Two California women have sued security company McAfee, accusing it of duping customers into subscribing to third-party services and passing consumers' credit or debit card information to the service supplier without their permission.
The lawsuit, which was filed by Melissa Ferrington and Cheryl Schmidt, asked a San Francisco federal court to grant the case class-action status, and demanded that McAfee be barred from continuing the practice. The pair also asked for compensatory and punitive damages, which would be decided at trial.
When customers purchase McAfee security software online, but before the download begins, a pop-up with a large "Try It Now" button appears.
"The pop-up, mimicking the look of the other pages on the McAfee site, thanks the customer for purchasing McAfee software, and prompts McAfee's customers to click a red button to 'Try it Now,'" the lawsuit alleged.
"The pop-up contains no obvious visual cues or conspicuous text indicating that it is an advertisement for another product, or that clicking on 'Try it Now' will lead not to the delivery of the McAfee product but rather to the purchase of a completely different product. Instead, all the visual cues suggest that 'Try It Now' is a necessary step in downloading the McAfee software."
By clicking on the pop-up, users agree to a $4.95 per month fee charged by Arpu, a company that creates Web ads "enabling an advertised product or service to be obtained with a single click," according to the Washington D.C. firm's Web site.
Arpu's site lists McAfee as one of its partners. "Whenever a McAfee customer completes a purchase on McAfee.com, an ad will appear for a related product or service. Interested customers can choose to subscribe to the product or service using the billing method just entered in their recent McAfee.com purchase," reads Arpu's site. "This convenience to the customer streamlines the purchase flow and increases the overall conversion rate."
Ferrington and Schmidt said that they were billed $4.95 per month for a service described on their credit card statements as "PERFECTSPD," a reference to the PerfectDisk Live online disk defragmentation service sold by Raxco Software.
"A single click on the deceptive pop-up causes the purchase of an unwanted product from Arpu, a sale made without the knowledge or authorization of customers, using credit/debit card billing information that they have entrusted solely to McAfee," said the women's lawsuit.
Schmidt alleged that when she called McAfee to complain, she was told "they could not do anything about the charge," the lawsuit stated.
The lawsuit claimed that McAfee violated several state and federal business practice and consumer protection laws.
"We are reviewing the matter and don't have any comment on this pending litigation at this time," a McAfee spokesman said on Monday.
This is the second lawsuit filed against McAfee in the last month. In late March, a New Yorker sued the security company in federal court for enrolling him in an annual antivirus subscription without his consent.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.