November 10, 2009, 8:39 AM — Microsoft has brought out its legal hammer against a businessman who publicized a problem with an incentive program run alongside the company's Bing search engine.
The Bing Cashback program returns to shoppers a small percentage of money for items they buy that were found through some ads on the search engine.
The program is designed to attract customers with a rebate and allow advertisers to only pay Microsoft for searches that result in a purchase, known as a "pay-per-action" fee. The rebate is based on a percentage of the purchase price and is determined by the advertiser.
But Samir Meghani, who co-founded a price-comparison search engine called Bountii.com, wrote on his blog on Nov. 4 that he had found an error in the way purchases are reported back to Bing for the cashback deal.
Merchants can place a tracking pixel on their order confirmation page that will report to Bing when a transaction is complete. Meghani said he found it was possible to report fake transactions back to Bing, making customers eligible for cashback rewards when in fact they haven't bought anything.
Meghani wrote that Bing seemed unable to detect the fake transactions right away, and that his Cashback account held $2,080.06. He did not post technical details of the flaw, but wrote that "it's not complicated."
It probably doesn't help that Meghani's Bountii.com could be viewed as a competitor to Bing, albeit a minor one.
Microsoft responded by sending Meghani a cease-and-desist letter dated Nov. 6.
"Microsoft believes that your actions and the direction you are providing to others regarding this method of misuse violates various laws related to computer intrusion, unauthorized access and unauthorized use of information," wrote Gabriel M. Ramsey, of Orrick, Herrington & Sutcliffe, on behalf of Microsoft.
Meghani has since removed his original blog post, but the post is still held -- ironically -- in Bing's cache.
Microsoft also closed Meghani's cashback account. In a subsequent post, Meghani said he had no intention of defrauding the company.
"The purpose of my post was to show an implementation problem, not to encourage defrauding Microsoft," Meghani wrote. "I am surprised they would go through this much trouble to make me take down information that is obvious to anyone reading their documentation."
Microsoft officials in London could not be immediately reached for comment.