Potential IGM-PAY Security Hole?
My roommate *cough* was creating a Party acount yesterday and he noticed something weird--when you are registering a bank with IGM to deposit with, they now have a new option where you can fax or scan in a check with your bank/routing numbers on it to be able to fund your account within thirty minutes. Then they go on to say that if you don't have access to a fax or scanner that you can do it the old fashioned way and check for the amounts of the two deposits they make on your bank statement.
Well, this seems like a bad idea to me, because couldn't anybody with my or somebody elses check create false accounts, fund them, dump the money, and run? It seems like that would be way too easy. At least with the old fashioned verification method required account statement access...
|