So somehow, I apparently mixed up #IBAN numbers and ended up setting up two direct debits in my ex-landlord’s account instead of my own, which leads me to the question: How the heck does that pass even the most basic security checks? Do they not even check that the name on the account matches the one provided? (I managed to get my name right, at least.) Otherwise, it basically means anyone can set up a direct debit for anyone else if they know their IBAN, which is absolutely bonkers.
Conversation
Notices
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:33:27 JST Aral Balkan -
Embed this notice
SkyNebula (skynebula@mastodon.social)'s status on Sunday, 07-Jan-2024 02:37:40 JST SkyNebula @aral Yup, that's a huge security flaw!... 🤦♂️
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:37:40 JST Aral Balkan @skynebula I mean thank fuck we have a good relationship but bloody hell… It definitely shouldn’t be that easy.
-
Embed this notice
Ahmet Alphan Sabancı (ahmetasabanci@mastodon.social)'s status on Sunday, 07-Jan-2024 02:54:46 JST Ahmet Alphan Sabancı @aral on my bank app in Turkey, if I don’t have the IBAN saved it always makes me write the full name of the account holder and shows me the first letters to control before sending any money. I don’t know if it allows the transfer if the name is wrong but I always assumed that’s the case because my bank even personally called me one time because someone sent money to my wrong currency account to verify.
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:54:46 JST Aral Balkan @ahmetasabanci Well, sending money is one thing but with a direct debit you’re authorising a third party to *withdraw* money from that account so it’s even worse.
-
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:56:13 JST Aral Balkan @punkscience_ns And that’s the problem: a direct debit is authorisation for a third-party to withdraw from someone’s bank account.
-
Embed this notice
Darryl Wright (punkscience_ns@me.dm)'s status on Sunday, 07-Jan-2024 02:56:14 JST Darryl Wright @aral I'm actually not sure it's a security flaw. Here in Canada you can walk into a bank and -- given the account holders information -- deposit money into anyone else's account freely. It would be a security flaw if you were trying to withdraw, of course.
But giving/gifting/depositing money kind of should be an open thing if you think about it. -
Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:57:02 JST Aral Balkan @alper Yep, they took payment from that account which is what alerted my ex-landlord, which is what alerted me.
-
Embed this notice
Alper (alper@sfba.social)'s status on Sunday, 07-Jan-2024 02:57:03 JST Alper @aral but did the transfer happen? I think that's when the system should flag it for human check, not when you enter as a setting up step.
-
Embed this notice