Advertisment

10 Ways to Know if a Third Party Utility Payment Site is Trustworthy

author-image
PCQ Bureau
New Update

We all look forward to new and innovative ways of completing mundane but essential tasks. Paying for utility bills, mobile recharge, DTH recharge, gas bills, etc are just some of them that we go through each month. Cashing on the success of online commerce and the increased acceptance of consumers of the online payment gateways, most of them have started dedicated portals for customers to pay their bills and get recharges done. It is still a nascent concept and we don't find many takers for such services, primarily due to the fear of losing financial data through the use of such portals. And no matter how much they might convince you, if you do go through the long list of terms and conditions mentioned on these portals, you are bound to be convinced to the contrary for not using them at all. For all the tall claims made with regard to information security, the fine print within the terms and conditions clearly puts the onus for any theft/mishap/failed transaction on to the customer. And as opposed to the practice followed in the past, these portals presume you've gone through and accepted their terms once you make a transaction. I am not being cynical here, nor am I trying to dissuade you from making full use of technology. But there has to be some credible mechanism in place that should assure consumers of the safety of their personal and financial information rather than the nicely concealed acceptance of terms and conditions that is implied through our use of their services.

Understanding the risks in sharing information online

Do you know that John McAfee, the original founder of McAfee anti-virus is paranoid about reading emails, let alone using any third-party site to transact? And unlike most of us, he reads the entire terms and conditions listed on a website or on an application before accepting them. And not without good reason! There's simply too much snooping going around, so much malware floating around, newer and innovative channels being created to steal information that you as a user should be absolutely sure of the risks involved and your liability in case you become a target of cyber fraud. We tend to conveniently ignore all precautionary measures in order to save time, till the day we become a victim of ourself. Most threats these days are nicely concealed and persistent in nature, and are created to steal subtle information over long periods of time. So, it is necessary to clearly understand the dangers involved in sharing information online and your liability in case something does go amiss.

What you get from third party utility payment service providers

You can schedule payments for utility bills, mobile bills, insurance payments, online mutual funds and SIP payments, DTH recharge, etc by giving standing instructions in advance on a physical form. Regular banking account customers as well as credit card users can use these services.

Online payments vis-a-vis e-commerce

The online payments market is much bigger as compared to the e-commerce market. The payment behaviour is also of better quality at the large biller, merchants and utilities sites compared to e-commerce stores, with over 90 per cent of users successfully completing the transaction, whereas dropouts on pure-play e-commerce sites is higher. This is a function of customer decision-making pattern, who are oriented towards completing the transaction on a biller's site whereas on an e-commerce site, they may change their decision and drop off at some point.

We read through the services offered by the popular third party utility payments sites and their terms and conditions and came up with a quick checklist of what

a consumer should ensure before parting with his

critical information.

1. Check if the site you want to transact with is authentic

With so many marketing channels-online, email, print, television-to publicise such sites, and new start-ups, spin-offs from existing payment gateways, etc entering the fray, a customer should apply due diligence before trusting a particular site. And in case you have decided to trust one, check the URL carefully and also the source from where you've come to know about it. Even a single character deviation from the intended URL is what the cyber criminals pounce upon to mislead unsuspecting customers.

2. Secure your account with strong passwords

An oft-repeated piece of advice but suffice to say that user IDs and passwords restrict access to your account the way your personal identification number (PIN) protects your bank account at ATM machines. A strong password includes a mix of uppercase, lowercase, numeric, and non-alphanumeric characters. And although many web sites do not impose any restrictions on the use of passwords, the ones that do enforce them are only doing so for your own good. Needless to add, the more complex a password, the less likely it is to be guessed.

3. Make sure your connection to the site is secure

There are easy ways to tell if your browser is using a secure connection. One way is to look for a locked padlock icon at the bottom of your browser window. Another way is to look for the change from the normal "http:" at the beginning of the web page address to "https:". The "s" indicates a secure connection! When you see those signs, you can rest assured that your online information is secure. Also, in the interest of security, end your browser session before leaving your computer.

4. Check the strength of data encryption the site provides

This is a little difficult to compare as most websites use Secure Sockets Layer (‘SSL') technology to encrypt information exchange. SSL is a security protocol that provides data encryption, server authentication, and message integrity for a connection to the Internet. Using SSL ensures that the information you exchange with the site is never transmitted over the Internet unencrypted and therefore cannot be viewed by unauthorized individuals. However, the encryption could vary from 128-bit to 256-bit, which are considered adequate and comparable to security levels used by financial institutions. Also, most of the popular sites carry certificates from global authorities such as Entrust and Verisign which apparently seem adequate. Still make it a point to check the issue and expiry dates.

5. Safe data storage and regulatory compliance policies at their end

Any site that stores financial information has to be PCI DSS 2.0 certified. So, check whether a site has this certificate displayed prominently. The PCI DSS 2.0 security norms have been laid down by payment card industry leaders such as MasterCard, Visa and Amex to ensure that your critical data resides safely in the website's database, protected by a firewall. The firewall is configured to receive and process requests only from authorized personnel. It can also detect any unauthorized activity around servers. Further, some of the highly critical information such as password, secret question, answer, etc are stored in the database in a hashed format, thereby preventing misuse of data even by any remote possibility. Regular back-ups of data are taken so that appropriate recovery measures can be initiated of the latest information if there are any problems.

6. Whose liability is it anyway?

You also need to be aware that such websites are resellers of a service that some other company is offering. So, they are not liable in case you don't get the service as desired by you. Also by using their services it is implied that you have read and understood their ‘terms and conditions' which are BTW heavily biased against you the consumer. For instance, in case the transaction fails or you don't get the service in return, then their liability is restricted to refund of your payment (of course after they're duly satisfied) and that too can take up to 21 days. So, yes if the payment runs into several thousands of rupees then that's an interest-free credit for God knows whoever with the customer anxiously waiting for a refund. This is just one example to make you use due diligence before using their services. There could be many more irritants that you discover once you read the complete terms and conditions. And I am not trying in any way to dissuade you from using such services but only trying to highlight that the liability for a safe transaction as well as for delivering the service being paid for should be equally the responsibility of the website owner as it is of the customer.

7. Check the site's refund policy/what it does with your money

Some websites go out of the way to offer to store money from a failed transaction into an online wallet instead of refunding it back to the customer. This again leads to your money getting blocked on a site which in turn can use this interest-free credit for an unspecified period of time.

8. Authentication through VBV and MasterCard Secure Code is a must

The verified-by-Visa or VBV and MasterCard Secure Code is an additional protection offered by Visa and MasterCard respectively in conjunction with your credit card issuing bank. You can simply register your card and choose a 3D secure PIN. This PIN will be required whenever you use your card to make Internet purchases. It prevents unauthorised usage of your card on the Internet, ensuring greater security on online purchases.

9. How much are you required to pay as convenience charge?

Generally, prepaid recharges are offered free of cost but most sites require you to pay Rs 10 per postpaid bill as convenience charge. Not a substantial amount you may say but it adds up significantly if you decide to pay all your post-paid bills through such sites. The presentation of bills is pretty neat and you are duly alerted before a payment is due. You can give standing instructions on paper to debit your account/card for making the payment or choose to make payment manually before the due date.

10. Does it let you keep track of your billing history and the amount spent across utilities?

Most sites provide the additional feature of keeping an account of your spends and their history in the form of charts. Some offer useful advice on how you can or should cut your bills based on your history. This is generally an add-on service which is free of cost. However, you can only make the most of it if you provide information related to all of your billers and use only one site to pay bills.

While this is no way a comprehensive list to protect against online fraud but by keeping these subtle checks in mind we feel you can at least make a start.

Advertisment