From the top comment, speaking to support on the phone:
> "He then admitted that the issue was that The App would occasionally load the wrong user's account, which was allowing people to purchase using someone else's CC."
If that is what is happening, maybe it is similar to the caching issue Steam had when serving store pages a year or two ago.
> "I expected them to do the refund because it was their fault," he said. "It's their application. If it's not secure, they should take responsibility."
The internet has been retelling some version of this story forever: company system screws paying customer, and company refuses to help or even admit a problem.
Wow they just told him to deal with his bank. Be like getting mugged in a store and the store says to just go to the police, they have nothing to do with it. Pretty shallow...
I don't think the MyMcD application allows use of Canadian debit cards, which can't generally be used online [0]. I think it only allows credit cards—I've tried adding a credit card to take advantage of a deal, but the app is so terrible that I gave up after 15 minutes.
[0] Canadian debit cards are secured through chip and PIN, and the number on the front isn't a secret. You can use things like online bill pay or Interac e-transfer (which is not really used by businesses), and some banks allow you to create a virtual Visa card that's attached to your chequing account, but debit cards themselves are physical tokens that can't be used online.
Were these users on the Android version of the app? Would this exploit be device agnostic or would something in how Android handles in-app payments have effected this? Does the platform matter here?
neetodavid|6 years ago
From the top comment, speaking to support on the phone:
> "He then admitted that the issue was that The App would occasionally load the wrong user's account, which was allowing people to purchase using someone else's CC."
If that is what is happening, maybe it is similar to the caching issue Steam had when serving store pages a year or two ago.
irq-1|6 years ago
The internet has been retelling some version of this story forever: company system screws paying customer, and company refuses to help or even admit a problem.
thatoneuser|6 years ago
rhinoceraptor|6 years ago
frosted-flakes|6 years ago
[0] Canadian debit cards are secured through chip and PIN, and the number on the front isn't a secret. You can use things like online bill pay or Interac e-transfer (which is not really used by businesses), and some banks allow you to create a virtual Visa card that's attached to your chequing account, but debit cards themselves are physical tokens that can't be used online.
newsoul2019|6 years ago
[deleted]
codedokode|6 years ago
ydnaclementine|6 years ago
dumpValves|6 years ago
[deleted]
LikeItMatters|6 years ago
[deleted]
crsv|6 years ago