Credit card storage app

kidspudkidspud Posts: 18,341
Forum Member
✭✭
Can anyone recommend (ideally for android and iOS) an app which stores credit card details. There seems to be a few on the market but I didn't know if anyone had personal experience with one that they would recommend.

The simpler, quicker to use the better.

Comments

  • whoever,heywhoever,hey Posts: 30,992
    Forum Member
    ✭✭✭
    To do what? I'm not sure i'd like the security aspect of any.
  • Stuart_hStuart_h Posts: 5,311
    Forum Member
    kidspud wrote: »
    Can anyone recommend (ideally for android and iOS) an app which stores credit card details. There seems to be a few on the market but I didn't know if anyone had personal experience with one that they would recommend.

    The simpler, quicker to use the better.

    having worked on several PCI DSS IT projects im not sure id trust any app holding my own credit card details.....

    Is this to save you carrying cards around ?
  • kidspudkidspud Posts: 18,341
    Forum Member
    ✭✭
    Stuart_h wrote: »
    having worked on several PCI DSS IT projects im not sure id trust any app holding my own credit card details.....

    Is this to save you carrying cards around ?

    It is for when I don't have the cards on me and I do a bit of off the cuff online shopping and need my card details.

    I don't want the details stored anywhere but on the phone, I'm not too worried about the security aspects as long as the app has some sort of pin access control.
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    kidspud wrote: »
    It is for when I don't have the cards on me and I do a bit of off the cuff online shopping and need my card details.

    I don't want the details stored anywhere but on the phone, I'm not too worried about the security aspects as long as the app has some sort of pin access control.

    So when your phone gets malware, when the app is found to be a con or your phone gets lost you know somebody could easily get around pin control or potentially go on a spending spree with your cards.

    The CCV2 is never meant to be stored by any processors and really should not be stored by you on such a vulnerable device.

    This sort of thing is great for loyalty cards, but I wouldn't trust my credit card details to an app or want it on my phone. The bank might not reimburse you if you have been reckless and stored the details on an internet connected device that is potentially prone to malware, or dodgy apps.
  • kidspudkidspud Posts: 18,341
    Forum Member
    ✭✭
    Thine Wonk wrote: »
    So when your phone gets malware or gets lost you know somebody could easily get around pin control or potentially go on a spending spree with your cards and that potentially the bank wouldn't reimburse you are you wouldn't have kept the card safe as per their requirements.

    Well, they could do them same if they nicked my wallet.

    They would only get the card number and security code, things that are easy to get anyway.

    They would not get my online visa secure details or my card PIN numbers so I don't consider the risk that high.

    And what is this malware you talk of:confused: are you saying we shouldn't do any type of online shopping on phones as it would have exactly the same risks.
  • jabbamk1jabbamk1 Posts: 8,942
    Forum Member
    My nigerian friend made a really good credit card app. All you do isenter your details and pin number and it saves it for life! Amazing right!
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    kidspud wrote: »
    Well, they could do them same if they nicked my wallet.

    They would only get the card number and security code, things that are easy to get anyway.

    They would not get my online visa secure details or my card PIN numbers so I don't consider the risk that high.

    And what is this malware you talk of:confused: are you saying we shouldn't do any type of online shopping on phones as it would have exactly the same risks.

    They don't need the online visa secure or pin in most cases. Most credit card fraud is carried out by making purchases in the US where that isn't required, no chip and pin etc.

    Online shopping is normally done in a sandboxed app over an SSL connection, but yes it still carries some risk.

    How do you know the app isn't going to be vulnerable though or even deliberately dodgy, sending back card numbers or info. It just sounds dodgy to me, not something I would do.

    There's a difference between putting credit card numbers into a web browser in an SSL session and storing them on the device permanently. The bank will cover unauthorised transactions as long as you've taken care to protect yourself from fraud. Permanently storing all card details and CCV on a constantly connected internet device I would say isn't taking care of the data.
  • kidspudkidspud Posts: 18,341
    Forum Member
    ✭✭
    Thine Wonk wrote: »
    They don't need the online visa secure or pin in most cases. Most credit card fraud is carried out by making purchases in the US where that isn't required etc.

    Online shopping is normally done in a sandboxed app over an SSL connection, but yes it still carries some risk.

    How do you know the app isn't going to be vulnerable though or even deliberately dodgy, sending back card numbers or info.

    It just sounds dodgy to me, not something I would do.

    Well, there are a quite a few of them on the play store. I thought that was considered a safe place to get apps from.
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    kidspud wrote: »
    Well, there are a quite a few of them on the play store. I thought that was considered a safe place to get apps from.

    They can't vet and check the code of every app no, there are over 700,000 of them on the play store. They do not check the code in them in any detail. Whilst you could check the permissions they can change on upgrade and people are tempted to just agree without looking properly.

    I wouldn't risk it, those kind of apps are surely a Romanian fraudsters dream. Either make an app that stores information for a while then sends it back, or an app with malware that uses Android exploits and checks for those apps to see if they are installed and if so sends back the information.
  • Stuart_hStuart_h Posts: 5,311
    Forum Member
    There is nothing wrong with making and distributing/selling a product to store your credit details.

    Whether id trust one is another matter. Even if the dev is decent and honest im not sure id trust them to make something that someone else couldn't hack into.

    If your wallet/cards get stolen then you may have some comeback with the card issuer. If you state that you have used a third party app to store card details then you might be on less safe ground.

    Just my opinion obviously but ive seen the amount of security and penetration testing required for PCI DSS compliance and i doubt most app devs do that :)
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    My opinion is that it's unnecessarily storing a duplicate of very sensitive data at rest on an internet connected device using code from a developer you don't know.

    I work in IT security, and I think that sometimes makes us paranoid. I admit the risks are probably low in reality, but it's not something I would trust or recommend.
Sign In or Register to comment.