On 07/01/2015 11:36, Chris Bartram wrote:
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Thanks

Phil
It's possible, though unlikely, someone could listen in and decode the
DTMF keystrokes.

There's no written acknowledgement, but you can check tax status online:
https://www.gov.uk/get-vehicle-information-from-dvla .

BTW, Not doing transactions over wireless is a bit paranoid IMO. Your
wireless connection (should be) encrypted anyway, plus the financial
site would also be over HTTPS, so you've got 2 levels of encryption. The
real worry is whether you trust the other end to be secure (see
http://www.ifc0nfig.com/moonpig-vulnerability/ for just one recent
example), and (less likely) a man-in-the middle attack between your
router and the server.


Thanks Chris

The tax and MOT status site is useful.
I think I renewed in the last five days, so it still shows my car as
Taxed and Due.


Having both wired and wireless networks at home, I prefer to use wired
connection for anything sensitive. Despite encryption, mac address
filtering and wireless isolation, I will still use wired for speed and
security.

Interesting Moonpig link - not seen that one!

Phil