FrankRookieOn the bunq.me page with predictable links (suggestions) there is an iban + a name + url part. This can be crawled by using name list (common last names, first names or combinations) which leads to name iban combinations.
This may lead to fraud.
non guessable link would be safer (might be extra suggestion).
not showing the iban on a crawlable place might be safer
JakobProdigy@Frank-Navy-Starfish#232984 not showing the iban on a crawlable place might be safer
There's not really a way around this afaik. Because of regulations, the person using a bunq.me page to pay someone needs to have the possibility to see the IBAN. Not sure what you mean with "non-crawlable" but as long as it's visible in a browser, you'll gonna be able to crawl it.
non guessable link would be safer
Yes, that's right. At least for people who don't want to have their name + IBAN combination public. Could be a good idea to have some kind of option when creating a bunq.me page that lets you choose between "random string (safer)" and "custom name" with a short explanation that a custom name should be considered as public.
There's not really much someone can do with a bunq IBAN, as direct debits always have to be confirmed up front but for users that aren't so aware about social engineering tricks it's indeed probably safer for them to have this private. Gets a hi-five from me!
JanRookie@Jakob-Y#232985 while your not wrong that once some money is send, you see personal information anyway. But its a trade off, since by paying, you also give personal information to the person you send money to.
It would be better, if you only see this information after payment. So, just someone that is lurking around, cant see it
JakobProdigy@New-Scarlet-Cobra-2284330061#233226 once some money is send, you see personal information anyway.
I think there are some regulations that make it so bunq has to show the information before money is sent.
JanRookie@Jakob-Y#233227 Could you check if this is actually the case instead of making a guestimate :)
JakobProdigy@New-Scarlet-Cobra-2284330061#233232 I'm not a lawyer and I'm not working at bunq, so no, I don't have the ability to check this thoroughly. But a search here in the forums yields topics like this: https://together.bunq.com/d/972 In which people have voiced similar concerns and where bunq has stated that this amount of "transparency" is intentional. I could also find a statement from another user: https://together.bunq.com/d/7772/16 saying "Bunq has said (I think even Ali) that this is on purpose to prevent fraud." but admittedly this is hearsay.
Please note that I'm not dismissing your idea at all, just giving my thoughts on why the part about not showing the IBAN at all on a bunq.me page is probably not feasible. But that doesn't mean we couldn't have better communication in the app about this when bunq.me pages are created and having it so that by default the URLs are much less prone to being scraped by guessing.
