Archive for the ‘Payment’ Category

Give the Bad Guys your PayPal Account?

Thu, 20 May 2010

I was concerned to read this blog post from PayPal’s VP of Platform, announcing their Mobile Payments Library. The feasibility of in-application mobile payments is something I’ve looked at often over the years, and I’ve always come to the conclusion that it’s extremely difficult to do securely. I haven’t seen any evidence here that PayPal have solved that.

There are some interesting challenges at the API level that are probably only relevant to security geeks (how does the service know that the application that’s invoking it is properly authorised?) but I won’t go into that now, because it seems there is a more basic and glaring error:

(more…)