Growling at PayPal

We signed up for a Pay­Pal account ages ago and never got around to using to process pay­ments (we’ve got a mer­chant facil­ity with Comm­Bank so there was no great urgency to the situation) — and since set­ting it up the per­son respon­si­ble has moved on.

Our unver­i­fied account has never processed a sin­gle pay­ment, and yet with the amount of ID they require for some­thing as sim­ple as a con­tact name change you could get a pass­port in some countries.

Busi­ness Con­tact Name Change
To process your name change request, you need to fax in addi­tional infor­ma­tion. Please pro­vide a cur­rent photo iden­ti­fi­ca­tion and one of the other fol­low­ing documents:

  • A copy of a valid photo iden­ti­fi­ca­tion show­ing your new name.
  • Accept­able forms of photo iden­ti­fi­ca­tion are a driver’s license, pass­port or any other state or gov­ern­ment issued photo identification.
  • A copy of a recent util­ity bill show­ing your new name and address exactly as they appear on your Pay­Pal account.
  • A copy of a recent bank state­ment for the bank account listed on your Pay­Pal account (if applicable).

Please include a let­ter on com­pany sta­tionery indi­cat­ing the pri­mary email address, cur­rent name, address and tele­phone num­ber on the Pay­Pal account, the rea­son for the name change, and the new busi­ness con­tact name.

So that we can process your request effi­ciently, please ensure that your doc­u­ments are valid and leg­i­ble. As always, any per­sonal iden­ti­fi­ca­tion infor­ma­tion that you sub­mit to Pay­Pal will remain secure and will never be trans­mit­ted to any third party.

Pay­Pal have never had a rep as a par­tic­u­larly cus­tomer friendly organ­i­sa­tion, but this isn’t even ben­e­fi­cial to them! With no trans­ac­tions in the past and less doc­u­men­ta­tion than this required for estab­lish­ing a NEW account it doesn’t pose any cred­i­ble threat so far as hijacked accounts/money laundering/whatever goes, and they need to spend time review­ing doc­u­ments sent in a thor­oughly non­stan­dard way. The bank account ver­i­fi­ca­tion process is pretty good in terms of automa­tion (albeit risky — you’re essen­tially giv­ing Pay­Pal license to do what­ever with all funds in that account) — this is most cer­tainly not.

Any­one have any good, low % fee or cost/transaction way of hook­ing into CBA’s Evolve sys­tem? The appli­ca­tion doesn’t war­rant us spend­ing heaps set­ting it up just yet, and Pay­Pal are good at mak­ing things way too risky and dif­fi­cult. Grumble.

# by Josh on October 19th, 2009 Tags: , , , , , , , , , , , ,
| No Comments »

Cheap secure authentication

Verisign OTP from PayPal

These things can be had from Pay­Pal for about five bucks. Or $7.50 if you’re an Aussie. Verisign will flog them off to you for $30, if you’d like, but basi­cally Pay­Pal rocks for this kinda stuff. It’s a one-time pass­word token that effec­tively enhances your authen­ti­ca­tion by a mas­sive degree. It’s cool because it works with Pay­Pal and eBay. It’s cooler (and worth­while) because you can poten­tially use it with OpenID.

Essen­tially, it’s a ran­dom num­ber seeded with a unique key that gets appended to your reg­u­lar pass­word. This defeats key­log­gers and pretty much all kinds of phish­ing cur­rently out there. These kinds of devices have been used in cor­po­rate VPN/dial-in sce­nar­ios for years now (pre­dom­i­nantly, in the sit­u­a­tions I’m aware of, with tech­nol­ogy by RSA SecureID), but this is the first I’ve seen of it from Verisign.

And, sure, it’s only as secure as phys­i­cal secu­rity or the end­points them­selves are, but it’s a mas­sive step up from “what’s your cat’s name?” two-factor auth (though, unfor­tu­nately, I think PayPal/eBay offer that as a backup).

I’ve ordered mine and will prob­a­bly be hav­ing a play with OpenID imple­men­ta­tions of it (backed by Verisign’s PIP ser­vice, but not overly tied to it because of OpenID’s identity-delegation abil­ity) once it arrives (10 busi­ness days).

Can’t help but won­der what Verisign’s rates for these things are in a stand­alone sense. Nor­mally on 5 year con­tracts, but in terms of cost-per-token. Seems like a great way to defeat the idiot users who insist on hav­ing pass­words that are bla­tantly obvi­ous (argue all you like about strength poli­cies: it’s often not fea­si­ble when bal­anced against sup­port load for resul­tant for­got­ten passwords).

Also, to those who argue Pay­Pal = evil, if you’re in Aus­tralia then please… don’t. Unlike in the US, here they’ve basi­cally got the same finan­cial report­ing oblig­a­tions as any bank does, and cus­tomer ser­vice nec­es­sar­ily to match it. All the hor­ror sto­ries from the ‘States (not that I think them uni­ver­sally untrue!) pretty much couldn’t hap­pen here or they’d be chucked out of the coun­try. And, whilst they’re so heav­ily sub­si­dis­ing (or at least obtain­ing bulk dis­counts for) this kinda tech, that’s cool with me.

# by Josh on February 8th, 2008 Tags: , , , , , , ,
| 1 Comment »

My bank’s website

Proudly pro­claims:

St.George reports record interim profit of $502 mil­lion, up 11.8%

Mean­while, I get charged $4.50 for using a non-St. George ATM.

# by Josh on May 4th, 2006 Tags: ,
| 10 Comments »

St George Internet banking sucks

It requires Java. I can live with that, it’s a web application.

I had to call up to find out what browsers they offi­cially sup­ported, only to be told that sup­port was lim­ited to Inter­net Explorer on Win­dows, Mac (!!) and Netscape 7+ on both plat­forms. Fire­fox “hasn’t been tested”, Safari hasn’t been looked at. I’m not par­tic­u­larly keen on this, but hey, they’re a bank… we all expect them to be a bit backwards.

The appli­ca­tion sniffs for a Java Vir­tual Machine and refuses to load with­out even pro­vid­ing an error mes­sage if one isn’t detected. This wouldn’t be so bad but for the fact that it checks explic­itly and exclu­sively for the Sun vir­tual machine… so any­one who doesn’t use that plat­form for what­ever rea­son (licens­ing, eth­i­cal, platform) — even if they have another fully com­pat­i­ble vir­tual machine — can’t get access.

My solu­tion? Dis­able Java (not JavaScript) alto­gether using the Web Developer’s tool­bar, then sign in (it doesn’t choke!), wait til you get to the main applet pane, re-enable Java, and press F5. Magic, it works.

There is absolutely no rea­son or excuse for this behav­iour. If this fits into some per­verted notion of secu­rity, I’m not com­fort­able hav­ing my money there. If it’s the prod­uct of an incom­pe­tent web team… well… they’re an incom­pe­tent web team. Grr.

I called up and asked why it wasn’t work­ing, then explic­itly asked for a report to be for­warded to the web team. Please lots of peo­ple do this (heh, you don’t even need to be with St George… they didn’t ask me for a name or account num­ber dur­ing the phone call!)… this ser­vice is unnec­ces­sar­ily stu­pid at present!

On a plus side, their phone ser­vice is good fun. I couldn’t find a sup­port num­ber quickly, so I called the drag­ondi­rect num­ber pro­vided on a let­ter (1300 30 10 20) and when none of the options matched “sup­port”, I just ham­mered “9” repeat­edly. Works on a lot of PBX sys­tems, and it worked there… I got through to a human within 30 sec­onds, who then put me straight into the queue for web sup­port. Good stuff.

# by Josh on February 15th, 2006 Tags: , , , , , , , , , , , , ,
| 5 Comments »

Essay: Act 1, A Doll’s House

An essay. 1992 words. My stan­dard Cre­ative Com­mons license applies — this means attri­bu­tion is required, and you aren’t legally per­mit­ted to repub­lish this as your own work (yes, even for non-commercial rea­sons such as school). Read the rest of this entry »

# by Josh on October 31st, 2004 Tags: , , , , , , , , , , , , , , , , ,
| 1 Comment »

Moving

At some time around 11 last night, the enor­mity of this hor­rific thing hit me. Not so much the pack­ing side — that’s okay, I can deal with that; enough of my life is already exist­ing in boxes for it to be no huge dif­fer­ence (that said, I think I have an assess­ment or two the week we’re mov­ing, so that will be fun…). I’m more wor­ried about con­ti­nu­ity of life in gen­eral. Read the rest of this entry »

# by Josh on October 18th, 2004 Tags: ,
| 3 Comments »