Email privacy concerns

#1

I am rather enjoying Wirex in general, though there is a rather major privacy issue I would like to discuss: email-based verification for outgoing transactions. This is a big deal because many email providers only receive unencrypted messages, or otherwise are susceptible to downgrading attacks that cause messages to be transmitted unencrypted as a fallback. To make matters worse, the content of the verification emails that are sent include the account holder’s name, the destination wallet address, and the amount that was requested to be sent.

I appreciate that Wirex is taking measures to ensure that fraudulent transactions are prevented, but surely there must be a way to do this that does not require the leakage of our payment history to anyone on the internet. Perhaps PGP encryption could be offered as an option, or a secondary authenticator token challenge for transaction approval?

1 Like
#2

Very good point.

@system Do you have any comments?

#3

Yes very good point!

I would suggest to use person link, or personal message box in the own “backoffice”. Mayn providers do this. They only send an email that you received an notification and you need to look into your own message box.