(keitai-l) Re: Amazon Japan Payment Security

From: Curt Sampson <cjs_at_cynic.net>
Date: 06/18/04
Message-ID: <Pine.NEB.4.58.0406181910210.2487@angelic-vtfw.cvpn.cynic.net>
On Fri, 18 Jun 2004, Andrew Shuttleworth wrote:

> If I visit http://www.amazon.co.jp/i  I can register at the site
> including entering my credit card details. I'm not going through the
> official menu and there is nothing pops up to suggest that the site is
> secure. So question 1 is is this secure and does this security rely on
> being an official site?

I-mode sites, official or not, can use SSL. So that would be the best
way to secure it.

> Second question would be how they recognise that I am a return user so
> that I don't have to input my details again. I presume that they can
> do this because they on the official menu.

Right. Your phone number is substituted for the NULLGWDOCOMO in the
query string when they receive they request, because they are an
official site.

> I guess the real debate is payment settlement systems for sites that
> are not on any of the official menus.

Even for those that are on the official docomo menu, unless their
charging structure is one where they bill monthly and it's no more than
300 yen, they have the issue anyway.

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
    Don't you know, in this new Dark Age, we're all light.  --XTC
Received on Fri Jun 18 13:13:44 2004