742 replies to this topic

[sl75]

Ledney, on Jul 15 2010, 03:44 PM, said:

I'm sure there's a logical reason for doing it that way, but it escapes me at the moment!

I'd assume the auditors would want Zopa to account for every penny of money in the holding account......... and without having some salami-sliced pennies with shared ownership.

Edited by sl75, 15 July 2010 - 16:16.

[Ledney]

sl75, on Jul 15 2010, 05:13 PM, said:

I'd assume the auditors would want Zopa to account for every penny of money in the holding account......... and without having some salami-sliced pennies with shared ownership.

I don't get having the total payment to the nearest penny only, and then splitting that up to 8 dp between capital and interest.

I would expect the total to be paid to be correct to 8 dp and split to 8 dp between capital and interest and any fractions that could not be paid to be carried over and added to the next month's payment. Do they do something like that with the left over fractions of the components anyway? Or do they assume the rounding up or down averages itself out?

As you say, maybe they want each month to be tidily finished with no leftovers.

[borrow]

  

Edited by borrow, 15 July 2010 - 19:24.

[figures18]

Check this out  http://talk.zopa.com...?act=boardrules

[Half Term Dates]

figures18, on Jul 15 2010, 08:19 PM, said:

Check this out  http://talk.zopa.com...?act=boardrules

I'd give up, i really would

[borrow]

Half Term Dates, on Jul 15 2010, 08:21 PM, said:

I'd give up, i really would

Give up what?  

[sl75]

Ooooh... "an exclusive chance to visit YES-secure.com Support Office at Indore" (which the wiki tells me is a major city and commercial center of the state of Madhya Pradesh in central India)

[Ledney]

sl75, on Jul 15 2010, 08:28 PM, said:

Ooooh... "an exclusive chance to visit YES-secure.com Support Office at Indore" (which the wiki tells me is a major city and commercial center of the state of Madhya Pradesh in central India)

I worked on a project in Indore, in my youth. My hotel room got filled with (killer?) bees. I had wondered why there were so many bee eater birds around! But had a very nice time for all that.

Just remembered the flight from Delhi was a bit scary, but it was a long time ago.

Edited by Ledney, 15 July 2010 - 20:57.

[Rob_Riv]

borrow, on Jul 15 2010, 08:15 PM, said:

  

borrow, don't spam.

Edited by Rob_Riv, 15 July 2010 - 21:02.

[elljay]

Rob_Riv, on Jul 15 2010, 10:01 PM, said:

borrow, don't spam.

Ok, let's chill please.  Hit the report button if you have a problem with a post please so the mods can deal with it.

Yes-Secure is strictly speaking off-topic for a area about lending at Zopa, so I suggest we continue the discussion in the Chat area.

[George Formby]

I just signed up to have a look around, and received an email to say "Your new YESpay Wallet account has been created", which included my password in plain text.       

I am livid.  If they're that careless with my password, they won't be seeing any of my money.

That email was on my PC, and on gmail's servers.  If I hadn't deleted those emails, then if my email or PC was hacked, or I just happened to leave my PC logged on, then someone would have my YESpay password, and they can probably guess the other stuff they need to log on.  

I actually use different passwords for everything, but most people don't, and that opens up lots of other avenues of attack for fraudsters.

It's a financial site ffs!  How about calling themselves YES-insecure ?

[Gorgeous George]

I wonder how many people have sed the same or similar password for YS as they do for Zopa. Or worse still, for Internet banking.

GG

[elljay]

George Formby, on Jul 18 2010, 03:46 AM, said:

I just signed up to have a look around, and received an email to say "Your new YESpay Wallet account has been created", which included my password in plain text.       

Doesn't sound very clever!  Did you alert Yespay so they can fix it?

[alexp2000]

elljay, on Jul 18 2010, 08:47 AM, said:

Doesn't sound very clever!  Did you alert Yespay so they can fix it?

Not clever at all.
There is a post on their forum complaining about the fact that the answers to all their 'security questions' are not stored using one way encryption (and are quite probably just stored as text, given what else we've seen). This hasn't received any response from YS at all, which is also very worrying... They have (thankfully) now fixed the ready access to users full names and email addresses though!

Anyone using YS would be mad to re-use any passwords, or answers to security questions. Although it does get a little confusing when you have to start putting something different down for your birth town on every website you log in to!

Edited by alexp2000, 18 July 2010 - 10:22.

[George Formby]

elljay, on Jul 18 2010, 08:47 AM, said:

Doesn't sound very clever!  Did you alert Yespay so they can fix it?

I just emailed them about it.

Maybe this has already been mentioned, but I'm also alarmed to see that if you get the answer to one of your security questions wrong, it just asks you another.  I just tried getting my birth town, then my first school wrong, and it just asked me for my mother's name instead.

So, if you happen to get someone's password from one of those emails, you just need to know the answer to any one of the security questions to log in, then you can find out the answers to the other security questions (since you can view them in your private profile).

NRFPT IMO.  (Not ready for prime time in my opinion).

[alexp2000]

George Formby, on Jul 18 2010, 01:28 PM, said:

Maybe this has already been mentioned, but I'm also alarmed to see that if you get the answer to one of your security questions wrong, it just asks you another.  I just tried getting my birth town, then my first school wrong, and it just asked me for my mother's name instead.

Haha, I found this out at almost an identical time to you. It's an interesting approach to the idea of having a security question. Still I suppose someone trying to break into the account who's done their research will have been sure to find out the users place of birth, knowing it always asks that question first anyway, so it's irrelevant if it loops through the other questions later...

[dag]

alexp2000, on Jul 18 2010, 08:11 PM, said:

the users place of birth,

Hence "I was born under a wandering star"

I also had several different mothers and was a nomad when it came to schools.

The problem is remembering who I am. Bad enough on websites but absolute murder down the pub.

[George Formby]

George Formby, on Jul 18 2010, 03:46 AM, said:

I just signed up to have a look around, and received an email to say "Your new YESpay Wallet account has been created", which included my password in plain text.       

I've had a reply from them saying that they expect to have a fix in place by tomorrow, and will then be emailing members to change their passwords.

They also intend to fix the security questions so that they don't get rotated, and will have the answers stored as a one way hash ( http://en.wikipedia....c_hash_function ).

I'm still not happy about it, and having worked in IT, I suspect it might take them longer than a day to get any changes implemented, but they are responding in the right way, and on a Sunday too.

[easteregg]

There are some worrying discussions on the Yes-Secure forum about the calculation of APR which is a legal requirement in loan agreements.  I'm extremely concerned that this could be wrong and any loans made under these agreements would therefore be unenforceable.

[Gorgeous George]

easteregg, on Jul 21 2010, 12:10 PM, said:

There are some worrying discussions on the Yes-Secure forum about the calculation of APR which is a legal requirement in loan agreements.  I'm extremely concerned that this could be wrong and any loans made under these agreements would therefore be unenforceable.

Might be worth applying for a loan on YS.

(Only kidding).

GG

Edited by Gorgeous George, 21 July 2010 - 12:28.