Symantec and McAfee have been told to pay these monies to clear up accusations that they charged subscriptions against customers' payment cards without the customers' knowledge or authorisation.
The IT security firms have also agreed to make detailed disclosures of any automatic subscription fees and renewals to authorities, as well as operate a more transparent procedure for customers to opt out of an auto-renewal option.
Andrew Cuomo, New York's Attorney General Andrew Cuomo described the practice as "hide the ball", saying that customers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months.
Cuomo added that the fees were "hidden at the bottom of long web pages or in the fine print of license agreements."
As a result of their actions, both Symantec and McAfee are now required to notify customers before - and after - the renewal deadlines and must provide refunds to those who request them within 60 days of being charged.
The settlement also asks that the IT security vendors are open about the length of time that they will continue to provide support and updates for their software.
One solution to the problem of recurring subscriptions that are only payable by card is to use a prepaid debit card such as the Paypal Topupcard,Infosecurity notes.
In return for £4.95, users get a payment card that can be loaded - ironically using a regular credit or debit card - each time a potentially recurring payment is required.
Since it not possible to `overdraw' the card, if a merchant attempts to repeat the subscription at a later date without permission, the transaction will not go through.