mwave requests bank logins of customersNovember 17, 2016
Right when you thought security couldn’t get any worse
This blog will be short and sweet because a few images say it all.
I’ve spent a lot of time trying to educate people on being careful with credentials. It really doesn’t help when I try to place a purchase with a “legitimate” supplier, and, after handing over valid credit card details, I get this:
Not only is it not a troll, it’s well documented in their FAQ:
Yes, I’ve spoken to them. They don’t see an issue. Yes, mwave thinking requesting your bank login credentials is just a normal thing.
Despite promises to keep this short, here are a few additions I’m compelled to add:
- Mwave have indicated a refund will be forthcoming, once this is escalated to someone with authority. Although they were fairly non-comittal about this, I don’t currently have a reason to believe I won’t see the money.
- Mwave actually do accept Paypal. If I had known about this situation, I would have just used that. My Paypal usually has a low limit card attached, and this was supposed to be the low friction method of placing a larger order.
- American Express have been shown these images. Well, the direct URLs. They were very professional about ensuring the refund is forthcoming.
- Please, please, stop insisting that I should report this to the PCI council for immediate action. They are not an enforcement agency.