RSS Alerts

Related Links

  • McAfee
  • Symantec
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates
  • Information security and the recession
    As the recession continues to chew into budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that information security defences remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organisations can negotiate the rough seas ahead.
  • Symantec uncovers new type of Facebook trojan
    IT security vendor Symantec has uncovered a trojan that uses the Facebook social networking portal to communicate with a command and control (C&C) server
  • Data lost, not found: Why data loss is still prevalent in many organisations
    Eighteen months on from the HMRC data loss scandal - where contractors lost the details of 25 million Britons - Stephen Pritchard investigates why there is little evidence that the rate of privacy breaches is falling
  • Paypal registration page vulnerabilities revealed
    Methodman, a so-called 'grey hat' hacker specialising in discovering cross-site scripting (XSS) flaws, claims to have uncovered a number of XSS security flaws in various Paypal registration pages.

News

Symantec and McAfee under fire for auto-renewing subscriptions

12 June 2009

The perils of giving companies your payment card details and failing to realise the likelihood of those details being used when subscription renewal times comes around have raised their ugly head again, with Symantec and McAfee being ordered to pay $375,000 each to the New York Attorney General to resolve complaints about the issue from customers.

Symantec and McAfee have been told to pay these monies to clear up accusations that they charged subscriptions against customers' payment cards without the customers' knowledge or authorisation.

The IT security firms have also agreed to make detailed disclosures of any automatic subscription fees and renewals to authorities, as well as operate a more transparent procedure for customers to opt out of an auto-renewal option.

Andrew Cuomo, New York's Attorney General Andrew Cuomo described the practice as "hide the ball", saying that customers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months.

Cuomo added that the fees were "hidden at the bottom of long web pages or in the fine print of license agreements."

As a result of their actions, both Symantec and McAfee are now required to notify customers before - and after - the renewal deadlines and must provide refunds to those who request them within 60 days of being charged.

The settlement also asks that the IT security vendors are open about the length of time that they will continue to provide support and updates for their software.

One solution to the problem of recurring subscriptions that are only payable by card is to use a prepaid debit card such as the Paypal Topupcard,Infosecurity notes.

In return for £4.95, users get a payment card that can be loaded - ironically using a regular credit or debit card - each time a potentially recurring payment is required.

Since it not possible to `overdraw' the card, if a merchant attempts to repeat the subscription at a later date without permission, the transaction will not go through.

 

This article is featured in:
Compliance and Policy Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water