[chbot] Notes for Robotics Group meeting, Monday 20 Aug 2018, 6:30pm, 5 Idris Road
Volker Kuhlmann
list0570 at paradise.net.nz
Tue Aug 21 22:44:12 BST 2018
> Rudy talked about some Ali Express security issues. It appears that
> new accounts requires significant amounts of personal information be
> entered which may not be acceptable, or appropriate.
The important question here is what the URLs were that have been used by
this. Were there redirections? Where to? (This is why you install
redirection blockers in your browser. They make sure you get asked
first.)
Credit card payments are usually handled by some payment provider,
rarely the seller directly, they'd have to be pretty big for that. The
payment provider has to verify the card details with the card issuing
bank. Like everything else these days, that also is outsourced - in this
case, my bank, which happens to be ANZ. So I get some never heard of
joker like ascot.com wanting "additional security details", like card
limit or my date of birth. (The correct answer is "go f... yourself".)
When I complained to ANZ, they were not terribly helpful, hadn't much
heard about this, but could eventually confirm the redirection site is
legitimate. Somewhere else I found out that it depends on the seller -
if the seller asks for increased verification from the payment provider,
the redirection takes place and you either enter your date of birth into
some Yank site (how long til they get hacked?? Obviously you never know
how long they store it and where they give it to) or go shopping
elsewhere, there is no other option.
So far Aliexpress has been handling cards directly, but it's possible
that for new accounts, they want additional security. It heavily depends
on how you define security. Theirs? Sure. They don't give jack shit
about yours. Some dipshit at ANZ told me I can claim compensation for
lost money from my account if my identity gets stolen...
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
More information about the Chchrobotics
mailing list