Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicWarning: firstin.co.nz / DPS payment system is insecure!
d3Xt3r

688 posts

Ultimate Geek

Trusted

#100208 5-Apr-2012 09:04
Send private message

I wanted to buy something off firstin today, and it was shocking to see that the site wasn't using https, even though they say they do, and the page is even "certified secure". Goes to show that all those badges and logos mean nothing and you should always make it a point to manually check if a payment page is secure or not...








 

Create new topic
freitasm
BDFL - Memuneh
79263 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #605511 5-Apr-2012 09:13
Send private message

That page maybe not encrypted, but what about the submit form? Is it like Geekzone, login form in all pages (encrypted or not) submit is done to an encrypted version though?





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup



d3Xt3r

688 posts

Ultimate Geek

Trusted

  #605519 5-Apr-2012 09:23
Send private message

Nope, the submit form wasn't encrypted either. The whole site remained insecure from step 1. of the process..

Edit: Wait, looks like you're right, the form itself is encrypted.. didn't realise it was in an iframe. Looking at the code:

<iframe id="iPayment" src="https://sec.paymentexpress.com/pxpay/pxpay.aspx?userid=FirstIn&amp;request=....."></iframe>

gzt

gzt
17111 posts

Uber Geek

Lifetime subscriber

  #605523 5-Apr-2012 09:28
Send private message

The payment.aspx element has an https source supplied by DPS.



d3Xt3r

688 posts

Ultimate Geek

Trusted

  #605530 5-Apr-2012 09:39
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


Thanks, yeah I just realized that myself. But the site still appears a bit dodgy. For instance, they make you agree to the ToC of the sale, but when you open the ToC page, it's empty!

http://secure.firstin.co.nz/terms.aspx 

gzt

gzt
17111 posts

Uber Geek

Lifetime subscriber

  #605534 5-Apr-2012 09:49
Send private message

Maybe they fill it in later lol. The Comodo, Visa, and '100% NZ' verification icons do not operate correctly either.

Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #605640 5-Apr-2012 12:00
Send private message

Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.

nate
6473 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

  #605670 5-Apr-2012 12:34
Send private message

Kyanar: Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.


Its safe to assume that if DPS ever thought about this, they'd get a bollocking from not only the banks, but also the credit card companies. 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.
simplestuff
84 posts

Master Geek


  #611188 18-Apr-2012 15:01
Send private message

Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

gzt

gzt
17111 posts

Uber Geek

Lifetime subscriber

  #611191 18-Apr-2012 15:06
Send private message

simplestuff: Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

You are having problems with FirstIn right?

DPS is just a payment processor.


simplestuff
84 posts

Master Geek


  #611194 18-Apr-2012 15:08
Send private message

Yes
Have I posted in the wrong Forum?

xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #611196 18-Apr-2012 15:10
Send private message

Please start a fresh topic, this topic is in regards to the payment system for FirstIn, not the company itself.
Thanks




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

myopinion
938 posts

Ultimate Geek


  #611225 18-Apr-2012 15:51
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


The above says it all. Firstin does not need to have an https page as the secure payment part is hosted by DPS.

richms
28172 posts

Uber Geek

Trusted
Lifetime subscriber

  #611286 18-Apr-2012 17:11
Send private message

Actually they do since that form could be replaced by one going anywhere by an intermediary. without https and the option to inspect the page credentials then you have to go digging on the page source to find the iframe or whatever




Richard rich.ms

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright