Wednesday, 29 October 2025

iPhone and web apps

This blog entry is a pointer to the other non-banking projects that I've been doing over the last couple of years.  Smart phones and tablet devices bring lots of possibilities; here are three that I've turned into realities:

TitleWhat it doesTypeLink
Grayshott e-GuideGuide to local businesses and organisationsiOS free
Web appeGuide
FirkinApp The smarter way to read a beer festival beer listiOS free
Web appFirkin Web App
Dinner Divider Work out fair shares for the bill for dinner, taking into account any kitty and the tipsiOS free
Dinner Divider Ad-FreeLike Dinner Divider but without the ads iOS paid

There's more on the dedicated support blog pages

Update 04/01/2016 - now looking at rewriting the iOS versions using Swift.

Originally published 29/10/2014.   

Monday, 22 December 2014

Phishing: Message Options

Many people are investing lots of time and energy in pretending to be who they're not through e-mail: looking for Internet users who will give them sign-on details, account numbers, PINs and so on that they can use to strip bank accounts or run up unpayable credit card debts. 

No single method will protect - in the end, you have to be suspicious of any request for personal details or even opinions.  How many of us have answered a phone call that was apparently a survey and ended up being asked for details that could open us up to further unwanted phone calls or given details about our address, postcode or buying habits? 

If you use a Windows computer, you may also have Microsoft Office.  This is a fantastic tool for organising your e-mail, but the latest version has made it harder to look closely at incoming messages before you actually open them.  The trick is to look at the Message Options and see if the addresses in the mail headers actually look anything like the apparent sender. 

In Outlook 2003 and later versions, it used to be possible to right-click on a message in the Inbox and look at the headers directly.  The latest version, Outlook 2013 (also part of Office 365) doesn't allow this unless you first do a little customisation.  Here's how to do it.

I haven't yet found a way to restore the right-click function but you can still use it if you customise the Quick Access Toolbar of Outlook 2013.  That's the very top of the window, where the Outlook application icon, the Send/Receive All button and the Undo button can be found.  It looks like this:






Right-click on the ribbon (that's the feature with the tab names and icons just below the Quick Access Toolbar).  You'll be offered the option to customise the Quick Access Toolbar.  Set the top drop-down box to Commands Not in the Ribbon.  It looks like this:

Select Message Options and then click Add, and move it up one place using the buttons on the far right.  When you click OK, the Quick Access Toolbar should look like this:






When you receive a message that looks suspicious - as examples, a bill you weren't expecting, a receipt for a charity donation, a request to confirm your details, a notification of a failed payment, in your Inbox, select but don't open the message.  Then click on the fourth icon from the left at the top of the window (Message Options).   If when you scroll down, you see evidence of spoofing of addresses, just delete the message - don't open it, and certainly not its attachments.  Here's an example of a spoof e-mail with some of the tell-tale signs:


This was supposed to be from NatWest Bank.  Why would it send an e-mail from a belgacom.be address, relayed through skynet.be?  And then why would its From address be nto.com.  Who?

Use this tip and your own intelligence to cut down your risk of being hacked by evil people. 

Wednesday, 14 May 2014

Credit card security blown wide open on postal transactions



(Originally made this post on Ecademy.com, now Sunzu.com, on 11 Dec 2007)

I'm becoming increasingly worried by suppliers that ask for your debit or credit card security number in writing, along with the card number and expiry date, for postal transactions. This blows the security system wide open. Anyone that intercepts your instructions, either before or after your legitimate payment is made, has everything needed to rip off suppliers (and you).

Why are suppliers doing this? Simply, it's because their banks are demanding these details for Customer Not Present transactions that are entered through merchant machines such as the PDQ.
When you enter card details onto a secure supplier website or a proper payment service such as PayPal, the possible number of fraudsters is quite limited, and collusion or fraudulent action by the owner of the site is a strong suspicion if anything goes wrong. The chain is pretty clear. But just like a pair of CD-ROMs, if a piece of paper goes astray, it could be in anyone's hands, it can be photocopied and sent anywhere in the world, and huge amounts of damage can be done.

Signature as confirmation of identity should be enough for 'cold' transactions where no goods are shipped within 24 hours. When a PDQ machine is used, the bank now seems to require the security number. Specific cases in the last two weeks: NatWest demanded this from a charity for a donation that I wanted to make by card (I sent a cheque instead, along with my Gift Aid form) and a UK passport application where the payment must accompany the application form (I used the Check and Send service at a Post Office which allowed me to make the payment electronically).

This is really dangerous stuff. Barclaycard told me definitely not to send the card security number in writing along with other card details, but I wouldn't be surprised if their merchant people are following the same protocol as NatWest and the Home Office. Is this a general problem? I'd like to gather evidence and to hear of any other cases where this practice has been introduced. And then make some noise in the right places.


Comments received on Sunzu.com:

John, I agree with you and I will not write down a security number. I also agree with S - suppliers keeping written records of credit card numbers also provides a security loophole for dishonest employees and theft from suppliers premises. What's the point of shredding all your documents at home if suppliers have such details in their filing cabinets ! My advice (which I will now take myself in future) is not to write down my credit / debit card numbers on any paper form. Regards, G (UK)


John, I totally agree, you should never give out all these details in writing. The point of the security code, well is.... security. The best practice on this is never to have the card details in writing..... as soon as there is a record, there is a risk towards the data protection rules. As e-retailers, we make 3 important points: 1- all online purchases are managed through secure services so we never have access to the customer's card details 2- for transactions over the phone, we always carry out the transaction live and do not take notes of the card numbers. Once the transaction is finished we (and any other mischievous party) have no way of retrieving the card details. this is quite an effective way of preventing credit card fraud. 3- we never ask for card details in writing I now demand the same type of security from my suppliers, so no employee could take note of the card number in passing. Many organisations do not realise their responsibilities in that area... how many are ensured against employee dishonesty???  S (France)


Agreed

It always makes me think about it on line, I am not sure that is good practice even with the security that wraps around it. K (UK)


I agree with you John, I think there is very little personal safety as regards our financial details. I hate to think how many companies have our details of cards, dob, NI numbers etc. You are right - so much damage can be done in a short space of time. When the CD's went missing I think it gave everyone a shake up. And yet will any of these things stop? I think not. I recently watched a movie. It was called 'The Lives of Others' . It was in German with subtitles. It was set in East Germany just before the wall came down. It really exposed just how thorough the Stasi were in gathering information on everyone. It was a society where people had no freedom, no secrets, no comeback.Nowhere to go to talk about injustice. Anyone who spoke out or argued against the State were imprisoned or worse. Is this what is happening over here. One has to ask - 'What exactly is going on'? L (UK)