funsec mailing list archives
Re: PayPal Plans Payments Via Text Message?
From: "Mark P. Fister" <mark () fister org>
Date: Fri, 24 Mar 2006 01:43:06 -0800
On Thu, Mar 23, 2006 at 08:56:34AM -0700, Justin Polazzo wrote:
How do you guys originally tie a number to a cell phone? Via registration on the web with an acknowledgement sent to the cell phone via SMS?
*** DISCLAIMER *** Anything I say is subject to change, as the system is currently in beta. *** END DISCLAIMER *** Verification of the phone number is how the system ties the account to the cell phone. In fact, the phone number doesn't have to be a mobile phone. If not a mobile, you can make payments by calling a 1-800 number (although that's far less sexy). Regardless, after registering the phone number and choosing a PIN on PayPal's web site, PayPal simply calls your telephone number with an automated voice system. At that point, you enter the PIN you chose. This verifies that the telephone number is yours. Now, you can begin sending money via SMS or the 1-800 number.
I guess that would mean in order to sign up for the service, you would already have to have full access to the paypal account, therefore making it just as (in)secure as any online transaction ;-) You might want to take an advance lesson from these guys. http://www.theregister.co.uk/2006/02/02/mobile-phone_tracking/ It seems that people were abusing the system, trying to track those who didn't want to be tracked via more methods than are listed in the above link. You cant stop all security flaws (social or technological), but the idea of always texting the phone with notices that you are signed up to the service, or when you fail authentication, or just make a huge purchase might be able to stop some current and future headaches. And while it may be annoying to some, it might also be comforting to others.
Yes, the system does text back when you: 1. Sign up. 2. Make a payment via your mobile device. Furthermore, PayPal will email you a receipt at your email address on file when you make a telephone payment. Naturally, all payments you make via your registered phone will also show up in your payment history, downloadable logs, and SOAP results.
-JP
-- Mark P. Fister http://www.fister.org Skype: callme://FisterDotOrg _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- PayPal Plans Payments Via Text Message? Fergie (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- Re: PayPal Plans Payments Via Text Message? security curmudgeon (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 24)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- <Possible follow-ups>
- Re: PayPal Plans Payments Via Text Message? Fergie (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 24)