Security, privacy & e-billing: An unlikely trio

Roxane Richter, Customer Systems Editor

Considering electronic billing’s low cost and timesavings, you’d think American consumers would be beating down the proverbial business door of e-billers and vendors. Not so. In fact, while research shows 55 percent of consumers are eager to pay their bills online (and 18 million are projected to make the switch by 2003), a mere 2.5 million are currently using the technology-mostly due to privacy concerns. Gartner Group reported that 87 percent of people are concerned about using electronic presentment and payment due to loss of privacy.

“The amazing thing now is how wrong and inaccurate the information is out running around there in the cyber-ether. The thought of all of that information in one place, and accurate, is a frightening thought to most Americans. It’s not just ‘no’-it’s ‘hell no’,” said Mitch Gross, CEO of Mobius Management Systems, a firm that developed Click-n-Done e-billing technology, “On the whole, most systems out there today don’t provide the bookkeeping, it isn’t easier than manual billing and doesn’t provide security and privacy-So why do it?”


Convergent’s Digital Utility
Click here to enlarge image

And who can blame most Americans from shying away from what (currently) seems a less-than-secure technology? Every few months, hackers invade technologically advanced sites like Western Union, AOL.com and the Pentagon-state-of-the-art sites that are generally perceived as “safe” and prudently firewall-protected. In the recent case of Western Union (Sept. 10, 2000), hackers made electronic copies of the credit and debit card information of 15,700 customers who transferred money on the company’s Web site at www.westernunion.com. It seems that the high-tech hackers took gross advantage of a maintenance routine where systems employees left parts of the site unprotected. Though no cases of credit fraud were reported due to the incident, the site contained numerous bits and bytes of very private customer information, including credit and debit card numbers and information, loan application information and messages.

But the perceived lack of security of concerns for privacy don’t seem to be slowing down the offering of e-billing from a variety of sources. The next big e-billing service to hit the nation is coming-to a mailbox near you.

Cyber mailmen

Now neither rain, nor sleet, nor hail, nor a downed server will stop the U.S. mail service from delivering its new online bill-paying service. Unlike the U.S., other foreign postal services in countries (like France and Japan for instance), have been in the banking and finance business for several years.

The new service, contracted through CheckFree Corp. and YourAccounts.Com, is called USPSeBillPay. It lets you pay anyone in the U.S. from the convenience of the Postal Service Web site (www.new.usps.com). What’s really expedient about USPSeBillPay is that if you have some companies or utilities that don’t accept electronic payments, the Postal Service will cut them a paper check and mail it. So by signing up with the service, you can make all of your bills e-bills automatically.

Like most dot.com e-billers, you need to set up your account online, and fill in the instructions for all of the bills you want paid. USPSeBillPay then deducts the money from your bank account manually, or you can choose to allow it to pay any monthly bills automatically.

To entice e-payers, the service is giving away the first six months of service free. After that, you have two payment options: For $6-a-month flat fee, it will complete 20 payments (additional payments are 40 cents) or you can pay a flat $2 fee per and pay 40 cents for every payment.

To ensure privacy and the secure transfer of information, the U.S. Postal Service has done the following:

  • User Name and Password: Your user name and password are unique identifiers that only you know. As long as you don’t share your user name and password with anyone, no one can sign in to USPSeBillPay as you.
  • Secure Sockets Layer (SSL): USPSeBillPay uses secure sockets layer, which ensures that your connection and information are secure from outside inspection.
  • Encryption: The billing service uses 40-bit or 128-bit encryption (whichever your browser supports) to make your information unreadable as it passes over the Internet.
  • Automatic Sign Out: In addition, USPSeBillPay automatically signs you out of a session if you are inactive longer than 10 minutes. They recommend that you sign out of the site immediately after you are finished scheduling and making payments.
  • Payment Activation Code: The code (not an ID or password) is mailed through the U.S. Mail and lets you “unlock” your service. After your service is activated and until you enter your Payment Activation Code, you can only add payees to your payee list. You cannot make a payment until you enter your Payment Activation Code.

Most e-billers, like USPSeBillPay, prominently post their privacy and security policies for public use and consumption on their Web site. For instance, on the TransPoint Web site, it states: “We respect your privacy. TransPoint never sells or provides a user’s personal information to third parties for any purpose, other than for the express purpose of delivering the TransPoint service. TransPoint may aggregate information on our entire customer base for analysis purposes, but a user’s individual personal information will never be sold or provided to any third party.”

But a plainly stated privacy policy, in and of itself, is no fail-safe safeguard against wannabe hackers.

Making it tough on hackers

Click-n-Done feels as thought they have “cracked the code” to drive adoption and fulfill the promise of convenience of e-billing-while safeguarding consumer security and privacy by consolidating bills, statements and other financial information on the end-user’s desktop. The service also claims to maintain the one-on-one marketing interface with the consumer, keeping the relationship between the biller and the consumer, and not selling the consumer information to some third-party vendor.

While the first generation of e-billers offered only electronic presentment, the second generation gave consumers both presentment and payment options. Click-n-Done feels as though they’ve ushered in the next generation of e-billing through consumer consolidation, providing a free (to the consumer) end-to-end ESP/EBPP solution that manages and stores billing and payment data on the desktop, providing privacy and eliminating paper-based filing systems.

“If I pay 12-18 bills every month, which is average, depending on the service provider and e-biller I do business with, that means that a hacker has to get into a single site and do a little work for a lot of information or hack into 18 sites, which is a lot of work for a little information,” Gross explained of the differences between methodologies in a single-repository information site and other.

Additional issues supporting the use of e-billing include the possible theft of mail-based bills and the loss of paper-based bills and information. “Currently, the billing information is now between the biller and the mailbox. To some degree, that’s not secure. People can get all of my bills after 4 p.m. from my mailbox and I probably wouldn’t even notice it. This [e-billing] is a lot more secure than you and your mailbox.” And as for paper-based bills and information being lost due to fires, Gross said a half million homes each year burn down in the U.S., and “that’s a big number.”

Security and privacy issues aside, if e-billing doesn’t offer some enticing point-n-click conveniences, it still may not be worth the trouble and/or additional fees.

Give ’em what they want: Convenience

While Convergent’s vice president of stratetegic marketing, Jennifer Krabbenhoeft, concurs that the issues surrounding e-billing security “haven’t disappeared,” she also thinks EBPP adoption is about convenience. Or lack thereof.

“What consumers want is to have the bill delivered directly by e-mail via an HTML message,” she said, “That gets rid of the inconvenience of logging onto multiple sites and the consumer can react immediately and be in a buy-pay mode. And there’s no cost burden to the customer.”

Whereas the aggregation mode doesn’t promote online payment, she said, the e-mail approach does. Plus, the bundled bill approach (with a recurring revenue stream) charges an e-user a fee to employ, the e-mail bill presents no cost to the consumer.

There are several key issues to look for in the selection of an e-mail biller, Krabbenhoeft explained. They include the acceptance of credit and debit cards, summary and detailed billing information, solid encryption and security log-on technologies, the ability to export data to applications like Quicken and MS Money and, finally, links to a utility portal site to generate additional revenue.

Taking cautious e-steps

Some initial privacy and security questions to ask an e-billing vendor might include: Through your service, do you share a consumer’s personal information with other companies? Does your privacy policy apply to “aggregated” consumer information? What other service providers or companies are involved in your e-billing services? What type of security (encryption, SSL technology, etc.) does your service provide? There are many additional technological safeguards already in use and soon-to-be in use in the consumer market today, such as authentication (passwords, electronic cards and fingerprint, retinal and pronunciation ID), cryptography (public key and secret key methods), firewalls and authorization (controls the entrance of users allowed access) and cookie cutters (a user-set browser option that stops the transmission of information, i.e. the user’s electronic trail, to Web servers; sometimes results in denial of service).

In conclusion, though the Privacy Act of 1974 and other data protection legislation has, indeed, provided significant consumer protections against the misuse and invasion of privacy via today’s computer systems, there continue to be significant technological issues. But in order for e-billing to reach healthy adoption levels in the U.S., it is imperative that we first cure the high-tech ills that weaken our EBPP systems.

Previous articlePOWERGRID_INTERNATIONAL Volume 5 Issue 9
Next articleFERC refund proposal worries California energy merchants

No posts to display