mwave requests bank logins of customers

Right when you thought security couldn’t get any worse

This blog will be short and sweet because a few images say it all.

I’ve spent a lot of time trying to educate people on being careful with credentials. It really doesn’t help when I try to place a purchase with a “legitimate” supplier, and, after handing over valid credit card details, I get this:

mware why

Not only is it not a troll, it’s well documented in their FAQ:

mwave request bank logins

Yes, I’ve spoken to them. They don’t see an issue. Yes, mwave thinking requesting your bank login credentials is just a normal thing.


Despite promises to keep this short, here are a few additions I’m compelled to add:

  • Mwave have indicated a refund will be forthcoming, once this is escalated to someone with authority. Although they were fairly non-comittal about this, I don’t currently have a reason to believe I won’t see the money.
  • Mwave actually do accept Paypal. If I had known about this situation, I would have just used that. My Paypal usually has a low limit card attached, and this was supposed to be the low friction method of placing a larger order.
  • American Express have been shown these images. Well, the direct URLs. They were very professional about ensuring the refund is forthcoming.
  • Please, please, stop insisting that I should report this to the PCI council for immediate action. They are not an enforcement agency.