BillGuard: We are Smarter than Me


Over at, I took a look at a new web service called BillGuard that scans your credit card statements for bogus transactions.

What do you do when you notice an unusual transaction on your credit card? If you’re like most people, you call the credit card company to complain. If you’re really worked up about it you might also post a rant on one of those bitch board web sites where people complain about fraudulent or otherwise sneaky credit card charges.

But those sites don’t really do much good, other than let you blow off some steam. The parties responsible for double charges, unauthorized recurring subscription charges, hidden fees, fraudulent charges, unauthorized charges, and “accidental” charges merrily move on to other hapless victims for fleecing.

And many victims don’t even realize they’ve been ripped off, because credit card statements are often confusing to read. According to one company, “the average consumer loses over $300 a year to unwanted charges they’re not even aware of.” The name of the company is BillGuard, and it has come up with a way to solve the problem of dodgy credit card charges by harvesting the wisdom of the crowd. It calls its free service a “people powered, anti-virus for bills.”

Read the rest


  1. It would be far smarter to simply include all the transactional details like receipts for purchases rather than having to puzzle through the shorthand details common to EBT statements.  There’s no reason financial services companies can’t include that information (other than the costs and technical issues that accompany upgrading to a better, more information rich system–which is a ‘I don’t want to’ rather than ‘I can’t’).  With the added bonus of not having to have a receipt unless you specifically request it, think of all the paper we’ll save…

  2. Let’s look at this for a second. They claim:

    “In order to scan your card transactions, BillGuard needs read-only access to the website that displays them.
    No other activity is or can be performed with this type of access. BillGuard does not store your user ID and/or password.”

    Right next to the request for my full internet banking details on their site.

    Sorry, no, those details grant FULL ACCESS.  And how exactly are you going to scan my bank details daily without storing those full details somewhere so you can access it again and again.

    Either there’s some magic puzzle piece missing or they’re not being totally honest.



      OAuth is an example of the “magic puzzle piece” you’re looking for. There are numerous technologies that allow a third party to authenticate a person’s identity without being privy to the authentication credentials of the person.

      Mind you, you have to take BillGuard’s word that that’s what they’re doing. There’s nothing stopping them from simply keeping your username and password. But there’s no technological reason why they can’t be telling the truth.

      1.  While I can’t know exactly what they are doing, I wanted to point out that they have “Verisign Secured” and “McAfee Secure” so they apparently aren’t doing anything too fishy.

        1. Anybody can put those logos on their site. Even when used legitimately, it simply means they meet a certain level of standards for storing your data; it is entirely unrelated to their ability or desire to misuse your information once stored.

    2. Hi Damien, thanks for your important question. There is no magic here. We use a banking industry standard SDK from Yodlee, Inc. ( to have secure, read-only access to our user’s online credit card statements. When you provide your login credentials to BillGuard, we pass them over to Yodlee and never store them on our servers. Scanning your transactions via Yodlee’s account aggregation service SDK ensure’s that even in the unlikely case that someone would break into your BillGuard account, they could only see your transactions on BillGuard but have no access at all to your credit card account sites. Yodlee is a secure standard used by most banks and personal finance services like Mint, Manilla, Swipely, etc. Check out our Terms of Use page for even more details on our limited use/access to your data and use of Yodlee’s SDK.

      Hope that helps clear things up!

      Yaron Samid
      CEO, BillGuard

  3. I seriously doubt the $300 annual average.  Maybe if you include regrettable bar tabs or instances like the time a car dealership didn’t tell me the full extent of work they were doing/charging me for (CC company sided with them, as all work had been performed).

    As for Blissfulight’s comment: AMEX already does that.  An airline ticket from a few months back reads:
    From:      To:       Carrier:       Class:  
    [data here]
    Ticket Number: xxxxxxx 
    Date of Departure: 06/10  
    Passenger Name: xxxxxx
    Document Type: PASSENGER TICKET  
    Doing Business As:     CONTINENTAL ELEC TICKETNG

    Upcoming tickets on other airlines read in a similar way with the same details.  Rental cars also show up with dates and merchant reference numbers.  I even saw a recent gas transaction that had the fuel type listed.

  4. Oh man, I LOVED Sultan Wok.  Then, despite being on the very same block as a fire station, it burned to the ground a couple years ago.

    Newly rebuilt Sultan Wok has never been the same.

  5. I believe the 300 dollars per year.  It took me a year and a half to get AOHell to stop charging my credit card number.  The sad part is I don’t think this service really provides much of anything at all.

  6. My immediate reaction is “Which average are they referring to?” The mode (the most common value) is probably on the order of $1 a month. The median (the one where half the samples are below it and half are above it) is also probably pretty low. The mean may be dragged up by a relatively small number of major thefts.

    I call foul.

    1. I think there’s confusion here about the type of bad charges BillGuard finds. Card fraud, although a $7B/yr crime, is actually relatively rare on a per card basis. About 11M out of 200M American card holders were hit by card fraud last year. The far more common cases that BillGuard finds are “unwanted” charges such as hidden charges, billing errors, misleading subscriptions and scams from legitimate merchants. Cell phone companies are some of the worst perpetrators of these unfair billing practices. See for example.

      We think our early estimates of financial loss due to these unwanted charges might actually be low. We’re just getting started. 

      Yaron Samid
      CEO, BillGuard

  7. At least be nice and call the merchant before you call your credit card company to dispute your charges. My company has a 30 person customer service department dedicated to reminding people what they purchased and why its on their statement because the large majority of people just simply don’t remember what they bought and when. If you call the bank first, we get charged extra fees for having the money removed from our account AND we don’t get to collect the money for services rendered. Somehow the bank always makes out though…

    1. How much does your company pay people for taking their time to call you, and will you reverse disputed charges? If you don’t and/or you won’t, why should they bother?

    2. Yes! BillGuard helps consumers contact merchants directly to resolve disputes directly. The banks would actually like to avoid dealing with these disputes at together if they could. BillGuard helps consumer understand every transaction on their bills and gives merchant contact info for resolution when needed.

      Yaron Samid
      CEO, BillGuard

  8. “And many victims don’t even realize they’ve been ripped off, because credit card statements are often confusing to read. ”

    what? how hard is it to read a credit card bill? Every one i’ve gotten in lists exactly what business each charge is for. how confusing is that?

    1. how hard is it to read a credit card bill? Every one i’ve gotten in lists exactly what business each charge is for.

      You must not buy adult products and services online. Your dildo from pigfuckerdotcom will usually show up on your statement as a charge from Acme Business Enterprises or summat.

  9. Just to note, this doesn’t prevent legit businesses from accidentally charging you the wrong amount unless they frequently screw up and then get tagged.   I once went to an awesome outdoor store where they accidentally charged me for 50 of an item I bought 5 of.  So it’s still best to actually watch what’s on your card but this looks like a handy safeguard.

  10. here’s the worst… the credit rating agencies. they make it almost impossible to cancel their credit monitoring service. finally my card was compromised and i was issued a new number. i thought, “great, now the credit monitoring will stop!”… but no. since experian is a credit reporting agency, they of course got my new credit card number and promptly started charging it with no interruptions. that’s BS.

  11. Hi Yaron,
    I looked all over the bill guard site, but I couldn’t figure out how you make money to pay for your servers.  Before I sign up and give you access to sensitive information, I’d like to know how I pay you.  If I’m not the customer, I’d like to know who your customer is.

    This is a really exciting idea – so I’d like to know how you plan to fund it!

    1. I agree with Matt. It all seems great until it gets to the “follow the money” part.
      Where DOES the money come from to fund this lovely service?

      Free and Useful…It sounds too good to be true.  I know there is some old chestnut that applies in that situation….

    2. Thanks for the kind words Matt! We’ve just launched the BillGuard Beta and are well funded but BillGuard plans to make money by providing our advanced card protection services to banks and by providing a certification program for merchants. BillGuard is and will remain free for consumers!

  12. @google-d4846024fa3d4599797af4cf09a29440:disqus I’m pretty sure this is a standard startup business model: 1. Build website. 2. Get linked on Boing Boing. 3. $$$ 4. Profit!


    1. Those often turn into
      Sell business, including all data and customers, to less scrupulous folks who have a business plan that I don’t want to be involved with.

  13. It seems like not a very good idea to let a company have access to all our CC purchases. Shouldn’t they be paying us for that data? I can keep track of my own purchases myself – but they’re collecting lots of useful ($) data. 

    1. Hi Duncan. If you regularly check every line item of every charge on your credit card bills – thats awesome! You’re protecting yourself, as you should. Unfortunately, most of us, myself included, are not that disciplined and merchants are taking advantage of that fact. Alone its really hard to catch every hidden charge in the fine print, billing errors, misleading subscriptions, scams and fraud but together we cast a wider net of vigilance. That collective knowledge can protect us all, similarly to how marking an email as spam weeds out bad emails for everyone. If you want the extra layer of protection that BillGuard provides by scouring the web for complaints about charges that appear on your bills, collecting flags from card holders directly in their bills and analyzing millions of transactions from banks, we’d love to have you as a BillGuard user!

  14. In what way shape or form is “granting read only access” to BillGuard an accurate description of what actually happens which is:

    BillGuard gives your access info to ANOTHER third party which has COMPLETE AND TOTAL ACCESS TO YOUR ACCOUNT

    BillGuard has a section on that talks about Read-Only Access, it specifically says that “in the unlikely event that someone would hack into your BillGuard account, they would not be able to transfer money or make any changes to your financial accounts”.

    In what parallel universe is this an accurate description of what actually happens which is:  Billguard gives your access info to a third party (yodlee).

    In the unlikely event that someone hacks into Yodlee they WILL BE ABLE to transfer money and make changes to your financial accounts.

    What precisely is it about Yodlee that makes Billguard’s claims anything other than a total lie? In what world can I take your password, give it to a *sub-contractor* and then wash my hands of that responsibility and actually pretend like it never happened?

    How is saying on that  “BillGuard does not store your credit/debit card account login credentials” while not mentioning that you GIVE those login credentials to another third party to store not an intentional lie?

    Yodlee has a page, buried deep down where they describe the security techniques they use to protect the account information that BillGuard handed to them.  That information is exactly what someone who thought that their credentials were being stored on the internet would be interested in.  Why doesn’t BillGuard pass this information on?

    1. Hi Daniel,

      Thanks for sharing your concerns and feedback. You’re obviously very thorough in your understanding of how Internet services work which is great. This feedback is very important and helpful for us. I’m assuming you missed the big “you have our word on it” link in the Security page on our web site that you reference. It links to our “Privacy & Security Policy”page ( ) that clearly states:

      “Our partnership with Yodlee:
      We’ve engaged Yodlee Inc., a trusted, industry-standard third party provider to provide us financial account aggregation services. The account credentials of your credit/debit card online statements that you provide us during registration are passed on to Yodlee Inc. and securely stored on their servers. For improved safety, We purposefully do not store any of your credit/debit card account credentials. For more information about Yodlee and to review their privacy policy go to:”

      Perhaps this isn’t clear or prominent enough throughout our site and app so we’ll work on that. Thanks again for brining it to our attention!

      As for the risk of Yodlee’s secure data center getting hacked into, you’re correct, there is always a certain risk of that, similarly to your bank getting hacked into. I can tell you that in the 10+ years that Yodlee’s banking platform has been in existence, with over 26M card holders that use it directly and indirectly via services like ours, it has never been breached. Not sure your bank can say that. In fact you run a much higher risk of having your credit card number and billing address stolen by shopping online or when handing your card over at a store/restaurant. There’s always some risk out there. That’s the very premise that gave rise to advanced security services like BillGuard. 

      Thanks again for your excellent feedback.


  15. Yaron, “this” absolutely is not clear or prominent enough.

    How can you justify making “we do not store your credentials” more prominent than “we give your credentials to someone else who does store them”?

    The first statement without the second is dishonest.

    I get your implication that this is very complicated.  That’s your burden though.  You take people’s banking passwords.  The decision to give them to a third party is a hugely important decision that people deserve to know about.  It’s actually much more interesting than the fact that you don’t store them.  I mean, if I give them to you, logic implies you have them.  I might be OK with that.  There’s no such logical implication that you’ve been sharing them.  I might find that surprising actually.

    1. Daniel – Got it, so I think what will make the most impact in clarifying this issue is to add a link in the our registration process that goes to a page/pop-up that explains exactly how your log-in credentials are used to give BillGuard read-only access to scan your transactions for bad charges. We will clarify what Yodlee is and how they securely store user credentials. We can add that link to our security page as well. What do you think? 

Comments are closed.