Genesis Pure Vulnerable Website Found, Ignored Request to Terminate Membership, No Option to Remove CC# From Website Draper Utah

My fitness instructor recommended a dietary supplement product-line to me called Genesis Pure.  Since there were no options to purchase their products through stores at the time, in order to purchase the products, I had to sign up for AutoPay which was part of a continuity program that is implemented by a pyramid scheme where each month, my credit card is automatically charged for dietary supplements that I choose and they are automatically shipped to my residence.

Shortly after logging into the website via their login portal https://extranet.securefreedom.com/genesispure/login.aspx for account management and to browse thorugh their product-line, I accidentally stumbled upon some critical security weaknesses (vulnerabilities) within the Genesis Pure web pages that could allow a malicious hacker to break into Genesis Pure customer accounts and extract personal information, modify account settings, and make purchases without the member's authorization.  Please note that I did absolutely nothing to actively probe the security posture of the website.  These things were discovered passively with no active security testing.  To make matters worse, there was no option within the Genesis Pure membership web page that would allow me to remove my payment information.  For a business to develop and run a website that relies on AutoPay as part of their business model to prevent users from deleting/modfiying payment information is completely outrageous.

Upon discovering these issues and confirming that I had absolutely no option to remove my creidt card information, my immediate reaction was to terminate my membership with Genesis Pure.  I got on the phone with customer service and very clearly explained to them that I need to "terminate my membership" with Genesis Pure.  I asked the customer service representative if we could do that over the phone immediately and he told me that in order to do so, I will need to fax and sign a letter to Genesis Pure.  He emailed me the letter, and within that same day, I faxed the letter that clearly and concisely described my intention to terminate my Genesis Pure membership.  Additionally, I faxed a letter that clearly and concisely described my intention to terminate my Genesis Pure membership.  I even provided him with a follow-up phone call to confirm that he had received my fax along with my letter, and was assured that the membership was terminated.

In early January of 2013, I received an alarming phone call from the credit card collections department regarding an overdue bill for a rogue charge that Genesis Pure had issued to me in late 2012 without my authorization.  The reason why I was unaware of this charge was because I stopped using that credit card account and only saved it for emergencies.  I had maintained a zero-balance on that credit card since ending my membership with Genesis Pure the year before, and kept it stored in a safe.  Since I had always kept a zero-balance on that account after I stopped using it, I was unaware of this overdue charge that was made wtihout my authorization.

I got back in touch with Genesis Pure customer service in January of 2013 and they indicated to me that rogue charge I am referring to is an annual membership fee.  They claimed that the previous year's fax to terminate my membership was only intended to terminate my "Auto-Ship", not my membership!

Although they eventually reimbursed me for the $27 after the follow-up phone call in January of 2013, I decided to share this with the Ripoff Report in an effort to warn other potential customers.  It was extremely misleading and unethical for Gensis Pure to reassure me that my membership would be canceled last year when I requested it, yet secretly keep my membership active only to cancel my auto-ship when I very clearly indicated to them initially that I wanted my membership terminated.

I already reported this to the BBB and all that Genesis Pure responded with was indicating that they already paid me back and that the letter that I initially sent to Genesis Pure was to cancel from the "AutoShip Program", not my membership.  They also tried to use an "e-signature" I agreed to as their defense.

Watch out for Genesis Pure.  Everything goes smoothly until you decide to terminate your membership and they'll mislead you into keeping it active to make additional charge.  Their membership website where your credit card goes and where your account is actually mangaged is absolutely saturated with security flaws that a hacker could take advantage of.  Also, I very, very clearly indicated the first time that I wanted to terminate my membership and Genesis Pure knew this yet they still kept my membership active and terminated my AutoPay instead.