Secure upload of identity proofs


#1

I completed my onboarding and need to supply manual proofs of identity. This is requested to be sent over email and no other method is available to open the account. I don’t feel comfortable enough to send my proofs over email therefore I am unable to open an account. Developing in app or online upload of proofs would be a near trivial development task and significantly reduce friction for the onbording process.


(Kenny Grant) #2

Totally agree. This needs sorted as freetrade is a financial institution dealing with confidential information. Using email means identity docs are sitting indefinitely in customer sent email and in the inbox of whoever touches them at freetrade, with no clear access controls or data policies.

They really should be encrypted in transit and at rest. IMO freetrade need a separate server for this with encrypted storage and a data retention policy, and to avoid email completely for financial info. Fine to send notifications, but not details.

The other thing I find disconcerting is email is being used for the chat system - so even if you’re careful to not use email all sorts of financial details are emailed back to you from chats (for example screenshots of issues), with no way to turn it off. Monzo uses/used that same system I think but have the email off at least.

Email just isn’t suitable for financial docs period, particularly cloud based mail which most of it is now.


#3

Best to avoid regular email for those type of documents. Intercom has a lot of certifications so probably okay to keep everything inside Intercom?

It’s possible with AWS S3 and you can even do it directly without any intermediate servers, so serverless.


#4

Agreed and it would of course be over ssl so that handles the encryption whilst in transit.


(Vladislav Kozub) #5

Nope, if you do not check the app within 10 minutes or so, the email will be sent from Monzo too.


(Kenny Grant) #6

Yes this is what I was hoping for with support chats (intercom only), at least it limits the spread to just intercom, but if staff are using email to respond to intercom, and emails are mirrored back to the customer too, that kind of defeats the purpose of those certifications. I really don’t mind how they do it, there are many possibilities, just would prefer never to have financial docs hitting email.

Yuck. I obviously don’t use their support that much. I’ve never had an email from them, but perhaps I just checked the app in time. I suppose for most support systems it’s perfectly fine to email out queries to make sure people see them but it for a bank/investment app it doesn’t seem appropriate to me - email just isn’t secure enough on many levels.

I also lose sleep over these two apps being so tightly bound to email as authentication too but that’s a whole other can of worms :laughing: