I am rather enjoying Wirex in general, though there is a rather major privacy issue I would like to discuss: email-based verification for outgoing transactions. This is a big deal because many email providers only receive unencrypted messages, or otherwise are susceptible to downgrading attacks that cause messages to be transmitted unencrypted as a fallback. To make matters worse, the content of the verification emails that are sent include the account holder’s name, the destination wallet address, and the amount that was requested to be sent.
I appreciate that Wirex is taking measures to ensure that fraudulent transactions are prevented, but surely there must be a way to do this that does not require the leakage of our payment history to anyone on the internet. Perhaps PGP encryption could be offered as an option, or a secondary authenticator token challenge for transaction approval?