Highest Voted 'payment' Questions - IT Security Stack Exchange

30

votes

4 answers

Bypass with wrong cvv of debit card and getting OTP

This is happening in Visa/MasterCard/American Express, etc. I tried checking in many payment apps and payment gateways that if I enter the correct debit card number, name, valid date, and wrong CVV number, I am able to receive OTP. however, the…

asked Jul 01 '19 at 10:22

Akshansh Shrivastava

439
1
4
10

14

votes

4 answers

Collecting credit card info in HTTPS iframe within an HTTP site

slate.com's paid membership program collects credit card info inside an HTTPS iframe over plain HTTP . The HTTPS url is https://my.slate.com/subscriptions/manage/. In an article, they claim this is safe: When credit card data are submitted, they…

tls http credit-card payment

asked Sep 09 '16 at 18:43

mcranston18

251
2
6

10

votes

2 answers

I can pay by my credit card under fake name: who's responsible to check?

I am customer of a large European bank, but I have found the following happening consistently with multiple past banks. Basically, I have always been able to pay using my legitimate card(s), credit or debit, under a fake name. When you are prompted…

privacy credit-card payment

asked Nov 05 '19 at 12:16

usr-local-ΕΨΗΕΛΩΝ

5,310
2
17
35

6

votes

1 answer

Find Security Flaws in My Payment Page

I've done some extensive research about how to secure your website from card fraud. iFrames do a pretty good job of this, however, It can still be worked around from certain exploits. Many payment providers have now moved away from 'Hosted Payment…

penetration-test web-hosting payment-gateway amazon-s3 payment

asked Jul 24 '18 at 20:07

Matt The Ninja

69
3

5

votes

4 answers

Are payment card PINs safe to send via SMS?

I have signed up with a new current account in the UK for day-to-day transactions. The account comes with a payment (debit) card. The banking institution's security handling of PINs for payment cards is something that I think would be interesting…

credit-card banks payment

asked Apr 18 '20 at 13:11

halfer

821
1
7
12

4

votes

0 answers

Payment Handlers In Google Chrome

Are there any privacy/security risks associated with using payment handlers in Google Chrome? Somehow, the idea of having my financial information stored in a browser makes me feel uncomfortable. I almost always use PayPal whenever I decide to shop…

google chrome payment

asked Mar 17 '19 at 01:33

John Anderson

71
3

4

votes

1 answer

Can a MAC be used as an irreversible PCI Token?

I'm looking at implementing a PCI token generation process based on a MAC code obtained from the PAN. This would be an irreversible token. The method I have in mind seems OK to me, but I'm not quite sure it would fly with a QSA. Some advice on the…

pci-dss payment 3des

asked May 04 '18 at 15:16

Claude Chouinard

41
1

4

votes

4 answers

Is debit (credit) card payment inherently broken from security point of view?

TL;DR I've been a user of debit cards for many years, and don't know much about the security issues. However, just thinking logically, I find the practice of paying by providing card data (i.e. card number, validity date, CVV code, cardholder name)…

credit-card payment

asked Feb 22 '18 at 22:04

Attilio

179
4

4

votes

1 answer

HTTPS is not green and there is no padlock icon, is it safe for a debit card payment?

I was about to pay online with my debit card, but now I'm not sure, is it safe ?

tls payment

asked Dec 14 '17 at 16:12

Rafa

41
1
2

4

votes

2 answers

PIN delivery: do PCI DSS requirements prevent sending the PIN to an end-user's mobile phone?

Do PCI DSS requirements prevent processors from sending to endusers' mobile phones the PIN? I went through many PCI documents, such as the PCI security requirements 2.0 and this isn't mentioned. I'm not sure this is mentioned somewhere else, but I'd…

pci-dss credit-card compliance payment

asked Nov 29 '17 at 18:03

devio

143
5

4

votes

2 answers

Does my server need to fulfill PCI compliance if it only forwards the credit card number?

I'm currently trying to implement a payment system (braintree) but I'm not entirely sure how this is supposed to work. What I hope it works like: User selects a product and clicks on "buy" User enters a credit card to pay with and clicks "okay" My…

pci-dss credit-card payment

asked Aug 01 '16 at 17:33

Stefan Falk

1,047
1
9
11

3

votes

2 answers

Security of the Indian AadhaarPay fingerprint based payment system?

India recently launched a payment system where merchants install an app on an Android phone, and connects a fingerprint reader it. Clients provide their Aadhaar number (like a national identity number), and scan their finger to authorize…

biometrics financial payment

asked Dec 30 '16 at 13:12

anon

3

votes

1 answer

NFC Security for Payment

During an offline transaction, the Point-of-Sale has no internet connection, and so the payment terminal cannot verify if the client’s payment device has been revoked. A malicious person can use a revoked bank card to perform…

wireless security-theater nfc payment

asked Aug 15 '16 at 16:32

Alyaa

31
1

2

votes

1 answer

Custom SSL protection Message to Users in Web Applications

In some websites, especially on their payment section, I see a text something like: You are on a secure page. Your personal data is encrypted and protected by SSL technology. However it looks like a custom message. Therefore, when I am attacked…

tls web-application payment

asked Nov 09 '18 at 08:03

Pilfility

442
4
14

2

votes

2 answers

Payment processing in Android

Assume that my company is PCI DSS complaint. I want to provide a custom view (in SDK library for Android) for payment processing to merchants who sell products via their Android mobile application. The main goal is to make payment without giving…

android pci-dss payment

asked Oct 25 '17 at 07:52

mariami

123
3

Questions tagged [payment]