DS Forums

 
 

Credit card storage app


Reply
Thread Tools Search this Thread
Old 02-02-2013, 18:58
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,501

Can anyone recommend (ideally for android and iOS) an app which stores credit card details. There seems to be a few on the market but I didn't know if anyone had personal experience with one that they would recommend.

The simpler, quicker to use the better.
kidspud is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 02-02-2013, 19:11
whoever,hey
Forum Member
 
Join Date: Mar 2006
Posts: 30,072
To do what? I'm not sure i'd like the security aspect of any.
whoever,hey is offline   Reply With Quote
Old 02-02-2013, 19:13
Stuart_h
Forum Member
 
Join Date: Jul 2005
Posts: 3,474
Can anyone recommend (ideally for android and iOS) an app which stores credit card details. There seems to be a few on the market but I didn't know if anyone had personal experience with one that they would recommend.

The simpler, quicker to use the better.
having worked on several PCI DSS IT projects im not sure id trust any app holding my own credit card details.....

Is this to save you carrying cards around ?
Stuart_h is offline   Reply With Quote
Old 02-02-2013, 19:18
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,501
having worked on several PCI DSS IT projects im not sure id trust any app holding my own credit card details.....

Is this to save you carrying cards around ?
It is for when I don't have the cards on me and I do a bit of off the cuff online shopping and need my card details.

I don't want the details stored anywhere but on the phone, I'm not too worried about the security aspects as long as the app has some sort of pin access control.
kidspud is offline   Reply With Quote
Old 02-02-2013, 19:31
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,577
It is for when I don't have the cards on me and I do a bit of off the cuff online shopping and need my card details.

I don't want the details stored anywhere but on the phone, I'm not too worried about the security aspects as long as the app has some sort of pin access control.
So when your phone gets malware, when the app is found to be a con or your phone gets lost you know somebody could easily get around pin control or potentially go on a spending spree with your cards.

The CCV2 is never meant to be stored by any processors and really should not be stored by you on such a vulnerable device.

This sort of thing is great for loyalty cards, but I wouldn't trust my credit card details to an app or want it on my phone. The bank might not reimburse you if you have been reckless and stored the details on an internet connected device that is potentially prone to malware, or dodgy apps.
Thine Wonk is offline   Reply With Quote
Old 02-02-2013, 19:37
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,501
So when your phone gets malware or gets lost you know somebody could easily get around pin control or potentially go on a spending spree with your cards and that potentially the bank wouldn't reimburse you are you wouldn't have kept the card safe as per their requirements.
Well, they could do them same if they nicked my wallet.

They would only get the card number and security code, things that are easy to get anyway.

They would not get my online visa secure details or my card PIN numbers so I don't consider the risk that high.

And what is this malware you talk of are you saying we shouldn't do any type of online shopping on phones as it would have exactly the same risks.
kidspud is offline   Reply With Quote
Old 02-02-2013, 19:41
jabbamk1
Forum Member
 
Join Date: Jan 2012
Location: London, UK
Posts: 8,759
My nigerian friend made a really good credit card app. All you do isenter your details and pin number and it saves it for life! Amazing right!
jabbamk1 is offline   Reply With Quote
Old 02-02-2013, 19:43
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,577
Well, they could do them same if they nicked my wallet.

They would only get the card number and security code, things that are easy to get anyway.

They would not get my online visa secure details or my card PIN numbers so I don't consider the risk that high.

And what is this malware you talk of are you saying we shouldn't do any type of online shopping on phones as it would have exactly the same risks.
They don't need the online visa secure or pin in most cases. Most credit card fraud is carried out by making purchases in the US where that isn't required, no chip and pin etc.

Online shopping is normally done in a sandboxed app over an SSL connection, but yes it still carries some risk.

How do you know the app isn't going to be vulnerable though or even deliberately dodgy, sending back card numbers or info. It just sounds dodgy to me, not something I would do.

There's a difference between putting credit card numbers into a web browser in an SSL session and storing them on the device permanently. The bank will cover unauthorised transactions as long as you've taken care to protect yourself from fraud. Permanently storing all card details and CCV on a constantly connected internet device I would say isn't taking care of the data.
Thine Wonk is offline   Reply With Quote
Old 02-02-2013, 19:49
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,501
They don't need the online visa secure or pin in most cases. Most credit card fraud is carried out by making purchases in the US where that isn't required etc.

Online shopping is normally done in a sandboxed app over an SSL connection, but yes it still carries some risk.

How do you know the app isn't going to be vulnerable though or even deliberately dodgy, sending back card numbers or info.

It just sounds dodgy to me, not something I would do.
Well, there are a quite a few of them on the play store. I thought that was considered a safe place to get apps from.
kidspud is offline   Reply With Quote
Old 02-02-2013, 19:53
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,577
Well, there are a quite a few of them on the play store. I thought that was considered a safe place to get apps from.
They can't vet and check the code of every app no, there are over 700,000 of them on the play store. They do not check the code in them in any detail. Whilst you could check the permissions they can change on upgrade and people are tempted to just agree without looking properly.

I wouldn't risk it, those kind of apps are surely a Romanian fraudsters dream. Either make an app that stores information for a while then sends it back, or an app with malware that uses Android exploits and checks for those apps to see if they are installed and if so sends back the information.
Thine Wonk is offline   Reply With Quote
Old 02-02-2013, 20:05
Stuart_h
Forum Member
 
Join Date: Jul 2005
Posts: 3,474
There is nothing wrong with making and distributing/selling a product to store your credit details.

Whether id trust one is another matter. Even if the dev is decent and honest im not sure id trust them to make something that someone else couldn't hack into.

If your wallet/cards get stolen then you may have some comeback with the card issuer. If you state that you have used a third party app to store card details then you might be on less safe ground.

Just my opinion obviously but ive seen the amount of security and penetration testing required for PCI DSS compliance and i doubt most app devs do that
Stuart_h is offline   Reply With Quote
Old 02-02-2013, 20:09
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,577
My opinion is that it's unnecessarily storing a duplicate of very sensitive data at rest on an internet connected device using code from a developer you don't know.

I work in IT security, and I think that sometimes makes us paranoid. I admit the risks are probably low in reality, but it's not something I would trust or recommend.
Thine Wonk is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 11:28.