MTN Mobile Money now supports payD

i thought mtnmobile money has long been discotinued,how many south africans use it?
 
how long will it be before hackers start targeting this type of technology and steel peoples hard earned money.
 
Quite a long time, WIG is designed to be inherently more secure than most other wireless technologies.

P.S. the money would be stolen from the bank, not from the customer as the money is lent to the bank.
P.P.S. if you are hard earning you money you'r not doing it right ;)
 
I like use of the mobile network for extra authentication but shouldn't this be done already on the banking side of things? i.e. why can't they do a 2-way authentication scheme whereby you need to type in your pin AND a 2nd pin generated for the transaction authorization sent to phone? Then again.. how secure are mobile networks these days? I remember there was a whole thing with absa + mobile/telecom people diverting or something sms a few years ago?

The Google 2-way authentication system i've been using since last year seems pretty good and they use a generator for the 2nd pin on your phone(but this adds complexity of smart phone and won't be as 'nice'). Currently whenever i have a payment or atm charge go off i get an sms informing me of the event.. uh ok.. but that doesnt block the transaction.. i'd rather have auth pin sent. then if u have the phone too u can type into atm/pos and transact complete. I wonder if it does something like this
 
Last edited:
Is it secure?

I can't believe that sending your ATM PIN via SMS can be secure?!
I'd love to know how this is different to any previous attempt at SMS based "banking" that makes it secure.


I see two other major problems here:

1. It's only a matter of time before some corrupt mobile network employee is diverting SMS messages and stealing card numbers and PINs. (Been done before as mentioned previously, but this time they're stealing debit card numbers and PINS!)
2. If you have you're bag stolen (wallet and phone) the thief simply looks in your previously sent messages and they have your ATM PIN.

This is me, not convinced
 
adrianhopebailie said:
I can't believe that sending your ATM PIN via SMS can be secure?!
I'd love to know how this is different to any previous attempt at SMS based "banking" that makes it secure.


I see two other major problems here:

1. It's only a matter of time before some corrupt mobile network employee is diverting SMS messages and stealing card numbers and PINs. (Been done before as mentioned previously, but this time they're stealing debit card numbers and PINS!)
2. If you have you're bag stolen (wallet and phone) the thief simply looks in your previously sent messages and they have your ATM PIN.
Click to expand...

Why wouldn't sending your PIN via SMS be secure? No other data is going with it!!! You are also not including "ATM PIN ****" when communicating so how would a thief know?

I think some people might be misunderstanding the way it works :(

No card numbers are sent via sms. Card numbers are collected on the website of the store where you are making the purchase, so no rogue cellular employee will steal the number.
The phone will only be requesting the PIN.

Here are more details on how it will be working: http://payd.net/how-it-works/
 
In order to be PCI DSS compliant (which they claim to be) you can't send PIN's around in the clear.
The hardware where the PIN is entered (normally a tamper proof ATM/POS pin pad) needs to encrypt the PIN and transmit it as an encrypted PIN block.
The PIN block is constructed from the PIN and a derivation of the card number (PAN).
It is not even possible to programatically create an encrypted PIN block from a clear PIN unless your tamper-proof harware security module is in a special override mode.

So, I can understand that the PIN is not transmitted along with the card number but somehow the PIN is collected at the phone and later sent to the bank for authorisation along with the card number.
I want to understand how the PIN goes from clear text entry as an SMS to encrypted PIN block as a transaction message to the bank in a PCI DSS compliant system.

I have read the whole PayD site that you linked to but the only info they have is: "Your mobile phone number and your MTN or Vodacom SIM card are required to make a payment. This unique combination will be used to safely enter your PIN code, so that it can be encrypted and sent to your bank for verification, each time you complete a transaction."

What I want to know is what have they done differently that allows them to get an SMS from the phone that is encrypted. I think we need someone who knows the technology pretty well to answer that
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter