|
|
Post by mutatedgoldfishh on Dec 24, 2014 13:29:25 GMT
Hello, 1st time poster here.  I am registered with Saving Stream and have chipped in on a few loans. I would like to invest more but I have some concerns. 1. Once logged in I can see my security answers and can change them at will, the same goes for my details. 2. I can currently withdraw funds to any bank account. I would prefer the account to be a designated one which cannot be changed unless security questions etc are answered, which at present can be seen when logged in... Please feel free to allay my concerns or even add to them. Thank you and Merry Christmas. |
|
oldgrumpy
Member of DD Central
Posts: 5,087 
Likes: 3,233
|
Post by oldgrumpy on Dec 24, 2014 13:56:19 GMT
Mmm! Me too.
|
|
mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Dec 24, 2014 18:14:14 GMT
Hello, 1st time poster here. I am registered with Saving Stream and have chipped in on a few loans. I would like to invest more but I have some concerns. 1. Once logged in I can see my security answers and can change them at will, the same goes for my details. 2. I can currently withdraw funds to any bank account. I would prefer the account to be a designated one which cannot be changed unless security questions etc are answered, which at present can be seen when logged in... Please feel free to allay my concerns or even add to them. Welcome to the forum. I share your concerns. Perhaps a representative from savingstream would care to respond, and maybe indicate whether there are any plans to tighten up the security.
|
|
|
|
Post by mrclondon on Dec 24, 2014 19:11:27 GMT
Unfortunately these (and similiar) issues aflict many p2p platforms, especially the smaller ones. I'm probably far too relaxed about security issues than is good for me, but I do worry about making typos in the bank details when making withdrawals -my typing accuracy isn't great at the best of times. By chance a few days ago I was looking at SS's website login javascript code that is executed when you press the 'Login in' button : which doesn't inspire a great deal of confidence when a line designed to improve security has been commented out (with // ) so it doesn't execute - and I've proved that sending the password in plain text isn't necessary as you can logon with just the email address and the hashed password (the value p). There is another bug in this code somewhere as the value p is acually being sent twice to the website. Apologies - a bit of a heavy post for Xmas eve |
|
wysiati
Member of DD Central
Posts: 397
Likes: 86
|
Post by wysiati on Dec 24, 2014 23:22:44 GMT
Unfortunately these (and similiar) issues aflict many p2p platforms, especially the smaller ones. I'm probably far too relaxed about security issues than is good for me, but I do worry about making typos in the bank details when making withdrawals -my typing accuracy isn't great at the best of times. ... Among the more established/'trusted provider' status platforms Funding Circle and Assetz Capital still stand out as notable failures in this regard. TC has recently improved this aspect of user security/protection (TC had planned to sting you with an 'admin fee' for any change of designated bank account details although that may have been subject to a rethink?).
|
|
|
|
Post by masquedefer on Jan 5, 2015 13:15:59 GMT
Totally in agreement with mutatedgoldfishh and others
@ss/Lendy I hope you are addressing these issues? It would be simple admin task to ensure that any transfer of monies from SS back to a lender would be to the same account from which they were originally received. Any variation to this would be by exception and subject to additional security checks. Currently I am currently transferring monies in stages across from FC to SS and staff @ FC have phoned me on each occasion to double check that the request is genuine.
|
|
|
|
Post by westcountryfunder on Jan 5, 2015 16:29:45 GMT
Totally in agreement with mutatedgoldfishh and others @ss/Lendy I hope you are addressing these issues? It would be simple admin task to ensure that any transfer of monies from SS back to a lender would be to the same account from which they were originally received. Any variation to this would be by exception and subject to additional security checks. Currently I am currently transferring monies in stages across from FC to SS and staff @ FC have phoned me on each occasion to double check that the request is genuine. Really? I'm surprised at what you say. I recently opened an additional account with FC and they telephoned me the first time I did a withdrawal to my bank account (the same account from which my funds had originated). I have made several withdrawals since and not been 'phoned. I would expect to be 'phoned if I specified a different account, but not otherwise. Did you mean that you have been requesting withdrawals directly from your FC account to your account with SS? If so the payee would be a third party namely SS, in which case I am surprised and somewhat alarmed that FC agreed to your request even having first 'phoned you!
|
|
|
|
Post by pepperpot on Jan 5, 2015 20:16:27 GMT
Totally in agreement with mutatedgoldfishh and others @ss/Lendy I hope you are addressing these issues? It would be simple admin task to ensure that any transfer of monies from SS back to a lender would be to the same account from which they were originally received. Any variation to this would be by exception and subject to additional security checks. Currently I am currently transferring monies in stages across from FC to SS and staff @ FC have phoned me on each occasion to double check that the request is genuine. Really? I'm surprised at what you say. I recently opened an additional account with FC and they telephoned me the first time I did a withdrawal to my bank account (the same account from which my funds had originated). I have made several withdrawals since and not been 'phoned. I would expect to be 'phoned if I specified a different account, but not otherwise. Did you mean that you have been requesting withdrawals directly from your FC account to your account with SS? If so the payee would be a third party namely SS, in which case I am surprised and somewhat alarmed that FC agreed to your request even having first 'phoned you! I've made many withdrawals from FC of 5k or less and a few 10k plus, the latter always trigger a security call, but not the former.
|
|
Liz
Member of DD Central
Posts: 2,426
Likes: 1,297
|
Post by Liz on Jan 5, 2015 21:50:51 GMT
As long as the money goes back into the same account as the money came from, then I don't see a problem.
If the bank account is changed, then I expect extra checks.
|
|
mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Jan 5, 2015 22:27:12 GMT
It would be simple admin task to ensure that any transfer of monies from SS back to a lender would be to the same account from which they were originally received. Would it? Whenever I've received a transfer from somewhere else, the info from the originator consists of their name and whatever they've chosen to put in the 'Reference' field. I can't see the account number and sort code of the originating account, so how could the recipient (SS) send the money back to the source account? What I'd like to have is a specified bank account for withdrawals, and whenever I make a withdrawal request, that's the account it goes to. That would save me from making a typo in the future that sends my withdrawal into someone else's account. If a user wants to withdraw to a different account, then extra security checks should be required.
|
|
