SSL Certificate expiry on

| 4 Comments | No TrackBacks

Sandip posts a screenshot of the SSL certificate error on Visa Billpay site. I however took a step further and wrote to their customer care on Sunday, 15 June 2008, at 10:35 AM IST. This was my email to them.


I am a regular user of and I have just discovered (Sun, Jun 15, 2008, 10:33 IST), that the SSL certificate you use for your site expired this morning. Here is the cert details:
Not Before: Friday 15 June 2007 05:30:00 (Friday 15 June 2007 00:00:00 GMT)
Not After: Sunday 15 June 2008 05:29:59 (Saturday 14 June 2008 23:59:59 GMT)

This would be useful for paranoid users like that who would like our data to be safe.

Many thanks for listening.

I got a prompt reply from them by Wednesday 18 June 2008 06:12 PM. The content of the email follows.

Dear Customer Thank you for writing to Visa Bill Pay. We understand that the security certificate of our web site has expired and your concern regarding the security of your information on our web site. We apologize for any inconvenience caused in this regard.

We are already in the process of renewing our security certificate and it will be done in couple of days. Meanwhile, you can continue to do your transactions as usual. Please be assured that all your details are safe and protected at our end.

Visa Bill Pay is certified by Verisign Inc., one of the leading certifying authorities for web-site security, which reinforces our promise of security.

The security and confidentiality of your personal and financial information is of paramount importance to us. You are provided with best-in-class security standards when it comes to using Visa Bill Pay so that your transactions done through Visa Bill Pay are safe.

Visa Bill Pay uses Secure Sockets Layer (SSL) data encryption. When you use Visa Bill Pay, your personal and Visa card information is protected by this SSL technology. This ensures that your card numbers and personal data are never sent over the Internet unencrypted. This encryption is done using 128-bit RC4 encryption, the maximum level of encryption possible on the Internet comparable to security levels used by financial institutions. Information sent between Visa Bill Pay and the financial institutions is totally secure.

Please visit the following link for further clarification in this regard:

Thank you for using Visa Bill Pay, we look forward to your next visit.

Yours Sincerely

Customer Care
Visa Bill Pay

Wtf? Can't they put someone with a little bit of clue at their customer care? Aso, can't they give a better reply? So i wrote back to them.


Please do not send the canned response after a few days. You seem to give me standard gyan about SSL when your certificate as expired. How would I know if the site is for sure visa bill pay or not and why would I use theSSL when the certificate has expired.

Please have some tech look into replacing the cert at the earliest and see if you can do a good job of monitoring the certs and replacing them next time before expiry.


And this time they replied back the next day but the response was the same that I got to my previous mail. I would have thought they would have an autoresponder to respond with such text if it was immediate. Or may be they have built AI into their bot to respond at random intervals. How do these companies survive?

PS: I re-read the email and I see I could have better worded it and corrected a couple of errors in them. Never write in haste :-(

No TrackBacks

TrackBack URL:


A bit much, to expect the CSR know anything about SSL. OTOH, if you had complained that due to the expiry of the certificate, your access to their site is denied or is being redirected to some hacker site, then you'd got a call from a tech guy.

The trick is to escalate with the right jargon that will cause them to ACTUALLY look at what you're saying.

Just saying.


Sivaram, I did not expect them to know about SSL. However when I sent them another email asking to forward to a tech, they could have atleast done that. Instead they simply sent the canned response. All this implies is that, they dont read emails. And I am saying is that first level customer service is always useless.


Pretty cool post. I just stumbled upon your blog and wanted to say
that I have really liked reading your blog posts. Anyway
I’ll be subscribing to your blog and I hope you post again soon!

tks for the effort you put in here I appreciate it!

Leave a comment

About this Entry

This page contains a single entry by balaji published on June 23, 2008 9:06 PM.

Nautilus on Debian was the previous entry in this blog.

Kabini is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.12