sofortident.de
Daily one encounters strange stuff on the web, or email. People try to get quick money by scamming you with pharmacy or other replicas (think Rolex) – from what I heard they often would not even deliver anything at all.
The other day I encountered a (Germany) site that wanted to verify the identify and age via an external service available at sofortident.de. I was cautious. A second look made me wonder even more: The first step requires to fill a form with name, address, age and the bank institute. I wondered what the heck they need the bank institute for. But the second form quickly enlightened me: Depending on the institute they then ask for your bank online account information, to (AS FAR AS I COULD FIND OUT) LOG INTO YOUR ONLINE BANK ACCOUNT and certainly parse out your birth date (or more) for verification.
To me this sounds like the worst thing to do on the internet: Telling some third party site your bank account information. Certainly they do not get the TAN (or other means of per-transaction authentication information). However, giving third parties any of my account data and let them mess with the system does not sound like the most sane idea to me either. And in the worst case some sloppy web coder accidentally left the input data in some log, or temporary file (or in some database intentionally). You’ll never know until it’s to late, the next scandal in your evening news broadcast.
Take care!
