I get my mobile phone service from Vodafone NZ because when my family and I arrived in New Zealand, we brought our GSM phones with us, and Vodafone is currently the only GSM provider in NZ. It's a prepaid service since I don't need to make many calls.
Since it's prepaid, I need to top-up my prepaid credit every once in a while. Now vodafone has a service called Hotlink. With Hotlink, it's possible to register a phone number and pin with my bank (highly recommended) and then get prepaid credit top-ups via a vodafone app that works through SMS messages. Hotlink worked very well for us for a year. Lately, however, my sister-in-law came to visit us in NZ and we asked her to buy us new phones since our old phones (well, mine) were approaching unusable due to a cracked screen, shorter battery life, etc.
We love our new phones. However, apparently vodafone's Hotlink app doesn't work with all handsets. Presumably it only works with handsets that vodafone sells or has sold in the past. So no hotlink for us.
Fortunately, there's a website where I can top-up my own phone via credit card payment. I didn't realize that I could top up my wife's phone too, using my account. So I tried to log in to *her* account. I'd forgotten the password, so I clicked on the forgotten password link and it sent a new password to her mobile. Except the password didn't work. I generated passwords three times and none of them worked. FAIL.
And phone support doesn't work since vodafone phone support isn't 24x7. FAIL.
So I logged in to my account (I use the Revelation password manager in Ubuntu to store my passwords) and I noticed that I could pay for prepaid credit to (via credit card) go to any mobile phone. So I used that to send credit to my wife's phone.
But vodafone FAIL isn't done. Vodafone accepts the credit card number on their site instead of having the credit card transaction be processed through a dedicated credit card gateway. In the name of usability they allow myvodafone users to store their credit card information *in*their*profile*. So they're not dropping the credit card information as soon as the credit card transaction is done, they're really storing the credit card information in their database.
Well, they'd better be really security paranoid over there.
No comments:
Post a Comment