SSL Certificate expiry on visabillpay.in

Sandip posts a screenshot of the SSL certificate error on Visa Billpay site. I however took a step further and wrote to their customer care on Sunday, 15 June 2008, at 10:35 AM IST. This was my email to them.

Hello,

I am a regular user of www.visabillpay.in and I have just discovered (Sun, Jun 15, 2008, 10:33 IST), that the SSL certificate you use for your site expired this morning. Here is the cert details:

Cert:www.visabillpay.in
Not Before: Friday 15 June 2007 05:30:00 (Friday 15 June 2007 00:00:00 GMT)
Not After: Sunday 15 June 2008 05:29:59 (Saturday 14 June 2008 23:59:59 GMT)

This would be useful for paranoid users like that who would like our data to be safe.

Many thanks for listening.
-balaji

I got a prompt reply from them by Wednesday 18 June 2008 06:12 PM. The content of the email follows.

Dear Customer Thank you for writing to Visa Bill Pay. We understand that the security certificate of our web site has expired and your concern regarding the security of your information on our web site. We apologize for any inconvenience caused in this regard.

We are already in the process of renewing our security certificate and it will be done in couple of days. Meanwhile, you can continue to do your transactions as usual. Please be assured that all your details are safe and protected at our end.

Visa Bill Pay is certified by Verisign Inc., one of the leading certifying authorities for web-site security, which reinforces our promise of security.

The security and confidentiality of your personal and financial information is of paramount importance to us. You are provided with best-in-class security standards when it comes to using Visa Bill Pay so that your transactions done through Visa Bill Pay are safe.

Visa Bill Pay uses Secure Sockets Layer (SSL) data encryption. When you use Visa Bill Pay, your personal and Visa card information is protected by this SSL technology. This ensures that your card numbers and personal data are never sent over the Internet unencrypted. This encryption is done using 128-bit RC4 encryption, the maximum level of encryption possible on the Internet comparable to security levels used by financial institutions. Information sent between Visa Bill Pay and the financial institutions is totally secure.

Please visit the following link for further clarification in this regard:

https://www.visabillpay.in/jsp/privacypolicy_vbp.htm

Thank you for using Visa Bill Pay, we look forward to your next visit.

Yours Sincerely

Customer Care
Visa Bill Pay

Wtf? Can't they put someone with a little bit of clue at their customer care? Aso, can't they give a better reply? So i wrote back to them.

Hello,

Please do not send the canned response after a few days. You seem to give me standard gyan about SSL when your certificate as expired. How would I know if the site is for sure visa bill pay or not and why would I use theSSL when the certificate has expired.

Please have some tech look into replacing the cert at the earliest and see if you can do a good job of monitoring the certs and replacing them next time before expiry.

-balaji

And this time they replied back the next day but the response was the same that I got to my previous mail. I would have thought they would have an autoresponder to respond with such text if it was immediate. Or may be they have built AI into their bot to respond at random intervals. How do these companies survive?

PS: I re-read the email and I see I could have better worded it and corrected a couple of errors in them. Never write in haste :-(