OT - Which is Safer, Internet or Phone
Came to renew the car tax last week and the credit card is near limit.
Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? Thanks Phil |
OT - Which is Safer, Internet or Phone
In article ,
thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? Dunno about acknowledgement. You can tick a box for this online. Never done it by phone - no option to press a button for one? My feeling is it would be very much easier to hack into a phone line and get your details that way - if anyone could be bothered. Mobile more difficult. You do know you pay extra to use a credit card over a debit card for VED? Must admit I rely on Spybot to tell me if anyone tries to install a nasty here. -- *If all the world is a stage, where is the audience sitting? Dave Plowman London SW To e-mail, change noise into sound. |
OT - Which is Safer, Internet or Phone
On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. But you'd have been happy to use credit card online...? Why not just go down the post office...? |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? Thanks Phil It's possible, though unlikely, someone could listen in and decode the DTMF keystrokes. There's no written acknowledgement, but you can check tax status online: https://www.gov.uk/get-vehicle-information-from-dvla . BTW, Not doing transactions over wireless is a bit paranoid IMO. Your wireless connection (should be) encrypted anyway, plus the financial site would also be over HTTPS, so you've got 2 levels of encryption. The real worry is whether you trust the other end to be secure (see http://www.ifc0nfig.com/moonpig-vulnerability/ for just one recent example), and (less likely) a man-in-the middle attack between your router and the server. |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:22, Dave Plowman (News) wrote:
In article , thescullster wrote: Came to renew the car tax last week and the credit card is near limit. snip........... Dunno about acknowledgement. You can tick a box for this online. Never done it by phone - no option to press a button for one? No, there wasn't an option presented for this. My feeling is it would be very much easier to hack into a phone line and get your details that way - if anyone could be bothered. Mobile more difficult. But is the hacking of phone lines widespread, generalised and indiscriminate like malware? You do know you pay extra to use a credit card over a debit card for VED? Yes I did pick this up during the renewal process ta. Must admit I rely on Spybot to tell me if anyone tries to install a nasty here. IME, whatever malware/anti-virus solution you use will fail at some time. But this may not be obvious until specific issues start to occur with your device. Then you download a different app, rescan and find the nasties that have slipped through the net. Phil |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:26, Adrian wrote:
On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. But you'd have been happy to use credit card online...? Why not just go down the post office...? Happier using credit card than debit card due to higher levels of insurance/fraud prevention protection. Going down the post office involves surgical removal of an appendage.... the settee! Not sure how long the Post Offices will still be involved now there are no paper disks to be issued. Phil |
OT - Which is Safer, Internet or Phone
On Wed, 07 Jan 2015 11:41:13 +0000, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. But you'd have been happy to use credit card online...? Why not just go down the post office...? Happier using credit card than debit card due to higher levels of insurance/fraud prevention protection. They come into play if a purchase turns out to be iffy. The fraud protection would be pretty much the same in a case like this. Either way, so long as you don't do something daft using a fake website or fake number, the risk is minimal. Going down the post office involves surgical removal of an appendage.... the settee! Poor lamb! Not sure how long the Post Offices will still be involved now there are no paper disks to be issued. I don't believe there's any plans to stop. There'd be an outcry if they did. If they were going to, they'd have done it in October. But, if you're worried about it, more reason to do it over the counter now, to show that customers do still want it. |
OT - Which is Safer, Internet or Phone
thescullster wrote
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? You can phone the DVLA callcentre to renew tax https://www.gov.uk/vehicle-tax Not exactly rocket science is it. |
OT - Which is Safer, Internet or Phone
In article ,
Adrian wrote: On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. But you'd have been happy to use credit card online...? Why not just go down the post office...? That's what my brother says and does. Round here, even in central London, there's not a post office close to where I normally shop. So It would either be a longish walk or pay to park. And then queue. Sometimes for ages. If you do have a post office without a queue, I wonder how long it will survive. Taxing the car online takes a matter of minutes. And now there's no disc to display, can be done at the last minute too. -- *Velcro - what a rip off!* Dave Plowman London SW To e-mail, change noise into sound. |
OT - Which is Safer, Internet or Phone
In article ,
Adrian wrote: Not sure how long the Post Offices will still be involved now there are no paper disks to be issued. I don't believe there's any plans to stop. There'd be an outcry if they did. If they were going to, they'd have done it in October. But, if you're worried about it, more reason to do it over the counter now, to show that customers do still want it. I did once have a convenient sub post office locally - and where you could park for free. However, it didn't do VED - if it was still there it probably would now as things changed for that. It was closed down. The owner said it was profitable - the PO wanted to increase the use of the main branch about 3/4 mile away on the High Street with no free parking. And anytime I used it a massive queue. Which was generally only to tax the cars. As soon as this became possible online, I no longer use it. For anything. -- *If at first you don't succeed, redefine success. Dave Plowman London SW To e-mail, change noise into sound. |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:36, Chris Bartram wrote:
On 07/01/2015 11:02, thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? Thanks Phil It's possible, though unlikely, someone could listen in and decode the DTMF keystrokes. There's no written acknowledgement, but you can check tax status online: https://www.gov.uk/get-vehicle-information-from-dvla . BTW, Not doing transactions over wireless is a bit paranoid IMO. Your wireless connection (should be) encrypted anyway, plus the financial site would also be over HTTPS, so you've got 2 levels of encryption. The real worry is whether you trust the other end to be secure (see http://www.ifc0nfig.com/moonpig-vulnerability/ for just one recent example), and (less likely) a man-in-the middle attack between your router and the server. Thanks Chris The tax and MOT status site is useful. I think I renewed in the last five days, so it still shows my car as Taxed and Due. Having both wired and wireless networks at home, I prefer to use wired connection for anything sensitive. Despite encryption, mac address filtering and wireless isolation, I will still use wired for speed and security. Interesting Moonpig link - not seen that one! Phil |
OT - Which is Safer, Internet or Phone
In message , "Dave Plowman (News)"
writes In article , thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? Also, does anyone know if a written acknowledgement is sent as proof of tax status? Dunno about acknowledgement. You can tick a box for this online. Never done it by phone - no option to press a button for one? My feeling is it would be very much easier to hack into a phone line and get your details that way - if anyone could be bothered. Mobile more difficult. To do that you would have to know which phone line to listen to and when. This would require access to and knowledge of an exchange or street cab. Whereas to hack online transactions the hacker can sit at home and generate a suitable malware and let it spread itself and pick up combinations of user id/password or card no/security code at random You do know you pay extra to use a credit card over a debit card for VED? Must admit I rely on Spybot to tell me if anyone tries to install a nasty here. As should everyone - other ant-nasty software tools are available -- bert |
OT - Which is Safer, Internet or Phone
In article ,
bert ] wrote: My feeling is it would be very much easier to hack into a phone line and get your details that way - if anyone could be bothered. Mobile more difficult. To do that you would have to know which phone line to listen to and when. This would require access to and knowledge of an exchange or street cab. Yes you would. But for those who are paranoid about such things I was simply saying I personally would find that easier to do. Whereas to hack online transactions the hacker can sit at home and generate a suitable malware and let it spread itself and pick up combinations of user id/password or card no/security code at random The hacker has to write suitable software *and* get it installed on your computer. Then interpret the results. I've a feeling simply sending out lots of phishing emails may get easier results. You do know you pay extra to use a credit card over a debit card for VED? Must admit I rely on Spybot to tell me if anyone tries to install a nasty here. As should everyone - other ant-nasty software tools are available And at least try and understand what it's telling you. If it blocks a change to the registry and you simply click on OK to let anything happen, it may not be worth bothering with. -- *No word in the English language rhymes with month, orange, silver,purple Dave Plowman London SW To e-mail, change noise into sound. |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. You can now also pay by Direct Debit, which is protected against fraud by the bank's DD Guarantee. There's no DVLA surcharge if you pay for 12 months by DD. -- Reentrant |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? The main weakness of most of these systems are not the card details in transit, but in their safe keeping by the back end systems once they have them. So phone is unlikely to be any different in that respect. Also, does anyone know if a written acknowledgement is sent as proof of tax status? You can presumably check online: https://www.gov.uk/check-vehicle-tax -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
OT - Which is Safer, Internet or Phone
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit. Also, does anyone know if a written acknowledgement is sent as proof of tax status? If you apply online you do get an email. It did make me think I had spent £270 just to get an email. -- Michael Chare |
OT - Which is Safer, Internet or Phone
John Rumm wrote
On 07/01/2015 11:02, thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? The main weakness of most of these systems are not the card details in transit, but in their safe keeping by the back end systems once they have them. So phone is unlikely to be any different in that respect. Crap. There is no need to keep CC details once the transaction is complete. If you allow the likes of Amazon to keep your card details, more fool you. Also, does anyone know if a written acknowledgement is sent as proof of tax status? You can presumably check online: https://www.gov.uk/check-vehicle-tax |
OT - Which is Safer, Internet or Phone
thescullster wrote
Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. That's a myth. Mine has exactly the same protection against fraud as the credit cards have. So decided to use debit card In your case what you should have done is move some money from the debit card to the credit card and do the car tax on the credit card as usual. and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Much worse than doing it electronically in fact. Clearly with on-line card detail entry there is possibility of key log virus, Trivially eliminated by doing multiple anti virus with a number of different free antiviruses first. scam sites, Trivial to avoid those with the car tax. wireless sniffing (if you use wireless for financial transactions - I don't). Trivial to avoid by using a secure wireless connection. But are there equivalent weaknesses in these automated phone transaction systems? FAR worse in fact. Anyone can tap your phone line and trivially record your card details that way. Also, does anyone know if a written acknowledgement is sent as proof of tax status? |
OT - Which is Safer, Internet or Phone
On 07/01/2015 18:21, Sailor wrote:
John Rumm wrote On 07/01/2015 11:02, thescullster wrote: Came to renew the car tax last week and the credit card is near limit. Don't like using debit card on-line due to (perceived) lack of protection against fraud etc. So decided to use debit card and touch tone automated phone renewal. Although this takes much careful input of numbers into phone, it all went smoothly. Got to wondering whether there are security loopholes using this method. Clearly with on-line card detail entry there is possibility of key log virus, scam sites, wireless sniffing (if you use wireless for financial transactions - I don't). But are there equivalent weaknesses in these automated phone transaction systems? The main weakness of most of these systems are not the card details in transit, but in their safe keeping by the back end systems once they have them. So phone is unlikely to be any different in that respect. Crap. How would you know? There is no need to keep CC details once the transaction is complete. Just because there is no need to keep them for an extended period, that does not mean that they don't have a need to keep them at all. If they are kept for any period of time, then they are vulnerable. Even if immediately discarded after processing how do you know they are not still sat in memory or scattered in a page file etc? If you allow the likes of Amazon to keep your card details, more fool you. As always its a trade off of security vs convenience. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
OT - Which is Safer, Internet or Phone
On 07/01/2015 12:27, Sailor wrote:
thescullster wrote Came to renew the car tax last week and the credit card is near limit. So decided to use debit card and touch tone automated phone renewal. You can phone the DVLA callcentre to renew tax https://www.gov.uk/vehicle-tax Not exactly rocket science is it. Tthat is exactly what he said he did... do keep up at the back! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
All times are GMT +1. The time now is 01:45 AM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2014 DIYbanter