05-01-2020 07:47 AM - edited 01-05-2022 10:36 AM
I just called the self serve Public Mobile number from another phone. It asked to enter my phone number and I did. And it went straight to my account. And i was able to make a payment. It never asked for a PIN. Why is that? Is there a setting to make the PIN required while dialing from another device. Im pretty sure when I first dialed *611 I set it so it dosent require a PIN only on MY device. Anybody can just call that number and enter my phone # and they can do whatever they want.
I it realized requires a PIN for some account actions like buying a addon. But not for the CC on file. This should be looked into as this is a sequrity risk.
05-01-2020 09:46 AM - edited 05-01-2020 09:50 AM
Do you mean 611 or the toll free number? When I dial 611 using my Telus Home Phone I get into that IVR.
But what does it matter? The only harm is if someone drains your credit card into your PM account leaving you with no more credit available. But what would they do with it? So if you're worried about it maybe use a prepaid/reloadable card.
You need a PIN to hear your usage, buy add-ons and toggle autopay.
I say mole hill.
05-01-2020 09:46 AM
They would not want to prevent you from paying your bill. If you can't get into three account and mods are taking too long, this will save the day. That is what we offer to people with the message 'help I have to pay but can't log in' if card is invalid they also have to get a voucher
There is the limit to the withdrawal.
Still you don't want to leave your phone will a kid who is learning about numbers as I believe it applies to one transaction, can it be repeated, would they take another 300 off your cc is your account balance is 1000?
05-01-2020 09:45 AM
@Staliger like I mentioned ..I posted about it a few months ago and Tagged Alan/Tiana and the entire thread disappeared.🤔
05-01-2020 09:40 AM
@BearFBI I think, these problems should be addressed to PM team ASAP so they could fix them. These could be very dangerous holes in the system and can be abused by hackers, especially if PM would become more and more famous.
05-01-2020 09:39 AM
@will13am is there a way to turn this function off for our account?
Can we make it so you can only access your account through self serve? I would say this is only troubling because some folks choose to use their phone number as their user name. And I get it that's not super wise...
05-01-2020 09:35 AM
I previously posted about 611 (more specifically 1-855-4PUBLIC) allowing you to hear anyones balance and renewal date here:
But holey moley, someone could cause some major grief for public mobile users if they can cause unauthorized credit card topups on behalf of the account owner without a pin!
Imagine... one day I get a mysterious text saying my $100 topup was successful... and then possibly multiple times. No benefit financial benefit to the perpetrator in theory, but could be a major financial cashflow problem for the account owner!
05-01-2020 08:12 AM
@gblackma What! That needs to be adressed. This shouldn't be happening. It should require a PIN. It only asked for a PIN when I wanted to buy an addon but I never tried the CC because I didn't need to make a payment.
05-01-2020 08:09 AM - edited 05-01-2020 08:17 AM
@BearFBI , @Jb456 there's also another bug. If there is a credit card on file you can dial 611 and deposit up to $150 at a time and I dont know if there is a limit to the amount that can be added. No pin required.
I can understand being allowed to add vouchers with no pin required. But your credit card should require a pin.
05-01-2020 08:05 AM - edited 05-01-2020 08:07 AM
@BearFBI Yes I agree.. but as mentioned it was brought to PMs attention a few months back and they simply deleted the entire thread.
It was around the time that Koodo released info that they were hacked and people's account info was being sold on the black market and that they set up port protection. So people here were asking about what type of protection does PM have as a few members started becoming victims of sim swap.
Anyways entire thread magically was deleted and never brought up again. But yes calling from another phone besides your own cell phone should ask for your pin before hearing anything about your account. Anyways I suspect this thread will likely disappear soon 😂
05-01-2020 08:00 AM - edited 05-01-2020 08:06 AM
@Jb456 It should require a PIN right after you input your Phone #. It is flawed by design. That needs to be changed. Every other prepaid service I've used it asked for a PIN right after it asked for the Phone #. Then after the PIN it was able to read the next cycle date etc.
05-01-2020 07:59 AM
@BearFBI , give yourself a solution and a pat on the back. 😀
05-01-2020 07:57 AM - edited 05-01-2020 07:59 AM
This is something PM never addressed.
When you call 1-855-4PUBLIC You can get right into your account.
I made a thread about it a few months ago and Tagged Alan/Tiana. Someone at Public Mobile choose to delete the entire thread and it was never brought up again. It was around the time when a few members started becoming victims of sim swaps and PM made an announcement about that....
You have to put your pin to make a payment..but I agree system should ask for it when calling from another phone and not from your cell phone. Seems like anyone can get your details this way about the account but not do transactions.