3

Recently, I applied for a credit card(from a bank based in India), After I completed my online application, I received an SMS(from a number which usually sends me my transaction details), which had a link to verifi.me. I clicked on the link and then it asked me for access to my email account(Gmail or Outlook or Yahoo). When I checked the permissions, it was asking for almost every possible permission(except the password, of course).

After I provided the access, it went on to ask me to log in to my LinkedIn account, asking me for a full set of permissions. After this, it asked me for my Facebook account access with all sorts of read access(thankfully, it didn't ask for permissions to post).

I have never seen this before. So, my question is:

Is this a standard procedure(taking all social media details for checking the credibility), while applying for a credit card? If it helps, the website was verifi.me, and it was a secured site.

I Googled about this website, but couldn't find much apart from the official page of the website.

pri
  • 4,438
  • 24
  • 31

2 Answers2

5

Normal? No, not right now. But, we are going to see far more of this level of personal verification in the near future.

One of the difficult things for any company (or government) to do is to verify the 'identity' of a person online. It is an exceedingly complex problem with no clear solution. National identity cards (or government-backed official online profiles for people) are being considered, but there are huge privacy concerns. The approach taken by verifi.me is a compromise.

The one thing that is very, very difficult to fake or counterfeit is one's online life. There is so much detail being generated in normal use, that a fake profile will be evident. So, companies like verifi.me request access to your email and social media life to run an analysis. They then sign off that 1) you are a real person, and 2) that the details you provided in your bank application are likely true.

Creepy? Oh, yes. Privacy invading? Absolutely! But it is also a very real, and very effective means of verifying a person. It solves a very real problem in the world today.

Would I let a service like that crawl all over my personal details and private communications? Absolutely not. In fact, knowing that this type of thing is coming, I'm considering a process where I have a shadow set of online profiles where I programmatically send less sensitive copies of my real communications so that it is a subset of my online life. That way, services like this (and governments) have real data to go over, just not all of it. But, that's another topic.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • This scares me. Even I gave out my lesser used email ID for this purpose. – pri Jan 07 '17 at 09:06
  • 1
    The US government have announced that they are starting to ask people entering the country for social media accounts too which is a horrendous invasion of privacy. I think you will see many people creating multiple persona's online. I've done this for many years with email but not yet with other social media. – Julian Knight Jan 07 '17 at 09:48
  • 1
    @JulianKnight that's what I was referencing. I see the need for a service that allows you to apply a data classification on your activity, then ports the public classified activity over to your secondary accounts. I'm working out a way to do that for myself. – schroeder Jan 07 '17 at 15:01
  • @schroeder: Hope you are able to share that when you do it, sounds very interesting. – Julian Knight Jan 08 '17 at 14:10
  • @JulianKnight there are bots that can post on social networks on your behalf (used by marketing depts, simple enough to script), but email is the tricky bit. How to make it look like the email was composed from that account (exists in the outbox). Given the assumption that the verify.me-like processes comb through all that, I just haven't cracked the email nut, yet. – schroeder Jan 08 '17 at 14:28
  • @schroeder Yup, I use some! As you say, trying to track some kind of data classification would probably be best - just hard to see how that would work across multiple media. Even doing it on email wouldn't be that easy given the need to capture replies and other incoming emails not just those sent. I'd probably go for a small system at home that monitored everything and made judgements about suitability from that relatively secure location. – Julian Knight Jan 08 '17 at 18:16
  • @JulianKnight added to the incoming email problem, many services are tied to your email, too. That's another part of the nut I haven't cracked yet. – schroeder Jan 08 '17 at 18:24
  • 1
    @schroeder, great point. Though we are rather off-topic now :-) If you have another place to discuss this, I'd be happy to do so. – Julian Knight Jan 08 '17 at 18:45
  • I'm interested in any updates about second accounts. – Darryn Brisdaz Jul 21 '22 at 08:56
0

This doesn't sound like normal actions by a bank when issuing a credit card. Normally a bank will get any details they need from either your application or from one of the credit reporting agencies. These agencies record financial histories of people.

The only reason why a bank would want social media information is of they want to use it for purposes other than determining if you are trustworthy for a credit card, such as advertising other services to you. I wouldn't give them any further information until you have talked with the bank and they have explained why they need this information.

It is also possible these requests are from somebody other than your bank trying to steal your personal information for criminal reasons.

Mark Ripley
  • 657
  • 4
  • 9