Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicWarning: firstin.co.nz / DPS payment system is insecure!


645 posts

Ultimate Geek

Trusted

# 100208 5-Apr-2012 09:04
Send private message

I wanted to buy something off firstin today, and it was shocking to see that the site wasn't using https, even though they say they do, and the page is even "certified secure". Goes to show that all those badges and logos mean nothing and you should always make it a point to manually check if a payment page is secure or not...








 

Create new topic
BDFL - Memuneh
64844 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 605511 5-Apr-2012 09:13
Send private message

That page maybe not encrypted, but what about the submit form? Is it like Geekzone, login form in all pages (encrypted or not) submit is done to an encrypted version though?





Sharesies investment funds | Geekzone broadband switch | Backblaze backup (Geekzone aff) | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Digital Transformation | Enterprise Content Management | Customer Relationship Management | Data Insights, Business Intelligence and Advanced Analytics 

 

 



645 posts

Ultimate Geek

Trusted

  # 605519 5-Apr-2012 09:23
Send private message

Nope, the submit form wasn't encrypted either. The whole site remained insecure from step 1. of the process..

Edit: Wait, looks like you're right, the form itself is encrypted.. didn't realise it was in an iframe. Looking at the code:

<iframe id="iPayment" src="https://sec.paymentexpress.com/pxpay/pxpay.aspx?userid=FirstIn&amp;request=....."></iframe>

 
 
 
 


gzt

10947 posts

Uber Geek


  # 605523 5-Apr-2012 09:28
Send private message

The payment.aspx element has an https source supplied by DPS.



645 posts

Ultimate Geek

Trusted

  # 605530 5-Apr-2012 09:39
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


Thanks, yeah I just realized that myself. But the site still appears a bit dodgy. For instance, they make you agree to the ToC of the sale, but when you open the ToC page, it's empty!

http://secure.firstin.co.nz/terms.aspx 

gzt

10947 posts

Uber Geek


  # 605534 5-Apr-2012 09:49
Send private message

Maybe they fill it in later lol. The Comodo, Visa, and '100% NZ' verification icons do not operate correctly either.

3107 posts

Uber Geek

Trusted
Subscriber

  # 605640 5-Apr-2012 12:00
Send private message

Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.

6358 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 605670 5-Apr-2012 12:34
Send private message

Kyanar: Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.


Its safe to assume that if DPS ever thought about this, they'd get a bollocking from not only the banks, but also the credit card companies. 

 
 
 
 


84 posts

Master Geek


  # 611188 18-Apr-2012 15:01
Send private message

Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

gzt

10947 posts

Uber Geek


  # 611191 18-Apr-2012 15:06
Send private message

simplestuff: Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

You are having problems with FirstIn right?

DPS is just a payment processor.


84 posts

Master Geek


  # 611194 18-Apr-2012 15:08
Send private message

Yes
Have I posted in the wrong Forum?

xpd

Chief Trash Bandit
10101 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 611196 18-Apr-2012 15:10
Send private message

Please start a fresh topic, this topic is in regards to the payment system for FirstIn, not the company itself.
Thanks




XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation (For Sale) : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

http://storm.xpd.co.nz - NZ Rock at its finest (WIP)

 

Add me on Steam

866 posts

Ultimate Geek


  # 611225 18-Apr-2012 15:51
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


The above says it all. Firstin does not need to have an https page as the secure payment part is hosted by DPS.

22626 posts

Uber Geek

Trusted
Subscriber

  # 611286 18-Apr-2012 17:11
Send private message

Actually they do since that form could be replaced by one going anywhere by an intermediary. without https and the option to inspect the page credentials then you have to go digging on the page source to find the iframe or whatever




Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08

Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19

Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48

CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42

Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41

Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30

BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14

Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24

2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35

New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13

OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32

Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27

D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.