Credit card storage app
kidspud
Posts: 18,341
Forum Member
✭✭
Can anyone recommend (ideally for android and iOS) an app which stores credit card details. There seems to be a few on the market but I didn't know if anyone had personal experience with one that they would recommend.
The simpler, quicker to use the better.
The simpler, quicker to use the better.
0
Comments
having worked on several PCI DSS IT projects im not sure id trust any app holding my own credit card details.....
Is this to save you carrying cards around ?
It is for when I don't have the cards on me and I do a bit of off the cuff online shopping and need my card details.
I don't want the details stored anywhere but on the phone, I'm not too worried about the security aspects as long as the app has some sort of pin access control.
So when your phone gets malware, when the app is found to be a con or your phone gets lost you know somebody could easily get around pin control or potentially go on a spending spree with your cards.
The CCV2 is never meant to be stored by any processors and really should not be stored by you on such a vulnerable device.
This sort of thing is great for loyalty cards, but I wouldn't trust my credit card details to an app or want it on my phone. The bank might not reimburse you if you have been reckless and stored the details on an internet connected device that is potentially prone to malware, or dodgy apps.
Well, they could do them same if they nicked my wallet.
They would only get the card number and security code, things that are easy to get anyway.
They would not get my online visa secure details or my card PIN numbers so I don't consider the risk that high.
And what is this malware you talk of are you saying we shouldn't do any type of online shopping on phones as it would have exactly the same risks.
They don't need the online visa secure or pin in most cases. Most credit card fraud is carried out by making purchases in the US where that isn't required, no chip and pin etc.
Online shopping is normally done in a sandboxed app over an SSL connection, but yes it still carries some risk.
How do you know the app isn't going to be vulnerable though or even deliberately dodgy, sending back card numbers or info. It just sounds dodgy to me, not something I would do.
There's a difference between putting credit card numbers into a web browser in an SSL session and storing them on the device permanently. The bank will cover unauthorised transactions as long as you've taken care to protect yourself from fraud. Permanently storing all card details and CCV on a constantly connected internet device I would say isn't taking care of the data.
Well, there are a quite a few of them on the play store. I thought that was considered a safe place to get apps from.
They can't vet and check the code of every app no, there are over 700,000 of them on the play store. They do not check the code in them in any detail. Whilst you could check the permissions they can change on upgrade and people are tempted to just agree without looking properly.
I wouldn't risk it, those kind of apps are surely a Romanian fraudsters dream. Either make an app that stores information for a while then sends it back, or an app with malware that uses Android exploits and checks for those apps to see if they are installed and if so sends back the information.
Whether id trust one is another matter. Even if the dev is decent and honest im not sure id trust them to make something that someone else couldn't hack into.
If your wallet/cards get stolen then you may have some comeback with the card issuer. If you state that you have used a third party app to store card details then you might be on less safe ground.
Just my opinion obviously but ive seen the amount of security and penetration testing required for PCI DSS compliance and i doubt most app devs do that
I work in IT security, and I think that sometimes makes us paranoid. I admit the risks are probably low in reality, but it's not something I would trust or recommend.