Conversation

Notices

1. Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:33:08 JST Aral Balkan

   So somehow, I apparently mixed up #IBAN numbers and ended up setting up two direct debits in my ex-landlord’s account instead of my own, which leads me to the question: How the heck does that pass even the most basic security checks? Do they not even check that the name on the account matches the one provided? (I managed to get my name right, at least.) Otherwise, it basically means anyone can set up a direct debit for anyone else if they know their IBAN, which is absolutely bonkers.

   #ireland

   • Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:37:21 JST Aral Balkan

     in reply to

     • SkyNebula

     @skynebula I mean thank fuck we have a good relationship but bloody hell… It definitely shouldn’t be that easy.

   • SkyNebula (skynebula@mastodon.social)'s status on Sunday, 07-Jan-2024 02:37:22 JST SkyNebula

     in reply to

     @aral Yup, that's a huge security flaw!... 🤦♂️

   • Ahmet Alphan Sabancı (ahmetasabanci@mastodon.social)'s status on Sunday, 07-Jan-2024 02:54:28 JST Ahmet Alphan Sabancı

     in reply to

     @aral on my bank app in Turkey, if I don’t have the IBAN saved it always makes me write the full name of the account holder and shows me the first letters to control before sending any money. I don’t know if it allows the transfer if the name is wrong but I always assumed that’s the case because my bank even personally called me one time because someone sent money to my wrong currency account to verify.

   • Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:54:28 JST Aral Balkan

     in reply to

     • Ahmet Alphan Sabancı

     @ahmetasabanci Well, sending money is one thing but with a direct debit you’re authorising a third party to *withdraw* money from that account so it’s even worse.

   • Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:55:54 JST Aral Balkan

     in reply to

     • Darryl Wright

     @punkscience_ns And that’s the problem: a direct debit is authorisation for a third-party to withdraw from someone’s bank account.

   • Darryl Wright (punkscience_ns@me.dm)'s status on Sunday, 07-Jan-2024 02:55:55 JST Darryl Wright

     in reply to

     @aral I'm actually not sure it's a security flaw. Here in Canada you can walk into a bank and -- given the account holders information -- deposit money into anyone else's account freely. It would be a security flaw if you were trying to withdraw, of course.
     But giving/gifting/depositing money kind of should be an open thing if you think about it.

   • Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 07-Jan-2024 02:56:45 JST Aral Balkan

     in reply to

     • Alper

     @alper Yep, they took payment from that account which is what alerted my ex-landlord, which is what alerted me.

   • Alper (alper@sfba.social)'s status on Sunday, 07-Jan-2024 02:56:46 JST Alper

     in reply to

     @aral but did the transfer happen? I think that's when the system should flag it for human check, not when you enter as a setting up step.