Author

Topic: Paxum.com Issues: Recommend *Against* Using Paxum Now (Read 10011 times)

newbie
Activity: 1
Merit: 0
Now THIS is useful information... perhaps the Paxum reps can chime in and/or do something about it.

For the record, I also tried to verify my Paxum account today. I sent a scanned image and was told it was unacceptable. To my eyes it was perfectly fine.

But I guess if they make it hard enough, we'll go elsewhere.

PM me or email me ( [email protected] ) your username and we will get it sorted Smiley

Chris


i sent you a pm chris. please help me if you can regarding getting verified at paxum. thank you.
legendary
Activity: 1022
Merit: 1000
It WAS accepting Bitcoin at one point, but dropped out of it for some (legal ??) resaons.
Its a financial services provider that built a reputation to facilitate payments for porn in the US (anonymous and stuff).
It still does AFAIK, but not with BTC anymore.
vip
Activity: 103
Merit: 10
Bitcoin Exchanger at Best Rate.
What is Paxum and why I should need it? Never heard of them.
hero member
Activity: 588
Merit: 500
I gave up on setting up a Paxum account as well.  In order to add a checking account, you need the bank's SWIFT-BIC code.  I understand that not all banks have a record with Swift and they often deal with intermediary banks when it comes to international transfers.  This would be fine, but the website will *NOT* let you set up an account with an intermediary this way because the primary account still requires a SWIFT-BIC code.  Seriously... the routing number+account number is not sufficient?  Huh

FAIL. Tongue

Huge pain in the butt.  At least Dwolla was easy to set up.  Perhaps the simplest means of withdrawing from Tradehill without incurring huge fees is to simple have them cut you a check and send via U.S. Post.  

And having a razor sharp image of my driver's license rejected (taken with my Thunderbolt's 8MP camera in full daylight with no image cropping) is a joke.  The image was perfect enough that I could have laminated it to a plastic card and used it in place of the original and no one would be the wiser.

Wouldn't it be great if there was a currency you could use without all these pesky obnoxious banks and ridiculous fees?

That said, your bank certainly fails if they can't give you clear directions on how to receive an international wire. I can't say what might have happened with your driver's license image.
member
Activity: 73
Merit: 10
Quote
Because Canada is in Europe.

Might as well be.
newbie
Activity: 11
Merit: 0
I gave up on setting up a Paxum account as well.  In order to add a checking account, you need the bank's SWIFT-BIC code.  I understand that not all banks have a record with Swift and they often deal with intermediary banks when it comes to international transfers.  This would be fine, but the website will *NOT* let you set up an account with an intermediary this way because the primary account still requires a SWIFT-BIC code.  Seriously... the routing number+account number is not sufficient?  Huh

FAIL. Tongue

Huge pain in the butt.  At least Dwolla was easy to set up.  Perhaps the simplest means of withdrawing from Tradehill without incurring huge fees is to simple have them cut you a check and send via U.S. Post. 

And having a razor sharp image of my driver's license rejected (taken with my Thunderbolt's 8MP camera in full daylight with no image cropping) is a joke.  The image was perfect enough that I could have laminated it to a plastic card and used it in place of the original and no one would be the wiser.
full member
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE
cropped out? it's a picture of the back of my license sitting on my kitchen counter. I didn't crop anything lol. it is good to know I can use your service like dwolla for withdrawals right now. I didnt really want another card anyway in my wallet. I do have to say that you being on the forums offering direct customer support and giving out your email is very cool. good customer service so far. thank you
newbie
Activity: 28
Merit: 0
the verification process it a bit much. I'm actually irritated right now. I send pictures of drives license. it's expired on the front. cool no problem I'll send a picture of the back with the extension sticker. still get denied because the sticker expires 8/12/2011 and I'm avoiding going to the DMV until the last second. hey tell me they can't take it because it can't be expiring within a two week period? wtf ? I literally opened a regions checking account today with the same license. so my money sits on tradehill idle until I can send them something else? I'm all for being secure but c'mon... why did tradehill remove the dwolla withdrawal option again? this is a pain. do any other trading services offer dwolla withdrawal? I'm about over this paxum stuff.

Ill post this here aswell as send you another email - you are able to withdraw funds via wire/eft or to an external credit card with the issue you are having with your ID expiring too soon for us to issue a mastercard.

Resubmit the back of your card with it in full frame - it was cropped out.


Chris



Edit: Also keep in mind EFT transactions may be subject to extra steps in verification. Simple and painless but it is just a fraud prevention step that has helped us stop ACH fraud Smiley
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
... Half the shit in the US is outsourced...

And all the good stuff is done here! 8^)

(that's a joke son...just in case)
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
is there any risk why tradehill stopped dwolla withdrawals???
Yeah. The risk is that Dwolla would keep the money against additional chargebacks. TradeHill might send your $1,000 to Dwolla only to have Dwolla claim TradeHill has a negative balance because someone else charged back a transaction from last month and so can't send you any money.
full member
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE
is there any risk why tradehill stopped dwolla withdrawals???
full member
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE
the verification process it a bit much. I'm actually irritated right now. I send pictures of drives license. it's expired on the front. cool no problem I'll send a picture of the back with the extension sticker. still get denied because the sticker expires 8/12/2011 and I'm avoiding going to the DMV until the last second. hey tell me they can't take it because it can't be expiring within a two week period? wtf ? I literally opened a regions checking account today with the same license. so my money sits on tradehill idle until I can send them something else? I'm all for being secure but c'mon... why did tradehill remove the dwolla withdrawal option again? this is a pain. do any other trading services offer dwolla withdrawal? I'm about over this paxum stuff.
newbie
Activity: 28
Merit: 0
Really now...

ON A FRIDAY!?!?!


It's friday it's friday ..... Cheesy
newbie
Activity: 36
Merit: 0
Not sure if it was humour or not but claiming that anything not US grown sucks is pure BS... Half the shit in the US is outsourced...

And with regards to the original topic, I signed up last night and it went pretty smooth. The only thing I had to look around for is swift codes and routing number formats since its presented differently than what i'm used to but then again, I don't do lots of international transfers. I also confirmed my account by taking pics of my ID and power bill with my iPhone.. No hassle. Not sure if I got in easy but if not, you must be doing an awful job with that ID.
member
Activity: 84
Merit: 10
Really now...

ON A FRIDAY!?!?!
full member
Activity: 126
Merit: 100
European web sites all suck?  Not in my experience.  Besides, as somebody noted, this is a Canadian company, not European.

I've emailed Chris and heard back.  Hopefully we'll be able to work together to fix some of the issues that I saw.
hero member
Activity: 896
Merit: 1000
Seal Cub Clubbing Club
Because Canada is in Europe.
hero member
Activity: 728
Merit: 501
CryptoTalk.Org - Get Paid for every Post!
Undecided

I just attempted to open a Paxum account, to try them out.  The experience was extremely difficult, and at the end I called Paxum and had them walk me through the process of closing the account.  I did not feel safe using it.

Here's what I noticed in the process;

1) Paxum's automated emails use HTML, but have incorrect MIME settings.  This means that they are displayed by Thunderbird and the other email clients that I tested as plain text.  *That* means that you have to search through a bunch of HTML codes to find the information that you need to confirm your account, etc. 

2) Paxum uses attached PDF files to send certain types of critical information, but because of the broken MIME settings, the attachments cannot be viewed or detached in normal email clients.  They must be handled by hand, by saving the email as text and then using a utility to demime them.  Most users are not up to figuring this out.

3) Paxum's web site is extremely picky about the format of information that it accepts in fields when you are signing up, but does not tell you in advance which symbols are disallowed.  Among the issues: periods (.) are not allowed in street addresses, but you find that out only when you include one and get an error back.

4) Paxum will not accept a scanned image above 4 MB in size for identity verification, but states that images must be "high quality" and rejects faxed images.  It took me several tries to come up with an image that was of a size it would accept and also a quality it would accept.  This is *really* annoying.

I could continue, but frankly, the email and web site tell me that the people managing Paxum's servers are not very good at what they are doing.  I work in networking security, manage a mail server, have managed web sites since the mid-1990s, and am intimately familiar with what it takes to run a secure site.  My assessment of Paxum's setup is that their technical people do not appear to be experienced enough to be trusted running a site that requests and holds information that will allow identity theft.  I didn't run a vulnerability scan on the site, but would not be at all surprised to find cross-site scripts and other vulnerabilities that can be used to steal information.

I recommend not using Paxum.  They probably mean well, and after they get their act together on their technical services might be worth using.  For now, though, giving them the information that they request to manage your money is IMHO taking an unnecessary and unwise risk.


Paxum has been around awhile. They've handled 100s of millions of dollars through their network. They're not american so of course their website is going to suck. European websites are trash by default. Tongue
legendary
Activity: 1106
Merit: 1001
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.

ROFL!  Well put.

There may be more women on the forum than many of you know.  I've noticed that a lot of women use androgynous handles on forums where there are lots of men, particularly if there's any of the typical masculine back-and-forth teasing about sex.  I'm an old lady by geek standards (50 this year), pretty tough, and perfectly willing to tell any nitwit that behaves inappropriately to BACK OFF.  Not all women are, though.  Where the topic of conversation isn't personal -- like, say, a new monetary system -- it's often easier to participate if some guys assume that we're men.  The grown-ups, of course, have long since figured out that we might be interesting for reasons other than our gender. Wink



Uhm... you sort of blew your cover there, Ergo  Wink
full member
Activity: 126
Merit: 100
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.

ROFL!  Well put.

There may be more women on the forum than many of you know.  I've noticed that a lot of women use androgynous handles on forums where there are lots of men, particularly if there's any of the typical masculine back-and-forth teasing about sex.  I'm an old lady by geek standards (50 this year), pretty tough, and perfectly willing to tell any nitwit that behaves inappropriately to BACK OFF.  Not all women are, though.  Where the topic of conversation isn't personal -- like, say, a new monetary system -- it's often easier to participate if some guys assume that we're men.  The grown-ups, of course, have long since figured out that we might be interesting for reasons other than our gender. Wink

legendary
Activity: 1106
Merit: 1001
All right guys, stop drooling and stay focused on the technical issues. Tongue

Hey, she started it, what with telling us she was checking and all :-)
hero member
Activity: 588
Merit: 500
All right guys, stop drooling and stay focused on the technical issues. Tongue
full member
Activity: 126
Merit: 100
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.
Right, thanks for the clarification.

You mean, on top of being a smart cookie, and having a husband, she's also attracted to the same sex... I think I'm in love :-)
Women tend not to be tech geeks, unless it's Jeri Ellsworth ofc. But would be cool. Proof would be nice Tongue
legendary
Activity: 1106
Merit: 1001
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.
Right, thanks for the clarification.

You mean, on top of being a smart cookie, and having a husband, she's also attracted to the same sex... I think I'm in love :-)
full member
Activity: 126
Merit: 100
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.
Right, thanks for the clarification.
newbie
Activity: 28
Merit: 0
Further to my previous post on the difficulty of getting verified with Paxum, I had an email exchange with Chris. I accept his explanation for why the procedure may seem more difficult than is warranted, and on the face of it it seems to be so for the benefit of us, the customers.

He also offered a pretty easy solution, which I stupidly hadn't though of myself, to get around the problem.

So far, so good.
Everything we do at the end is to protect our clients. If we dont we put everyone at risk. Even if that means rejecting some documents you all feel should work Smiley

Better safe than sorry ... right? Smiley
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
Am i to understand you are sexually attracted to the same sex?
If you mean the same as her husband, then yes.
legendary
Activity: 1106
Merit: 1001
Further to my previous post on the difficulty of getting verified with Paxum, I had an email exchange with Chris. I accept his explanation for why the procedure may seem more difficult than is warranted, and on the face of it it seems to be so for the benefit of us, the customers.

He also offered a pretty easy solution, which I stupidly hadn't though of myself, to get around the problem.

So far, so good.
full member
Activity: 126
Merit: 100
Chris, the problem isn't just with Thunderbird. I verified that the same issue comes up with several other email clients as well.  One of them was the standard Macintosh email client; my husband has a Mac Pro and I tested with it.  Only certain webmail clients display your emails as rendered HTML.  

Outside auditing of your site is a good thing.  Frankly, from my experience, it has probably saved your bacon more than once because the people who are designing, coding, and managing the web site show every sign of not knowing how to do this kind of work. Sad  You *really* need to get some more experienced developers ASAP.

I'm a technical writer by profession, but also do a lot of QA as part of my job.  I work for a Fortune 500 company, in the division that provides security "solutions" (I HATE that term) for protecting customer-facing web portals for companies and organizations that have high security needs, such as banks and financial institutions.  The technical side of your business is exactly the sort of thing that I spend most of my working day understanding, documenting, and figuring out how to protect.  (As in -- write use cases for.)

I'm not hostile to Paxum.  Nor do I think Paxum is trying to defraud anybody; I see no sign of that at all.  What I do see is a sign of lack of sufficient experience in designing and managing secure web sites.  You *MUST* get people in there who know how to handle the types of security required for a financial institution.
Am i to understand you are sexually attracted to the same sex?
legendary
Activity: 1106
Merit: 1001
Don't worry, Chris. If you address these issues, you'll likely find that Ergo will change the name of this thread. He's a completely different kind of person to the ones that attacked you in other threads.

She.  At least, last I checked.  (My poor husband would be quite shocked if it turned out otherwise.) Wink

A thousand apologies... I shouldn't have assumed. In my defence, women seem to be scarce in these forums, enough that there's a whole thread about it, and another thread devoted to a single tattoo... sheesh!

You poor husband is a lucky man.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
I'm not hostile to Paxum.  Nor do I think Paxum is trying to defraud anybody; I see no sign of that at all.  What I do see is a sign of lack of sufficient experience in designing and managing secure web sites.  You *MUST* get people in there who know how to handle the types of security required for a financial institution.
I'm not hostile to Paxum either, and I don't think Paxum is trying to defraud anyone. I wouldn't read as much into these particular issues as ErgoOne seems to.

But I will say one thing from my own experience: It is very easy for non-technical people to assume that because someone knows how to do something and make it work, they also know how to make it secure. And it's easy to assume that because nothing bad has happened for awhile, your system must be at least reasonably secure. And it's easy to assume that because a system is growing, it's also growing more secure -- surely someone's doing that, right? However, these three assumptions are entirely false.

This is especially true for innovative companies that experience fast growth. Mt. Gox, for example.

A small anecdote: The last breach I helped clean up involved a software defect that could have leaked a small, growing company's entire customer and transaction database. The programmer whose code had the bug knew that his code had this type of bug, but he believed it was too difficult to exploit because he didn't know an easy way to exploit it. He, of course, was not a computer security person, so he had no idea that there are toolkits available that make exploiting bugs of this type extremely easy.

And one final point: If you ask these people if they take security seriously and if their code is secure, they will say yes because they honestly believe that they are. And they believe there's no need for other people to audit them. When they see how many vulnerabilities there are and how easy they are to exploit, they are frequently quite surprised. People who aren't security experts just don't understand what the threats actually are.
full member
Activity: 126
Merit: 100
Don't worry, Chris. If you address these issues, you'll likely find that Ergo will change the name of this thread. He's a completely different kind of person to the ones that attacked you in other threads.

She.  At least, last I checked.  (My poor husband would be quite shocked if it turned out otherwise.) Wink
legendary
Activity: 4690
Merit: 1276
I'm not even close to signing up with Paxum because I want to wait and see about some other stuff, and because I have no need for their service.  

But I will agree w/ Mr Katz (as seems to be often the case) that these issues don't strike me as the kinds of red flags that I would be especially  concerned about.  Indeed, it seems like they are practicing defensive programming in certain of these issues, and that is in my book a very good thing.  

Obviously it would be a good thing if the end user experience was better, but I personally would gladly trade this to avoid the hassle of being caught up in some fraudulent use fiasco.
newbie
Activity: 28
Merit: 0
Chris, the problem isn't just with Thunderbird. I verified that the same issue comes up with several other email clients as well.  One of them was the standard Macintosh email client; my husband has a Mac Pro and I tested with it.  Only certain webmail clients display your emails as rendered HTML.  

Outside auditing of your site is a good thing.  Frankly, from my experience, it has probably saved your bacon more than once because the people who are designing, coding, and managing the web site show every sign of not knowing how to do this kind of work. Sad  You *really* need to get some more experienced developers ASAP.

I'm a technical writer by profession, but also do a lot of QA as part of my job.  I work for a Fortune 500 company, in the division that provides security "solutions" (I HATE that term) for protecting customer-facing web portals for companies and organizations that have high security needs, such as banks and financial institutions.  The technical side of your business is exactly the sort of thing that I spend most of my working day understanding, documenting, and figuring out how to protect.  (As in -- write use cases for.)

I'm not hostile to Paxum.  Nor do I think Paxum is trying to defraud anybody; I see no sign of that at all.  What I do see is a sign of lack of sufficient experience in designing and managing secure web sites.  You *MUST* get people in there who know how to handle the types of security required for a financial institution.

Regarding the Email issue - again we have never heard of this before at all. I will have a tech look at it but to be honest this seems to be a very isolated incident.If this was a common issue i'd assume we would of been made aware of this when we first launched and had 1000's of accounts created in a matter of days.

I appreciate your feedback and we do take it all in and discuss it and always improving our services.

If you would like to email me any more specifics to this that may not be for the public eye to see shoot me an email [email protected] - and we can get this all sorted with our tech guys Smiley

Regards

Chris
full member
Activity: 126
Merit: 100
These are very typical of the issues you have when a service goes live, especially when external events force your timing. I bet these will all be sorted out within a week at most.

From your mouth to God's ears. :-)  I expect that it will take more than a week, but the problems are definitely fixable.  These are not issues associated with a lack of integrity or fundamentally careless attitude, but with a new company that needs expertise in something that it lacks expertise in.  I will probably try Paxum again in a couple of months if I see reason to think that they've fixed the problems.

But not right now.
full member
Activity: 126
Merit: 100
Chris, the problem isn't just with Thunderbird. I verified that the same issue comes up with several other email clients as well.  One of them was the standard Macintosh email client; my husband has a Mac Pro and I tested with it.  Only certain webmail clients display your emails as rendered HTML.  

Outside auditing of your site is a good thing.  Frankly, from my experience, it has probably saved your bacon more than once because the people who are designing, coding, and managing the web site show every sign of not knowing how to do this kind of work. Sad  You *really* need to get some more experienced developers ASAP.

I'm a technical writer by profession, but also do a lot of QA as part of my job.  I work for a Fortune 500 company, in the division that provides security "solutions" (I HATE that term) for protecting customer-facing web portals for companies and organizations that have high security needs, such as banks and financial institutions.  The technical side of your business is exactly the sort of thing that I spend most of my working day understanding, documenting, and figuring out how to protect.  (As in -- write use cases for.)

I'm not hostile to Paxum.  Nor do I think Paxum is trying to defraud anybody; I see no sign of that at all.  What I do see is a sign of lack of sufficient experience in designing and managing secure web sites.  You *MUST* get people in there who know how to handle the types of security required for a financial institution.
newbie
Activity: 37
Merit: 0
4) Paxum will not accept a scanned image above 4 MB in size for identity verification, but states that images must be "high quality" and rejects faxed images.  It took me several tries to come up with an image that was of a size it would accept and also a quality it would accept.  This is *really* annoying.

I opened an account with them, sent them Scanned Passport that I have saved from PayPal, MoneyBookers etc, and sent Utility Bill.
They rejected the Passport because a part of the top edge was too close to the edge of the scan. So I sent a scan of another Government ID as my Passport is in my Parent's house in a safe so I don't keep it in mine

Still no dice.

So I closed the account. I didn't even want to use it for deposit just withdrawal.

R
legendary
Activity: 1106
Merit: 1001
These are very typical of the issues you have when a service goes live, especially when external events force your timing. I bet these will all be sorted out within a week at most.
We have been running for awhile and have processed thousands upon thousands of accounts with out any major issues. The PDF and email issue is very new to me and we have not be alerted to it until this post by any client. Same for the PDF issue.

Regards
Chris


Don't worry, Chris. If you address these issues, you'll likely find that Ergo will change the name of this thread. He's a completely different kind of person to the ones that attacked you in other threads.

And if it makes Paxum more secure and user friendly in the future, that can only be good, right?
newbie
Activity: 28
Merit: 0
These are very typical of the issues you have when a service goes live, especially when external events force your timing. I bet these will all be sorted out within a week at most.
We have been running for awhile and have processed thousands upon thousands of accounts with out any major issues. The PDF and email issue is very new to me and we have not be alerted to it until this post by any client. Same for the PDF issue.

Regards
Chris
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
These are very typical of the issues you have when a service goes live, especially when external events force your timing. I bet these will all be sorted out within a week at most.
newbie
Activity: 28
Merit: 0
Now THIS is useful information... perhaps the Paxum reps can chime in and/or do something about it.

For the record, I also tried to verify my Paxum account today. I sent a scanned image and was told it was unacceptable. To my eyes it was perfectly fine.

But I guess if they make it hard enough, we'll go elsewhere.

PM me or email me ( [email protected] ) your username and we will get it sorted Smiley

Chris
newbie
Activity: 28
Merit: 0
newbie
Activity: 28
Merit: 0
Good to know Smiley What a bunch of shits Cool
legendary
Activity: 1106
Merit: 1001
Now THIS is useful information... perhaps the Paxum reps can chime in and/or do something about it.

For the record, I also tried to verify my Paxum account today. I sent a scanned image and was told it was unacceptable. To my eyes it was perfectly fine.

But I guess if they make it hard enough, we'll go elsewhere.
full member
Activity: 126
Merit: 100
 Undecided

I just attempted to open a Paxum account, to try them out.  The experience was extremely difficult, and at the end I called Paxum and had them walk me through the process of closing the account.  I did not feel safe using it.

Here's what I noticed in the process;

1) Paxum's automated emails use HTML, but have incorrect MIME settings.  This means that they are displayed by Thunderbird and the other email clients that I tested as plain text.  *That* means that you have to search through a bunch of HTML codes to find the information that you need to confirm your account, etc. 

2) Paxum uses attached PDF files to send certain types of critical information, but because of the broken MIME settings, the attachments cannot be viewed or detached in normal email clients.  They must be handled by hand, by saving the email as text and then using a utility to demime them.  Most users are not up to figuring this out.

3) Paxum's web site is extremely picky about the format of information that it accepts in fields when you are signing up, but does not tell you in advance which symbols are disallowed.  Among the issues: periods (.) are not allowed in street addresses, but you find that out only when you include one and get an error back.

4) Paxum will not accept a scanned image above 4 MB in size for identity verification, but states that images must be "high quality" and rejects faxed images.  It took me several tries to come up with an image that was of a size it would accept and also a quality it would accept.  This is *really* annoying.

I could continue, but frankly, the email and web site tell me that the people managing Paxum's servers are not very good at what they are doing.  I work in networking security, manage a mail server, have managed web sites since the mid-1990s, and am intimately familiar with what it takes to run a secure site.  My assessment of Paxum's setup is that their technical people do not appear to be experienced enough to be trusted running a site that requests and holds information that will allow identity theft.  I didn't run a vulnerability scan on the site, but would not be at all surprised to find cross-site scripts and other vulnerabilities that can be used to steal information.

I recommend not using Paxum.  They probably mean well, and after they get their act together on their technical services might be worth using.  For now, though, giving them the information that they request to manage your money is IMHO taking an unnecessary and unwise risk.
Jump to: