Closed an old bank account that my Paypal account was linked to since they were now charging ridiculous maintenance fees, and decided to open up another account dedicated for my online dealings with my credit union (long overdue for the move). As usual, jumping through all of Paypal's hoops are fun, like clicking on the "Replace" account button and getting a message saying I can't do so while there are pending authorizations (wut? I haven't made any purchases with my paypal account in weeks).
But here's the kicker... confirming your account. There's still the good old classic way, where you wait for them to make the two small deposits and then you go in and confirm them with Paypal. But now they have this:
So what you're telling me is I can:
1) Randomly punch in any old account number that may or may not belong to me
2) "Borrow" some random phone where I can get a text message so I can get the 4-digit authorization code
3) ...
4) Profit???
Really?
I'm pretty sure even someone clinically brain dead can think up a better security scheme then this.
But here's the kicker... confirming your account. There's still the good old classic way, where you wait for them to make the two small deposits and then you go in and confirm them with Paypal. But now they have this:
Confirm instantly with your phone
To confirm your <YOUR BANK NAME HERE> account instantly, we'll send you a 4-digit code and ask you to verify it. Simply select a phone number where we can send the code.
So what you're telling me is I can:
1) Randomly punch in any old account number that may or may not belong to me
2) "Borrow" some random phone where I can get a text message so I can get the 4-digit authorization code
3) ...
4) Profit???
Really?
I'm pretty sure even someone clinically brain dead can think up a better security scheme then this.