Rysiekúr (old account)Jul 8, 2017

What. The. Actual. Fuck.

#OneProvider requires "verifying" my credit card details by sending them a photo of myself holding my ID, and a photo of me holding the credit card in question.

Are they out of their minds? No, honestly, what have they been smoking and where can I get some!

#InfoSec

https://mastodon.social/media/CIpFvg9yMTlToU4MKmQ

Show threadKrzysztof Jurewicz

@rysiek It seems they’re trying to perform customer authentication in an analogous way to mortar services. The question is, are there any laws imposed by the #government that require this behaviour or is this fault of some overzealous lawyer?

By the way, if they treated that seriously, they should require putting some additional data on the photos to protect from replay attacks.

Jul 9, 2017 at 8:18amWeb
Show threadRysiekúr (old account)Jul 9, 2017
@KrzysiekJ exactly. They're not getting my photo with my ID card for many reasons, potential replay by a malicious employee is one.