Pago

Forums › Mobile handsets › Pago

1 | 2 | 3 | 4

Hawkes Bay
8476 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#53919 28-Nov-2006 07:49

so you propose if payment not actively 'recieved' within 14 days it gets returned to sender? I think thats a good idea...

yes they did make it complicated to transfer funds from bank account. I have opted not to because im not sure my money will survive the transfer, given that they demand my bank account name be EXACTLY the same as my pago details (an impossibility seeing as my bank account has my initials, and for pagpo, just initials on your pago account is unacceptable.

Where was the usability testing?

And forcing an 8 digit password... sheeesh.... really.... you got to this bit and decided to force a bit of security upon us?

ugh

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#53929 28-Nov-2006 08:39

I did sign up for Pago and transferred $1 to my Pago account yesterday which has gone in overnight as expected.

I've just logged in now and according to Pago I have a balance of $1 and the status is "Pending" and I have the following error

"Wallet not activated. To find out how to activate this wallet, click here."

Which takes me to the page telling me "To complete registration all you have to do is activate your wallet. Just make an Activation payment from your Link account to the pago holding account."

Hello!! That's what I've done to get the $1 in there and it's still not activated.

Goodbye $1...

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#53933 28-Nov-2006 09:01

paradoxsm: Hideous system... What a FLOP. Having to "transfer" my money to a "wallet" from my internet banking is just SO complicated!

They should just offer this to ASB customers as a directlink service which creates a "parcel code" to the recipients mobile where they have say 14 days to "cash" the payment... this current platform is just GROSS!

They should not have an automatic link if there's no two form factor authentication. Imagine if you travel overseas and knowing your Telecom mobile won't work in Europe you leave it behind. A burglar enters your home and steals the phone. He keeps sending $200 every day to a fake bank account until you come back.

By then it's too late, and the automatic link worked a charme, making money flow from your account to someone else's

Pago is not good without the second authentication, but at least won't drain your bank account.

barnaclebarnes

16 posts

Geek
Inactive user

#53944 28-Nov-2006 10:27

Some interesting comments. I do hope you send them to marketing@pago.co.nz as it is a Beta product. I have given them a bunch of feedback regarding the UI and usability issues. I am still not clear however if you can actually bypass the security without stealing someones phone. The blog post seemed to say that this was possible.

NZ does need a PayPal style system to easily send money from person to person. The implementation of this particular system needs tweaking but given that they do make some changes I am looking forward to using this. The fees are also cheap - at 30c a transaction this is the same as EFTPOS which is far cheaper than PayPal's % fees. If/when this gets integrated with TradeMe it will also speed up transactions and allow instant purchases.

Glen

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#53948 28-Nov-2006 10:48

Glen, pago was approached and have not replied yet. The flaws in security we pointed out could be ironed out before a beta of this service went public.

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#54579 4-Dec-2006 10:38

From Juha's article on Computerworld:

David Tripe, director of Massey University’s Centre for Banking Studies, agrees with Robins that the small transaction value has to be balanced against the cost of implementing additional security.

What a joke. Requiring a PIN in the SMS being sent would not cost anything else, except for a few more megabytes to store the PIN in the database, additional coding and testing to have the PIN as part of the transaction - and it should be there from the day the project was thought of.

I still think pago is not safe enough without a two factor authentication in place.

Customers can put any amount of money into multiple wallets, because pago doesn’t want to limit it, Robins says. The maximum amount that can be withdrawn from the wallet each day is $200, but this can be set lower as well. It’s the low transaction value combined with a desire to make the service easy to use that led pago not to implement two-factor authentication, says Robins.

Nope... If someone travels overseas and leave the mobile phone behind, it may be days before they notice a daily $200 leaving the pago account (of course if enough funds are available).

juha

1317 posts

Uber Geek

Trusted

#54583 4-Dec-2006 10:56

freitasm: What a joke. Requiring a PIN in the SMS being sent would not cost anything else, except for a few more megabytes to store the PIN in the database, additional coding and testing to have the PIN as part of the transaction - and it should be there from the day the project was thought of.

I'm not sure why they didn't do that - maybe the cost of sending SMS to customers was too high?

Juha

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

tonyhughes

Hawkes Bay
8476 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#54585 4-Dec-2006 11:00

We are not talking about an extra sms - the pin should be sent as part of the customers transaction request sms.

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#54586 4-Dec-2006 11:05

Exactly. To send a payment according to the pago FAQ you use this:

Pay [pago name] [amount] [comment]

What would be the cost of using this instead?

Pay [PIN] [pago name] [amount] [comment]

Nothing for the transaction, a new column in the database and an extra check to make sure the person using the mobile phone number is actually the person who is authorised to use said mobile phone number. It doesn't need a rocket scientist to put this in a system, from the design stages.

juha

1317 posts

Uber Geek

Trusted

#54591 4-Dec-2006 12:11

Ah, OK, that makes sense.

Juha

alasta

6706 posts

Uber Geek

Trusted

Subscriber

#54601 4-Dec-2006 13:25

freitasm: Exactly. To send a payment according to the pago FAQ you use this:

Pay [pago name] [amount] [comment]

What would be the cost of using this instead?

Pay [PIN] [pago name] [amount] [comment]

The problem with this is that most phone handsets store all outgoing text messages. Therefore, if you get your hands on someone else's handset then there's a fair chance that you will find their PIN stored on it.

Of course, if they had implemented a WAP solution as I suggested in one of my recent blog entries, then this wouldn't have been an issue.

tonyhughes

Hawkes Bay
8476 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#54603 4-Dec-2006 13:39

alasta: The problem with this is that most phone handsets store all outgoing text messages. Therefore, if you get your hands on someone else's handset then there's a fair chance that you will find their PIN stored on it.

Of course, if they had implemented a WAP solution as I suggested in one of my recent blog entries, then this wouldn't have been an issue.

At least on the handset the deleting of the messages can be controlled by the user (just like email). I dont see the security issue there - just convenience.

Customers dont like WAP because they have all heard the horror stories of blowouts. Its expensive and unknown, pago couldnt just say "doing xyz wil cost $x", but with sms its all known in advance.

Sms is also a low common denominator - everyone knows how to use it - WAP is a learning curve for many people.

Ben

317 posts

Ultimate Geek

Trusted

Vend

#55058 8-Dec-2006 21:29

Just got a txt message from Pago. Looks like they're hopefully rolling out a fix tonight:

"At 9:30pm tonight pago will suspend all pago wallets. For info and to reactivate your wallet log on to the pago site after 10:30pm. Thank you."