Webpay system open to voucher fraud

R.A. Hettinga rah at shipwright.com
Tue Jan 18 06:37:57 PST 2005 

<http://www.theregister.co.uk/2005/01/17/webpay_voucher_fraud/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;

 Original URL: http://www.theregister.co.uk/2005/01/17/webpay_voucher_fraud/

Webpay system open to voucher fraud
By Jan Libbenga (libbenga at yahoo.com)
Published Monday 17th January 2005 16:46 GMT

Webpay International AG, the market leading payment system for digital
content and services in Europe, doesn't offer a flawless micro payment
service, at least in the Netherlands, according to Dutch consumer watchdog
tv show Kassa and computer weekly Computer Idee. It is relatively easy to
manipulate user data required for the Dutch MSN music download site (TV
item in Dutch over here
(http://cgi.omroep.nl/cgi-bin/streams?/tv/vara/kassa/bb.laatste.asf?start=00:16:24&end=00:26:13)
).

The payments for that site are handled by Webpay under its original name
Firstgate. Firstgate users can buy online vouchers and decide which songs
they want to purchase later. Kassa and Computer Idee discovered that these
vouchers can be easily purchased by filling in someone else's name and bank
details. Users can even add money to their prepaid account, again using
details from other users. None of this information is verified by
Firstgate. Even though upgrading the account requires a pin code, it isn't
necessary to enter the code straight away. The song or album to be
purchased can be downloaded immediately.

Firstgate, which offers the same service for cable operator Chello, doesn't
deny that this kind of fraud is possible, but stresses that that fraudsters
can be traced and will be prosecuted. However, the company wasn't too
thrilled with the publicity and originally threatened to sue broadcaster
VARA.

Webpay International licenses its micropayment click&buy service also to
British Telecom, and to Swisscom, which launched Swisscom click&buy in Q4
2004.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list