MiiCard security

[newts]

When I signed up for Miicard my jaw nearly dropped to the floor.  I have never been asked so many serious questions that could lead to a direct attack on the bank account's website.

Are people trusting this place? Any instances of fraud.

Its not my login/password I'm worried about,   its the company selling this info.    They probably have $100's of millions of dollars worth of peoples bank account passwords,  including he security questions.

Is there anyway to make it more secure (like one IP address only.)?

[empoweoqwj]

Why did you sign up if you didn't like what they were asking? Do you need a Miicard for anything specific?

[newts]

Why did you sign up if you didn't like what they were asking? Do you need a Miicard for anything specific?

Well at the time there were no other services working that offered checking to BTC..  There's still only one other choice.   I doubt it would do any good to close the Miicard account since they already have the info if they went corrupt and sold the info.

Your post makes me sound like a dumba$$ and I admit I was desperate never signed up for anything like that before (asks for you online banking account password,  which I have changed.)   I am just curous of their reputation in general.  If its bad,  I can open a new bank account,  but that's a bit extreme.

[empoweoqwj]

Why did you sign up if you didn't like what they were asking? Do you need a Miicard for anything specific?

Well at the time there were no other services working that offered checking to BTC..  There's still only one other choice.   I doubt it would do any good to close the Miicard account since they already have the info if they went corrupt and sold the info.

Your post makes me sound like a dumba$$ and I admit I was desperate never signed up for anything like that before (asks for you online banking account password,  which I have changed.)   I am just curous of their reputation in general.  If its bad,  I can open a new bank account,  but that's a bit extreme.

They asked for your online banking account password, seriously? You should never ever give that out to anyone, ever. Good you changed it but yeah, consider any info given out compromised, just to be on the safe side.

[tvbcof]

They asked for your online banking account password, seriously? You should never ever give that out to anyone, ever. Good you changed it but yeah, consider any info given out compromised, just to be on the safe side.

Coinbase seemed to do this (to my shock and horror!)  I say 'seems' because I certainly didn't try it.  That was one of the relatively few strikes I chalked up against them.

I actually did do an MiiCard account a while ago.  Tradehill said that they would be using them, and I thought I was going to use Tradehill again (they having provided me good service in their fist incantation.)  I had a drivers license which was close to expiry, some utility bills from a place in California which I was leaving, and a bank account with no real money in it which I planned to close and I was academically interested in the subject of verification.

BTW, when I did close the bank account, MiiCard sent me a whiny e-mail so it seems that they were chronically re-checking their access rather than simply using it as an identity check one time.  Just sayin'.

[empoweoqwj]

They asked for your online banking account password, seriously? You should never ever give that out to anyone, ever. Good you changed it but yeah, consider any info given out compromised, just to be on the safe side.

Coinbase seemed to do this (to my shock and horror!)  I say 'seems' because I certainly didn't try it.  That was one of the relatively few strikes I chalked up against them.

I actually did do an MiiCard account a while ago.  Tradehill said that they would be using them, and I thought I was going to use Tradehill again (they having provided me good service in their fist incantation.)  I had a drivers license which was close to expiry, some utility bills from a place in California which I was leaving, and a bank account with no real money in it which I planned to close and I was academically interested in the subject of verification.

BTW, when I did close the bank account, MiiCard sent me a whiny e-mail so it seems that they were chronically re-checking their access rather than simply using it as an identity check one time.  Just sayin'.

I'm not familiar with the US banking system, but how does asking for your *private* access credentials to your bank account help any company? I mean apart from the obvious of stealing your money whenever they feel like it .....

[tvbcof]

I'm not familiar with the US banking system, but how does asking for your *private* access credentials to your bank account help any company? I mean apart from the obvious of stealing your money whenever they feel like it .....

Oh, that's an easy one.  They are piggy-backing on (and often capitalizing on) the work the bank did to verify an individual's identity.

It's a legitimate and good solution to an otherwise difficult problem (except for the huge risk that the client undergoes of course.)  I do wish the banks would offer identity verification as a service which would obviate the need to send high quality DOX to anyone.  And in particular to shady and anonymous Bitcoin service providers.

I've often felt that simply sending a wire to a person's bank account should be enough for, say, Mt. Gox to feel like they have positively ID's a customer and there is no need for high quality scans of my DL for instance.  Of course it's probably not Mt. Gox that makes all the decisions in this regard and they have to comply with whatever bullshit laws the authorities say.  If they go above and beyond in their demands, it is very possible because selling the data is an optional part of their business model.

[empoweoqwj]

I'm not familiar with the US banking system, but how does asking for your *private* access credentials to your bank account help any company? I mean apart from the obvious of stealing your money whenever they feel like it .....

Oh, that's an easy one.  They are piggy-backing on (and often capitalizing on) the work the bank did to verify an individual's identity.

It's a legitimate and good solution to an otherwise difficult problem (except for the huge risk that the client undergoes of course.)  I do wish the banks would offer identity verification as a service which would obviate the need to send high quality DOX to anyone.  And in particular to shady and anonymous Bitcoin service providers.

I've often felt that simply sending a wire to a person's bank account should be enough for, say, Mt. Gox to feel like they have positively ID's a customer and there is no need for high quality scans of my DL for instance.  Of course it's probably not Mt. Gox that makes all the decisions in this regard and they have to comply with whatever bullshit laws the authorities say.  If they go above and beyond in their demands, it is very possible because selling the data is an optional part of their business model.

But banks tell you repeatedly never to reveal your account password to anyone or any organization, in the countries I have lived in anyway. Must work different in the States!

[tvbcof]

But banks tell you repeatedly never to reveal your account password to anyone or any organization, in the countries I have lived in anyway. Must work different in the States!

The church tells people not to sin.  So what?

What I meant is that verifying someone's identity by leveraging the work of the bank which already does with high precision(*) is a generally a good solution.

* for Joe Sixpack users.  Presumably HSBC and their ilk use different protocols when they service customers who are laundering money and so on.

 - edit: spl/grm

[empoweoqwj]

But banks tell you repeatedly never to reveal your account password to anyone or any organization, in the countries I have lived in anyway. Must work different in the States!

The church tells people not to sin.  So what?

What I meant is that verifying someone's identity by leveraging the work of the bank which already does with high precision(*) is a generally a good solution.

* for Joe Sixpack users.  Presumably HSBC and their ilk use different protocols when they service customers who are laundering money and so on.

 - edit: spl/grm

Ok fine, tell people your private banking password, hope you feel safe In the UK, you are advised not to reveal that to even bank employees ever, but there you go.

[tvbcof]

But banks tell you repeatedly never to reveal your account password to anyone or any organization, in the countries I have lived in anyway. Must work different in the States!

The church tells people not to sin.  So what?

What I meant is that verifying someone's identity by leveraging the work of the bank which already does with high precision(*) is a generally a good solution.

* for Joe Sixpack users.  Presumably HSBC and their ilk use different protocols when they service customers who are laundering money and so on.

 - edit: spl/grm

Ok fine, tell people your private banking password, hope you feel safe In the UK, you are advised not to reveal that to even bank employees ever, but there you go.

Like I (think I) indicated, it's a marvelously stupid idea to give anyone your banking password in all but the most carefully planned circumstances as was the deal in my case...and even then it's questionable and risky.  I put at risk no more than I was prepared to lose which, iirc, was under $100.

My point is that banks could offer verification services which would be very easy for them and would be a very valuable service for the customer.  Again, because then the customer would not have to send out document scans.  Or worse.

Like I also indicated, having money wired to a bank account is a damn good indicator to the service provider that the customer is who he says he is...though I'll bet that there are a fair number of 80-year-old grandmothers who dabble in Bitcoin...all of them having tech-savvy pre-pubescent grandkids...

[guiltmanager]

Hello all, just thought I'd give my two pennies worth here. I had a conversation with my bank and explained to them what miicard is and what it does and they seemed fine with it, given that with first direct anyway, security codes can only be used once. yes miicard can access and read my bank information, but to send money to someone who isn't already on my payee list would require a security code, generated from my secure key, which is a second factor authentication device, which miicard can't physically access. I've been in touch with their support a few times and they've always been helpful and come back pretty quickly. I'm not trying to say that they are 100 per cent safe, and everyone should use them, as I can't give that sort of guarantee, but I can say that I've noticed nothing fishy on my bank account like any attempts to transfer money that I didn't make or anything like that, and not having either a passport or driving license, I can't see so driving would be very dangerous, and I don't go abroad so refuse to spend nearly £70 to prove I am Craig Mcgee!! this is the only option which allows me to verify my identity online with the minimum of fuss. Sadly very few bitcoin exchanges, the only one being bittylicious, that I know of, accepts MiiCard, and even then their payments provider won't accept it, and only wants to deal with people who go abroad, or can see to drive, which obviously isn't bittylicious's fault, but that's another story!