

 
$
8,326

 
$
(10,792
)
Adjusted EBITDA (8)
$
55,479

 
$
42,156

 
$
27,460

 
$
12,508

 
$
(5,189
)
Free cash flow (9)
$
89,604

 
$
66,956

 
$
37,389

 
$
22,313

 
$
(4,995
)

41



(1)
We calculate cumulative ending members as the total number of members at the end of the relevant period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Cumulative ending members.”
(2)
We calculate gross new members as the total number of members who enroll in one of our consumer services during the relevant period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Gross new members.”
(3)
We define member retention rate as the percentage of members on the last day of the prior year who remain members on the last day of the current year, or for quarterly presentations, the percentage of members on the last day of the comparable quarterly period in the prior year who remain members on the last day of the current quarterly period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Member retention rate.”
(4)
We calculate average cost of acquisition per member as our sales and marketing expense for our consumer segment during the relevant period divided by our gross new members for the period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Average cost of acquisition per member.”
(5)
We calculate monthly average revenue per member as our consumer revenue during the relevant period divided by the average number of cumulative ending members during the relevant period (determined by taking the average of the cumulative ending members at the beginning of the relevant period and the cumulative ending members at the end of each month in the relevant period), divided by the number of months in the relevant period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Monthly average revenue per member.”
(6)
We calculate enterprise transactions as the total number of transactions processed for either an identity risk or credit risk score during the relevant period. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Key Operating Metrics—Enterprise transactions.” Our enterprise transactions are processed by ID Analytics, which we acquired on March 14, 2012. Accordingly, the enterprise transactions data includes transactions processed by ID Analytics before the acquisition.
(7)
Adjusted net income (loss) is a non-GAAP financial measure that we calculate as net income (loss) excluding amortization of acquired intangible assets, share-based compensation, income tax benefits and expenses resulting from changes in our deferred tax assets, and acquisition related expenses. For the year ended December 31, 2014, we have also excluded the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have also excluded favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. Historically, in calculating adjusted net income (loss), we also excluded changes in fair value of warrant liabilities and changes in fair value of embedded derivatives in the periods in which those items occurred. We do not currently have any warrant liabilities or embedded derivatives; accordingly, we will only include those items of income and expense in our reconciliation of adjusted net income (loss) for period-over-period comparisons.  For more information about adjusted net income (loss) and a reconciliation of adjusted net income (loss) to net income (loss), the most directly comparable financial measure calculated and presented in accordance with GAAP, see “Non-GAAP Financial Measures—Adjusted Net Income (Loss).”
(8)
Adjusted EBITDA is a non-GAAP financial measure that we calculate as net income (loss) excluding depreciation and amortization, share-based compensation, interest expense, interest income, other income (expense), income tax (benefit) expense, and acquisition related expenses. For the year ended December 31, 2014, we have also excluded the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have also excluded favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. Historically, in calculating adjusted EBITDA, we also excluded changes in fair value of warrant liabilities and changes in fair value of embedded derivatives in the periods in which those items occurred. We do not currently have any warrant liabilities or embedded derivatives; accordingly, we will only include those items of income and expense in our reconciliation of adjusted EBITDA for period-over-period comparisons. For more information about adjusted EBITDA and a reconciliation of adjusted EBITDA to net income (loss), the most directly comparable financial measure calculated and presented in accordance with GAAP, see “Non-GAAP Financial Measures—Adjusted EBITDA.”
(9)
Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less net cash used in investing activities for acquisitions of property and equipment. For the year ended December 31, 2014, we have also subtracted from net cash provided by operating activities the $5.0 million received from the legal settlement resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have subtracted from net cash provided by operating activities $3.5 million of favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. For the year ended December 31, 2010, we have added to net cash used in operating activities the $11.0 million for a consumer redress payment pursuant to the FTC Order. For more information about free cash flow and a reconciliation of free cash flow to net cash provided by (used in) operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, see “Non-GAAP Financial Measures—Free Cash Flow.”

42



Non-GAAP Financial Measures
Adjusted Net Income (Loss)
Adjusted net income (loss) is a non-GAAP financial measure that we calculate as net income (loss) excluding amortization of acquired intangible assets, share-based compensation, income tax benefits and expenses resulting from changes in our deferred tax assets, and acquisition related expenses. For the year ended December 31, 2014, we have also excluded the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have also excluded favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. Historically, in calculating adjusted net income (loss), we also excluded changes in fair value of warrant liabilities and changes in fair value of embedded derivatives in the periods in which those items occurred. We do not currently have any warrant liabilities or embedded derivatives; accordingly, we will only include those items of income and expense in our reconciliation of adjusted net income (loss) for period-over-period comparisons. We have included adjusted net income (loss) in this Annual Report on Form 10-K because it is a key measure used by us to understand and evaluate our core operating performance and trends. In particular, the exclusion of certain expenses in calculating adjusted net income (loss) can provide a useful measure for period-to-period comparisons of our core business.
Accordingly, we believe that adjusted net income (loss) provides useful information to investors and others in understanding and evaluating our operating results in the same manner as we do. We believe that the exclusion of certain items of income and expense from net income (loss) in calculating adjusted net income (loss) is useful because (i) the amount of such income and expense in any specific period may not directly correlate to the underlying operational performance of our business, and/or (ii) such income and expense can vary significantly between periods as a result of new acquisitions and full amortization of previously acquired intangible assets. 
Our use of adjusted net income (loss) has limitations as an analytical tool, and you should not consider it in isolation or as a substitute for analysis of our operating results as reported under GAAP. Some of these limitations include the following:
although amortization of intangible assets is a non-cash charge, additional intangible assets may be acquired in the future and adjusted net income (loss) does not reflect cash capital expenditure requirements for new acquisitions;
adjusted net income (loss) does not reflect the cash requirements for new acquisitions;
adjusted net income (loss) does not reflect changes in, or cash requirements for, our working capital needs;
adjusted net income (loss) does not consider the potentially dilutive impact of share-based compensation;
adjusted net income (loss) does not reflect the deferred income tax benefit from the release of the valuation allowance or income tax expenses which reduce our deferred tax asset for net operating losses or other net changes in deferred tax assets;
adjusted net income (loss) does not reflect the expenses incurred for new acquisitions; and
other companies, including companies in our industry, may calculate adjusted net income (loss) or similarly titled measures differently, limiting their usefulness as a comparative measure.
Because of these limitations, you should consider adjusted net income (loss) alongside other financial performance measures, including various cash flow metrics, net income (loss), and our other GAAP results. The following table presents a reconciliation of net income (loss) to adjusted net income (loss) for applicable items of income and expense that impacted each of the periods indicated:

43



 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Reconciliation of Net Income (Loss) to Adjusted Net Income (Loss):
(in thousands)
Net income (loss)
$
2,495

 
$
54,455

 
$
23,503

 
$
(4,257
)
 
$
(15,376
)
Amortization of acquired intangible assets
8,898

 
7,909

 
6,258

 

 

Share-based compensation
18,147

 
11,111

 
6,758

 
3,285

 
3,251

Change in fair value of warrant liabilities

 

 
(3,117
)
 
8,658

 
1,333

Change in fair value of embedded derivative

 

 
2,785

 

 

Acquisition related expenses

 
1,068

 
718

 
640

 

Deferred income tax (benefit) expense
2,592

 
(37,612
)
 
(14,185
)
 

 

Legal reserves and settlements
15,000

 

 
(3,536
)
 

 

Adjusted net income (loss)
$
47,132


$
36,931


$
19,184


$
8,326


$
(10,792
)
In the fourth quarter of 2014, we modified our calculation of adjusted net income (loss) to also exclude the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For comparative purposes, we also modified our calculation of adjusted net income for 2012 to exclude favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009.
In the fourth quarter of 2013, we modified our calculation of adjusted net income (loss) to also exclude acquisition related expenses. For comparative purposes, we also modified our calculation of adjusted net income for 2012 and 2011 to exclude the acquisition related expenses incurred during our acquisition of ID Analytics.
Adjusted EBITDA
Adjusted EBITDA is a non-GAAP financial measure that we calculate as net income (loss) excluding depreciation and amortization, share-based compensation, interest expense, interest income, other income (expense), income tax (benefit) expense, and acquisition related expenses. For the year ended December 31, 2014, we have also excluded the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have also excluded favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. Historically, in calculating adjusted EBITDA, we also excluded changes in fair value of warrant liabilities and changes in fair value of embedded derivatives in the periods in which those items occurred. We do not currently have any warrant liabilities or embedded derivatives; accordingly, we will only include those items of income and expense in our reconciliation of adjusted EBITDA for period-over-period comparisons. We have included adjusted EBITDA in this Annual Report on Form 10-K because it is a key measure used by us to understand and evaluate our core operating performance and trends, to prepare and approve our annual budget, and to develop short- and long-term operational plans. In particular, the exclusion of certain expenses in calculating adjusted EBITDA can provide a useful measure for period-to-period comparisons of our core business. Additionally, adjusted EBITDA is a key financial measure used in determining management’s incentive compensation.
Accordingly, we believe that adjusted EBITDA provides useful information to investors and others in understanding and evaluating our operating results in the same manner as we do. We believe that the exclusion of certain items of income and expense from net income (loss) in calculating adjusted EBITDA is useful because (i) the amount of such income and expense in any specific period may not directly correlate to the underlying operational performance of our business, and/or (ii) such income and expense can vary significantly between periods as a result of new acquisitions and full amortization of previously acquired intangible assets.
Our use of adjusted EBITDA has limitations as an analytical tool, and you should not consider it in isolation or as a substitute for analysis of our operating results as reported under GAAP. Some of these limitations include the following:
although depreciation and amortization are non-cash charges, the assets being depreciated and amortized may have to be replaced in the future, and adjusted EBITDA does not reflect cash capital expenditure requirements for such replacements or for new capital expenditure requirements;
adjusted EBITDA does not reflect changes in, or cash requirements for, our working capital needs;
adjusted EBITDA does not consider the potentially dilutive impact of share-based compensation;
adjusted EBITDA does not reflect cash interest income or expense;
adjusted EBITDA does not reflect tax payments that may represent a reduction in cash available to us;

44



adjusted EBITDA does not reflect the expenses incurred for new acquisitions; and
other companies, including companies in our industry, may calculate adjusted EBITDA or similarly titled measures differently, limiting their usefulness as a comparative measure.
Because of these limitations, you should consider adjusted EBITDA alongside other financial performance measures, including various cash flow metrics, net income (loss), and our other GAAP results. The following table presents a reconciliation of net income (loss) to adjusted EBITDA for applicable items of income and expense that impacted each of the periods indicated:
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Reconciliation of Net Income (Loss) to Adjusted EBITDA:
(in thousands)
Net income (loss)
$
2,495

 
$
54,455

 
$
23,503

 
$
(4,257
)
 
$
(15,376
)
Depreciation and amortization
16,266

 
12,796

 
10,427

 
3,740

 
4,214

Share-based compensation
18,147

 
11,111

 
6,758

 
3,285

 
3,251

Interest expense
353

 
353

 
3,677

 
231

 
1,368

Interest income
(281
)
 
(124
)
 
(30
)
 
(8
)
 
(28
)
Change in fair value of warrant liabilities

 

 
(3,117
)
 
8,658

 
1,333

Change in fair value of embedded derivatives

 

 
2,785

 

 

Other expense
137

 
21

 
5

 
5

 
41

Acquisition related expenses

 
1,068

 
718

 
640

 

Income tax (benefit) expense
3,362

 
(37,524
)
 
(13,730
)
 
214

 
8

Legal reserves and settlements
15,000

 

 
(3,536
)
 

 

Adjusted EBITDA
$
55,479

 
$
42,156

 
$
27,460

 
$
12,508

 
$
(5,189
)
In the fourth quarter of 2014, we modified our calculation of adjusted EBITDA to also exclude the impact of the legal reserve for a possible settlement with the FTC and the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For comparative purposes, we also modified our calculation of adjusted EBITDA for 2012 to exclude favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009.
In the fourth quarter of 2013, we modified our calculation of adjusted EBITDA to also exclude acquisition related expenses. For comparative purposes, we also modified our calculation of adjusted EBITDA for 2012 and 2011 to exclude the acquisition related expenses incurred during our acquisition of ID Analytics.
Free Cash Flow
Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less net cash used in investing activities for acquisitions of property and equipment. For the year ended December 31, 2014, we have also subtracted from net cash provided by operating activities the $5.0 million received from the legal settlement resulting from indemnification claims we previously made with respect to our Lemon acquisition. For the year ended December 31, 2012, we have subtracted from net cash provided by operating activities $3.5 million of favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009. For the year ended December 31, 2010, we have added to net cash used in operating activities the $11.0 million for a consumer redress payment pursuant to the FTC Order. We use free cash flow as a measure of our operating performance; for planning purposes, including the preparation of our annual operating budget; to allocate resources to enhance the financial performance of our business; to evaluate the effectiveness of our business strategies; to provide consistency and comparability with past financial performance; to determine capital requirements; to facilitate a comparison of our results with those of other companies; and in communications with our board of directors concerning our financial performance.
We use free cash flow to evaluate our business because, although it is similar to net cash provided by (used in) operating activities, we believe it typically presents a more conservative measure of cash flow as purchases of property and equipment are necessary components of ongoing operations. We believe that this non-GAAP financial measure is useful in evaluating our business because free cash flow reflects the cash surplus available to fund the expansion of our business after payment of capital expenditures relating to the necessary components of ongoing operations. We also believe that the use of free cash flow provides consistency and comparability with our past financial performance, facilitates period-to-period comparisons of

45



operations, and also facilitates comparisons with other companies, many of which use similar non-GAAP financial measures to supplement their GAAP results.
Although free cash flow is frequently used by investors in their evaluations of companies, free cash flow has limitations as an analytical tool, and you should not consider it in isolation or as a substitute for analysis of our operating results as reported under GAAP. Some of these limitations include the following:
free cash flow does not reflect our future requirements for contractual commitments to third- party providers;
free cash flow does not reflect the non-cash component of employee compensation or depreciation and amortization of property and equipment; and
other companies, including companies in our industry, may calculate free cash flow or similarly titled measures differently, limiting their usefulness as comparative measures.
Because of these limitations, you should consider free cash flow alongside other financial performance measures, including net cash provided by (used in) operating activities, net income (loss), and our other GAAP results. The following table presents a reconciliation of net cash provided by (used in) operating activities to free cash flow for each of the periods indicated:
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Reconciliation of Net Cash Provided By (Used In) Operating Activities to Free Cash Flow:
(in thousands)
Net cash provided by (used in) operating activities
$
109,178

 
$
77,373

 
$
48,423

 
$
24,344

 
$
(14,510
)
Acquisitions of property and equipment
(14,574
)
 
(10,417
)
 
(7,498
)
 
(2,031
)
 
(1,485
)
Legal settlement
(5,000
)
 

 
(3,536
)
 

 
11,000

Free cash flow
$
89,604


$
66,956


$
37,389


$
22,313


$
(4,995
)
In the fourth quarter of 2014, we modified our calculation of free cash flow to also subtract from net cash provided by operating activities the $5.0 million received from the legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. For comparative purposes, we have also subtracted from net cash provided by operating activities for 2012 $3.5 million of favorable legal settlements related to insurance claims for legal costs that were incurred in 2008 and 2009, and have also added to the net cash used in operating activities for 2011 the $11.0 million for a consumer redress payment pursuant to the FTC Order.
ITEM 7.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read together with “Selected Financial Data” and our consolidated financial statements and accompanying notes appearing elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements, based upon our current expectations and related to future events and our future financial performance, that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth under “Risk Factors,” “Forward-Looking Statements,” and elsewhere in this Annual Report on Form 10-K.
Overview
We are a leading provider of proactive identity theft protection services for consumers and consumer risk management services for enterprises. We protect our members by monitoring identity-related events, such as new account openings and credit-related applications. If we detect that a member’s personally identifiable information is being used, we offer notifications and alerts, including actionable alerts for new account openings and applications, in order to provide our members peace of mind that we are monitoring use of their identity and allow our members to confirm valid or unauthorized identity use. If a member confirms that the use of his or her identity is unauthorized, we can take actions designed to help protect the member’s identity and help determine whether there has been an identity theft. In the event that an identity theft has actually occurred, we can take actions designed to help restore the member’s identity through our remediation services. Our remediation service team works directly with government agencies, merchants, and creditors to remediate the impact of the identity theft event utilizing our remediation expertise on behalf of our members. We protect our enterprise customers by delivering on-demand identity risk, identity-authentication, and credit information about consumers. Our enterprise customers utilize this information in real-

46



time to make decisions about opening or modifying accounts and providing products, services, or credit to consumers to reduce financial losses from identity fraud.
The foundation of our identity theft protection services is the LifeLock ecosystem. This ecosystem combines large data repositories of personally identifiable information and consumer transactions, proprietary predictive analytics, and a highly scalable technology platform. Our members and enterprise customers enhance our ecosystem by continually contributing to the identity and transaction data in our repositories. We apply predictive analytics to the data in our repositories to provide our members and enterprise customers actionable intelligence that helps protect against identity theft and identity fraud. As a result of our combination of scale, reach, and technology, as well as our comprehensive transaction and new account alerting, remediation services, and $1 million service guarantee backed by an identity theft insurance policy, we believe that we have the most proactive and comprehensive identity theft protection services available, as well as the most recognized brand in the identity theft protection services industry.
On December 11, 2013, we acquired mobile wallet innovator Lemon for approximately $42.4 million in cash and launched our LifeLock Wallet mobile application. The LifeLock Wallet mobile application allows consumers to replicate and store a digital copy of their personal wallet contents on their smart device for records backup, as well as mobile use of items such as credit, identification, ATM, insurance, and loyalty cards. The LifeLock Wallet mobile application also offers our members access to our identity theft protection services.
We derive the substantial majority of our revenue from member subscription fees. We also derive revenue from transaction fees from our enterprise customers.
At the end of July 2014, we launched our LifeLock Standard, LifeLock Advantage, and LifeLock Ultimate Plus services. We will also continue to offer our LifeLock Junior services and, on a limited basis and for a limited time in connection with certain of our partnerships, our basic LifeLock, LifeLock Command Center, and LifeLock Ultimate services. We will continue to provide services to our existing members currently enrolled in our basic LifeLock, LifeLock Command Center, and LifeLock Ultimate services. Our consumer services are offered on a monthly or annual subscription basis. Our average revenue per member is lower than our retail list prices due to wholesale or bulk pricing that we offer to strategic partners in our embedded product, employee benefits, and breach distribution channels to drive our membership growth. In our embedded product channel, our strategic partners embed our consumer services into their products and services and pay us on behalf of their customers; in our employee benefit channel, our strategic partners offer our consumer services as a voluntary benefit as part of their employee benefit enrollment process; and in our breach channel, enterprises that have experienced a data breach pay us a fee to provide our services to the victims of the data breach. We also offer special discounts and promotions from time to time to incentivize prospective members to enroll in one of our consumer services. Our members pay us the full subscription fee at the beginning of each subscription period, in most cases by authorizing us to directly charge their credit or debit cards. We initially record the subscription fee as deferred revenue and then recognize it ratably on a daily basis over the subscription period. The prepaid subscription fees enhance our visibility of revenue and allow us to collect cash prior to paying our fulfillment partners.
Our enterprise customers pay us based on their monthly volume of transactions with us, with approximately 30% of our enterprise customers committed to monthly transaction minimums. We recognize revenue at the end of each month based on transaction volume for that month and bill our enterprise customers at the conclusion of each month.
We have historically invested significantly in new member acquisition and expect to continue to do so for the foreseeable future. Our largest operating expense is advertising for member acquisition, which we record as a sales and marketing expense. This is comprised of radio, television, and print advertisements; direct mail campaigns; online display advertising; paid search and search-engine optimization; third-party endorsements; and education programs. In 2014, 2013, and 2012, our total advertising expense was $121.1 million, $86.2 million, and $66.0 million, respectively. We also pay internal and external sale commissions, which we record as a sales and marketing expense. In general, increases in revenue and cumulative ending members occur during and after periods of significant and effective direct retail marketing efforts.
Our revenue grew from $369.7 million in 2013 to $476.0 million in 2014, an increase of 29%, including year-over-year growth within our consumer segment of 32.1%. We generated income from operations of $6.1 million and net income of $2.5 million in 2014.
Our Business Model
We operate our business and review and assess our operating performance using two reportable segments: our consumer segment and our enterprise segment. We review and assess our operating performance using segment revenue, income (loss) from operations, and total assets. These performance measures include the allocation of operating expenses to our reportable segments based on management’s specific identification of costs associated to those segments.

47



Consumer Services
We evaluate the lifetime value of a member relationship over its anticipated lifecycle. While we generally incur member acquisition costs in advance of or at the time of the acquisition of the member, we recognize revenue ratably over the subscription period. As a result, a member relationship is not profitable at the beginning of the subscription period even though it is likely to have value to us over the lifetime of the member relationship.
When a member’s subscription automatically renews in each successive period, the relative value of that member increases because we do not incur significant incremental acquisition costs. We also benefit from decreasing fulfillment and member support costs related to that member, as well as economies of scale in our capital and operating and other support expenditures.
Enterprise Services
In our enterprise business, the majority of our costs relate to personnel primarily responsible for data analytics, data management, software development, sales and operations, and various support functions. Our enterprise customers typically provide us with their customer transaction data as part of our service, allowing us to build and refine our models without incurring significant third-party data expenses. We continually evaluate third-party data sources and acquire data from such sources when we believe such data will enhance the performance of our models. New customer acquisition is often a lengthy process requiring significant investment in the sales team, including costs related to detailed retrospective data analysis to demonstrate the return on investment to prospective customers had our services been deployed over a specific period of time. Since most of the expenses in our enterprise business are fixed in nature, as we add new enterprise customers, there are typically modest incremental costs resulting in additional economies of scale.
Key Metrics
We regularly review a number of operating and financial metrics to evaluate our business, determine the allocation of our resources, measure the effectiveness of our sales and marketing efforts, make corporate strategy decisions, and assess operational efficiencies.
Key Operating Metrics
The following table summarizes our key operating metrics for the years ended December 31, 2014, 2013, and 2012:  
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
(in thousands, except percentages and per member data)
(Unaudited)
Cumulative ending members
3,633

 
2,999

 
2,480

Gross new members
1,164

 
944

 
762

Member retention rate
87.7
%
 
87.8
%
 
87.1
%
Average cost of acquisition per member
$
173

 
$
160

 
$
150

Monthly average revenue per member
$
11.13

 
$
10.32

 
$
9.28

Enterprise transactions
244,885

 
216,729

 
227,039


Cumulative ending members. We calculate cumulative ending members as the total number of members at the end of the relevant period. The majority of our members are paying subscribers who have enrolled in our consumer services directly with us on a monthly or annual basis. Our remaining members receive our consumer services through third-party enterprises that pay us directly, often as a result of a breach within the enterprise, by embedding our service within a broader third- party offering or as an employee benefit paid for by the member's employer. We monitor cumulative ending members because it provides an indication of the revenue and expenses that we expect to recognize in the future.


48



As of December 31, 2014, we had approximately 3.6 million cumulative ending members, an increase of 21% from December 31, 2013. This increase was driven by several factors, including the success of our marketing campaigns, increased awareness of data breaches, media coverage of identity theft, and our member retention rate.
Gross new members. We calculate gross new members as the total number of new members who enroll in one of our consumer services during the relevant period. Many factors may affect the volume of gross new members in each period, including the effectiveness of our marketing campaigns, the timing of our marketing programs, the effectiveness of our strategic partnerships, and the general level of identity theft coverage in the media. We monitor gross new members because it provides an indication of the revenue and expenses that we expect to recognize in the future. For the year ended December 31, 2014, we enrolled approximately 1,164,000 gross new members, up from approximately 944,000 for the year ended December 31, 2013. This increase was driven by the success of our marketing campaigns, our product enhancements, including the release of our new suite of products in July 2014, and increased awareness of data breaches and identity theft.
Member retention rate. We define member retention rate as the percentage of members on the last day of the prior year who remain members on the last day of the current year, or for quarterly presentations, the percentage of members on the last day of the comparable quarterly period in the prior year who remain members on the last day of the current quarterly period. A number of factors may increase our member retention rate, including increases in the number of members enrolled on an annual subscription, increases in the number of alerts a member receives, and increases in the number of members enrolled through strategic partners with which the member has a strong association. Conversely, factors that may reduce our member retention rate include increases in the number of members enrolled on a monthly subscription and the end of enrollment programs in our embedded product and breach channels. In addition, the length of time a member has been enrolled in one of our services will impact our member retention rate with longer term members having a positive impact. Historically, the member retention rate for our premium services has been lower than the member retention rate for our basic-level services, which we believe is driven primarily by price.

49



As of December 31, 2014, our member retention rate was 87.7%, which was our ninth consecutive quarter above 87%. The slight year-over -year decrease in retention rate was driven, in part, by the cancellation of breach members who enrolled in previous years and the impact of an increased number of member credit and debit cards that were replaced as a result of large data breaches during the fourth quarter of 2013.
Average cost of acquisition per member. We calculate average cost of acquisition per member as our sales and marketing expense for our consumer segment during the relevant period divided by our gross new members for the period. A number of factors may influence this metric, including shifts in the mix of our media spend. For example, when we engage in marketing efforts to build our brand, our cost of acquisition per member increases in the short term with the expectation that it will decrease over the long term. In addition, when we introduce new partnerships, such as partnerships in our embedded product channel, our average cost of acquisition per member may decrease due to the volume of members that enroll in our consumer services in a relatively short period of time. We monitor average cost of acquisition per member to evaluate the efficiency of our marketing programs in acquiring new members. For the year ended December 31, 2014, our average cost of acquisition per member was $173, up from $160 for the year ended December 31, 2013.  Our member retention rate and the increasing monthly average revenue per member, primarily from the continued penetration of our premium service offerings, results in a higher lifetime value of a member relationship which enables us to absorb a higher average cost of acquisition per member.
Monthly average revenue per member. We calculate monthly average revenue per member as our consumer revenue during the relevant period divided by the average number of cumulative ending members during the relevant period (determined by taking the average of the cumulative ending members at the beginning of the relevant period and the cumulative ending members at the end of each month in the relevant period), divided by the number of months in the relevant period. A number of factors may influence this metric, including whether a member enrolls in one of our premium services; whether we offer the member any promotional discounts upon enrollment; the distribution channel through which we acquire the member, as we offer wholesale pricing in our embedded product, employee benefit, and breach channels; and whether a new member subscribes on a monthly or annual basis, as members enrolling on an annual subscription receive a discount for paying for a year in advance. While our retail list prices have historically remained unchanged, we have seen our monthly average revenue per member increase primarily due to increased adoption of our higher priced premium services by a greater percentage of our members, a trend we expect to continue. We monitor monthly average revenue per member because it is a strong indicator of revenue in our consumer business and of the performance of our premium services.

50



Our monthly average revenue per member for the year ended December 31, 2014 was $11.13, an increase of 8% from the year ended December 31, 2013. The increase in our monthly average revenue per member resulted primarily from the continued success of our premium service offerings, which accounted for more than 40% of our gross new members for the year ended December 31, 2014.
Enterprise transactions. We calculate enterprise transactions as the total number of enterprise transactions processed for either an identity risk or credit risk score during the relevant period. Our enterprise transactions are processed by ID Analytics, which we acquired in the first quarter of 2012. Enterprise transactions have historically been higher in the fourth quarter as the level of credit applications and general consumer spending increases. We monitor the volume of enterprise transactions because it is a strong indicator of revenue in our enterprise business.
We processed 244.9 million enterprise transactions for the year ended December 31, 2014, an increase of 13% from the year ended December 31, 2013. There are three main factors impacting the change in enterprise transactions year over year. First, in the third quarter of 2013, we had a large telecommunication customer stop scoring its new wireline customers due to low levels of fraud in the business. We were able to reengage and commence scoring a portion of the volume in the third quarter of 2014, resulting in a higher volume of transactions during 2014.  Second, we have seen a reduction in enterprise transactions related to us giving notice of non-renewal to several customers who compete in our consumer business and allowing such contracts to lapse.  Third, offsetting these reductions, we have seen enterprise transactions increase as we continue to add new customers and expand our offerings with our current customer base.
Key Financial Metrics
The following table summarizes our key financial metrics for the years ended December 31, 2014, 2013, and 2012:
 
Year Ended December 31,
 
2014
 
2013
 
2012
 
(in thousands)
Consumer revenue
$
449,193

 
$
340,121

 
$
254,678

Enterprise revenue
26,823

 
29,537

 
21,750

Total revenue
476,016

 
369,658

 
276,428

Adjusted net income
47,132

 
36,931

 
19,184

Adjusted EBITDA
55,479

 
42,156

 
27,460

Free cash flow
89,604

 
66,956

 
37,389


51



Adjusted net income, adjusted EBITDA, and free cash flow are non-GAAP financial measures that we believe provide useful information to investors and others in understanding our operating results in the same manner as we do.  For a full description of how these non-GAAP financial measures are calculated and reconciliations to the most comparable GAAP measure, refer to Item 6 – Selected Financial Data of this Annual Report on Form 10-K.
Factors Affecting Our Performance
Customer acquisition costs. We expect to continue to make significant expenditures to grow our member and enterprise customer bases. Our average cost of acquisition per member and the number of new members we generate depends on a number of factors, including the effectiveness of our marketing campaigns, changes in cost of media, the competitive environment in our markets, the prevalence of identity theft issues in the media, publicity about our company, and the level of differentiation of our services. Shifts in the mix of our media spend also influence our member acquisition costs. For example, when we engage in marketing efforts to build our brand, our member acquisition costs increase in the short term with the expectation that they will decrease over the long term. We also continually test new media outlets, marketing campaigns, and call center scripting, each of which impacts our average cost of acquisition per member. In addition, given the past success of our premium services, we expect to be able to absorb a higher average cost of acquisition per member and still recognize value over the lifetime of our member relationships.
Mix of members by services, billing cycle, and distribution channel. Our performance is affected by the mix of members subscribing to our various consumer services, by billing cycle (annual versus monthly), and by the distribution channel through which we acquire the member. Our adjusted EBITDA, adjusted net income, free cash flow, and average cost of acquisition per member are all affected by this mix. We have seen a recent shift to more monthly members, in large part due to the increase in the number of members enrolling through our embedded product and employee benefits channels in which our members enroll on a monthly basis. We also have seen an increase in the number of members enrolling in our premium services as a percentage of our gross new members.
Customer retention. Our ability to maintain our current member retention rate may be affected by a number of factors, including the effectiveness of our services, the performance of our member services organization, external media coverage of identity theft, the continued evolution of our service offerings, the competitive environment, the effectiveness of our media spend, the timing of employee benefit and breach service enrollments, and other developments.
Our enterprise business relies on the retention of enterprise customers to maintain the effectiveness of our services because our enterprise customers typically provide us with their customer transaction data as part of our service. Losing a significant number of these customers would reduce the breadth and effectiveness of our services. In addition, we believe less than 1% of our overall 2014 revenue was derived from direct competitors to our consumer business. As we have given notice of non-renewal to competitors in our consumer segment, we have allowed such contracts to lapse, and accordingly, this percentage may decline over time.
Investments to grow our business. We will continue to invest to grow our business. Investments in the development and marketing of new services, including the new services we introduced in July 2014, and the continued enhancement of our existing services will increase our operating expenses in the near term and thus may negatively impact our operating results in the short term, although we anticipate that these investments will grow and improve our business over the long term.
Regulatory developments. Our business is subject to regulation by federal, state, local, and foreign authorities. Any changes to the existing applicable laws, regulations, or rules; any determination that other laws, regulations, or rules are applicable to us; or any determination that we have violated any of these laws, regulations, or rules could adversely impact our operating results. As previously disclosed, on January 17, 2014, we met with FTC Staff, at our request, to discuss issues regarding allegations that have been asserted in a whistleblower claim against us relating to our compliance with the FTC Order. On March 13, 2014, we received a request from the FTC for documents and information related to our compliance with the FTC Order. On October 29, 2014, we completed our responses to the FTC’s March 13, 2014 request for information. On January 5, 2015, we completed our responses to the FTC’s subsequent requests for clarification regarding certain information that we previously submitted. We have engaged in ongoing discussions with the FTC Staff regarding the FTC's inquiry into our compliance with the FTC Order. On February 4, 2015, we made a $20 million settlement offer to the FTC Staff and we remain in ongoing discussions with the FTC Staff regarding a possible settlement of this inquiry. There is no guarantee that we will settle this inquiry for $20 million, if at all, and any settlement with the FTC regarding this inquiry, in addition to the payment of the settlement amount, could result in liability for damages and other penalties, require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.

52



In addition, on May 16, 2014, we announced that we had determined that certain aspects of the LifeLock Wallet mobile application were not fully compliant with applicable payment card industry (PCI) security standards. As a result, we temporarily suspended the LifeLock Wallet mobile application, and deleted the affected data from our servers. On May 15, 2014, on our own initiative, we informed the FTC Staff of these issues with the LifeLock Wallet mobile application. Those aspects of the LifeLock Wallet mobile application previously identified by us as not meeting applicable PCI security standards were confirmed as meeting applicable PCI security standards on October 28, 2014, and we do not expect to receive further requests for information from the FTC about this. On October 29, 2014, we relaunched the LifeLock Wallet mobile application. A determination that we are in violation of the FTC Order as a result of the FTC’s review of our PCI non-compliance in connection with the LifeLock Wallet mobile application could result in liability for fines, damages, or other penalties or require us to make changes to our services and business practices, and cause us to lose customers, any of which could have a material adverse impact on our business, operating results, financial condition, and prospects.
We also collect and remit sales tax in several states related to the sale of our consumer services. Other states or one or more countries or other jurisdictions may seek to impose sales or other tax collection obligations on us in the future. A successful assertion by any state, country, or other jurisdiction that we should be collecting sales or other taxes on the sale of our services could, among other things, increase the cost of our services, create significant administrative burdens for us, result in substantial tax liabilities, discourage current members and other consumers from purchasing our services, or otherwise substantially harm our business and operating results.
For a discussion of additional factors and risks facing our business, see “Risk Factors.”
Basis of Presentation and Key Components of Our Results of Operations
We operate our business and review and assess our operating performance using two reportable segments: our consumer segment and our enterprise segment. We review and assess our operating performance using segment revenue, income (loss) from operations, and total assets. These performance measures include the allocation of operating expenses to our reportable segments based on management’s specific identification of costs associated to those segments.
Revenue
We derive revenue in our consumer segment primarily from fees paid by our members for identity theft protection services offered on a subscription basis. Our members subscribe to our consumer services on a monthly or annual, automatically renewing basis and pay us the full subscription fee at the beginning of each subscription period, in most cases by authorizing us to directly charge their credit or debit cards. In some cases, we offer members a free trial period, which is typically 30 days. Our members may cancel their membership with us at any time without penalty and, when they do, we issue a refund for the unused portion of the canceled membership. We recognize revenue for member subscriptions ratably on a daily basis from the latter of cash receipt, activation of a member’s account, or expiration of free trial periods to the end of the subscription period.
We also provide consumer services for which the primary customer is an enterprise purchasing identity theft protection services on behalf of its employees or customers. In such cases, we defer revenue for each member until the member’s account has been activated. We then recognize revenue ratably on a daily basis over the term of the subscription period.
We derive revenue in our enterprise segment from fees paid by our enterprise customers for fraud and risk solutions, which we generally provide under multi-year contracts, many of which renew automatically. Our enterprise customers pay us based on their monthly volume of transactions with us, and approximately 30% of them are committed to paying monthly minimum fees. We recognize revenue based on a negotiated fee per transaction. Transaction fees in excess of any of the monthly minimum fees are billed and recorded as revenue in addition to the monthly minimum fees. In some instances, we receive up-front non-refundable payments against which the monthly minimum fees are applied. The up-front non-refundable payments are recorded as deferred revenue and recognized as revenue monthly over the usage period. If an enterprise customer does not meet its monthly minimum fee, we bill the negotiated monthly minimum fee and recognize revenue for that amount. We derive a small portion of our enterprise revenue from special projects in which we are engaged to deliver a report at the end of the analysis, which we record upon delivery and acceptance of the report.
Cost of Services
Cost of services in our consumer segment consists primarily of costs associated with our member services organization and fulfillment partners. Our member support operations include wages and benefits for personnel performing these functions and facility costs directly associated with our sales and service delivery functions. We also pay fees to third-party service providers related to the fulfillment of our consumer services, including the premiums associated with the identity theft insurance that we provide to our members, and merchant credit card fees.

53



Costs of services in our enterprise segment includes the costs related to data analytics and data management, primarily consisting of wages and benefits of personnel and facility costs directly associated with the data analytics and data management.
We expect our cost of services to increase if we continue to increase the number of our members and enterprise customers. Our cost of services is heavily affected by prevailing salary levels, which affect our internal direct costs and fees paid to third-party service providers. Increases in the market rate for wages would increase our cost of services.
Gross Margin
Gross profit as a percentage of total revenue, or gross margin, has been and will continue to be affected by a variety of factors. Increases in personnel and facility costs directly associated with the provision of our services can negatively affect our gross margin, as can higher fulfillment costs due to enhancements in our services or the introduction of new services, such as the addition of insurance coverage in our consumer services. A significant increase in the number of members we enroll through our strategic partner distribution channels can also negatively affect our gross margin because we offer wholesale pricing to our strategic partners. In prior periods, our gross margin has also been negatively impacted by sales taxes we paid on behalf of our members and settlements with state tax authorities. Conversely, operating efficiencies in our member services organization can improve our gross margin. We expect that our gross margin may fluctuate from period to period depending on all of these factors.
Sales and Marketing
Sales and marketing expenses consist primarily of direct response advertising and online search costs, commissions paid on a per-member basis to our online affiliates and on a percentage of revenue basis to our co-marketing partners, and wages and benefits for sales and marketing personnel. Direct response marketing costs include television, radio, and print advertisements as well as costs to create and produce these advertisements. Online search costs consist primarily of pay-per-click payments to search engines and other online advertising media, such as banner ads. Advertising costs are expensed as incurred and historically have occurred unevenly across periods. Our sales and marketing expenses also include payments related to our sponsorship and promotional partners. In order to continue to grow our business and the awareness of our services, we plan to continue to commit substantial resources to our sales and marketing efforts. As a result, we expect our sales and marketing expenses will continue to increase in absolute dollars for the foreseeable future and vary as a percentage of revenue depending on the timing of those expenses.
Technology and Development
Technology and development expenses consist primarily of personnel costs incurred in product development, maintenance and testing of our websites, enhancing our existing services and developing new services, internal information systems and infrastructure, data privacy and security systems, third-party development, and other internal-use software systems. Our development costs are primarily incurred in the United States and directed at enhancing our existing service offerings and developing new service offerings. In order to continue to grow our business and enhance our services, we plan to continue to commit resources to technology and development. In addition, ID Analytics has historically spent a higher portion of its revenue on technology and development. As a result, we expect our technology and development expenses will continue to increase in absolute dollars for the foreseeable future.
General and Administrative
General and administrative expenses consist primarily of personnel costs, professional fees, and facility-related expenses associated with our executive, finance, human resources, legal, and governmental affairs organizations. Our professional fees principally consist of outside legal, auditing, accounting, and other consulting fees. Legal costs included within our general and administrative expenses also include costs incurred to litigate and settle various legal matters. We expect our general and administrative expenses will increase in absolute dollars for the foreseeable future as we hire additional personnel and expand our office facilities to support our overall growth and incur additional costs associated with our public company and regulatory compliance.
Amortization of Acquired Intangible Assets
Amortization of acquired intangible assets is the amortization expense associated with core technology, customer relationships, and trade names and trademarks resulting from business acquisitions. As of December 31, 2014, we had $38.3 million in intangible assets, net of amortization, as a result of our acquisitions of ID Analytics and Lemon. The acquired intangible assets have useful lives of between one and ten years and we expect to recognize approximately $8.3 million of amortization expense in the year ending December 31, 2015.

54



Other Income (Expense)
Other income (expense) consists primarily of interest income on our cash and cash equivalents and marketable securities and interest expense on our indebtedness and unused credit facility.
Prior to our IPO, we also included in other income (expense) changes in the fair value of our warrant liabilities and changes in the fair value of our embedded derivative. Upon the completion of our IPO in October 2012, the warrants to purchase our convertible redeemable preferred stock were converted to warrants to purchase common stock and, at that time, were reclassified to equity. Accordingly, we are no longer required to re-measure the fair value of our warrants. On October 16, 2012, we paid to the former holders of our Series E-1 convertible redeemable preferred stock $10.7 million in cash as settlement for the embedded derivative and expect no additional income or expense related to the embedded derivative.
Provision for Income Taxes
We are subject to federal income tax as well as state income tax in various states in which we conduct business. Our effective tax rate for the year ended December 31, 2014 differed from the U.S. federal statutory tax rate plus the impact of state taxes as a result of state taxes and non-deductible expenses. We expect our effective tax rate to approximate the U.S. federal statutory tax rate plus the impact of state taxes in subsequent periods. As of December 31, 2014, we had U.S. federal and state net operating losses of approximately $165.1 million and $86.9 million, respectively, which will continue to reduce the amount of cash taxes to be paid.
In the fourth quarter of 2013, after consideration of all available positive and negative evidence, including our historical operating results, current financial condition, and potential future taxable income, we released substantially all of our valuation allowance on deferred tax assets. As a result, we recorded an income tax benefit of $37.5 million for the year ended December 31, 2013.
Results of Operations
Comparison of the Years Ended December 31, 2014, 2013, and 2012
Total Revenue
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Consumer revenue
$
449,193

 
$
340,121

 
$
254,678

 
32.1
 %
 
33.5
%
Enterprise revenue
26,823

 
29,537

 
21,750

 
(9.2
)%
 
35.8
%
Total revenue
$
476,016

 
$
369,658

 
$
276,428

 
 
 
 
Consumer revenue for the year ended December 31, 2014 was $449.2 million, an increase of $109.1 million, or 32.1%, over consumer revenue for the year ended December 31, 2013. The increase in our consumer revenue from 2013 to 2014 related primarily to an increase in the number of our members, which grew from approximately 3.0 million as of December 31, 2013 to approximately 3.6 million as of December 31, 2014, an increase of 21%. In addition, our monthly average revenue per member increased 8% to $11.13 for the year ended December 31, 2014 from $10.32 for the year ended December 31, 2013. The increase in members and monthly average revenue per member resulted from the continued success of our premium service offerings, including the release of our new LifeLock Advantage and LifeLock Ultimate Plus services at the end of July 2014, and our advertising and marketing campaigns designed to increase the overall awareness of our services and identity theft.  
Revenue from our consumer segment for the year ended December 31, 2013 was $340.1 million, an increase of $85.4 million, or 33.5%, over revenue of $254.7 million for the year ended December 31, 2012. The increase in our consumer revenue from 2012 to 2013 related primarily to an increase in the number of our members, which grew from 2.5 million as of December 31, 2012 to approximately 3.0 million as of December 31, 2013, an increase of 21%. In addition, our monthly average revenue per member increased 11% to $10.32 for the year ended December 31, 2013 from $9.28 for the year ended December 31, 2012. The increase in members and monthly average revenue per member resulted from the introduction of our LifeLock Ultimate service offering and our advertising and marketing campaigns designed to increase the overall awareness of our services and identity theft.

55



Enterprise revenue for the year ended December 31, 2014 was $26.8 million, a decrease of $2.7 million, or 9.2%, over enterprise revenue for the year ended December 31, 2013. Enterprise revenue decreased in 2014 compared to 2013 primarily due to the reduction in revenue as a result of us giving notice of non-renewal to several customers who compete in our consumer business and allowing such contracts to lapse, which was partially offset by growth as we continue to add new customers and expand our offerings within our current customer base.
Enterprise revenue for the year ended December 31, 2013 was $29.5 million, an increase of $7.8 million, or 35.8%, over enterprise revenue for the year ended December 31, 2012. Enterprise revenue increased in 2013 compared to 2012 even though enterprise transactions decreased. The enterprise revenue increased as the lower revenue per transaction volume from a large telecommunication customer was replaced by higher revenue per transactions from other enterprise customers. In addition, we acquired ID Analytics on March 14, 2012 and, accordingly, our enterprise revenue for the year ended December 31, 2012 only includes the revenue contributed by ID Analytics since that date.
Cost of Services and Gross Profit
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Cost of services
$
120,422

 
$
100,065

 
$
79,916

 
20.3
%
 
25.2
%
Percentage of revenue
25.3
%
 
27.1
%
 
28.9
%
 
 
 
 

Gross profit
$
355,594

 
$
269,593

 
$
196,512

 
31.9
%
 
37.2
%
Percentage of revenue
74.7
%
 
72.9
%
 
71.1
%
 
 
 
 
Gross profit for the year ended December 31, 2014 was $355.6 million, or 74.7% of revenue, an increase of $86.0 million, or 31.9%, over gross profit of $269.6 million, or 72.9% of revenue, for the year ended December 31, 2013. The increase in our gross profit resulted primarily from increased revenue associated with the growth in the number of our members and increased monthly average revenue per member. The increase in our gross profit percentage is primarily attributable to efficiencies in our member services organization and scalability within certain third party fulfillment contracts as our member base continued to grow.  
Gross profit for the year ended December 31, 2013 was $269.6 million, or 72.9% of revenue, an increase of $73.1 million, or 37.2%, over gross profit of $196.5 million, or 71.1% of revenue, for the year ended December 31, 2012. The increase in our gross profit resulted primarily from increased revenue associated with the growth in the number of our members and increased monthly average revenue per member. The increase in our gross profit percentage resulted primarily from efficiencies in our member services organization and scalability within certain third party fulfillment contracts as our member base continued to grow.  
Sales and Marketing
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Sales and marketing
$
213,984

 
$
162,363

 
$
122,989

 
31.8
%
 
32.0
%
Percentage of revenue
45.0
%
 
43.9
%
 
44.5
%
 
 
 
 

Sales and marketing expenses for the year ended December 31, 2014 were $214.0 million, or 45.0% of revenue, compared with $162.4 million, or 43.9% of revenue, for the year ended December 31, 2013. The increase in our sales and marketing expenses resulted from increases in our advertising expenses, external sales commissions, and personnel costs, including increases in our non-cash share-based compensation. The increase in our sales and marketing expenses reflected our investment to drive new membership growth, our continued advertising of our premium service offerings, and our efforts to highlight the growing identity theft issue and to educate consumers.

56



Sales and marketing expenses for the year ended December 31, 2013 were $162.4 million, or 43.9% of revenue, compared with $123.0 million, or 44.5% of revenue, for the year ended December 31, 2012. The increase in our sales and marketing expenses resulted from increases in our advertising expenses, external sales commissions, and sales and marketing expenses from ID Analytics, primarily consisting of personnel costs, since our March 2012 acquisition. The increase in our sales and marketing expenses reflected our investment to drive new membership growth, our continued advertising of our LifeLock Ultimate service, and our efforts to highlight the growing identity theft issue and to educate consumers.
Technology and Development
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Technology and development
$
50,973

 
$
40,015

 
$
29,543

 
27.4
%
 
35.4
%
Percentage of revenue
10.7
%
 
10.8
%
 
10.7
%
 
 
 
 


Technology and development expenses for the year ended December 31, 2014 were $51.0 million, or 10.7% of revenue, compared with $40.0 million, or 10.8% of revenue, for the year ended December 31, 2013. The increase in our technology and development expenses resulted primarily from increases in our personnel costs, including non-cash share-based compensation, as we continued to invest in and expand the talent within the organization.
Technology and development expenses for the year ended December 31, 2013 were $40.0 million, or 10.8% of revenue, compared with $29.5 million, or 10.7% of revenue, for the year ended December 31, 2012. The increase in our technology and development expenses resulted primarily from increases in our personnel costs, as we continued to expand and enhance our workforce. In addition, technology and development expenses increased due to the inclusion of ID Analytics’ technology and development expense since our March 2012 acquisition. ID Analytics’ technology expenses consist primarily of the personnel and other costs incurred in research and development.
General and Administrative
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
General and administrative
$
75,673

 
$
42,125

 
$
24,629

 
79.6
%
 
71.0
%
Percentage of revenue
15.9
%
 
11.4
%
 
8.9
%
 
 
 
 

General and administrative expenses for the year ended December 31, 2014 were $75.7 million, or 15.9% of revenue, compared with $42.1 million, or 11.4% of revenue, for the year ended December 31, 2013. The increase in general and administrative expenses resulted primarily from additional costs associated with our regulatory compliance, acquisition integration and related intellectual property audits, the expansion of our office facilities, and additional personnel costs, including non-cash share-based compensation. The increase in general and administrative expenses also included a $20.0 million legal reserve for a possible settlement with the FTC of their inquiry into our compliance with the FTC Order, which was partially offset by a $5.0 million legal settlement in our favor resulting from indemnification claims we previously made with respect to our Lemon acquisition. The settlement was reached with the former shareholders of Lemon other than the individuals against whom we have brought a lawsuit, as described in more detail in Item 3 of this Annual Report on Form 10-K.
General and administrative expenses for the year ended December 31, 2013 were $42.1 million, or 11.4% of revenue, compared with $24.6 million, or 8.9% of revenue, for the year ended December 31, 2012. The increase in general and administrative expenses resulted primarily from additional costs associated with our public company compliance, additional personnel costs, primarily non-cash share-based compensation, and increased general and administrative expenses from ID Analytics. In addition, for the year ended December 31, 2012, we received two favorable legal settlements of $3.6 million related to insurance claims for legal costs that we incurred in 2008 and 2009.

57



Amortization of Acquired Intangible Assets
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Amortization of acquired intangible assets
$
8,898

 
$
7,909

 
$
6,258

 
12.5
%
 
26.4
%
Percentage of revenue
1.9
%
 
2.1
%
 
2.3
%
 
 
 
 

Amortization of acquired intangible assets for the year ended December 31, 2014 was $8.9 million, or 1.9% of revenue, compared with $7.9 million, or 2.1% of revenue, for the year ended December 31, 2013.  The increase in amortization of acquired intangible assets is due to having a full year of amortization following the acquisition of Lemon in December 2013.
Amortization of acquired intangible assets for the year ended December 31, 2013 was $7.9 million, or 2.1% of revenue, compared with $6.3 million, or 2.3% of revenue, for the year ended December 31, 2012. The increase in amortization of acquired intangible assets is due to having a full year of amortization following the acquisition of ID Analytics in March 2012 and amortization of acquired intangible assets following the acquisition of Lemon in December 2013.
Other Income (Expense)
 
Year Ended December 31,
 
2013 to 2014
 
2012 to 2013
 
2014
 
2013
 
2012
 
% Change
 
% Change
 
(in thousands)
 
 
 
 
Interest expense
$
(353
)
 
$
(353
)
 
$
(3,677
)
 
 %
 
(90.4
)%
Interest income
281

 
124