The San
Francisco Chronicle had an article last week about a payment processing
company called Dwolla. Based
out of Des Moines, Iowa, Dwolla enables a person to make a payment directly to
a company or to another person all while avoiding processing fees associated
with credit and debit card payments.
We took a look at the platform, and upfront it seems like a
convenient option. However, we question the real security of it. When we signed
up for an account, it was relatively easy. We used Facebook Connect, so if a
person has your identity authentication from using Firesheep
they would be able to create an account for you.
An email was sent to you, which you had to confirm before
you could start accessing the information available through Facebook Connect,
like finding your friends you would like to send a payment to.
And you entered a 4-digit pin, which is required for you to
enter when you make any changes to your account.
We didnt add bank account information because we have a
concern about the lack of dynamic knowledge based
authentication. While we think its a very easy to use and convenient
platform to use, we suggest they should add in different fraud prevention
measures. Or if they are available, to make them more visible on the site.