The San Francisco Chronicle had an article last week about a payment processing company called Dwolla. Based out of Des Moines, Iowa, Dwolla enables a person to make a payment directly to a company or to another person all while avoiding processing fees associated with credit and debit card payments.
We took a look at the platform, and upfront it seems like a convenient option. However, we question the real security of it. When we signed up for an account, it was relatively easy. We used Facebook Connect, so if a person has your identity authentication from using Firesheep they would be able to create an account for you.
An email was sent to you, which you had to confirm before you could start accessing the information available through Facebook Connect, like finding your friends you would like to send a payment to.
And you entered a 4-digit pin, which is required for you to enter when you make any changes to your account.
We didnt add bank account information because we have a concern about the lack of dynamic knowledge based authentication. While we think its a very easy to use and convenient platform to use, we suggest they should add in different fraud prevention measures. Or if they are available, to make them more visible on the site.