If you follow security at all, you’re always seeing stupid things. Often it’s stupidity on the part of users but not always. Here’s an example from a vendor that’s so outrageous it takes your breath away. MWave Australia is asking users to provide their complete banking credentials as part of the checkout process. That means MWave would have complete access to your bank account and could, for example, transfer all your funds to their account or do anything else that you could do on-line.
I’ve used MWave here in the U.S. and have always had a very positive experience with them. I checked the U.S. MWave site and they aren’t making this ridiculous demand. I also checked the Australian site and, sure enough, they’re still asking customers for the keys to their bank accounts. I’m sure MWave Australia is honest and has no intention of robbing their customers but how can they not know that this is beyond the pale. It’s beyond the pale even before we begin considering things like man-in-the-middle attacks. It just makes no sense at all.
The site is saying that they need this information to “verify your credit card” and that it’s safe because the information goes through BankStatements.com.au, which, we’re assured, is safe and fast. I know Irreal readers know better but if you live or do business in Australia, warn your friends not to fail this IQ test.
UPDATE: breadth → breath