Security software or protection racket?

Symantec and McAfee pay software makers to install free trial versions of their suites on computers  subsidising the cost of new computers in the knowledge that most  consumers and small businesses will be reluctant or technically unable to uninstall the software and shop around once their initial subscription expires.

Symantec has taken an extra step to protect its  investment by requiring that customers give it ongoing authority to debit their credit cards in future years, each time their subscription expires.

There is now no opt-out process at the time of renewal.

Customers who think it's possible they may not want to purchase a renewal in a year's time must instead first provide the automatic debit authority and then cancel it by filling out an online form.

That involves rekeying an order number and product key or serial number that Symantec emails to customers once they make their purchase.

Symantec will email customers a notification each year to advise them their card is about to be debited, but does not include the order number and product key in that.

Product manager David Hall says customers who lose or no longer have access to the original email advising them of these codes can phone Symantec to cancel the automatic authority.

A trawl of the Net suggests, however, that not all customers have found cancelling automatic payments trouble-free.

And, of course, Symantec customers who change their email address won't receive renewal notifications, increasing the risk they may find their credit card debited for a product that they had no intention to buy. At banks' discretion, the debits will continue even after credit cards expire.

Such mandatory automatic payment authorities aren't unique to Symantec and according to some overseas critics of such schemes, it is not the worst offender.

Mr Hall claims Symantec's motivation for introducing them is benign _ ensuring ''ongoing protection'' to customers who might otherwise have unwittingly failed to renew their subscriptions.

Website TechWeb has quoted former Symantec consumer-group chief Enrique Salem saying it was also one of several ''revenue-generating'' strategies to ''pump up the consumer group's bottom line''.

There are a couple of aspects of the payment process that heighten the risk Symantec may collect payments from reluctant or unwilling customers.

Customers are advised in the email that gives instructions on how to cancel automatic payments that by doing so they are opting out of the ''automatic renewal feature of Norton Ongoing Protection'', but the confirmation form incorrectly advises customers that they would actually be opting out of Norton Ongoing Protection if they proceed.

That creates the potential for people to be misled into thinking that if they follow the instructions in the email, they may lose the entitlement to automatic updates of their Symantec product during the period of their paid subscription. 

A gratuitous warning that ''cancelling the automatic renewal feature will leave you at risk of becoming unprotected from the latest security threats'', doesn't help in that regard.

There are other aspects of Symantec's communications that are likely to confuse.  The confirmation email says it contains a product key, but actually provides a ''product serial number'', a minor inconsistency  that is also likely to make anxious consumers hesitate before cancelling an automatic payment authority.

Purely as a test, NZ InfoTech used the online form to cancel the automatic renewal feature of a Symantec product. Its website advised confirmation of the cancellation would be sent by email. That had not arrived 36 hours later, so it was unclear if the cancellation attempt was successful.

Visa's Australian-based spokesman Andrew Woodward is unsympathetic.  ''The matter of a one-off payment or a recurring payment is a matter between the card holder and the merchant. People need to read the big print and the fine print.''

If customers don't want to give Symantec the right to perpetually debit their credit card, they can uninstall the product and install another security suite _ however impractical that advice might be for most mums and dads.

NZ InfoTech believes that based on the evidence of the hassles mandatory automatic payments are causing, banks should cancel any such authorities claimed by multinational security software vendors at the request of customers, without requiring they first jump through hoops with the vendors themselves.

A risk is that consumers and small businesses will otherwise come to regard with suspicion all efforts to rent them software online, and wouldn't that be a massive set-back for the whole industry?


The Dominion Post