Is there security flaw in this design?

imgrooot · September 5, 2017

I apologize if it's the wrong section, I don't know which other section this question would belong in and it is the most popular section on the forum.

Say I have a site where users are can purchase "packages" and to do so, they are sending payments directly to the company using a payment processor. The company tracks all the payments in the back-end. The users are also able to see their earnings, balance and withdrawals.

Normally a user can make a withdrawal request and the company will send that user his earning balance. After the user receives his earnings in his bank account, he can go back to the site and purchase a new package.

That's all great. But what if I want to give an option to the users where they can use the earnings in their account on the site to purchase a new package, instead of going through a payment processor?

For e.g. I have $100 as my earning balance in my site's account. And the package I want to purchase is $50. I can simply purchase that package using the $100 I have in my account, instead of making a withdrawal request and wait for the $100 to show up in my bank account and then I go back to the site and purchase that package using a payment processor, as I did originally.

I am wondering, if I give users that option, do I need to worry about anything security wise? Is that a wise option to give or should I just stick to payment processor for all user payments?

*note I am not asking how to code it.

Edited September 5, 2017 by imgrooot

Psycho · September 5, 2017

There are so much generalization in your question that it is almost impossible to answer with any certainty. But, I will respond:

As I understand it:

1. Users have a 'balance' that you somehow manage.

2. Users can request a 'withdrawal" that will allow funds from their balance to be transferred to their bank

3. User can purchase items through a 3rd party processor which is paid from their bank account

The goal is for users to pay for items directly through their 'balance'

I have no idea how secure #1 and #2 currently are or if there are any checks and balances. For example, does a person review and approve payments to a bank account to ensure users aren't using malicious means to inflate their account? You could already have holes in the security that you are not aware of.

The bottom line (from my perspective) is that a payment processor is in the business of processing payments. That is their #1 point of being in business. And, assuming they have many sites that they support, the probability that any exploits have been found (and fixed) is very high. If you want to build your own custom process for accepting "payments" from the user's balance you will not (I assume) be starting from the same deep knowledge of processing transactions that a 3rd party dedicated to that process will have. It is also more likely that potential exploits could go much longer without being found and fixed.

Can it be done. Yes. There is no inherent "security flaw" in doing that - it is the implementation that will dictate what flaws, if any, will exist.

To be honest, your whole process seems kind of clunky, but I don't have a clue on your business model.

Good luck with whatever path you take.

kicken · September 5, 2017

There's nothing inherently wrong with the idea. Lots of places do similar things using Reward points, store credits, etc.

Any security problems would arise from how you've implemented the feature.

imgrooot · September 5, 2017

There are so much generalization in your question that it is almost impossible to answer with any certainty. But, I will respond:

As I understand it:

1. Users have a 'balance' that you somehow manage.

2. Users can request a 'withdrawal" that will allow funds from their balance to be transferred to their bank

3. User can purchase items through a 3rd party processor which is paid from their bank account

The goal is for users to pay for items directly through their 'balance'

I have no idea how secure #1 and #2 currently are or if there are any checks and balances. For example, does a person review and approve payments to a bank account to ensure users aren't using malicious means to inflate their account? You could already have holes in the security that you are not aware of.

The bottom line (from my perspective) is that a payment processor is in the business of processing payments. That is their #1 point of being in business. And, assuming they have many sites that they support, the probability that any exploits have been found (and fixed) is very high. If you want to build your own custom process for accepting "payments" from the user's balance you will not (I assume) be starting from the same deep knowledge of processing transactions that a 3rd party dedicated to that process will have. It is also more likely that potential exploits could go much longer without being found and fixed.

Can it be done. Yes. There is no inherent "security flaw" in doing that - it is the implementation that will dictate what flaws, if any, will exist.

To be honest, your whole process seems kind of clunky, but I don't have a clue on your business model.

Good luck with whatever path you take.

Yes I am worried about a user finding a way to inflate their account earnings on the site. But how likely will that be if I am using an SSL certificate and PDO with parameters for code?

Sepodati · September 6, 2017

But how likely will that be if I am using an SSL certificate and PDO with parameters for code?

Those are two of many vectors. Simply using them doesn't make anything inherently secure.

Sign In

Is there security flaw in this design?

Recommended Posts

imgrooot

Link to comment

Share on other sites

Psycho

Link to comment

Share on other sites

kicken

Link to comment

Share on other sites

imgrooot

Link to comment

Share on other sites

Sepodati

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information