Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous User
Not applicable

‎06-07-2020 11:31

I am made to pay for passes I never ordered!

Hi,

 

I received an email yesterday morning telling me that i have ordered a Sky Sports Day Pass and a NOW TV Boost, totalling £12.99 (I guess and ongoing monthly charge), but I have never ordered these.

I van see them in my accounts details, and have managed to cancel them, byt the looks of it.

 

This is the second time this happened and I find it incredible that this should happen at all? Does Now TV employ some staff to secretly subscribe members hoping that at least a percentage of them does not pick up on these and won't complain? Far fetched and hopefully not true, but certainly looks like it - who else might have 'ordered' these services in my name on my account?

 

I want my money back as soon as possible on this matter and a confirmation that this will not happen again from Now TV.

 

Has this happened to anyone on here as well? How was it resolved?

 

Many thaks,

NikCr

 

PS: I have screenshots also, how do I add them here.

0
21 REPLIES 21
RoyB
Legend

‎05-07-2022 8:52 - edited ‎05-07-2022 8:55

In response to Andy99's comment

@Andy99 

Just about possible, though highly unlikely:-

https://helpdeskgeek.com/how-to/safari-for-windows-10-how-to-get-and-install-it/

as it would have to be Safari as it was in 2012. Or a Mac emulator, or maybe someone modifying his browser string.

Either somebody very stupid, or very smart - assume the latter.

But the key thing here is that devices with Now on them fall into two groups, those where the logon persists, and those where it doesn’t.

Where the logon persists, e.g. on a TV or a Stick, if you scrap the device without wiping it first with a Factory Reset, then anyone who acquires it can open the Now app without needing your password, and use it, And if there is no Payment PIN in place at the time they attempt it, even buy new memberships, on your dime, as you have found.

But they don’t need to have or know your password for this, and so, paradoxically perhaps, this is the less serious breach.

For the class of devices where the logon doesn’t persist, though, or hasn’t persisted - PCs, tablets, phones - they do need your password. These devices can muddy the water a bit, though, as they can provide passwords at one level of authentication, without the user knowing what they are, which needs a second level of authentication.

But if the rogue devices on your Now account are any one of these, as here, assume your security is blown.

On the Now side of it, changing your password will stop any unauthorised usage except on those devices with a persistent login, which can carry on regardless, have got in with the old password, and stayed in throughout the password change and beyond.

These can be blown off Now, though, by the forced logout procedure, coupled with the password change. We used to be able to do this for ourselves, but it’s been broken since the change to automatic device handling and not yet fixed, so you have to ask Live Chat to do it for you; thankfully, they can still do it for us.

After that, the issue with persistent rogue devices on your Now account is solved, and some issues with non-persistent devices, but you still have to review your security generally, e.g. change any passwords revealed in a data breach:-

https://haveibeenpwned.com/
and so on.

Set a Payment PIN on your account so that no-one but you can buy memberships on it.
Check your bank accounts monthly for any other unexpected payments to Now.
That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
0
Andy99
Advocate

‎05-07-2022 7:03

In response to RoyB's comment

It was a Windows 10 PC using Safari

 

0