cancel
Showing results for 
Search instead for 
Did you mean: 

*611 number not asking for PIN from Another phone

BearFBI
Deputy Mayor / Adjoint au Maire

I just called the self serve Public Mobile number from another phone. It asked to enter my phone number and I did. And it went straight to my account. And i was able to make a payment. It never asked for a PIN. Why is that? Is there a setting to make the PIN required while dialing from another device. Im pretty sure when I first dialed *611 I set it so it dosent require a PIN only on MY device. Anybody can just call that number and enter my phone # and they can do whatever they want.

 

I it realized requires a PIN for some account actions like buying a addon. But not for the CC on file. This should be looked into as this is a sequrity risk.

72 REPLIES 72

Anonymous
Not applicable

 @esjliv 

As far I know, the only things available without a PIN are redeeming a voucher and hearing the balance and due date. Everything else needs the PIN.

Are you saying it's different with the 855 #? I haven't tested that.

@esjliv 

The pin is asked for now....to perform any action other than adding a voucher ( I believe.) I havent tested it out for about a month now....


@esjliv wrote:

Alright...reading this thread from a few months back.

 

This. IS. Not. Right!

 

The PIN should be asked for immediately after entering your 10-digit number. How can this even be any other way?

Does anyone have an update on this?

Should we (well, I will) be pinging anyone about it, like today?

 

 


Tagging the PM reps. I currently see online.

@Erin_O 

@David_J 

I see this as a Privacy Issue; can it be looked into ASAP.

Alright...reading this thread from a few months back.

 

This. IS. Not. Right!

 

The PIN should be asked for immediately after entering your 10-digit number. How can this even be any other way?

Does anyone have an update on this?

Should we (well, I will) be pinging anyone about it, like today?

 

 

@Anonymous 

It's like riding a bike in the city....95% defense and 5% offense. I just assume everybody is out to kill me and I do just fine.

Anonymous
Not applicable

@darlicious wrote:

@Anonymous 

To thwart a fraudster you must think like a crafter, slyer and sneakier fraudster.


Oh I'll play defense. I don't post my real self anywhere. My real self hasn't been on the internet since the early 2000's but I've certainly been active participating here and there since then. If my real self is somewhere then I have what I think to be pretty good passwords.

Defense.

@Anonymous 

To thwart a fraudster you must think like a craftier, slyer and sneakier fraudster.

Anonymous
Not applicable

Apparently I don't have much of a criminal mind nor the drive for revenge.

I'll defer to all the brains here.

@benfatto 

The ban was enacted two weeks after I joined and removed about a month ago......the bf sorted me out as part of his penance. Let big_rick be a lesson to all those coming up with humorous user names.

benfatto
Deputy Mayor / Adjoint au Maire

@darlicious A VPN can bypass most IP blocks. 

@Jb456  I would think its possible.....look at the bf as an example. Banned for the longest time from the community so unable to access customer support. With the lifting of the IP address ban he has a community account but cannot verify thru there because his email is banned so he's using an alias. So all support had been thru a third party (me). The more I think about it....hes lost so many phones....IMEI is accessible, phone number, name.....thats enough to port and a few more details like plan amount ,due date, account balance there's a good chance.

@BearFBI  maybe so. But I don't have an alternate number and I'm on auto-pay....ok so I get robbed..there goes my phone and wallet. So now I don't remember my cc number nor have a phone to receive a text.

 

I don't know how long you been on these forums but some new Moderators I guess practice on here at times and see info is given out wrong or they private message the wrong person.

 

It could happen, just saying.......or ok let's say not an "online spammer" just a local one that goes through digging in garbage cans..people leave stuff untouched and don't shred it. Maybe they find a CC bill. That shows everything..last 4 digits of CC, last transaction to PM.

 

Anyway just saying it could happen...

BearFBI
Deputy Mayor / Adjoint au Maire

@Jb456 The scammer would need the victim's phone. They would probably send a Txt verification and they will ask for last topup date, last txt message sent, most frequently texted person, alternet phone #, and other stuff scammers would have a hard time getting.

@darlicious  after your post just a thought...if someone finds a number I don't know let's say on a Facebook profile (talking about scammers) and then do their searches on google to get name and address.

 

Then they just randomly call cell companies to see who has the number and turns out to be Public Mobile

 

I'm curious if they would have enough information to get access to the account.

 

Ticket like.

 

I forgot my password and my wallet was stolen but here is my full name, my address and my email address. this is my PM phone number...(.and by calling the PM number  they get some details)....here is my current account balance..my next payment date.

 

Wonder if a new moderator would reset the password for them the scammer.

@Anonymous 

   Regardless of how easy as @gblackma  suggests it might be or how difficult.....account and credit card security should be a top priority. While the ability to fraudently gain access to the funds might be low the ability to make someone's finances/credit a giant nightmare is not. Using the ex as an example....they could load a whack of credit onto your balance in your account and port out your number. There by closing the account, funds technically disappearing and walking away from the newly ported number. Little or no police investigation would be involved if no funds were absconded but that be a giant mess for the "victim" to have to get cleaned up......is an issue/loophole that needs to be permanently closed for customer confidence.

Anonymous
Not applicable

@gblackma wrote:

@Anonymous correct me if I'm wrong. Since your pin is required to buy an addon, then the code already exists. Isn't it just a matter of switching that code from there and placing it at the start of the 611 system? Thanks.


How should I know? Simply that these things take time. How far up the priority list do you suppose this suggestion is? Do we all actually imagine that they're not aware of all the inconsistencies and bugs in the system? It costs money to fix things. The mothership clearly has no interest in making this place perfect.

@Anonymous correct me if I'm wrong. Since your pin is required to buy an addon, then the code already exists. Isn't it just a matter of switching that code from there and placing it at the start of the 611 system? Thanks.

I believe it's really useful to have ability to pay when totally locked out and no access to phone, to prevent suspention.

 

I also believe that there should be a max that account could hold and still be able to withdraw from a credit card. 

If you want more you should have to do it through moderators. I can't imagine why would you want to have for example one year worth of your plan if you are not on the cheapest plan. I know somebody who does that but she's on the cheapest plan with some rewards so it's a bit less than 100.

For anything more I really can't see logic, but people like choices I guess

Anonymous
Not applicable

@BearFBI wrote:

@gblackma Exactly! What were they exactly thinking while building the self serve system. Why would they put a PIN on addons but not on CC payments. Every 611 system I know of is PIN protected. We shouldn't have to take all these extra measures for protecting our CC. Our CC should be protected by their systems and the 611 system is a flaw of that. If Public Can't get a 611 system right then we should avoid putting a CC in their system altogether. Its a simple fix. Although the *611 might have to be down for half an hour to apply the changes. 


Funny how all the armchair experts think it would just be a simple fix for all the suggestions that come along. This place is low budget, starved by the mothership to take the revenue and barely put anything into it.

Feel free to buy vouchers and not enter some kind of payment card. We all have choices. No one is putting a gun to your head.

BearFBI
Deputy Mayor / Adjoint au Maire

@gblackma Exactly! What were they exactly thinking while building the self serve system. Why would they put a PIN on addons but not on CC payments. Every 611 system I know of is PIN protected. We shouldn't have to take all these extra measures for protecting our CC. Our CC should be protected by their systems and the 611 system is a flaw of that. If Public Can't get a 611 system right then we should avoid putting a CC in their system altogether. Its a simple fix. Although the *611 might have to be down for half an hour to apply the changes. 

@Anonymous  it's not a choice we should have to make the 611 system should be pin protected. If they can require a pin to buy an addon it can be done for the whole system.

Anonymous
Not applicable

@Naepalm wrote:


I like the extra 2% I get from my credit cad though....LOL


Those are choices you are free to make. Have at it.


@Anonymous wrote:

@BearFBI wrote:

Thanks @Nezgar. I hope they fix this issue. But by the looks of it it sounds like they won't. They removed @Jb456's Thread and never fixed it. Eventually they will have to if more people keep talking about this. Keep us updated on what they say.


They can barely fix lines of text let alone system updates like this. I wouldn't hold my breath. Just protect yourself. Use Koho. Get cash back. Your only risk exposure is that prepaid balance not your credit limit on a full-on credit card. Don't let boyfriends/girlfriends have access to your personal finances. Joint things of course would be trickier.


I like the extra 2% I get from my credit cad though....LOL


@Naepalm wrote:

@will13am is there a way to turn this function off for our account? 

 

Can we make it so you can only access your account through self serve? I would say this is only troubling because some folks choose to use their phone number as their user name. And I get it that's not super wise...


I don't believe customers can request customizations in account access.  

@Anonymous  The ex only needs to know your phone number.......

Anonymous
Not applicable

@BearFBI wrote:

Thanks @Nezgar. I hope they fix this issue. But by the looks of it it sounds like they won't. They removed @Jb456's Thread and never fixed it. Eventually they will have to if more people keep talking about this. Keep us updated on what they say.


They can barely fix lines of text let alone system updates like this. I wouldn't hold my breath. Just protect yourself. Use Koho. Get cash back. Your only risk exposure is that prepaid balance not your credit limit on a full-on credit card. Don't let boyfriends/girlfriends have access to your personal finances. Joint things of course would be trickier.

BearFBI
Deputy Mayor / Adjoint au Maire

Thanks @Nezgar. I hope they fix this issue. But by the looks of it it sounds like they won't. They removed @Jb456's Thread and never fixed it. Eventually they will have to if more people keep talking about this. Keep us updated on what they say.

Mods have initiated a PM with me regarding this, so they're aware of this thread.

 

@kselmakGood point about having a way to pay if you don't know your PIN. I think that should be limited to only the amount needed to reactivate though, and require a PIN for any additional amount...

@Anonymous 

Molehill? Look at the financial crisis were in....if you did get your credit card drained into your account which is technically non refundable......and if refunded back it takes a month! We advise people all the time what a pain it is to do a refund. You would have to pay your credit card before you get the refund. A vindictive ex could really do a number on someone.

BearFBI
Deputy Mayor / Adjoint au Maire

The PM team needs to fix this sequrity issue. I dont want money draining from my CC to my PM account. People can make 150$ payments at a time. Its a big problem. I understand how it can be convenient if you forget your password or PIN. But its a HUGE sequrity risk.

Need Help? Let's chat.