Rysiekúr (old account)Jul 8, 2017

What. The. Actual. Fuck.

#OneProvider requires "verifying" my credit card details by sending them a photo of myself holding my ID, and a photo of me holding the credit card in question.

Are they out of their minds? No, honestly, what have they been smoking and where can I get some!

#InfoSec

https://mastodon.social/media/CIpFvg9yMTlToU4MKmQ

Show threadmulanderJul 8, 2017

@rysiek that sounds like a setup for identity theft. Seriously it's stupid.

This reminds me of a credit card company asking customers to take interesting vacation pictures with their new card... Think niebezpiecznik covered that?

Show threadRysiekúr (old account)Jul 8, 2017
@mulander @munin honestly, this doesn't even sound legal. I wonder what would happen if I sent this the private data ombudsman's office way.
Show threadmulander
@rysiek @munin it is not legal in Poland if you are still here. I recently told a bank to GTFO when they wanted to scan my ID - identifying with a document is not the same as storing and processing it.
Jul 8, 2017 at 8:18pmWeb
Show threadKrzysztof JurewiczJul 9, 2017
@mulander @rysiek @munin The funny thing is that identity card (named “proof of identity” in Poland) doesn’t actually prove anything besides the data it encompasses. Therefore you can use it for identification, but what’s probably required is authentication, so a photo of an user holding an id could be imaginably stored as a proof that that procedure had occured.