Hi Folks,  This is hot off the press and VERY worthwhile reading

Microsoft, McAfee, Symantec charge cards repeatedly
by Scott Dunn

These days, most antivirus and other security products come with a subscription to update your virus definitions.

Signing up usually means forced automatic subscription renewal, in which your credit card is charged every year, and it's not easy to opt out - but I'll show you how.

Subscription sabotage: a case study

IT consultant and Windows Secrets subscriber Bruce Weiskopf received a routine notice that his Norton Internet Security product subscription was about to expire. Then, when he began examining some online forms, he became upset. There, in the fine print, he noticed a clause saying he was already signed up for automatic subscription renewal.

"It's barely noticeable, and, in any event, you aren't given the opportunity to decline at this point," he told Windows Secrets. All he could see was a link for more information. So, he went to the Symantec Web site to find out more.

According to Bruce, what ensued was an onerous process of hoop-jumping before he was finally able to tell the company not to renew his subscription and charge his credit card automatically each year.

"It's really, really an unconscionable scam," Bruce adds. "I'm sure there are many consumers who don't pay attention to their credit card statements, enabling Symantec to make quite a profit at about $50 a pop!"

For those who feel as Bruce does, the unfortunate truth is that the practice of enrolling customers in automatic renewal for antivirus and other security products is not limited to Symantec. Indeed, it has become an industry standard. Microsoft Windows Live OneCare, Symantec, McAfee, and ZoneAlarm all enroll customers into the companies' automatic subscription-renewal programs with the purchase of a subscription-based product. In most cases, customers aren't given a choice to opt out, and only find out about the annual renewals when they receive an e-mail notice or see a charge on their credit card.

For some users, automatic renewal is a boon, since it saves the annual chore of manually renewing subscriptions to new virus definitions. Others view the policy with suspicion, especially since these policies are often not made clear at the outset. Moreover, the amount charged for the renewal each year can change, depending on the going rate for the subscription at the time of the renewal.

In order to get to the bottom of this, I bought products from each of the following four security companies to see how transparent the auto-renewal policy is and just how difficult it is to get out of the scheme once you know about it.

Windows Live OneCare is the least transparent

Of all the companies I tested, Microsoft's all-in-one security and maintenance package, Windows Live OneCare, has the most-hidden automatic subscription-renewal policy and is the most difficult to learn how to cancel.

You begin the process by signing up for a free Windows Live account (basically a Hotmail e-mail account). At the bottom of the form is a link to the Windows Live Service Agreement, a 6,708-word document that hints at what's to come. It reads, "If we informed you that the service will be provided indefinitely or automatically renewed, we may automatically renew your service and charge you for any renewal term."

The actual commitment isn't made until you enter your credit-card information and are allowed to review your data before confirming the purchase. The review page shows no information on the subscription-renewal policy - that is, until you click View Details under Windows Live OneCare. Only if you open the link do you see this policy statement:

• "You have selected a one year subscription to Windows Live OneCare ... This is an annual subscription that will be automatically charged to your credit card every year at the then current price unless you cancel your account or select an alternative plan. You must agree to the Windows Live OneCare Subscription Agreement to access the service. Major credit card required. Prices subject to change. Valid in US only."
  

Despite the above language, no "alternative plans" are listed. Nor is any information provided on how to get out of the automatic renewal program.

After your purchase, you can go to Microsoft's Billing and account management page and sign in with your Windows Live e-mail and password. There, you can click on the service you purchased (Windows Live OneCare) and see links for complete cancellation of the service itself. But nowhere is there information on simply canceling recurring credit-card charges.

In the end, you have to phone Windows Live OneCare Support at 866-663-2273 in order to cancel only the automatic-renewal aspect of your subscription. (I was told by a Microsoft representative that this toll-free number also can be called from outside the U.S. if international dialing and the country code 1 is used, but I wasn't able to test this.)

McAfee embeds auto-renewal policy in EULA

A somewhat stealthy approach is taken by McAfee. As part of the online purchase process, users see a scrolling box containing a 3,280-word end-user license agreement (EULA). Buried in the scrolling text is a statement that reads:

• "If you have agreed to permit McAfee to automatically renew your subscription to the Software by charging a valid credit card number which you have provided to McAfee, your subscription will be automatically renewed thirty (30) days prior to the expiration of the term and each anniversary thereafter for a fee no greater than McAfee's then-current price, excluding promotional and discount pricing."
  

According to the license, simply purchasing with a credit card gives the company permission to automatically charge you for a subscription renewal year after year.

How do you get out of it? The EULA goes on to say:

• "McAfee may continue charging you for any subscription automatically renewed unless you inform McAfee´s customer support department at (408) 992-8599 or (866) 622-3911 (or any other local number provided by the respective McAfee entity in your region) not to renew your subscription to the Software at least thirty (30) days prior to the expiration of your subscription to the Software and informing them of your desire not to have such subscription automatically renewed."
  

Granted, every customer should read the fine print before purchase. But, many would argue that this important information about ongoing charges should be made more apparent.

In case you missed the phone numbers in the EULA, you can always cancel auto-renewal of your subscription at the McAfee Web site. However, finding the right page isn't easy, especially since the site's search feature provides no quick answers. Here are the steps for U.S. customers:

Step 1: Go to McAfee's main U.S. page.

Step 2: At the right end of the navigation bar near the top, click My Account.

Step 3: Log in using your e-mail address and password.

Step 4: In the navigation pane on the left, select Auto-Renewal Setup under My Account.

Step 5: Under Auto-Renewal Setup, the page should have check boxes corresponding to each product you've purchased. Uncheck the boxes for each item whose subscription you do not want to have renewed automatically. Then click Done.

Customers outside the United States may need to contact a customer service representative either by e-mail, phone, or online chat. These options are available at McAfee's main customer service page.

Symantec: Mandatory auto-renewal, but easier to cancel

I found that Symantec actually has the second-best policy of the four security sites I tested. Symantec products give you no choice, requiring you to accept automatic subscription renewal as part of your purchase, but at least this is made pretty clear from the beginning. An explanation just below the credit-card form in Symantec's online store reads, in part:

• "By placing this order, you consent to Symantec automatically renewing your annual subscription. Symantec will notify you by e-mail prior to expiration of your current subscription ... If you do not want to be automatically charged, you may discontinue the auto-renewal feature of Norton Ongoing Protection at any time after completing this order by following the instructions contained on the Symantec Web site and in the confirmation e-mail."
  

Despite the lack of choice, Symantec at least warns you, both at the time of purchase and in the confirmation e-mail. Moreover, it provides a link to the cancellation page, both in the online receipt and the confirmation mail.

On the chance the buyer might miss these statements, I went to Symantec's main site to see how hard it would be to find the cancellation page on my own. I entered cancel automatic renewal in the search box at the top of the page. The search returned three results, the first of which was an Enterprise Support Knowledge Base article entitled "How to cancel On-going Protection." The article included a link to the cancellation form.

The actual cancellation process is a simple matter of filling out the form online and clicking Submit. (This only cancels auto-renewal, not your current subscription.) The only downside is that you'll need to have your name, e-mail address, order number, product activation key, and product serial number to complete the form! So remember to save your online receipt or the confirmation e-mail you received after your purchase.

ZoneAlarm provides a fairly upfront choice

As far as security products go, Check Point's ZoneAlarm is the least coercive when it comes to automatic subscription renewal. Unlike the other three companies I tested, the order form for ZoneAlarm provides a check box where you enter your credit-card information that reads "Automatically renew my subscription upon expiration." The box is checked by default, however, so if you miss it, you'll be signed up for automatic charges until you cancel. And the confirmation e-mail you receive won't clue you in to this fact.

Once you're signed up for automatic renewal with a ZoneAlarm product, canceling the auto-renewal isn't too difficult - providing you know where on ZoneAlarm's site to look. I had to do a lot of clicking around to find the right page, and the site's search function was little to no help. Here's the solution:

Step 1: On ZoneAlarm's main page, click Customer Support in the navigation pane on the left.

Step 2: On the Customer Service page, click Login to My Account under Customer Service. You may be prompted whether to display both secure and nonsecure items.

Step 3: On the Account Login page, enter the user ID and password you created when you purchased the product. Click Sign In Now! Again, you may be prompted whether to display both secure and nonsecure items.

Step 4: On the My Account page, click Manage Subscriptions under the Manage Subscriptions heading.

Step 5: On the Manage Subscriptions page, look in the section with the Automatic License Renewal heading. Choose Manually renew this license from the Renewal Option drop-down list. Click Submit.

What's behind the hard-to-cancel policies?

Not surprisingly, companies that enroll customers in automatic-renewal programs by default tend to describe the policy as an advantage for customers.

A Microsoft spokeswoman explained that "the goal of implementing the automatic-renewal process was to protect customers from an interruption in their service. Recent studies show as many as two-thirds of antivirus users postpone their subscription renewal." (Microsoft policy prohibits identifying p.r. spokespeople by name.)

John Gable, director of product management for Check Point's ZoneAlarm division, says the company's recently implemented auto-renewal practice was intended "to help consumers keep their subscriptions up to date, as well as in response to feedback from many users who felt subscription renewal reminders were too intrusive."

Corporate altruism doesn't seem to be the only motive in the move to recurring credit-card charges, however. Last year, an article in TechWeb credited Symantec's then consumer-group chief Enrique Salem as saying that automatic renewal of product updates was one of several "revenue-generating" strategies to "pump up the consumer group's bottom line." (A representative I contacted at Symantec did not provide a comment by press time.)

Consumer reaction is decidely negative

Despite the promise of continued service that automatic renewal offers, some customers clearly don't like being signed up for recurring credit-card billing by default. It isn't difficult to find complaints about this practice posted in online forums.

For example, a user with the screen name RideRed claimed in BroadbandReports.com that Symantec charged his credit card at renewal time without his consent, despite the fact that he had turned off automatic renewal at the time he made his purchase.

Similarly, a user of Digg.com comments:

• "I usually don't sign up for services that auto-renew. Why? Because I am surrounded by examples of companies that REFUSE to stop charging when the customer tells them to. They call it an 'error' and keep right on charging - all you can do is call and hope they eventually stop taking your money for a service you've long since stopped using."
  

Quantifying the level of dissatisfaction is more difficult. None of the companies I was able to reach had (or would reveal) the number of customers who have canceled automatic renewal, although the Microsoft representative did say the majority of customers are auto-renewing their subscriptions.

Nevertheless, it's safe to say most companies track customer complaints and respond when they reach a critical level. As ZoneAlarm's John Gable acknowledges, "We are continuing to run usability testing with regards to placement of the auto-renew option and whether to keep it checked by default or not. Therefore, the way we have it today may very well change based on user feedback."

If you feel the pain, you must complain

No product I reviewed has a completely clean record. ZoneAlarm, to its credit, actually does allow users to opt out of automatic renewal before completing a purchase (but opting out is not the default choice). Symantec, for its part, does make its auto-renewal process apparent and relatively easy to turn off - compared with the worst cases.

I'm the first to agree that the ability to automatically renew a subscription, especially to an important security service, is a convenience most customers should consider. But to compel customers to adopt automatic charges and then hide or obscure that fact is quite another matter. Security companies compound the problem by making the cancellation process difficult and hard to find. In most cases, companies are implementing this policy in every country where they can lawfully do so.

Microsoft's spokeswoman told me that the company "has taken steps to prevent their customers from being surprised by automatic renewals. Sign-up forms make it clear that online customers are entering an automatic-renewal program."

But this is in direct contradiction to my own purchasing experience. It may come as a surprise to Microsoft that not everyone clicks every link to read the fine print during their online shopping experiences.

Although the companies I surveyed send out reminders before the renewal fee is charged, customers can easily lose track of these notices in the deluge of spam and business promotions they receive each day.

Corporations seldom change policies that make them rich, unless enough customers complain. If automatic renewal works for you, then by all means keep the service going. But, if you don't like the way it's been implemented by your security provider, it's time to let them know.

Please feel free to forward this to anyone that you think might be interested in it.  If they wish to subscribe, they can click on the link below.

If this was forwarded to you and you wish to subscribe, please click here: Subscribe
If you wish to be deleted from the mailing list, please click here: Unsubscribe