[BangPypers] [X-post] Registrations are open

Dhananjay Nene dhananjay.nene at gmail.com
Wed Jun 5 09:50:41 CEST 2013


On Wed, Jun 5, 2013 at 12:29 PM, स्वक्ष <svaksha at gmail.com> wrote:
>
> On 6/5/13, vijay <vnbang2003 at yahoo.com> wrote:
> >  Hi,
> >      Registrations are open for PyCon India 2013.
> >        http://pyconindia2013.doattend.com/
> >    Please spread the word and book your early-bird tickets.
>
> I just booked my early-bird ticket and after the payment went through
> DoAttend flagged my transaction because I did not want to provide my
> personal details like my home address to a third-party website like
> doattend.
> I would like to know why DoAttend insists on people wanting to pay
> them money to provide them irrelevant personal details - their email
> AFTER THE card payment WENT THROUGH, claims there is a "minor mismatch
> between the billing address you entered and the one registered against
> your chosen mode of payment" - fwiw, they use ebs.in as the payment
> gateway which after taking your card details redirects you to your
> bank's secure website, where the entire transaction actually occurs.
> Hence, I highly doubt if my bank will give access to external sites
> like Doattend within their online transaction system - if they do, it
> just increases the security risk in my personal opinion. OTOH, If my
> bank is giving access to my personal details to third-party websites
> or even payment gateway providers, I would like to take up this
> privacy breach with them.
> PS: For those who care, the bank sends you a OTP which you can then
> use to validate the transaction just for that instance <-- which is
> how it should be.


Address verification is simply a standard mechanism of managing fiscal
fraud risk.
While I cannot opine on specifics of either doattend or their payment
gateway, I know
for a fact some payment gateways (non-indian) will charge different
amounts based
on whether the vendor attempted an address verification and may choose
to flag off
minor address mismatches or may just entirely reject the transaction
in case of major
mismatches.

I think the financial institutions are entirely within their rights to
ask for such data
which could make doattend require such information from you. It is not
"necessarily"
about doattend wanting to know your details. There does remain a
possibility that the
payment gateway/financial institution wants to manage risk by having that much
additional check you are indeed who you are claiming to be.

Having said that, no, I do not know the specifics of how doattend
works or the exact
nature of payment gateway data interchange in India.


More information about the BangPypers mailing list