Online Billpay Provider Loses Control of Domains

An anonymous reader writes "Several sites are running a story about a domain hijacking at Checkfree, the largest provider of online bill payment services to numerous banks and credit unions. According to Network Solutions, someone logged in to the domain administration page using Checkfree's account, and redirected its domains to a site in the Ukraine configured to serve up malware to unsuspecting users." Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.

As a customer....

My company uses Checkfree and Checkfree handled this very poorly. Apparently this happened on Monday and they never notified us. We where notified when one of our own customers notified us and and pointed out the suspicious activity. We had to call Checkfree to get the details. It was caused by their own ineptitude in managing their passwords and accounts.

Posting anonymously so I don't get sued.

Re:DNS Hijacking

[Tyger]

Funny thing is it's a step back for Network Solutions security. You USED to be able to set it up to require a RSA key for domain changes, back when everything was done via odd forms over email.

Benefits of Paper Checks

[ShaunC]

Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.

I'm one of those holdouts who still use paper checks, envelopes, and stamps to pay my bills. Once a month or so I'll bring the stack into the office and take care of it during downtime, and folks look at me like I'm transmitting morse code over a telegraph. I do bank online, but I don't do online bill pay.

One reason I still cling to checks is that they allow me to be the final arbiter and gatekeeper of my money, and I have better fiscal responsibility when I'm directly involved in disbursement. Each time I physically write out a check, there's a bit of mental bookkeeping that takes place. You can't sit down and write "One thousand one hundred ninety-eight and 32/100" without pausing for a moment to think, holy shit, that's X% of my paycheck. If you elect not to use online bill pay, you have to actually look at your credit card statements each month, instead of just setting up a $200 monthly ACH and ignoring the current total.

I'm afraid that if I set everything up to be paid automatically, I'd very quickly wake up to discover that my checking account is overdrawn because I wasn't paying enough attention. Writing checks and licking envelopes is my way of keeping tabs on what's going out the door each month. The potential security benefits don't hurt, as anyone screwing around with mailed bills faces the wrath of the United States Postal Inspection Service. Unlike most online fraud, fucking with the mails will actually get you in trouble, and USPIS doesn't blow you off if you haven't suffered hundreds of thousands of dollars in losses.

I do miss the one benefit that physical checks had up until a couple of years ago, the float. Check21 pretty much ruined that, but maybe it was for the better. Come to think of it, I haven't overdrafted since Check21.

Long live the check, just stay away from my routing numbers.