bogus payment page

Discussions

Web tier: servlets, JSP, Web frameworks: bogus payment page

  1. bogus payment page (3 messages)

    Are there any way that fake or bogus payment page be detected. There could be fake payment page that will just steal your credit card number or the pin of your atm/debit card. These are the concerns of our clients.

    Threaded Messages (3)

  2. bogus payment page[ Go to top ]

    one way could be to use certificates...
    if the page your client sees is not certified... they would know they are looking at fake page...
  3. bogus payment page[ Go to top ]

    Have you or your clients ever seen "a bogus payment page"?

    How would this be done?
  4. For example, you can easily code a "proxy" that passes requests to the original server and returns the pages to the browser after saving them on the local disk. All you have to do after that is to "poison" a few select DNS servers (not a trivial thing with most of your newer DNS services, but can be done) to redirect "www.bigstoreonthenet.com" to your proxy and wait for the data to materialize. The remainder is a grep only business.

    That's why we have SSL/TLS encryption. Even if someone listens to the conversation between the browser and the server and records it, it will take either a lot of time or a lot of hardware (basically a lot of CPU time) to decrypt it without the private key.