Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicWarning: firstin.co.nz / DPS payment system is insecure!
d3Xt3r

697 posts

Ultimate Geek
+1 received by user: 132

Trusted

#100208 5-Apr-2012 09:04
Send private message

I wanted to buy something off firstin today, and it was shocking to see that the site wasn't using https, even though they say they do, and the page is even "certified secure". Goes to show that all those badges and logos mean nothing and you should always make it a point to manually check if a payment page is secure or not...








 

Create new topic
freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #605511 5-Apr-2012 09:13
Send private message

That page maybe not encrypted, but what about the submit form? Is it like Geekzone, login form in all pages (encrypted or not) submit is done to an encrypted version though?





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



d3Xt3r

697 posts

Ultimate Geek
+1 received by user: 132

Trusted

  #605519 5-Apr-2012 09:23
Send private message

Nope, the submit form wasn't encrypted either. The whole site remained insecure from step 1. of the process..

Edit: Wait, looks like you're right, the form itself is encrypted.. didn't realise it was in an iframe. Looking at the code:

<iframe id="iPayment" src="https://sec.paymentexpress.com/pxpay/pxpay.aspx?userid=FirstIn&amp;request=....."></iframe>

gzt

gzt
18672 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

  #605523 5-Apr-2012 09:28
Send private message

The payment.aspx element has an https source supplied by DPS.



d3Xt3r

697 posts

Ultimate Geek
+1 received by user: 132

Trusted

  #605530 5-Apr-2012 09:39
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


Thanks, yeah I just realized that myself. But the site still appears a bit dodgy. For instance, they make you agree to the ToC of the sale, but when you open the ToC page, it's empty!

http://secure.firstin.co.nz/terms.aspx 

gzt

gzt
18672 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

  #605534 5-Apr-2012 09:49
Send private message

Maybe they fill it in later lol. The Comodo, Visa, and '100% NZ' verification icons do not operate correctly either.

Kyanar
4089 posts

Uber Geek
+1 received by user: 1684

ID Verified
Trusted

  #605640 5-Apr-2012 12:00
Send private message

Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.

 
 
 
 

Shop now on AliExpress (affiliate link).
nate
6473 posts

Uber Geek
+1 received by user: 458

Retired Mod
Trusted
Lifetime subscriber

  #605670 5-Apr-2012 12:34
Send private message

Kyanar: Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.


Its safe to assume that if DPS ever thought about this, they'd get a bollocking from not only the banks, but also the credit card companies. 

simplestuff
84 posts

Master Geek
+1 received by user: 1


  #611188 18-Apr-2012 15:01
Send private message

Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

gzt

gzt
18672 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

  #611191 18-Apr-2012 15:06
Send private message

simplestuff: Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

You are having problems with FirstIn right?

DPS is just a payment processor.


simplestuff
84 posts

Master Geek
+1 received by user: 1


  #611194 18-Apr-2012 15:08
Send private message

Yes
Have I posted in the wrong Forum?

xpd

xpd
Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #611196 18-Apr-2012 15:10
Send private message

Please start a fresh topic, this topic is in regards to the payment system for FirstIn, not the company itself.
Thanks




XPD / Gavin

 

LinkTree

 

 

 

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
myopinion
939 posts

Ultimate Geek
+1 received by user: 112


  #611225 18-Apr-2012 15:51
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


The above says it all. Firstin does not need to have an https page as the secure payment part is hosted by DPS.

richms
29098 posts

Uber Geek
+1 received by user: 10207

Trusted
Lifetime subscriber

  #611286 18-Apr-2012 17:11
Send private message

Actually they do since that form could be replaced by one going anywhere by an intermediary. without https and the option to inspect the page credentials then you have to go digging on the page source to find the iframe or whatever




Richard rich.ms

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright