I think it’s ok, because your supposed to wrap the money in foil before you put it in the email. At least, that what those get-rich letters always told me.
For serious: the money is not in the email. The email is nothing more than a dollar amount in the subject line and a cc to their email.
To actually transfer the money, both parties have to go to the site to initiate and finalize the transaction. Now, the site itself may be compromised, but that has got absolutely nothing to do with email being the messenger.
If your email is compromised and a hacker can send and receive messages from you, and your debit card is already linked, then they can initiate a transaction and trash the confirmation email. You’ll only notice when you get your debit card statement, by which point the money is already gone.
However, this relies on an attacker actually being able to use your email, not just spy on your existing emails. And seriously, it’s harder for them to access my mail than it is my bank’s website. With the internet we’re screwed either way. Adding push notifications does nothing. I still don’t see email itself being the issue.
One of the most ubiquitous, well-used communication systems in the world, second only to phone calls and text messaging, and it’s ‘dead’. Maybe we should wait until the patient gets to the hospital with a significant emergency before we say they’re dead, hmm? And no, ordinary aches and pains don’t cut it.
They also offer vendor services so they can take credit/debit cards with a little doohickey that goes on their iphone.
My barber used to be all cash, then he got one of those things. I see them at the farmers market, etc…
THAT costs money for the vendor. Like 2 percent of the transaction or something.
But now you can sell more stuff and more expensive stuff to people who would normally just carry a double saw buck to get some fresh vegetables and fruit.
And that’s what I was getting at with my comment about spam.
Even if the e-mail alone is not sufficient to let you get the funds, sending people payment notifications in this way opens up a massive phishing vector.
And then when all the spammers and phishers start mimicing the format of Square payment e-mails, suddenly your actual payment notifications get dropped by spam filters.
Do they at least sign the e-mail with S/MIME? (Don’t bother answering, I can guess.)
We’ve been doing this in Canada for a while via our debit network here, Interac. The security comes from whatever token you’re emailed asks you to pick the bank you want to deposit, the bank website then lets you in through normal verification, and voila, you’re asked where to deposit your money.
Apparently a lot of African countries have money transfer systems based on cell phone text messages that work very well. Pity we can’t manage to figure that out here.
Maybe it’s just in the UK but you can send money for free if you use your PP funds or your linked account, they charge if you use a debit or credit card.