Dash cashless – design and operation (HTTPS)

Category : https , security

print

I recently attended a workshop about app/web product design. The presenter asked us to think of a well and badly designed app. Dash sprang to my mind as an example of the latter. While its design is an ongoing issue, it happened at least once that its server certificate expired and users couldn’t do payments.

If you don’t live in the UK or don’t use car parks at train stations (Greater Anglia in my case), Dash is an app that you can use to pay for car parking at train stations. The only other option is cash, which takes a lot of time, especially in mornings.

I am not sure why but someone decided to replace a relatively OK-ish NCP app with Dash cashless for train stations’ car parks a few years back.  

It is an app that has gone a wee bit too far with its minimalistic approach. The latest revamp has even removed location-based search of car parks. As well as information about active parking sessions and the history. The latter was a useful feature as one could find the car park codes as they were no where on the internet.

Why would one need a car park code? For a period of time, one could use their location to find a few nearest car parks. It was a great feature … unless you think of paying 20 miles into your train journey when it becomes useless. In this case you can use a list of car parks – simple! Or not? It turns out that the app orders car parks by their code, rather than location. So while Cambridge has 2 car parks, they are quite some distance from each other in the list. 

One can get used to almost anything though. So even though I didn’t like the app it kind of worked. One day though, I tried to make a payment and I couldn’t. It turned out that the server for card payment processing had an expired HTTPS certificate and iOS refused to connect to it. 

New KeyChest.net has a database of all public certificates to provide search and intelligence capabilities.

KeyChest.net

New KeyChest.net monitoring service (still in beta but not for long). It will continue providing free summaries, as well as new real time notifications.

Dash cashless is not the first service, nor the last, that lost money due to expired certificates.

In this case, I just wonder whether any savings from building own app to collect money from drivers makes up for the business losses and our dissatisfaction.


About Author

Dan Cvrcek

Co-founder of Radical Prime and Enigma Bridge. Indendent consultant on security and encryption systems (incl. large banking, payment, and enterprise systems) ... and a university professor.

Leave a Reply