Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Thanks

Phil

In article ,
thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Dunno about acknowledgement. You can tick a box for this online. Never
done it by phone - no option to press a button for one?

My feeling is it would be very much easier to hack into a phone line and
get your details that way - if anyone could be bothered. Mobile more
difficult.

You do know you pay extra to use a credit card over a debit card for VED?

Must admit I rely on Spybot to tell me if anyone tries to install a nasty
here.

--
*If all the world is a stage, where is the audience sitting?

Dave Plowman London SW
To e-mail, change noise into sound.

On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote:

Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc.

But you'd have been happy to use credit card online...?

Why not just go down the post office...?

On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Thanks

Phil
It's possible, though unlikely, someone could listen in and decode the
DTMF keystrokes.

There's no written acknowledgement, but you can check tax status online:
https://www.gov.uk/get-vehicle-information-from-dvla .

BTW, Not doing transactions over wireless is a bit paranoid IMO. Your
wireless connection (should be) encrypted anyway, plus the financial
site would also be over HTTPS, so you've got 2 levels of encryption. The
real worry is whether you trust the other end to be secure (see
http://www.ifc0nfig.com/moonpig-vulnerability/ for just one recent
example), and (less likely) a man-in-the middle attack between your
router and the server.

On 07/01/2015 11:22, Dave Plowman (News) wrote:
In article ,
thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

snip...........


Dunno about acknowledgement. You can tick a box for this online. Never
done it by phone - no option to press a button for one?

No, there wasn't an option presented for this.


My feeling is it would be very much easier to hack into a phone line and
get your details that way - if anyone could be bothered. Mobile more
difficult.

But is the hacking of phone lines widespread, generalised and
indiscriminate like malware?


You do know you pay extra to use a credit card over a debit card for VED?

Yes I did pick this up during the renewal process ta.


Must admit I rely on Spybot to tell me if anyone tries to install a nasty
here.


IME, whatever malware/anti-virus solution you use will fail at some
time. But this may not be obvious until specific issues start to occur
with your device. Then you download a different app, rescan and find
the nasties that have slipped through the net.

Phil

On 07/01/2015 11:26, Adrian wrote:
On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote:

Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc.

But you'd have been happy to use credit card online...?

Why not just go down the post office...?


Happier using credit card than debit card due to higher levels of
insurance/fraud prevention protection.

Going down the post office involves surgical removal of an appendage....
the settee!
Not sure how long the Post Offices will still be involved now there are
no paper disks to be issued.

Phil

On Wed, 07 Jan 2015 11:41:13 +0000, thescullster wrote:

Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc.

But you'd have been happy to use credit card online...?

Why not just go down the post office...?

Happier using credit card than debit card due to higher levels of
insurance/fraud prevention protection.

They come into play if a purchase turns out to be iffy. The fraud
protection would be pretty much the same in a case like this.

Either way, so long as you don't do something daft using a fake website
or fake number, the risk is minimal.

Going down the post office involves surgical removal of an appendage....
the settee!

Poor lamb!

Not sure how long the Post Offices will still be involved now there are
no paper disks to be issued.

I don't believe there's any plans to stop. There'd be an outcry if they
did. If they were going to, they'd have done it in October. But, if
you're worried about it, more reason to do it over the counter now, to
show that customers do still want it.

thescullster wrote


Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?


You can phone the DVLA callcentre to renew tax

https://www.gov.uk/vehicle-tax

Not exactly rocket science is it.

In article ,
Adrian wrote:
On Wed, 07 Jan 2015 11:02:42 +0000, thescullster wrote:

Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc.

But you'd have been happy to use credit card online...?

Why not just go down the post office...?

That's what my brother says and does. Round here, even in central London,
there's not a post office close to where I normally shop. So It would
either be a longish walk or pay to park. And then queue. Sometimes for
ages.
If you do have a post office without a queue, I wonder how long it will
survive.

Taxing the car online takes a matter of minutes. And now there's no disc
to display, can be done at the last minute too.

--
*Velcro - what a rip off!*

Dave Plowman London SW
To e-mail, change noise into sound.

In article ,
Adrian wrote:
Not sure how long the Post Offices will still be involved now there are
no paper disks to be issued.

I don't believe there's any plans to stop. There'd be an outcry if they
did. If they were going to, they'd have done it in October. But, if
you're worried about it, more reason to do it over the counter now, to
show that customers do still want it.

I did once have a convenient sub post office locally - and where you could
park for free. However, it didn't do VED - if it was still there it
probably would now as things changed for that.

It was closed down. The owner said it was profitable - the PO wanted to
increase the use of the main branch about 3/4 mile away on the High Street
with no free parking. And anytime I used it a massive queue. Which was
generally only to tax the cars. As soon as this became possible online, I
no longer use it. For anything.

--
*If at first you don't succeed, redefine success.

Dave Plowman London SW
To e-mail, change noise into sound.

On 07/01/2015 11:36, Chris Bartram wrote:
On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Thanks

Phil
It's possible, though unlikely, someone could listen in and decode the
DTMF keystrokes.

There's no written acknowledgement, but you can check tax status online:
https://www.gov.uk/get-vehicle-information-from-dvla .

BTW, Not doing transactions over wireless is a bit paranoid IMO. Your
wireless connection (should be) encrypted anyway, plus the financial
site would also be over HTTPS, so you've got 2 levels of encryption. The
real worry is whether you trust the other end to be secure (see
http://www.ifc0nfig.com/moonpig-vulnerability/ for just one recent
example), and (less likely) a man-in-the middle attack between your
router and the server.


Thanks Chris

The tax and MOT status site is useful.
I think I renewed in the last five days, so it still shows my car as
Taxed and Due.


Having both wired and wireless networks at home, I prefer to use wired
connection for anything sensitive. Despite encryption, mac address
filtering and wireless isolation, I will still use wired for speed and
security.

Interesting Moonpig link - not seen that one!

Phil

In message , "Dave Plowman (News)"
writes
In article ,
thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

Dunno about acknowledgement. You can tick a box for this online. Never
done it by phone - no option to press a button for one?

My feeling is it would be very much easier to hack into a phone line and
get your details that way - if anyone could be bothered. Mobile more
difficult.

To do that you would have to know which phone line to listen to and
when. This would require access to and knowledge of an exchange or
street cab. Whereas to hack online transactions the hacker can sit at
home and generate a suitable malware and let it spread itself and pick
up combinations of user id/password or card no/security code at random
You do know you pay extra to use a credit card over a debit card for VED?

Must admit I rely on Spybot to tell me if anyone tries to install a nasty
here.

As should everyone - other ant-nasty software tools are available
--
bert

In article ,
bert ] wrote:
My feeling is it would be very much easier to hack into a phone line and
get your details that way - if anyone could be bothered. Mobile more
difficult.

To do that you would have to know which phone line to listen to and
when. This would require access to and knowledge of an exchange or
street cab.

Yes you would. But for those who are paranoid about such things I was
simply saying I personally would find that easier to do.

Whereas to hack online transactions the hacker can sit at
home and generate a suitable malware and let it spread itself and pick
up combinations of user id/password or card no/security code at random

The hacker has to write suitable software *and* get it installed on your
computer. Then interpret the results. I've a feeling simply sending out
lots of phishing emails may get easier results.

You do know you pay extra to use a credit card over a debit card for
VED?

Must admit I rely on Spybot to tell me if anyone tries to install a
nasty here.

As should everyone - other ant-nasty software tools are available

And at least try and understand what it's telling you. If it blocks a
change to the registry and you simply click on OK to let anything happen,
it may not be worth bothering with.

--
*No word in the English language rhymes with month, orange, silver,purple

Dave Plowman London SW
To e-mail, change noise into sound.

On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc.


You can now also pay by Direct Debit, which is protected against fraud
by the bank's DD Guarantee. There's no DVLA surcharge if you pay for 12
months by DD.


--
Reentrant

On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

The main weakness of most of these systems are not the card details in
transit, but in their safe keeping by the back end systems once they
have them. So phone is unlikely to be any different in that respect.

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

You can presumably check online:

https://www.gov.uk/check-vehicle-tax




--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.


Also, does anyone know if a written acknowledgement is sent as proof of
tax status?


If you apply online you do get an email. It did make me think I had
spent £270 just to get an email.


--
Michael Chare

John Rumm wrote


On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

The main weakness of most of these systems are not the card details in
transit, but in their safe keeping by the back end systems once they
have them. So phone is unlikely to be any different in that respect.

Crap. There is no need to keep CC details once the transaction is
complete. If you allow the likes of Amazon to keep your card details,
more fool you.


Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

You can presumably check online:

https://www.gov.uk/check-vehicle-tax

thescullster wrote

Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of protection
against fraud etc.

That's a myth. Mine has exactly the same protection
against fraud as the credit cards have.

So decided to use debit card

In your case what you should have done is move
some money from the debit card to the credit card
and do the car tax on the credit card as usual.

and touch tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all went
smoothly.

Got to wondering whether there are security loopholes using this method.

Much worse than doing it electronically in fact.

Clearly with on-line card detail entry there is possibility of key log
virus,

Trivially eliminated by doing multiple anti virus
with a number of different free antiviruses first.

scam sites,

Trivial to avoid those with the car tax.

wireless sniffing (if you use wireless for financial transactions - I
don't).

Trivial to avoid by using a secure wireless connection.

But are there equivalent weaknesses in these automated phone transaction
systems?

FAR worse in fact. Anyone can tap your phone
line and trivially record your card details that way.

Also, does anyone know if a written acknowledgement is sent as proof of
tax status?

On 07/01/2015 18:21, Sailor wrote:
John Rumm wrote


On 07/01/2015 11:02, thescullster wrote:
Came to renew the car tax last week and the credit card is near limit.

Don't like using debit card on-line due to (perceived) lack of
protection against fraud etc. So decided to use debit card and touch
tone automated phone renewal.

Although this takes much careful input of numbers into phone, it all
went smoothly.

Got to wondering whether there are security loopholes using this method.
Clearly with on-line card detail entry there is possibility of key log
virus, scam sites, wireless sniffing (if you use wireless for financial
transactions - I don't). But are there equivalent weaknesses in these
automated phone transaction systems?

The main weakness of most of these systems are not the card details in
transit, but in their safe keeping by the back end systems once they
have them. So phone is unlikely to be any different in that respect.

Crap.

How would you know?

There is no need to keep CC details once the transaction is
complete.

Just because there is no need to keep them for an extended period, that
does not mean that they don't have a need to keep them at all.

If they are kept for any period of time, then they are vulnerable. Even
if immediately discarded after processing how do you know they are not
still sat in memory or scattered in a page file etc?

If you allow the likes of Amazon to keep your card details,
more fool you.

As always its a trade off of security vs convenience.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 07/01/2015 12:27, Sailor wrote:
thescullster wrote


Came to renew the car tax last week and the credit card is near limit.

So decided to use debit card and touch
tone automated phone renewal.

You can phone the DVLA callcentre to renew tax

https://www.gov.uk/vehicle-tax

Not exactly rocket science is it.

Tthat is exactly what he said he did... do keep up at the back!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/