user name displayed during payment is mostly irrelevant

Bug #1036436 reported by Selene Scriven on 2012-08-13
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Payment service
Low
Selene Scriven

Bug Description

A customer reported that they attempted to buy software and were unable to fill in the correct "real name" data during payment. It used the display name on their Launchpad account, which was a pseudonym. The payment system should probably make the name fields editable to allow for this sort of thing.

I'm still trying to confirm this, but keep running into USC bugs.

On Mon, Aug 13, 2012 at 11:19:48PM -0000, Selene Scriven wrote:
> *** This bug is a security vulnerability ***
>
> Public security bug reported:
>
> A customer reported that they attempted to buy software and were unable
> to fill in the correct "real name" data during payment. It used the
> display name on their Launchpad account, which was a pseudonym. The
> payment system should probably make the name fields editable to allow
> for this sort of thing.
>
> I'm still trying to confirm this, but keep running into USC bugs.
[..]

Please let me know if I can help with any of those USC bugs.

Cheers,
 Michael

Michael, it was just my usual USC issues relating to a non-default desktop (Bug 911706 in particular). But I got my stock Precise box running again and was able to test there.

Anyway, I confirmed what the user reported, though I'm not sure how big an issue it is. Here's what I found:

- The name field during purchase is copied from SSO, and cannot be edited.
- The email field during purchase is SSO's preferred address for the account, not the address actually used during this login session.

The email bit may be a bit of an issue, perhaps, but the name issue seems like it probably doesn't matter aside from being a little confusing. The reason it probably doesn't matter is because, for credit transactions, the "name on card" field is available. And for Paypal transactions, the effective name and email are handled by a third-party system. The customer name listed in Pay doesn't seem like it matters and probably isn't even sent to the bank. It is stored in Pay's transaction record, but shouldn't be visible to the outside.

So, I think the name issue can be addressed by making it more clear that the data isn't sent to the bank. Or, since it seems not to matter, it could probably be made editable without consequence. The email issue could potentially be improved by using the address selected at login, but no one has actually complained about it yet.

The name information displayed during checkout is gathered from the SSO account. In order to edit that information the user should log into his SSO account and edit it there... at some point in the future it might be interesting to do this via an api, so it can be updated from within the checkout process, but that's not possible currently.

Changed in canonical-payment-service:
importance: Undecided → Low

On Wed, Aug 15, 2012 at 9:19 AM, Ricardo Kirkner
<email address hidden> wrote:
> The name information displayed during checkout is gathered from the SSO
> account. In order to edit that information the user should log into his
> SSO account and edit it there... at some point in the future it might be
> interesting to do this via an api, so it can be updated from within the
> checkout process, but that's not possible currently.

If we accept multiple payment sources, its entirely possible - if not
probable that there are folk with mutually exclusive names on
different payments sources. For instance, maiden name vs married name.
Or using their parents credit card. Saying that they have to have one
true name doesn't fit reality all that well.

The displayed "real name" is not being sent as part of the payment authorization process (as Selene correctly state). It's only used as additional information. Therefore it's currently not a blocker.

We could look into why we're displaying this information at all in the first place. It is my understanding we do so in order to confirm the user's stored data (as the email is being used to send confirmation messages -- aka invoices -- to the user). Not being able to edit this might be a shortcoming of the system, but other than generating a bit of confusion, it will not causing any problems for the users.

summary: - should allow changing one's name during payment
+ name displayed during payment is mostly irrelevant
summary: - name displayed during payment is mostly irrelevant
+ user name displayed during payment is mostly irrelevant
Changed in canonical-payment-service:
status: New → Triaged
tags: added: u1-support
removed: os-support
Julien Funk (jaboing) on 2013-01-16
tags: added: u1-by-support
tags: removed: u1-support
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers