Feature request. Warn the user about wrong country bank

[mpolavieja]

Description of the problem

When setting up a payment account, sometimes users confuse "Country Bank" with the country they live in. This might be confusing for other users that don´t want to trade with foreign banks.

For example if I am in France and I am using a German payment account, and in "Bank Country" I put "FR" instead of "DE", French users that do not want to trade with German banks (or any foreign banks) might trade with me thinking that they are going to trade within their country to find out they will have to trade with a foreign bank, once the are already engaged in the trade.

Description of the feature / proposed solution

For IBAN payment accounts, to check if the bank country matches with the first two characters of the IBAN account. If not, warn the user with a pop up that the IBAN and bank country do not match and ask the user to review it. Not proposing a hard data validation, just a soft warning for the user.

This feature could save us quite a few mediation cases.

[beingindot]

@mpolavieja I have noticed that we have five payment accounts with IBAN field.

• National bank transfer
• Transfer with same banks
• Transfer with specific banks
• SEPA
• SEPA Instant Payments

while only last two have "country of bank" field name. others have to select region, country and currency. This feature is for all 5 payment accounts or only for last two SEPA accounts? Your opinion pls.

[mpolavieja]

My suggestion was for those payment methods that have the "country of bank" field name, that is, only for the last two SEPA payment methods.

However, I think it could be also useful to warn the user if the country and the first two characters of the IBAN do not match for the other 3 payment methods

[beingindot]

okay. I'll try whatever check i can do for account's other than SEPA.

[mpolavieja]

Hi @beingindot, What is the state of this issue? Related to this, I think it would be also good to force the user that the name of the account holder has at least 3 separate words, and each word is at least 2 character long (punctuation characters such as "." or "," excluded from word length calculation). This would make it difficult for scammers to use shortened or simplified names such as "John Smith" that would allow them to target a lot of potential victims without BTC sellers noticing when confirming the payment as the name of the Bank and the name in Bisq would roughly match.

It is important that we do all we can to force users to put their full names with accuracy, otherwise users might get used to confirm payments when names do not match exactly if that happens rather often without bad consequences, so it is easier for scammers to sneak in.

We need that non-matching names to be a rare event, otherwise users will not pay attention when names do not match.

[ripcurlx]

name of the account holder has at least 3 separate words,

Why three words? E.g. in Austria it is not very common to register at your bank with your middle name (if you have one at all).

[beingindot]

actually second name itself can be only one letter in some parts i know. maybe we need inform user to provide same name as in the bank account?

as for the issue, it is not yet on priority list.

[ripcurlx]

actually second name itself can be only one letter in some parts i know. maybe we need inform user to provide same name as in the bank account?

as for the issue, it is not yet on priority list.

I'm in the middle of trying to apply our new processes to our in progress developments. As soon as I'm done with that I'll start to create project proposals (more about that is announced soon) which would also cover feature requests like this.

[mpolavieja]

I said 3 words because for most countries a middle name or a second last name is required. I believe that at least warning the user when the name is too short would improve security and also reduce mediation cases.

I have had several trading peers which had put their names in Bisq shorter than the name in their bank (omitting middle name or second lastname), and they have told me that they have done a lot of trades and sellers never complained and confirmed the trade right away.

If the names don´t match very often, it is understandable that users confirm when the names are more or less the same (one of the words missing). This is not good at all for Bisq´s security for bank payment methods as Bisq security relies on the assumption of BTC sellers being diligent verifying the names.