Tuesday, December 16, 2008

Checkfree - Not For Me

I like to pay bills online. Saves time, money, paper, the environment. I like to do it through either my bank or direct to the service provider (like Cablevision). I only use Checkfree to pay my water bill since Aquarion won't allow you to pay them directly.

Yesterday I received the following email from Checkfree (click image to enlarge):



Now firstly, Checkfree is a Company Acting Badly for putting together such a poor email:
  • U.S. zip codes have 5 digits not 4
  • The return email address "customercenter.net" doesn't look like Checkfree
  • It says it was sent by Silverpop - who's Silverpop?
  • The 877 phone number doesn't appear on their website
  • It says I may be affected - shouldn't they have logs to know who was on their site?
  • the overall message just feels like spam
Surprisingly, it's real. I logged into Checkfree and got this message (click image to enlarge):



The real problem with Checkfree is what they are not being transparent and specific about what happened. If I understand it, for roughly a 10 hour period, all traffic to Checkfree.com was re-routed to another fake site. If you entered info at this site, then that fake site has a copy of it. Additionally, that fake site may have installed some malicious software on your Windows PC. How did Checkfree let this re-routing happen? What have they done to make sure it doesn't happen again?

You can read more about Checkfree getting hacked at fatwallet, zdnet, and at signs101 where some folks thought it was spam.

This will guarantee they don't get more of my bill pay items, and if Aquarion ever offers a direct debit option from their site directly, I will sign up.

0 comments: