Topic: Paxum.com Issues: Recommend *Against* Using Paxum Now - page 2. (Read 9995 times)

Hey, she started it, what with telling us she was checking and all :-)

All right guys, stop drooling and stay focused on the technical issues.

Women tend not to be tech geeks, unless it's Jeri Ellsworth ofc. But would be cool. Proof would be nice

You mean, on top of being a smart cookie, and having a husband, she's also attracted to the same sex... I think I'm in love :-)

Right, thanks for the clarification.

Everything we do at the end is to protect our clients. If we dont we put everyone at risk. Even if that means rejecting some documents you all feel should work

Better safe than sorry ... right?

If you mean the same as her husband, then yes.

Further to my previous post on the difficulty of getting verified with Paxum, I had an email exchange with Chris. I accept his explanation for why the procedure may seem more difficult than is warranted, and on the face of it it seems to be so for the benefit of us, the customers.

He also offered a pretty easy solution, which I stupidly hadn't though of myself, to get around the problem.

So far, so good.

Am i to understand you are sexually attracted to the same sex?

A thousand apologies... I shouldn't have assumed. In my defence, women seem to be scarce in these forums, enough that there's a whole thread about it, and another thread devoted to a single tattoo... sheesh!

You poor husband is a lucky man.

I'm not hostile to Paxum either, and I don't think Paxum is trying to defraud anyone. I wouldn't read as much into these particular issues as ErgoOne seems to.

But I will say one thing from my own experience: It is very easy for non-technical people to assume that because someone knows how to do something and make it work, they also know how to make it secure. And it's easy to assume that because nothing bad has happened for awhile, your system must be at least reasonably secure. And it's easy to assume that because a system is growing, it's also growing more secure -- surely someone's doing that, right? However, these three assumptions are entirely false.

This is especially true for innovative companies that experience fast growth. Mt. Gox, for example.

A small anecdote: The last breach I helped clean up involved a software defect that could have leaked a small, growing company's entire customer and transaction database. The programmer whose code had the bug knew that his code had this type of bug, but he believed it was too difficult to exploit because he didn't know an easy way to exploit it. He, of course, was not a computer security person, so he had no idea that there are toolkits available that make exploiting bugs of this type extremely easy.

And one final point: If you ask these people if they take security seriously and if their code is secure, they will say yes because they honestly believe that they are. And they believe there's no need for other people to audit them. When they see how many vulnerabilities there are and how easy they are to exploit, they are frequently quite surprised. People who aren't security experts just don't understand what the threats actually are.

She.  At least, last I checked.  (My poor husband would be quite shocked if it turned out otherwise.)

I'm not even close to signing up with Paxum because I want to wait and see about some other stuff, and because I have no need for their service.  

But I will agree w/ Mr Katz (as seems to be often the case) that these issues don't strike me as the kinds of red flags that I would be especially  concerned about.  Indeed, it seems like they are practicing defensive programming in certain of these issues, and that is in my book a very good thing.  

Obviously it would be a good thing if the end user experience was better, but I personally would gladly trade this to avoid the hassle of being caught up in some fraudulent use fiasco.

Regarding the Email issue - again we have never heard of this before at all. I will have a tech look at it but to be honest this seems to be a very isolated incident.If this was a common issue i'd assume we would of been made aware of this when we first launched and had 1000's of accounts created in a matter of days.

I appreciate your feedback and we do take it all in and discuss it and always improving our services.

If you would like to email me any more specifics to this that may not be for the public eye to see shoot me an email [email protected] - and we can get this all sorted with our tech guys

Regards

Chris

From your mouth to God's ears. :-)  I expect that it will take more than a week, but the problems are definitely fixable.  These are not issues associated with a lack of integrity or fundamentally careless attitude, but with a new company that needs expertise in something that it lacks expertise in.  I will probably try Paxum again in a couple of months if I see reason to think that they've fixed the problems.

But not right now.

Chris, the problem isn't just with Thunderbird. I verified that the same issue comes up with several other email clients as well.  One of them was the standard Macintosh email client; my husband has a Mac Pro and I tested with it.  Only certain webmail clients display your emails as rendered HTML.  

Outside auditing of your site is a good thing.  Frankly, from my experience, it has probably saved your bacon more than once because the people who are designing, coding, and managing the web site show every sign of not knowing how to do this kind of work.  You *really* need to get some more experienced developers ASAP.

I'm a technical writer by profession, but also do a lot of QA as part of my job.  I work for a Fortune 500 company, in the division that provides security "solutions" (I HATE that term) for protecting customer-facing web portals for companies and organizations that have high security needs, such as banks and financial institutions.  The technical side of your business is exactly the sort of thing that I spend most of my working day understanding, documenting, and figuring out how to protect.  (As in -- write use cases for.)

I'm not hostile to Paxum.  Nor do I think Paxum is trying to defraud anybody; I see no sign of that at all.  What I do see is a sign of lack of sufficient experience in designing and managing secure web sites.  You *MUST* get people in there who know how to handle the types of security required for a financial institution.

I opened an account with them, sent them Scanned Passport that I have saved from PayPal, MoneyBookers etc, and sent Utility Bill.
They rejected the Passport because a part of the top edge was too close to the edge of the scan. So I sent a scan of another Government ID as my Passport is in my Parent's house in a safe so I don't keep it in mine

Still no dice.

So I closed the account. I didn't even want to use it for deposit just withdrawal.

R

Don't worry, Chris. If you address these issues, you'll likely find that Ergo will change the name of this thread. He's a completely different kind of person to the ones that attacked you in other threads.

And if it makes Paxum more secure and user friendly in the future, that can only be good, right?

We have been running for awhile and have processed thousands upon thousands of accounts with out any major issues. The PDF and email issue is very new to me and we have not be alerted to it until this post by any client. Same for the PDF issue.

Regards
Chris

These are very typical of the issues you have when a service goes live, especially when external events force your timing. I bet these will all be sorted out within a week at most.