Take your photography to the next level and beyond...

  • NEWS

Why not join for free today?

Join for Free

Your total photography experience starts here

PortraitPro 17 with Background Editing Out Now! EXTRA 10% OFF code EPZRS17

Payments via Mobile Phone: Security

Carabosse 14 41.0k 269 England
24 Oct 2012 1:04PM

Quote:The majority of the payments we handle are actually not credit card, but operator billing - whereby the charge is direct to your phone bill

Does that work for pay-as-you-go?

Join ePHOTOzine for free and remove these adverts.

newfocus 11 647 2 United Kingdom
24 Oct 2012 9:31PM

Quote:no (ordinary) phone line was secure. It isn't safe to say anything over a phone line that we wouldn't write on an open postcard and send through the mail!

That might be true but certainly when it comes to desktop-based internet payments, the whole system is designed specifically to transmit data securely between two parties across an insecure/hostile/unknown environment. This happens by a series of exchanges which essentially secretly share strong encryption keys. The encrypted data is visible but not readable. That's what's going on behind the scenes when the little browser padlock appears.

While I know mobile phones can carry out similar encryption between themselves and websites, none of this is good enough protection if the device itself (computer or phone) has already been attacked/compromised in other ways. In that scenario the attacker has direct access to what you're sending, not trying to snoop it en route, so any encryption in transit or security of the website at the other end of the link is irrelevant.

So that's really what I'd like to understand more about. I know how to secure my desktop reasonably well but my impression is that my phone's more vulnerable. Until I know it's secure, and more importantly, how and why it's secure so I can keep it that way, I don't trust it for payments.
thewilliam 9 6.1k
24 Oct 2012 11:30PM
The rules for handling credit-card transactions stiffened up considerably at the beginning of this month.

Merchants now have to take very much better care of card data and there are large civil penalties for transgression. The cost of credit-card fraud has now effectively passed to the merchants so business owners now have a much greater incentive to run a tight ship. We've always been supposed to send goods to the registered address of the card-holder and nowhere else.

One major risk was always dishonest staff who passed card data onto fraudsters. I don't know whether fraud by computer malware is commonplace or just a theoretical risk.
25 Oct 2012 9:58AM
Does that work for pay-as-you-go?

Normally, yes. It's actually the operator who makes the credit decision, not us. However if you have sufficient credit to cover a purchase on your mobile, then yes, a purchase would normally go through. Most of the purchases that Bango handles are small - in the $1 - $3 range.
thewilliam 9 6.1k
25 Oct 2012 10:31AM
Scamsters normally start with a small transaction to check whether a card is still live.

A couple of years back, I had a call from my card company, asking whether I'd bought an Itune (whatever that is) for just less than 1. This purchase was quickly followed by others of increasing size. Good tracking software and prompt action by the card provider nipped a fraud in the bud.
Carabosse 14 41.0k 269 England
25 Oct 2012 1:12PM
Interested to hear it may work for PAYG. This avoids sending my credit card details through the ether on a mobile system which may not be as secure as the WWW... as yet anyway.

I'll give it a try. Smile
Hugo 12 649 United Kingdom
25 Oct 2012 1:28PM
The whole mobile (especially Android) system - web and installed apps seems like a ticking security time bomb - so much potential for crime!
As an example - I have an extra keyboard installed on my Andoid phone http://www.swiftkey.net/ - it's well regarded and much smarter than the supplied keyboard software- but it could be so easy for it to capture all my details and sell them on. This is one of the more blatant apps - at least it needs to record keystrokes - but when you look at the permissions required for many apps - so many can do almost anything.

I suppose this is no different to having a dodgy bit of software on a desktop - only that the desktop market is much more mature, and better protected. Plus most software comes from 'proper' software houses who have more to loose than an app made by someone in their bedroom.

Oddly mobile payments are a bit behind here in the west - I believe it's a bigger story in Africa http://www.economist.com/node/21553510
Carabosse 14 41.0k 269 England
25 Oct 2012 2:55PM
Well I tried to make a payment a few minutes ago, using the debit from PAYG option. It failed. Sad

Sign In

You must be a member to leave a comment.

ePHOTOzine, the web's friendliest photography community.

Join For Free

Upload photos, chat with photographers, win prizes and much more.