📜 ⬆️ ⬇️

Robokassa's little surprises

Robokassa chose its motto "Without a break and other surprises," surprises sometimes happen all the same, but these are the problems of users ...

The website of the robocash desk caches bank card details that the user entered when making a payment, as a result, after making a single payment, you can get bank details or use them to make another payment.

The payment process for the user consists of two main stages: the choice of payment method (we are interested in “Payment from an account in the ROBOX payment system (by credit card)”), where there is a tick “to remember the entered information”, but which for some reason does not perform its functions :

At the second stage, it is proposed to enter the bank card details. In the case of the first payment, these fields are empty, but in the case of a second payment, the data is easily obtained from the results of the past filling out by simply clicking on the empty field :
Bank card details can be easily used if you have access to a computer or a virus program can drag them away. Only one parameter is missing: the card validity period, but since cards usually issue for a couple of years, then I think going through a couple of dozen options does not seem to be a particular problem.

Robokassa support service was notified of the problem, but it believes that this is a client problem. Here is their concise answer:
"Change the security level in your browser."

And the problem is solved very simply: autocomplete = "off" in the html-code for the fields with the details of a bank card.

It is a pity that each of the hundreds of thousands of users should change the security settings of their browser, and not the payment system programmer once for the sake of all.

Source: https://habr.com/ru/post/104469/

All Articles