Bunq.me shares IBAN before paying

Aram-Pink-Zebra

After seeing the buzz about ABN's Tikkie Pay sharing IBAN information before a payment is actually made, I decided to check bunq.me. The same behavior is exhibited. What is Bunq's position on this?

See: ABN schakelt nieuwe functie Tikkie uit na tonen rekeningnummers - https://nos.nl/l/2268664

JensH

@Aram-Pink-Zebra#58980 Bunq does not share your personal iban with sofort.

Aram-Pink-Zebra

If I go to a random URL (bunq.me/Jan, sorry Jan), I can see his IBAN after filling in an amount and clicking pay.

JensH

if i use my own bunq.me with SOFORT - i can see an iban which does not belong to me.

I can not check what's happening with iDeal.

The reference from the sending bank then states my own iban. i guess they switch the money from their random account to my personal iban.

Roeshimi

@Aram-Pink-Zebra#58985 And what can you do with that IBAN? Send him money? I guess he would be OK with that ;-)

Roeshimi

@jho#58986 You can enter an amount and click the iDEAL button. Then the IBAN is revealed

Aram-Pink-Zebra

@Roeshimi#58987 Ha, I know. I guess the risk is not as apparent as with the phone number IBAN combination. It seems like a privacy issue?

JensH

@Roeshimi#58988 ah... i see ;)

Someone could pay with this iban, but since we can decline a direct debit it's not really a problem, i think.
You would need the Passphrase/Logincode to login to the app or together as well.

Roeshimi

@Aram-Pink-Zebra#58990 I think so too, that it's a bit of a privacy problem. It should be possible to perform iDEAL payments just like SOFORT payments, i.e. without showing an IBAN before being logged in.

JohnDo

@Aram-Pink-Zebra#58980 Hi Aram,

That is a good question. The fact is that bunq does share you IBAN if you are using IDEAL and also if you are using SOFORT.

But fortunately, you can create 25 accounts at bunq. So if you want to lower the risk tremendously, make sure your bunq.me is always connected to an account that for that is used for that purpose alone. So in that regard, the risk of becoming a fraud victim by using bunq.me is farrrr less than with Tikkie.

JohnDo

@jho#58986 Also Sofort shows the IBAN number of the connected bunq account :)

JensH

@JohnDo#58999 i could not see my personal iban anywhere @ sofort.

The only way i could see my personal iban was at the sending bank in the description.

JohnDo

@jho#59002 Maybe we are taking about the same thing

JeroenE

@Aram-Pink-Zebra#58980 Bunq has said (I think even Ali) that this is on purpose to prevent fraud. He did't exaclty say how this should work though.

I guess it's for that when someone creates a bunq.me link like bunq.me/PimFortuin people can check where the money goes.

I think it's a privacy leak, and don't really see how showing the IBAN helps. If people know the IBAN (or look it up) to see it's not actually the account of PimFortuin they could just enter the IBAN in their own banking app, right?

However, in the Terms & Conditions of bunq.me it clearly states that you give them permission to share your name and IBAN. Note that someone has to know your bunq.me-link for this to work anyway

If you don't want anyone to know your IBAN you can remove your bunq.me page and then it won't work anymore.

LH-Black-Wolf

Agree, this is a privacy hole that ought to be plugged. Didn’t know about it either (then again, I never use it), not happy about it. Fortunately I had linked it to a separate IBAN, but all the same...

Besides, if the argument is fraud prevention: isn’t that easily negated by creating a disposable IBAN? :P Show after payment is something that can be OK, but without even making a payment? That makes it an easy target for scrapers as well.

Whilst we’re on the subject anyway, also be advised that people can find your IBAN if you have your phone number or email set as Alias. (Settings of the bankaccount -> Aliasses) If you value your privacy, disable that (check each account) as well.

JensH

@JohnDo#59003 in german(y) it looks like that :-) this iban is not from me

JensH

Maybe it is bank specific what you see

Bastiaan

@jho#59031 You don't see this icon in the first screen, above the country field?

JensH

@Bastiaan#59069 Never noticed it 🤣