Login or Join Now

Upload your photos, chat, win prizes and much more

Username:
Password:
Remember Me

Can't Access your Account?

New to ePHOTOzine? Join ePHOTOzine for free!

Like 0

Payments via Mobile Phone: Security

Join Now

Join ePHOTOzine, the friendliest photography community.

Upload photos, chat with photographers, win prizes and much more for free!

55% OFF new PortraitPro 12 - use code EPHZROS414.
Carabosse
Carabosse e2 Member 1139367 forum postsCarabosse vcard England269 Constructive Critique Points
24 Oct 2012 - 1:04 PM


Quote: The majority of the payments we handle are actually not credit card, but operator billing - whereby the charge is direct to your phone bill

Does that work for pay-as-you-go?

Sponsored Links
Sponsored Links 
24 Oct 2012 - 1:04 PM

Join ePHOTOzine for free and remove these adverts.

newfocus
newfocus  7644 forum posts United Kingdom2 Constructive Critique Points
24 Oct 2012 - 9:31 PM


Quote: no (ordinary) phone line was secure. It isn't safe to say anything over a phone line that we wouldn't write on an open postcard and send through the mail!

That might be true but certainly when it comes to desktop-based internet payments, the whole system is designed specifically to transmit data securely between two parties across an insecure/hostile/unknown environment. This happens by a series of exchanges which essentially secretly share strong encryption keys. The encrypted data is visible but not readable. That's what's going on behind the scenes when the little browser padlock appears.

While I know mobile phones can carry out similar encryption between themselves and websites, none of this is good enough protection if the device itself (computer or phone) has already been attacked/compromised in other ways. In that scenario the attacker has direct access to what you're sending, not trying to snoop it en route, so any encryption in transit or security of the website at the other end of the link is irrelevant.

So that's really what I'd like to understand more about. I know how to secure my desktop reasonably well but my impression is that my phone's more vulnerable. Until I know it's secure, and more importantly, how and why it's secure so I can keep it that way, I don't trust it for payments.

Last Modified By newfocus at 24 Oct 2012 - 9:32 PM
thewilliam
24 Oct 2012 - 11:30 PM

The rules for handling credit-card transactions stiffened up considerably at the beginning of this month.

Merchants now have to take very much better care of card data and there are large civil penalties for transgression. The cost of credit-card fraud has now effectively passed to the merchants so business owners now have a much greater incentive to run a tight ship. We've always been supposed to send goods to the registered address of the card-holder and nowhere else.

One major risk was always dishonest staff who passed card data onto fraudsters. I don't know whether fraud by computer malware is commonplace or just a theoretical risk.

leylandrichard
25 Oct 2012 - 9:58 AM

Does that work for pay-as-you-go?
[/quote]

Normally, yes. It's actually the operator who makes the credit decision, not us. However if you have sufficient credit to cover a purchase on your mobile, then yes, a purchase would normally go through. Most of the purchases that Bango handles are small - in the $1 - $3 range.

thewilliam
25 Oct 2012 - 10:31 AM

Scamsters normally start with a small transaction to check whether a card is still live.

A couple of years back, I had a call from my card company, asking whether I'd bought an Itune (whatever that is) for just less than 1. This purchase was quickly followed by others of increasing size. Good tracking software and prompt action by the card provider nipped a fraud in the bud.

Carabosse
Carabosse e2 Member 1139367 forum postsCarabosse vcard England269 Constructive Critique Points
25 Oct 2012 - 1:12 PM

Interested to hear it may work for PAYG. This avoids sending my credit card details through the ether on a mobile system which may not be as secure as the WWW... as yet anyway.

I'll give it a try. Smile

Hugo
Hugo  9628 forum posts United Kingdom
25 Oct 2012 - 1:28 PM

The whole mobile (especially Android) system - web and installed apps seems like a ticking security time bomb - so much potential for crime!
As an example - I have an extra keyboard installed on my Andoid phone http://www.swiftkey.net/ - it's well regarded and much smarter than the supplied keyboard software- but it could be so easy for it to capture all my details and sell them on. This is one of the more blatant apps - at least it needs to record keystrokes - but when you look at the permissions required for many apps - so many can do almost anything.

I suppose this is no different to having a dodgy bit of software on a desktop - only that the desktop market is much more mature, and better protected. Plus most software comes from 'proper' software houses who have more to loose than an app made by someone in their bedroom.


Oddly mobile payments are a bit behind here in the west - I believe it's a bigger story in Africa http://www.economist.com/node/21553510

Carabosse
Carabosse e2 Member 1139367 forum postsCarabosse vcard England269 Constructive Critique Points
25 Oct 2012 - 2:55 PM

Well I tried to make a payment a few minutes ago, using the debit from PAYG option. It failed. Sad

Add a Comment

You must be a member to leave a comment

Username:
Password:
Remember me:
Un-tick this box if you want to login each time you visit.