Nord Security Facing Class Action Lawsuit Over Allegedly ‘Tricking Customers’ into Automatically Renewing Subscriptions

New to ClassAction.org? Read our Newswire Disclaimer

NordVPN, which owns the brand Nord Security, is staring down a class action lawsuit that alleges the privacy and cybersecurity service provider has illegally enrolled consumers into difficult-to-cancel, automatically renewing subscriptions without providing the necessary disclosures or obtaining consent. 

Want to stay in the loop on class action lawsuits that matter to you? Sign up for ClassAction.org’s free weekly newsletter.

According to the 65-page filing, when a consumer purchases Nord Security services—which include a virtual private network called NordVPN, the NordPass password manager and an encrypted cloud storage service called NordLocker—Nord enrolls them in an automatically recurring subscription without adhering to the strict requirements of Virginia and North Carolina law. The lawsuit further contends that Nord Security “buries” the subscription cancellation method on its website to continue extracting revenue from consumers who were unwittingly enrolled in unwanted Nord subscriptions.

The Nord Security class action lawsuit states that Virginia’s Consumer Protection Act and North Carolina’s Automatic Renewal Law require online retailers to disclose the terms of automatically renewing subscriptions in clear, conspicuous language, obtain consumer consent, and provide a timely, cost-effective and easy cancellation method.

Instead of following these requirements, Nord Security acts in bad faith and uses deceptive tricks, known as dark patterns, to ensnare consumers in unwanted automatically renewing subscriptions, the filing alleges. The complaint explains that dark patterns refer to carefully designed, misleading user interfaces that trick consumers into making choices they otherwise would not make, such as “nudging” consumers to spend more money, view more ads or hand over personal information.

The filing claims that Nord Security “deceives” consumers by hiding crucial automatic renewal and cancellation terms in “confusing, inconsistent, and inaccurate” language when consumers purchase a cybersecurity service on its website for what they believe is a fixed term, such as two years.

Per the case, when consumers navigate to the payment page on Nord Security’s website, they must scroll to the bottom of the page to view an “inadequate” disclosure of the automatic renewal terms in an easy-to-miss light grey font. Indeed, the case says that Nord Security’s automatic renewal terms are not in “visual proximity” to the request for payment, and the disclosure allegedly only provides “tiny,” inconspicuous links to terms that still do not explain the nature of the automatic renewal offer or provide a cancellation mechanism.

After consumers purchase a service from Nord Security, they generally receive acknowledgment and receipt emails from the company confirming their purchase, the filing states. The complaint says the emails are woefully insufficient as they do not include information about the terms of automatic renewal, the length of the subscription, the recurring charges or any instructions on how to cancel a Nord Security subscription.

The lawsuit adds that Nord Security’s acknowledgment emails similarly do not include a toll-free telephone number, an email address or another timely and easy-to-use cancellation mechanism as required by Virginia law.

The case goes on to claim that companies like Nord Security capitalize on their arduous and confusing cancellation processes to rake in more money from consumers, knowing that “harried” consumers are unlikely to take the extra steps needed to cancel.

Consumers who wish to cancel a Nord Security subscription online must log in to their account and navigate through the billing, subscription and management pages before finally being presented with the option to cancel, per the filing. The lawsuit says this is a classic example of a dark pattern known as a “roach motel,” meaning users can easily sign up for the service but must navigate an overly complicated, multi-step cancellation process intended to “thwart” their efforts to cancel their subscription.

Moreover, the case says that consumers who use Nord Security’s mobile app have no apparent way to cancel autorenewal, which is a violation of the Virginia Consumer Protection Act.

Importantly, once consumers are “trapped” in an automatically renewing subscription, Nord Security blatantly fails to provide accurate information about when they will be charged, the lawsuit states. Both Virginia and North Carolina require companies to provide notice of the upcoming autorenewal, the date by which a consumer must cancel to avoid being charged, cancellation methods and a copy of the automatic renewal terms and conditions.

Nord Security also employs a “highly unconventional” practice of charging consumers for their subscription 14 days before their subscription period ends, rather than automatically renewing it at the beginning of a new subscription period, the case says.

Finally, the lawsuit says Nord violates Virginia law by failing to provide “clear and conspicuous” notice of important changes to customers’ automatic renewal terms and failing to explain how to cancel in each notice about term changes.

The plaintiff, an active duty service member, says he first purchased a Nord Security subscription in 2021 while stationed in Virginia. The lawsuit says that after the plaintiff’s initial two-year plan ended, he chose not to renew the subscription, believing that when it expired, his subscription would be terminated. However, the filing says that unbeknownst to the plaintiff, his subscription was renewed and he was charged for the unwanted Nord Security subscription on three more occasions—for a total of $488.24. 

The Nord Security class action lawsuit looks to cover all Nord Security customers in Virginia, including customers of companies Nord Security acts as a successor to, who were automatically enrolled into and charged for at least one month of Nord Security membership by the privacy company at any time from the applicable statute of limitations period to the date of judgment.

The case also looks to represent all Nord Security customers in North Carolina (including customers of companies Nord acts as a successor to) from the “earliest allowable date” through the date of judgment.

Looking for current class action lawsuits to join? Check out ClassAction.org’s class action lawsuit list.