This is an interesting story and interesting warning.
The good news is that it is manageable and the exposure is low, but as the Internet of Things continues its march to take over the world, the problem is only going to get worse.
Here is today’s story.
A guy in the UK woke up one morning to discover that his credit card was being charged for TomTom’s satellite navigation services.
The only problem is that this service was for his Mazda CX-5.
Which he sold last year.
But this owner did the right thing. When he sold his car back to the dealer, he dug though the manual to figure out how to do the equivalent of a factory reset on the infotainment system so as to wipe out all the data. All of his contacts, logins, etc. He thought he did the right thing.
The car sat on the dealer’s lot for months, but then he got this bill.
He reached out to both Mazda and TomTom.
Mazda said that they didn’t keep financial (AKA credit card) data and when the customer did a factory reset, it wipes out the contact information and all other PII.
No matter what question the reporter asked Mazda’s spin doctor, the answer came back that they don’t keep personal information and if the consumer contracts with a third party for services, that is the consumer’s problem (basically, he said it a little more covertly).
Technically this is true, but perception is reality.
TomTom was a little better. They said that they screwed up and sent out billing notices when they should not have and quickly corrected the problem.
At least in the United States, **IF YOU PAY WITH A CREDIT CARD**, your ability to get your money back for situations like this are good as long as you notify the credit card company quickly.
But it points to a bigger problem.
Obviously this guy didn’t realize that there was a third party relationship associated with is part of his car – the navigation system. It is built into the car. He followed the directions to wipe it. Shouldn’t that be it?
How many IoT devices do you have that use one of your credit cards or your bank account? Do you even know which devices have what information?
Example: I have a ring video camera. They charge my credit card a few bucks every month for storing my videos. I could literally take the camera out to my driveway and run it over with my truck and I would still get a bill from Ring every month.
They don’t care that I don’t have the device.
Worse yet, if I sell the device and someone else is dishonest or just not knowledgeable, they could use the device in a way that charges my account.
The way the game is set up is that it is your responsibility to keep track of everything that uses your account information so that you don’t get charged for something that you don’t own, don’t want or can’t use. It is completely up to you.
While I understand why the vendors like it this way, it is important that you, as a business owner or consumer, understand what you have gotten yourself into.
As a consumer, you might see a $10 charge or $25 or whatever and say “hey wait, that’s not right”. And go through the hassle to fix it.
But as someone in the accounting department of a company, even a small company, the odds of catching a $25 or $50 erroneous charge on a business credit card – a charge that has been showing up every month for years but is no longer valid – is much lower. The vendors like it that way.
The ball is, as they say, in your court. Credit: The Register