Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




639 posts

Ultimate Geek
+1 received by user: 95

Trusted
Subscriber

Topic # 100208 5-Apr-2012 09:04
Send private message

I wanted to buy something off firstin today, and it was shocking to see that the site wasn't using https, even though they say they do, and the page is even "certified secure". Goes to show that all those badges and logos mean nothing and you should always make it a point to manually check if a payment page is secure or not...








 

Create new topic
BDFL - Memuneh
62282 posts

Uber Geek
+1 received by user: 12824

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 605511 5-Apr-2012 09:13
Send private message

That page maybe not encrypted, but what about the submit form? Is it like Geekzone, login form in all pages (encrypted or not) submit is done to an encrypted version though?







639 posts

Ultimate Geek
+1 received by user: 95

Trusted
Subscriber

  Reply # 605519 5-Apr-2012 09:23
Send private message

Nope, the submit form wasn't encrypted either. The whole site remained insecure from step 1. of the process..

Edit: Wait, looks like you're right, the form itself is encrypted.. didn't realise it was in an iframe. Looking at the code:

<iframe id="iPayment" src="https://sec.paymentexpress.com/pxpay/pxpay.aspx?userid=FirstIn&amp;request=....."></iframe>

 
 
 
 


gzt

10526 posts

Uber Geek
+1 received by user: 1683


  Reply # 605523 5-Apr-2012 09:28
Send private message

The payment.aspx element has an https source supplied by DPS.



639 posts

Ultimate Geek
+1 received by user: 95

Trusted
Subscriber

  Reply # 605530 5-Apr-2012 09:39
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


Thanks, yeah I just realized that myself. But the site still appears a bit dodgy. For instance, they make you agree to the ToC of the sale, but when you open the ToC page, it's empty!

http://secure.firstin.co.nz/terms.aspx 

gzt

10526 posts

Uber Geek
+1 received by user: 1683


  Reply # 605534 5-Apr-2012 09:49
Send private message

Maybe they fill it in later lol. The Comodo, Visa, and '100% NZ' verification icons do not operate correctly either.

3064 posts

Uber Geek
+1 received by user: 485

Trusted
Subscriber

  Reply # 605640 5-Apr-2012 12:00
Send private message

Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.

6332 posts

Uber Geek
+1 received by user: 393

Moderator
Trusted
Lifetime subscriber

  Reply # 605670 5-Apr-2012 12:34
Send private message

Kyanar: Rest assured, DPS is definitely not insecure. In fact, you can't even get to the payment page over an insecure HTTP session.


Its safe to assume that if DPS ever thought about this, they'd get a bollocking from not only the banks, but also the credit card companies. 

84 posts

Master Geek
+1 received by user: 1


  Reply # 611188 18-Apr-2012 15:01
Send private message

Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

gzt

10526 posts

Uber Geek
+1 received by user: 1683


  Reply # 611191 18-Apr-2012 15:06
Send private message

simplestuff: Order an Item through these guys 01/04/2012 Charged against my account the next day, delivery date was supposed to be 15th April.  Not received the item  yet Tried to contact them by email and phone no Joy. May be jumping to conclusion.  Anyone else having problems

You are having problems with FirstIn right?

DPS is just a payment processor.


84 posts

Master Geek
+1 received by user: 1


  Reply # 611194 18-Apr-2012 15:08
Send private message

Yes
Have I posted in the wrong Forum?

xpd

Chief Trash Bandit
9277 posts

Uber Geek
+1 received by user: 1497

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 611196 18-Apr-2012 15:10
Send private message

Please start a fresh topic, this topic is in regards to the payment system for FirstIn, not the company itself.
Thanks




XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.    


842 posts

Ultimate Geek
+1 received by user: 55


  Reply # 611225 18-Apr-2012 15:51
Send private message

gzt: The payment.aspx element has an https source supplied by DPS.


The above says it all. Firstin does not need to have an https page as the secure payment part is hosted by DPS.

21832 posts

Uber Geek
+1 received by user: 4570

Trusted
Subscriber

  Reply # 611286 18-Apr-2012 17:11
Send private message

Actually they do since that form could be replaced by one going anywhere by an intermediary. without https and the option to inspect the page credentials then you have to go digging on the page source to find the iframe or whatever




Richard rich.ms

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.