We received a call from a client this week that raised an interesting question about the behaviors of some businesses.

The caller was concerned because they had received an email saying that their computer’s security software subscription had automatically been renewed using their credit card information. The problem was that the client had not been contacted before their credit card was used.

We were asked, “Can they do this without my approval?”  The answer is a little more complex than a simple “yes” or “no.” There are at least two questions that need to be answered:

                1. Can a business store my credit or debit card information after an initial transaction? And,

                2. Can a business charge my credit or debit card account without my permission?

The fact that the software company was able to charge the customer’s credit card indicates that the company had not deleted the customer’s card information after the initial transaction. Instead, they had stored the data so it could be used in the future.

The Payment Card Industry (PCI) consists of the organizations involved in issuing and processing credit and debit card transactions in the U.S. The industry has established security standards for handling transactions that involve your debit or credit card. While the standards are not officially U.S. law, most companies involved with these transactions will comply with the standards.

According to the PCI standards for storing data, some sensitive account information – like your pin number – may not be stored even if it’s encrypted. But other account information may be stored by a company.

“But,” our client asked, “How can they charge my account without my permission?”

And the answer is the story of the checked box. 

This happens when the customer originally buys the software and downloads it onto their computer.  It seems there is a tiny little box lurking somewhere on the screen that asks if the purchaser wants the company to renew the software after the subscription period has ended.  

The downloaded version of the software always has the box checked.  In order to prevent the company from  using the credit card a year later to renew the software subscription, the customer has to find the box somewhere on the screen and remove the check mark.  

According to the software company, this checked box gives them the authorization to store our credit or debit card information and to use it each year without asking us each time.

So, the next time you download a program or sign up for an app, look carefully for the checked box and make sure that you aren’t authorizing a company to make your purchases for you.

By the way, the client was able to contact the software company and, after a lengthy conversation and several calls, had the company delete their information and cancel the renewal.   

Maine Identity Services, LLC provides data breach and identity theft assistance to individuals, organizations and law enforcement personnel through its books, seminars and police materials. For more information about the company and its products, visit www.meidhelp.com   or email: info@meidhelp.com