Account verification security | EQ Bank | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Account verification security
December 11, 2018
8:30 pm
Voonex
Member
Members
Forum Posts: 6
Member Since:
December 11, 2018
sp_UserOfflineSmall Offline

Hello,

I'm a newcomer to the site, so if I'm posting this to the wrong forum or violating forum rules, please let me know.

After seeing the recent EQ 3.33% GIC, I thought I would register on their site and check it out. As a part of the registration & verification process, however, they asked for documents, such as a utility bill, to verify my address. No problem - this is all regular business.

What I have a problem with, however, is the fact that they asked me to e-mail them said documents. In the example e-mail text, they even show attaching a credit card statement to an e-mail.

Is it just me that sees this as incredibly negligent way to handle what should be considered sensitive personal documents? It's e-mail 101 to know that under no circumstances should you ever e-mail credit card details. If I called them, they would probably offer me a way to fax said documents. That said, if this is how they treat security, it very much turns me off of wanting anything to do with them.

Please tell me that I'm not alone in this?

December 11, 2018
8:50 pm
Retep
Member
Members
Forum Posts: 80
Member Since:
December 2, 2018
sp_UserOfflineSmall Offline

To answer your question....don’t email a pic or PDF file of credit card statement.

I would not fax.....it is a piece of paper that the janitor can see, be photo copied, put in garbage NOT shredded. etc etc.

Did they ask or just show a credit card statement? Send the least sensitive....PassPort or Drivers License....send copy of DL and even consider covering the DL number.

It is a worth while effort to turn on ALERTS on your Credit Cards and Bank/Credit Union Accounts.

December 11, 2018
9:03 pm
Voonex
Member
Members
Forum Posts: 6
Member Since:
December 11, 2018
sp_UserOfflineSmall Offline

Retep said
I would not fax.....it is a piece of paper that the janitor can see, be photo copied, put in garbage NOT shredded. etc etc.

Excellent point.

Retep said
Did they ask or just show a credit card statement? Send the least sensitive....PassPort or Drivers License....send copy of DL and even consider covering the DL number.  

No. The list of documents they suggest are:
2018-12-11_235255.png

It was simply in the sample they provided where they use "credit card statement" as an example attachment:
2018-12-11_235631.png

I was preparing a redacted version of a utility bill to send them, but this cavalier consideration to security just turned me off completely.

December 11, 2018
9:12 pm
Retep
Member
Members
Forum Posts: 80
Member Since:
December 2, 2018
sp_UserOfflineSmall Offline

With no disrespect to Voonex, I guess the subliminal pic was a way to fool new applicants to give Eq more sensitive info with out showing it as a requirement.

I would pick one of the four with the least info and send and maybe page 2 has your address but less info than what is on page one.

You are absolutely correct in protecting your self!!!!

And is a good thing you are asking.

Will Eq be doing a hard or soft credit check?

It is a worth while effort to turn on ALERTS on your Credit Cards and Bank/Credit Union Accounts.

December 11, 2018
9:19 pm
Retep
Member
Members
Forum Posts: 80
Member Since:
December 2, 2018
sp_UserOfflineSmall Offline

Is Eq the bank that does NOT offer joint accounts? Is Eq always having special rates?

Does Accelerate or Oaken have similar rates to Eq?

It is a worth while effort to turn on ALERTS on your Credit Cards and Bank/Credit Union Accounts.

December 11, 2018
10:03 pm
Loonie
Member
Members
Forum Posts: 9395
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

No joint accounts at EQ.

December 11, 2018
10:40 pm
Vatox
Member
Members
Forum Posts: 1218
Member Since:
October 29, 2017
sp_UserOfflineSmall Offline

When I signed up with EQ, there was no requirements for documents at all. Not sure why you were asked to provide paper documents. Perhaps the initial credit check and verification had trouble verifying current address. Or has the process changed now.

December 12, 2018
9:08 am
hwyc
GTA
Member
Members
Forum Posts: 1280
Member Since:
September 30, 2017
sp_UserOfflineSmall Offline

Ditto. Their FAQ section mentioned two "Verifying my identity ..." methods. I probably went the microdeposit way when I opened account back in 2017

December 12, 2018
5:20 pm
Norman1
Member
Members
Forum Posts: 7194
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

Back then, EQ Bank did not have the microdeposit option. Instead, I mailed in a personal cheque, with my name preprinted, for my initial deposit. That cheque also served as confirmation of my identity.

December 14, 2018
12:25 am
Vatox
Member
Members
Forum Posts: 1218
Member Since:
October 29, 2017
sp_UserOfflineSmall Offline

If I remember correctly, it wasn't microdeposit for the first deposit, for me it was front and back of a cheque written to myself with deposit amount. No snail mail or documents upon signup. Pretty sure I signed up in 2017.

December 14, 2018
8:39 am
Rick
Member
Members
Forum Posts: 1110
Member Since:
February 17, 2013
sp_UserOfflineSmall Offline

Would you rather run to the post office with id in hand ala Simplii?
Not really concerned about emailing/faxing documents to a bank. They keep more confidential info to worry about than what can be gleaned off your hydro bill. My credit warning from the People's fiasco is still following me around. I don't blame them...ANYONE can be hacked.

December 14, 2018
10:00 am
Voonex
Member
Members
Forum Posts: 6
Member Since:
December 11, 2018
sp_UserOfflineSmall Offline

Rick said
Would you rather run to the post office with id in hand ala Simplii

No, of course not. I would expect that they would offer secure document submission on their site.

Rick said
Not really concerned about emailing/faxing documents to a bank. They keep more confidential info to worry about than what can be gleaned off your hydro bill. My credit warning from the People's fiasco is still following me around. I don't blame them.

It has less to do with sending documents to a bank and more to do with the fact that you're sending your personal details in cleartext across the internet between your e-mail provider and your bank. Would you send your hydro bill to your bank as a "postcard" (no envelope; just your bill and a stamp)?

Rick said
ANYONE can be hacked.

Is that justification for not taking your information security seriously?

December 14, 2018
12:02 pm
Rick
Member
Members
Forum Posts: 1110
Member Since:
February 17, 2013
sp_UserOfflineSmall Offline

Voonex said
It has less to do with sending documents to a bank and more to do with the fact that you're sending your personal details in cleartext across the internet between your e-mail provider and your bank. Would you send your hydro bill to your bank as a "postcard" (no envelope; just your bill and a stamp)?

Nope. That's why I use a SSL secure server and encryption.

Voonex said

Is that justification for not taking your information security seriously?  

See answer to previous quote

December 14, 2018
12:15 pm
Voonex
Member
Members
Forum Posts: 6
Member Since:
December 11, 2018
sp_UserOfflineSmall Offline

Rick said

Nope. That's why I use a SSL secure server and encryption.

SSL is between you and your e-mail provider. Not between your e-mail provider and the recipient. Please see the specs for SMTP.

December 15, 2018
6:49 pm
Save2Retire@55
Member
Members
Forum Posts: 848
Member Since:
January 3, 2013
sp_UserOfflineSmall Offline

Sending a document by email is way more secure than using a traditional mail or the ancient fax system which uses almost no security and never encryption. When I have to send a fax, I use eFax which is encrypted from my end only and most likely not from the other end.

Almost ALL current email providers use SSL technology and encryption. Nobody can ever hack your email unless the password is simple and can be brute forced or they lure you by a phishing attack.

The point is nobody can intercept the packets to decrypt them. I volunteer to communicate by email rather than any other methods whenever I can.

Very important point is to have a two factor authentication for all important stuff (I enable it whenever it is offered). I think two factor authentication should be mandatory for Google accounts as most people save their passwords in their browsers which means anyone who can access the browser can get many passwords.

Sorry but I hate seeing people trusting snail mail or fax more than email.

December 15, 2018
7:20 pm
Voonex
Member
Members
Forum Posts: 6
Member Since:
December 11, 2018
sp_UserOfflineSmall Offline

Save2Retire@55 said
Sending a document by email is way more secure than using a traditional mail or the ancient fax system which uses almost no security and never encryption.

Patently untrue. Neither are secure, period.

Save2Retire@55 said
Almost ALL current email providers use SSL technology and encryption.

Yes, but as I said to Rick, SSL only encrypts the traffic between you and your e-mail provider. The traffic between your e-mail provider and the recipient is unencrypted plaintext.

Save2Retire@55 said
The point is nobody can intercept the packets to decrypt them.

Absolutely untrue. Packet sniffing tools are widely and freely available. I have Wireshark installed on my laptop now.

Save2Retire@55 said
Very important point is to have a two factor authentication

Two-factor authentication is important, for not for the reasons at hand. 2FA will protect the integrity of your account with your e-mail provider, but it in no way protects the communications content.

Save2Retire@55 said
Sorry but I hate seeing people trusting snail mail or fax more than email.

Sorry, but I hate seeing mistakenly believing that e-mail is secure.

December 15, 2018
11:25 pm
Norman1
Member
Members
Forum Posts: 7194
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

Save2Retire@55 said
Almost ALL current email providers use SSL technology and encryption.

Voonex said
Yes, but as I said to Rick, SSL only encrypts the traffic between you and your e-mail provider. The traffic between your e-mail provider and the recipient is unencrypted plaintext.

That's not true anymore. SMTP is done over TLS/SSL now in many cases between e-mail providers. It depends on the sender.

I had a look at the postmarks in the headers of one of the order confirmation e-mail messages from The Bay. Postmark for the transfer between the e-mail providers indicates it was transferred by SMTPS or SMTP over SSL.

Not all senders do that. I still see some messages that were sent in unprotected SMTP.

December 16, 2018
5:05 am
Alexandre
Member
Members
Forum Posts: 1232
Member Since:
November 8, 2018
sp_UserOfflineSmall Offline

Save2Retire@55 said
Sending a document by email is way more secure than using a traditional mail or the ancient fax system which uses almost no security and never encryption.
...
Sorry but I hate seeing people trusting snail mail or fax more than email.  

My favorite topic, so here are my 2 cents.

First of all, nothing is absolutely secure, everyone has to choose what or whom they trust more.

Specifically:

1. Snail mail

Assuming you did your due diligence and went to Post Office to send your letter.

You must trust that:

- Postal Office employee or contractor won't open and reseal it
- Postman won't throw it into garbage (have been cases) for someone to find
- Snail mail is not stolen from the office of a company you sent it to
- An unauthorized employee of a company you sent letter to won't get access to it

2. An ancient fax system, over landline

You must trust that:

- An unauthorized employee of a company you sent fax to won't get access to it (which is easier to do, walking by fax machine, than accessing sealed snail letter)

Extra note: in some cases recipient fax is actually not printing your message, but forwards it by email to an authorized person inside the company. That makes it a bit more secure than old good fax, but adds email security issues

3. Email

You must trust that:

- An email communication is encrypted all the way from your computer (smartphone) to the recipient. That includes your system sending email over secure protocols and every ISP between you and recipient doing the same
- An unauthorized employee of an ISP your email goes through won't get access to it. Note that your email sits unencrypted at servers of each ISP
- Same as above, but for hacker penetrating an ISP and gaining access to all email traffic
- An unauthorized employee of a company you sent email to won't get access to it (such as IT guy responsible for office email server)
- Same as above, but for hacker penetrating company servers and gaining access to all email traffic
- Same as above, but for hacker planting spyware on an office PC of an authorized person and gaining access to all emails for that person
- You haven't made a typo in email address, and catch-up domain that looks like a real deal but is not accepted your email. An example would be for some hacker to register domain micrsoft.com and you sending email to billing@micrsoft.com instead of billing@microsoft.com

There is more to it, but I think I've already made my point.

December 16, 2018
8:28 am
Top It Up
Member
Members (temp break)
Forum Posts: 1363
Member Since:
December 17, 2016
sp_UserOfflineSmall Offline

I'm as concerned as anyone else about personal security and privacy BUT it's always curious when someone points out the demons that lurk around every corner ... and always the demons at the lowest end of the spectrum ... the chances of anyone encountering said demons is in the very, very low percentile. NOW, large security breaches that's a different story and remains largely out of the everyday users control.

December 16, 2018
8:57 am
Rick
Member
Members
Forum Posts: 1110
Member Since:
February 17, 2013
sp_UserOfflineSmall Offline

Top It Up said
I'm as concerned as anyone else about personal security and privacy BUT it's always curious when someone points out the demons that lurk around every corner ... and always the demons at the lowest end of the spectrum ... the chances of anyone encountering said demons is in the very, very low percentile. NOW, large security breaches that's a different story and remains largely out of the everyday users control.  

Exactly my view. More worried about how my information is stored once it's received than whether my email is intercepted. More likely to have personal information stolen from my mailbox than my email.
If you're not comfortable with any business's security or policies, take your business elsewhere.

I think someone here once sent me link to a safe and shovel. You can always bury it in the back yard. sf-smile

No permission to create posts

Please write your comments in the forum.