September 17, 2010 at 18:58Little surprises Robokassa
Robokassa chose “Without a break and other surprises” as its motto, surprises sometimes still happen, but these are user problems ...
The details of bank cards that are entered by the user when making a payment are cached on the Robokassa website, as a result, after making a single payment, you can get bank details or use by them to make another payment.
The payment process for the user consists of two main stages: the choice of payment method (we are interested in “Paying from an account in the ROBOX payment system (by credit card)”), where there is a checkmark “remember entered information”, but which for some reason does not fulfill its functions :
At the second stage, it is proposed to enter the details of a bank card. In the case of the first payment, these fields are empty, but herein the event of a repeated payment, the data can easily be obtained from the results of the last filling simply by clicking on the empty field :
Bank card details can be easily used with access to a computer or a virus program can take them away. Only one parameter is missing: the validity of the card, but because cards are usually issued for a period of a couple of years, then I think sorting out a couple of dozen options does not seem to be a particular problem.
Robocassa support service has been notified of the problem, but believes that this is a customer problem. Here is their succinct answer:
“Change the security level in your browser.”
And the problem is solved very simply: autocomplete = “off” in the html-code for the fields with bank card details.
It is a pity that each of the hundreds of thousands of users must change the security settings of their browser, and not the payment system programmer, once for the security of everyone.
The details of bank cards that are entered by the user when making a payment are cached on the Robokassa website, as a result, after making a single payment, you can get bank details or use by them to make another payment.
The payment process for the user consists of two main stages: the choice of payment method (we are interested in “Paying from an account in the ROBOX payment system (by credit card)”), where there is a checkmark “remember entered information”, but which for some reason does not fulfill its functions :
At the second stage, it is proposed to enter the details of a bank card. In the case of the first payment, these fields are empty, but herein the event of a repeated payment, the data can easily be obtained from the results of the last filling simply by clicking on the empty field :
Bank card details can be easily used with access to a computer or a virus program can take them away. Only one parameter is missing: the validity of the card, but because cards are usually issued for a period of a couple of years, then I think sorting out a couple of dozen options does not seem to be a particular problem.
Robocassa support service has been notified of the problem, but believes that this is a customer problem. Here is their succinct answer:
“Change the security level in your browser.”
And the problem is solved very simply: autocomplete = “off” in the html-code for the fields with bank card details.
It is a pity that each of the hundreds of thousands of users must change the security settings of their browser, and not the payment system programmer, once for the security of everyone.