Tahlequah Daily Press

September 20, 2013

TPWA confident in online bill payment security

Staff Writer

TAHLEQUAH — During recent weeks, a few concerns have arisen about whether the online bill payment payment system for the Tahlequah Public Works Authority, Xpress Bill Pay, has been compromised.

Since August, the Tahlequah Daily Press has received a pair of complaints from TPWA customers claiming small unauthorized charges being made to credit or debit cards used to pay utility bills online.

One woman, who spoke on condition of anonymity, called the Daily Press to report a pair of charges at Walmart on a card used only to pay her TPWA and Netflix accounts. She said Netflix explained its countermeasures to her satisfaction, but she was not convinced by conversations with TPWA. She said TPWA advised her to contact her bank.

Mike Doublehead, TPWA general manager, spoke with the Press briefly following the Sept. 13 meeting of the TPWA Board of Trustees. He said the online bill pay was functioning normally and showed no indications of infection.

“We have heard a couple of complaints, and we checked our online bill pay system for breaches,” he said. “We didn’t find anything. We also asked (Xpress Bill Pay) to check for problems, and they also couldn’t find any.”

Xpress Bill Pay security is handled by Starfield Technologies of Scottsdale, Ariz. Starfield is an offshoot of Go Daddy.

While system breach checks are exhaustive, Doublehead said none are failsafe. A recently created virus may not be on a program’s scan list.

“We are very confident that our online bill payment is safe for use by our customers,”  Doublehead said. “However, nobody can offer a complete 100 percent guarantee.”

Recent surveys indicate fewer people are reading their bank statements or checking them online. Doublehead said use of online bill payment should not be seen as pay-and-forget, and urged customers to be diligent – a sentiment echoed by the woman who contacted the Press.

“Encourage people to check their bills to see if something is up,” she said. “Customers need to be on the lookout. My charge was minimal, but someone could have their checking account wiped out.”

The Federal Trade Commission suggests people take steps to protect their identities and computer equipment:

• Consumers should security software that updates automatically - or download updates frequently - on their computers.

• Protect personal information. Be wary of scams or phishing emails intended to glean credit card or social security numbers.

• Do some research on companies with which business is conducted.

• Give personal information only through encrypted Web sites.

• Protect passwords. They should be of sufficient length - nine characters is a probable minimum - to frustrate automated password attack programs. Do not use birthdays, anniversaries, initials, nicknames or other easily guessed characters.

• Back up computer files.

If a fraudulent charge is suspected, the FTC recommends contacting one of the three credit reporting companies to place an initial fraud alert. The contacted company must notify the other two. Fraud alerts can make stolen information more difficult to use. Fraud alerts must be renewed every 90 days.

Credit reporting companies and phone numbers are Equifax at (800) 525-6285, Experian at (888) 397-3742 and TransUnion at (800) 680-7289.

-- srowley@tahlequahdailypress