Bill Me Later -- Really Secure?
Results 1 to 8 of 8

Thread: Bill Me Later -- Really Secure?

  1. #1

    Question Bill Me Later -- Really Secure?

    Does anyone have any experience with Bill Me Later? Is it well secured? It's certainly advertised as such and very popular, but consider this:

    To use "Bill Me Later," shoppers need only provide their birth date and the last four digits of their Social Security Number -- rather than a full credit card number. (To authorize a purchase, I4 Commerce also needs the purchaser's name and address, which it can glean from transactional data.)
    SOURCE

    The last four digits would be much easier to phish than a full SSN. That doesn't sound very encouraging to me...

    However...

    Does Bill Me Later® protect me from unauthorized charges?
    Yes, Bill Me Later® provides “zero fraud liability” protection; the same protection provided by most major credit cards. This means you are not responsible for unauthorized charges.

    And Bill Me Later® has been designed with other features to help protect against unauthorized use of your account. Your identity is validated with top-of-mind information such as date of birth and last four digits of your Social Security Number. This means there is no account number that can be lost or stolen.
    SOURCE

    Not sure about this one...

  2. #2
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    Does Bill Me Later® protect me from unauthorized charges?
    Yes, Bill Me Later® provides “zero fraud liability” protection; the same protection provided by most major credit cards. This means you are not responsible for unauthorized charges.

    And Bill Me Later® has been designed with
    Sounds like they require one to authorize it by email or something when one or someone attempts to buy something. Sounds okay but nothing is real secure when you add the other factors into the spiel. Like how well the code is programed, did the person get 'owned', and so on. Do you know of any sites that currently use this?

  3. #3
    Quite a few from what I've read. TigerDirect uses BillMeLater (where it first caught my attention) and evidently Overstock.com recently added it as a payment option.

  4. #4
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Erm, look at what it asks for. Birthdate and last four of your soc for authentication....do you know how easy that is to get?

    You don't even have to phish for it...you can easily steal some mail or get it one of a hundred other ways.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    whats phishing?

  6. #6
    Right, which is why I noted that in the first quote. The counter seems to be in the second quote, where they claim that an account holder will not be held accountable for "fraudulent" spending done on their account. But is that still any assurance? Still sounds awfully weak to me.

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Your identity is validated with top-of-mind
    And what if the mind that created this was a retard.... The top wouldn't be very far from the bottom really would it?

    I don't know the mechanism it uses for billing, (probably emails you and says that "X has just been billed do you authorize the purchase?"), which would allay the issue of getting the DOB and last 4 to some extent. Then the question would be how easy would it be to redirect or intercept the mail. Regardless of that, you still get your CC bill every month and while you might not notice that $10 charge you will notice that gleaming new laptop someone bought.

    Then you have two levels of recourse, the CC company and the service itself....

    I still say that if you are worried about CC fraud the best way to deal with it but still be able to use them online is to get a card, call the issuer and tell them you want a limit of $200 or whatever you feel is reasonable. That way your potential for loss is mitigated.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Originally posted here by Tiger Shark
    Regardless of that, you still get your CC bill every month and while you might not notice that $10 charge you will notice that gleaming new laptop someone bought.
    Unless they're buying the laptop on a payment plan, $30 every month or something

    DoB and SIN sound easy enough to phish out from somebody. But then again the best 128-bit encryption you can find [most sites that use CCs online] is useless if you have a keylogger on your box, as a result of an unpatched machine, so...
    /\\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •