search

studieren-ohne-grenzen / schlemmenohnegrenzen

https://schlemmen-ohne-grenzen.de
2 stars 1 forks source link

SEPA confirmation via mail #2

Closed fellhorn closed 7 years ago

fellhorn commented 7 years ago

I checked the website of Bundesbank. It seems like we do not have to create a pdf SEPA confirmation but should send the confirmation also via mail. Is there a privacy issue then? The mail would go to both users so we probably should not send the whole IBAN. What do you think? Or should we take a look which of the two team members owns the account and send the SEPA confimation only to him

danielrenninghoff commented 7 years ago

What I did now in 211f3ce5a3dc9774a383533bdbf7d8d2110e333e is that I only send the Lastschriftmandat to the user who signed up (email1). Since this user entered the information anyway, it makes sense to send him the lastschriftmandat. What do you think?

fellhorn commented 7 years ago

Yes - I fixed that. Now this user get's all information. I changed the form titles a bit to make it clear that user 1 should be the person filling the form

danielrenninghoff commented 7 years ago

One question: now you send the IBAN and BIC in plaintext unencrypted. Why?

fellhorn commented 7 years ago

I talked to Benni: We have to send the whole SEPA mandate via mail, too. Whole means including all information. My issue was that I do not want to send IBAN to both team members. Member 1 does not want member 2 to know his IBAN. Since we made the code that way that the SEPA confirmation will only be sent to member 1 I do not see any privacy issue anymore. Do you?

marcelklehr commented 7 years ago

Email is like, unencrypted, but I guess people don't care :)

danielrenninghoff commented 7 years ago

Yes, I'm not an expert but I don't think sending personal stuff like the IBAN unencrypted is something we should do. I don't think many websites do this actually. For example here is a screenshot from the Hochschulsport, as you can see, they censor the IBAN aswell. mandat

fellhorn commented 7 years ago

I just saw that SOG is also sending the whole IBAN via mail for membership fees ^^ I personally like the method of stripping down to the last n (3 <= n <= 5) digits. Would this be okay for you, too?

danielrenninghoff commented 7 years ago

Actually I just checked many mails (including big ones like Deutsche Bahn). THE ONLY entity that showed my full IBAN in the email was the Studieren Ohne Grenzen Mitgliederbeitrag. In my opinion we should change that.

fellhorn commented 7 years ago

But BIC in plaintext, okay?

danielrenninghoff commented 7 years ago

Ok :) by the way, right now we don't have IBAN validation at all ....

fellhorn commented 7 years ago

Fixed it: looks now like this: IBAN: DE51 XXXX XXXX XXXX XXX 246