[Wikimedia-l] Why is bank transfer no longer possible?

classic Classic list List threaded Threaded
47 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Gerard Meijssen-3
Hoi,
Do not be daft. The Wikimedia Foundation centralised its fundraising. It
said that it would do a better job. Seen from a central periphery model, it
probably does, However seen from the Netherlands it is rather silly.,

Pooh poohing this away with "you can donate time as well" is fine when you
are in the centre.

Recently chapters were told to fundraise. There is a point to that but it
is also a specific skill. It is not smart to develop such skills and not
make use of it in what is effectively the biggest fundraiser for a chapter.

We are discussing,yet again, the text and approach of the fundraiser and we
are yet again going through the same moves.  We are a movement and the
Wikimedia Foundation is not it. It does not optimise the opportunities for
all of us. In the Netherlands, I would not be surprised when the amount of
fundraising could at least double with local involvement.
Thanks,
       GerardM

On 30 November 2014 at 03:36, MZMcBride <[hidden email]> wrote:

> Wikimedia always accepts donations. If the Wikimedia Foundation can't
> figure out a way to easily accept monetary donations from Dutch
> Wikimedians, why not simply focus efforts on non-monetary donations?
> Edits and other wiki contributions are far more valuable, in my opinion.
> Wikimedia Nederland seems to already be doing a lot of great work
> encouraging these types of contributions (e.g., Wiki Loves [X]). :-)
>
> For the past few years I've seen it as fairly low-hanging fruit to create
> a tongue-in-cheek "don't donate to Wikipedia" or "donate time instead" or
> similar campaign. Or even register "DonateToWikipedia.org" and send
> visitors to the edit form of an article that needs love. When people ask
> me in real-life about donating to Wikipedia (nobody knows what Wikimedia
> is), I typically suggest making a few edits instead of donating money
> directly. I don't think the Wikimedia Foundation really needs the money
> and I think volunteer time is worth significantly more.
>
> MZMcBride
>
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Fæ
In reply to this post by Lodewijk
On 30 November 2014 at 07:35, Gerard Meijssen <[hidden email]> wrote:
...
> Do not be daft. The Wikimedia Foundation centralised its fundraising. It
> said that it would do a better job. Seen from a central periphery model, it
> probably does, However seen from the Netherlands it is rather silly.,
...

I believe that the current process of centralizing funds in the USA
that are actually taken in Europe and then paid out outside of the USA
is *highly* inefficient. By the time the WMF and local organization
(i.e. chapter, thorg, user group or project) costs of fundraising,
grant applications, administration and reporting, payment costs and
significant tax burden are considered, this (avoidable system) throws
away at least 40c out of each donated $1 before we can even start
calculating the extra administration costs/wastage from that point on,
which as a past Chapter chair, I know can easily be a further 50%
compounded on the cost.

Despite this being raised several times over the last few years, no
chapter or the WMF has unambiguously or straight-forwardly calculated
the true end-to-end processing costs. As a consequence, this can only
be a guesstimate based on experience.

Fae
--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

rupert THURNER-2
In reply to this post by MZMcBride-2
hi mz,

you are right, the whole wikipedia is built by volunteer time and
could have not been built otherwise. so volunteer time clearly is
worth significantly more. i sometimes feel ripped off as a volunteer.
first i donate my time, and then people approach me to addtionally
spend money for a conference, like last year in geneva 250eur for an
open knowledge conference. or i want to meet a person who is not
wealthy enough to pay her trip to london within the UK, and there is
no way to get her a 100 gbp, as happend last year. wmf is not capable
- i should have planned this a year in advance. wmch would be flexible
enough but a different country and punished by WMF for beeing
flexible. wmuk does not have a budget for such a strange thing, and it
should have known it in advance as well.

so where should this money come from? the easiest and cheapest is:
take the money from the website. coupled with a more flexible,
localised spending scheme. so WMCH or WMUK could pay this without
headache. but WMF does not want this. out of 60 mio usd income, 52 mio
or 86% is spent by the wikimedia foundation, yearly increasing. and
most of it is spent in the united states.

some time in future even wmf persons will recognize that if i would be
perfectly organized and most intelligent person in the world i would
use zero time for wikipedia. i'd instead sell my time as expensive as
possible, and i'd be rich as bill gates. the foundation, and even some
chapters, give the impression only perfect persons are good enough for
them. or, even worse, treat them deliberatly like cattle. the core of
its movement with it turns away, as those people are not good enough.
and as bill gates and the other perfect persons will not contribute,
nobody will. so we are back on field one, nupedia. jimbo has his
personal foundation which will honor him even when he is dead,
financed by one of the worlds largest websites. the foundation pays
1000 persons to keep it running. no volunteers necessary.

rupert

On Sun, Nov 30, 2014 at 3:36 AM, MZMcBride <[hidden email]> wrote:

> Wikimedia always accepts donations. If the Wikimedia Foundation can't
> figure out a way to easily accept monetary donations from Dutch
> Wikimedians, why not simply focus efforts on non-monetary donations?
> Edits and other wiki contributions are far more valuable, in my opinion.
> Wikimedia Nederland seems to already be doing a lot of great work
> encouraging these types of contributions (e.g., Wiki Loves [X]). :-)
>
> For the past few years I've seen it as fairly low-hanging fruit to create
> a tongue-in-cheek "don't donate to Wikipedia" or "donate time instead" or
> similar campaign. Or even register "DonateToWikipedia.org" and send
> visitors to the edit form of an article that needs love. When people ask
> me in real-life about donating to Wikipedia (nobody knows what Wikimedia
> is), I typically suggest making a few edits instead of donating money
> directly. I don't think the Wikimedia Foundation really needs the money
> and I think volunteer time is worth significantly more.
>
> MZMcBride
>
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Gerard Meijssen-3
Hoi,
Our community, movement and our foundation is pretty darn good. When you
consider all the imperfections, there is after all room for improvement, it
is really amazing how much is achieved on such a shoestring budget. We pay
the prize for under-investing in our organisation, in our infrastructure.
Our "primary" systems however are pretty stable.

My point is not that we should lose our ethos but that we should be more
smart about it. It is only fairly recently that we have the talent to
really improve the basics of our infra structure. We now have our systems
in multiple professional locations, The guts of MediaWiki is changing in
more than one way. Wikidata will make a splash in 2015. As it is, it is has
so much room for growth. The biggest amount of data will arrive from the
bigger projects however, the biggest potential is in the 250 other
languages that we support.

Yes, there are plenty individual stories that suck. But our projects will
never be like Nupedia. Some people have to revisit what we learned. One of
the lessons was that we can be and should be daring and innovative. Not
heeding this lesson is what will most likely do us in.
Thanks,
       GerardM

On 30 November 2014 at 15:23, rupert THURNER <[hidden email]>
wrote:

> hi mz,
>
> you are right, the whole wikipedia is built by volunteer time and
> could have not been built otherwise. so volunteer time clearly is
> worth significantly more. i sometimes feel ripped off as a volunteer.
> first i donate my time, and then people approach me to addtionally
> spend money for a conference, like last year in geneva 250eur for an
> open knowledge conference. or i want to meet a person who is not
> wealthy enough to pay her trip to london within the UK, and there is
> no way to get her a 100 gbp, as happend last year. wmf is not capable
> - i should have planned this a year in advance. wmch would be flexible
> enough but a different country and punished by WMF for beeing
> flexible. wmuk does not have a budget for such a strange thing, and it
> should have known it in advance as well.
>
> so where should this money come from? the easiest and cheapest is:
> take the money from the website. coupled with a more flexible,
> localised spending scheme. so WMCH or WMUK could pay this without
> headache. but WMF does not want this. out of 60 mio usd income, 52 mio
> or 86% is spent by the wikimedia foundation, yearly increasing. and
> most of it is spent in the united states.
>
> some time in future even wmf persons will recognize that if i would be
> perfectly organized and most intelligent person in the world i would
> use zero time for wikipedia. i'd instead sell my time as expensive as
> possible, and i'd be rich as bill gates. the foundation, and even some
> chapters, give the impression only perfect persons are good enough for
> them. or, even worse, treat them deliberatly like cattle. the core of
> its movement with it turns away, as those people are not good enough.
> and as bill gates and the other perfect persons will not contribute,
> nobody will. so we are back on field one, nupedia. jimbo has his
> personal foundation which will honor him even when he is dead,
> financed by one of the worlds largest websites. the foundation pays
> 1000 persons to keep it running. no volunteers necessary.
>
> rupert
>
> On Sun, Nov 30, 2014 at 3:36 AM, MZMcBride <[hidden email]> wrote:
> > Wikimedia always accepts donations. If the Wikimedia Foundation can't
> > figure out a way to easily accept monetary donations from Dutch
> > Wikimedians, why not simply focus efforts on non-monetary donations?
> > Edits and other wiki contributions are far more valuable, in my opinion.
> > Wikimedia Nederland seems to already be doing a lot of great work
> > encouraging these types of contributions (e.g., Wiki Loves [X]). :-)
> >
> > For the past few years I've seen it as fairly low-hanging fruit to create
> > a tongue-in-cheek "don't donate to Wikipedia" or "donate time instead" or
> > similar campaign. Or even register "DonateToWikipedia.org" and send
> > visitors to the edit form of an article that needs love. When people ask
> > me in real-life about donating to Wikipedia (nobody knows what Wikimedia
> > is), I typically suggest making a few edits instead of donating money
> > directly. I don't think the Wikimedia Foundation really needs the money
> > and I think volunteer time is worth significantly more.
> >
> > MZMcBride
> >
> >
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Federico Leva (Nemo)
In reply to this post by Michael Snow-5
Michael Snow, 30/11/2014 01:03:
> One avenue for fraud that's facilitated by posting account numbers is
> small payment fraud, usually involving stolen credit cards.  [.............]

So what all this message have to do with IBAN?

Nemo


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Michael Snow-5
On 11/30/2014 10:19 AM, Federico Leva (Nemo) wrote:
> Michael Snow, 30/11/2014 01:03:
>> One avenue for fraud that's facilitated by posting account numbers is
>> small payment fraud, usually involving stolen credit cards.
>> [.............]
>
> So what all this message have to do with IBAN?
As the rest of the message discussed, the fraudsters can use the IBAN to
make a "donation" in order to test that stolen card information belongs
to a real credit card.

--Michael Snow

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Jan Ainali-2
2014-11-30 19:40 GMT+01:00 Michael Snow <[hidden email]>:

> On 11/30/2014 10:19 AM, Federico Leva (Nemo) wrote:
>
>> Michael Snow, 30/11/2014 01:03:
>>
>>> One avenue for fraud that's facilitated by posting account numbers is
>>> small payment fraud, usually involving stolen credit cards.
>>> [.............]
>>>
>>
>> So what all this message have to do with IBAN?
>>
> As the rest of the message discussed, the fraudsters can use the IBAN to
> make a "donation" in order to test that stolen card information belongs to
> a real credit card.


Is IBAN more vulnerable to this than just the possibility to being able to
donate from a credit card at all?

/Jan
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Bence Damokos
In reply to this post by Michael Snow-5
On Sun, Nov 30, 2014 at 7:40 PM, Michael Snow <[hidden email]>
wrote:

> On 11/30/2014 10:19 AM, Federico Leva (Nemo) wrote:
>
>> Michael Snow, 30/11/2014 01:03:
>>
>>> One avenue for fraud that's facilitated by posting account numbers is
>>> small payment fraud, usually involving stolen credit cards.
>>> [.............]
>>>
>>
>> So what all this message have to do with IBAN?
>>
> As the rest of the message discussed, the fraudsters can use the IBAN to
> make a "donation" in order to test that stolen card information belongs to
> a real credit card.

Thinking through your example, the fraudsters would need to have an online
interface for transfering money from a credit card to a bank account, and
getting some form of verification that the transfer went through. I am not
sure it was clear from your explanation how knowing the bank account number
any help in getting the two components for the fraud (the transfer system
and the verification), as opposed to the donation system itself (which does
not have to reveal the destination account number, and which in the case of
the WMF is likely a different account then the bank account whose number
was previously displayed online).

Best regards,
Bence

>
>
> --Michael Snow
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Federico Leva (Nemo)
In reply to this post by Michael Snow-5
Michael Snow, 30/11/2014 19:40:
> As the rest of the message discussed, the fraudsters can use the IBAN to
> make a "donation" in order to test that stolen card information belongs
> to a real credit card.

Are you sure you know what an IBAN is?

Anyway, please inform the European Central Bank of your findings, I'm
sure they'll be interested in hearing them. Currently their website
seems unaware of such fraud possibilities and contains statements such
as «Sensitive data payment: Data which could be used to carry out fraud,
excluding the name of the account owner and the account number».
<https://www.ecb.europa.eu/pub/pdf/other/pubconsultationoutcome201405securitypaymentaccountaccessservicesen.pdf>

Nemo

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Gerard Meijssen-3
In reply to this post by Michael Snow-5
Hoi,
An IBAN number is NOT a credit card ... You need a ping number in
combination with some smart card functionality in order to make it work..
The combination generates a number that is always different..

You can steal my card but making use of it without the pin number is really
hard, next to impossible.. At that Europe has better card security than the
USA.
Thanks,
     GerardM

On 30 November 2014 at 19:40, Michael Snow <[hidden email]> wrote:

> On 11/30/2014 10:19 AM, Federico Leva (Nemo) wrote:
>
>> Michael Snow, 30/11/2014 01:03:
>>
>>> One avenue for fraud that's facilitated by posting account numbers is
>>> small payment fraud, usually involving stolen credit cards.
>>> [.............]
>>>
>>
>> So what all this message have to do with IBAN?
>>
> As the rest of the message discussed, the fraudsters can use the IBAN to
> make a "donation" in order to test that stolen card information belongs to
> a real credit card.
>
> --Michael Snow
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Frédéric Schütz
In reply to this post by Lodewijk
On 29/11/14 10:05, Lodewijk wrote:

> Thanks for the clarification. It's surprising to me that posting a bank
> account number could lead to fraud - the bank systems are supposed to be
> robust enough for that.

My understanding is this is mostly a problem in the US, from what I
heard from Garfield. I asked him because Wikimedia CH broadcast its IBAN
number everywhere for the fundraising, so I would have liked to know of
any potential problem, but there does not seem to be any in Europe.

(I don't know much about the US banking system, but it looks like
knowing someone's account number may indeed be enough to wreak havoc on
their account; see for example the recollection of computer scientist
Donald Knuth, who had to stop sending checks to people who discover
errors in his books: http://www-cs-faculty.stanford.edu/~uno/news08.html)

> I know that all charities in the Netherlands post
> this number on their website - maybe it could be worth while to reach out
> and see if switching banks might improve the security, if Citibank didn't
> fix it themselves?

It is definitively the case in Switzerland too -- and the reason why we
(Wikimedia CH) are very efficient at low cost fundraising: the marginal
cost of direct bank deposit is close to 0%. And we get about 6 bank
deposits for every credit card donation.

F.


> Anyway, best of luck with fixing the underlying problem!
>
> Best,
> Lodewijk
>
> On Sat, Nov 29, 2014 at 12:13 AM, Garfield Byrd <[hidden email]> wrote:
>
>> Lodewijk,
>>
>> IBAN and bank account information is sent out upon request due to the level
>> of attempted bank fraud when the account information was posted on the
>> website.
>>
>> I can review with our bank to see if IBAN security and fraud protection has
>> improved so that we can publicly post our IBAN number.
>>
>> Regards,
>>
>> Garfield
>>
>> On Mon, Nov 17, 2014 at 1:16 PM, Lodewijk <[hidden email]>
>> wrote:
>>
>>> Hi Patricia,
>>>
>>> Thanks for telling that the iDEAL will be back soon. I don't quite
>>> understand from your answer why you add the increased hurdle of emailing
>>> the team for the IBAN though. Am I overlooking something?
>>>
>>> Best,
>>> Lodewijk
>>>
>>> On Mon, Nov 17, 2014 at 10:06 PM, Patricia Pena <[hidden email]>
>>> wrote:
>>>
>>>> Hi Lodewijk,
>>>>
>>>> Currently IDEAL is temporarily down on our pages (it went into
>>> maintenance
>>>> mode after our annual campaign), but should be back up soon :)  We know
>>>> the importance of this method for Dutch donors and have supported this
>>>> option since we started fundraising in the NL. We also support offline
>>> bank
>>>> transfer (IBAN) and donors can get the account number with our Donor
>>>> Services team.
>>>>
>>>> We had an extremely successful Fundraising campaign this year, and
>> there
>>>> will be some great mobile optimization coming up in the next few
>> months,
>>>> which will allow mobile donors to complete their donations in a much
>>> faster
>>>> and easier way.
>>>>
>>>> Thanks!
>>>> Pats
>>>>
>>>> On Mon, Nov 17, 2014 at 11:28 AM, Lodewijk <
>> [hidden email]>
>>>> wrote:
>>>>
>>>>> A while back now, the chapters were no longer allowed to fundraise,
>>>> because
>>>>> the Wikimedia Foundation argued they would be better able to do this.
>>> At
>>>>> the time, this sounded somewhat reasonable. However, since then,
>> there
>>>> have
>>>>> been some disturbing developments - at least for Dutch donors.
>>>>>
>>>>> No longer it is possible to pay electronically (iDEAL, one of the
>> most
>>>>> common methods is no longer supported - 'electronic banking' simply
>>>> refers
>>>>> you back to the credit card page) or even via regular bank transfer
>>>> (using
>>>>> an IBAN) in the Netherlands. The donation page
>>>>> <
>>>>>
>>>>
>>>
>> https://donate.wikimedia.org/w/index.php?title=Special:FundraiserLandingPage&country=NL&uselang=en&utm_medium=spontaneous&utm_source=fr-redir&utm_campaign=spontaneous
>>>>>>
>>>>> only
>>>>> allows credit card and paypal, and the 'other ways to give' simply
>>> sends
>>>>> you to the helpdesk if you want to make a bank transfer payment.
>>>>>
>>>>> What is the reasoning behind this? Have bank transfers become a legal
>>>>> swamp? Are there statistics suggesting that this method was no longer
>>>>> required by donors? Did the European bank account somehow get
>>> temporarily
>>>>> suspended?
>>>>>
>>>>> If it has become so hard to donate, maybe it makes more sense to send
>>> the
>>>>> donors to the local chapter pages where they can actually donate in
>> the
>>>>> local suitable methods (in this case, Wikimedia Netherlands offers
>> both
>>>>> iDEAL and IBAN
>>>>> <http://www.wikimedia.nl/pagina/doneren-aan-wikimedia-nederland>).
>>>>>
>>>>> One of the Dutch OTRS team members asked for elaboration, but didn't
>>>> quite
>>>>> get a satisfying answer. I hope this is a temporary situation, and
>> that
>>>>> this threshold will be removed again. It would be sad if we go
>> through
>>>> all
>>>>> kind of trouble to enable long tail methods like bitcoin, but skip
>> bank
>>>>> transfer...
>>>>>
>>>>> Best,
>>>>>
>>>>> Lodewijk
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list, guidelines at:
>>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>>>>> [hidden email]
>>>>> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>>> <mailto:[hidden email]?subject=unsubscribe>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Pats Pena | Sr. Manager, Global Operations
>>>> Wikimedia Foundation
>>>> office +1 (415) 839 6885 x6764
>>>> cell:   +1 (415) 816 3349
>>>> fax: +1 (415) 284 9511
>>>> [hidden email]
>>>>
>>>> *Imagine a world in which every single human being can freely share in
>>> the
>>>> sum of all knowledge. That's our commitment. Donate.
>>>> <https://donate.wikimedia.org/>*
>>>> _______________________________________________
>>>> Wikimedia-l mailing list, guidelines at:
>>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>>>> [hidden email]
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>>> <mailto:[hidden email]?subject=unsubscribe>
>>> _______________________________________________
>>> Wikimedia-l mailing list, guidelines at:
>>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>>> [hidden email]
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>>> <mailto:[hidden email]?subject=unsubscribe>
>>>
>>
>>
>>
>> --
>> Garfield Byrd
>> Chief of Finance and Administration
>> Wikimedia Foundation
>> 415.839.6885 ext 6787
>> 415.882.0495 (fax)
>> www.wikimediafoundation.org
>>
>> Imagine a world in which every single human being can freely share in
>> the sum of all knowledge. Help us make it a reality!
>>
>> *https://donate.wikimedia.org <https://donate.wikimedia.org/>*
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at:
>> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
>> [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
>


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Tim Landscheidt
Frédéric Schütz <[hidden email]> wrote:

>> Thanks for the clarification. It's surprising to me that posting a bank
>> account number could lead to fraud - the bank systems are supposed to be
>> robust enough for that.

> My understanding is this is mostly a problem in the US, from what I
> heard from Garfield. I asked him because Wikimedia CH broadcast its IBAN
> number everywhere for the fundraising, so I would have liked to know of
> any potential problem, but there does not seem to be any in Europe.

> [...]

Nothing prevents WMF from opening a bank account in Europe;
in fact given that most of the requests in this thread orig-
inate from within the SEPA region, having a bank account
outside it would be very inconvient for many donors.

Tim


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Michael Snow-5
In reply to this post by Gerard Meijssen-3
On 11/30/2014 1:14 PM, Gerard Meijssen wrote:
> Hoi,
> An IBAN number is NOT a credit card ... You need a ping number in
> combination with some smart card functionality in order to make it work..
> The combination generates a number that is always different..
You seem to have misunderstood the scenario I laid out. I'm not talking
about people using the IBAN to steal money out of a Wikimedia account, I
depend on the bank to have security robust enough to prevent that. The
scenario I'm discussing involves people using the IBAN to fraudulently
pay money to Wikimedia from someone else's account, such as a credit
card. That account does not necessarily have an IBAN or chip-and-pin
security, and at any rate whatever security it has was already breached.
The payment would just be a method for the fraudsters to verify the
success of the breach. The result would be added costs to Wikimedia and
to the financial institutions involved, in order to identify and reverse
the fraudulent transactions.

To respond to some of the other questions raised about my scenario:

This was a risk scenario I presented to answer the question, "How can
posting a bank account number lead to fraud?" It may or may not have
been a factor in the decision to not publicly post the IBAN, I don't know.

I'm also not suggesting that this scenario is unique to IBAN, it could
affect any type of account number that accepts payments (for example,
accounts you might have for various utility services, such as water,
electricity, telephone, or internet). It's also possible thru PayPal, of
course, and that's the reason for having a $1 minimum donation
requirement, among other protections. I don't know if there are
difficulties with establishing comparable security around the IBAN, or
if it's more a matter of a cost-benefit analysis indicating that it's
worth the resources to deal with this for donations via Wikimedia's
online payment form, but not for donations directly to Wikimedia's bank
account.

Also, I'm no expert on EU regulations, but I do observe that according
to the European Payments Council, it seems payees receiving SEPA credit
transfers are advised to communicate the IBAN "only where necessary":
http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-transfer/iban-and-bic/ 
(and likewise for payers making direct debit payments). It may simply be
that the fundraising team has been advised that this is more consistent
with providing the IBAN upon request, rather than posting it on the
website. Not to disparage what may be common practice at other
organizations, but that does seem like a natural conclusion to draw from
that guidance.

--Michael Snow

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Michael Snow-5
In reply to this post by Federico Leva (Nemo)
On 11/30/2014 11:12 AM, Federico Leva (Nemo) wrote:
> Anyway, please inform the European Central Bank of your findings, I'm
> sure they'll be interested in hearing them. Currently their website
> seems unaware of such fraud possibilities and contains statements such
> as «Sensitive data payment: Data which could be used to carry out
> fraud, excluding the name of the account owner and the account number».
> <https://www.ecb.europa.eu/pub/pdf/other/pubconsultationoutcome201405securitypaymentaccountaccessservicesen.pdf>
>
I'm not sure why you would conclude they are unaware of a possible form
for fraud just because they don't specifically identify it on their
website. At any rate, I suspect you may be misunderstanding the
definition of "sensitive payment data" (the actual term from the linked
document, which was somehow transposed above).

To my reading, that looks like an attempt to create a precise technical
definition for the purposes of the report, so that whenever the term was
used it would always mean the same thing. I don't think it's claiming
that the name of the account owner and the account number are not in the
larger class of "data which could be used to carry out fraud". Rather,
because these are nearly essential to transactions being possible at
all, I believe the language is attempting to exclude them from the
restrictions that the report recommends for all other data which meets
the definition of "sensitive payment data".

--Michael Snow

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Tim Landscheidt
In reply to this post by Michael Snow-5
Michael Snow <[hidden email]> wrote:

> [...]

> Also, I'm no expert on EU regulations, but I do observe that
> according to the European Payments Council, it seems payees
> receiving SEPA credit transfers are advised to communicate
> the IBAN "only where necessary":
> http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-transfer/iban-and-bic/
> (and likewise for payers making direct debit payments).

That text and Regulation 260/2012 it refers to use "only
where necessary" to refer to the publication of the *BIC* as
it is only necessary for routing in the transition period
that ends February 1st, 2016 at the latest.

> (and likewise for payers making direct debit payments). It
> may simply be that the fundraising team has been advised
> that this is more consistent with providing the IBAN upon
> request, rather than posting it on the website. Not to
> disparage what may be common practice at other
> organizations, but that does seem like a natural conclusion
> to draw from that guidance.

It could also be that the guidance was bad (or misunder-
stood) and it is advisable to change banks before money is
"lost".

Tim


_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Gerard Meijssen-3
In reply to this post by Michael Snow-5
Hoi,
IMHO we need to advertise how people can transfer money to us. It requires
an account number. Now if the USA is not able to accommodate this, FINE,
let us do it in Europe at least..

WHAT AM I MISSING HERE ?
Thanks,
       GerardM

On 1 December 2014 at 03:38, Michael Snow <[hidden email]> wrote:

> On 11/30/2014 1:14 PM, Gerard Meijssen wrote:
>
>> Hoi,
>> An IBAN number is NOT a credit card ... You need a ping number in
>> combination with some smart card functionality in order to make it work..
>> The combination generates a number that is always different..
>>
> You seem to have misunderstood the scenario I laid out. I'm not talking
> about people using the IBAN to steal money out of a Wikimedia account, I
> depend on the bank to have security robust enough to prevent that. The
> scenario I'm discussing involves people using the IBAN to fraudulently pay
> money to Wikimedia from someone else's account, such as a credit card. That
> account does not necessarily have an IBAN or chip-and-pin security, and at
> any rate whatever security it has was already breached. The payment would
> just be a method for the fraudsters to verify the success of the breach.
> The result would be added costs to Wikimedia and to the financial
> institutions involved, in order to identify and reverse the fraudulent
> transactions.
>
> To respond to some of the other questions raised about my scenario:
>
> This was a risk scenario I presented to answer the question, "How can
> posting a bank account number lead to fraud?" It may or may not have been a
> factor in the decision to not publicly post the IBAN, I don't know.
>
> I'm also not suggesting that this scenario is unique to IBAN, it could
> affect any type of account number that accepts payments (for example,
> accounts you might have for various utility services, such as water,
> electricity, telephone, or internet). It's also possible thru PayPal, of
> course, and that's the reason for having a $1 minimum donation requirement,
> among other protections. I don't know if there are difficulties with
> establishing comparable security around the IBAN, or if it's more a matter
> of a cost-benefit analysis indicating that it's worth the resources to deal
> with this for donations via Wikimedia's online payment form, but not for
> donations directly to Wikimedia's bank account.
>
> Also, I'm no expert on EU regulations, but I do observe that according to
> the European Payments Council, it seems payees receiving SEPA credit
> transfers are advised to communicate the IBAN "only where necessary":
> http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-
> transfer/iban-and-bic/ (and likewise for payers making direct debit
> payments). It may simply be that the fundraising team has been advised that
> this is more consistent with providing the IBAN upon request, rather than
> posting it on the website. Not to disparage what may be common practice at
> other organizations, but that does seem like a natural conclusion to draw
> from that guidance.
>
>
> --Michael Snow
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Risker
Ummm.  We have all kinds of ways for people to donate, and the process for
transferring is pretty clear.  Having been in a situation where I had to
make bank transfers, I felt honestly like I was handing over the keys to
the kingdom just for the right to pay someone money: far more personal
information was required than is needed for any other means of payment that
I've ever used.  Banks in Canada regularly call their customers for
transactions under $5 because fraud is so common - and that is with chip
cards and PINs.

Risker



On 1 December 2014 at 00:08, Gerard Meijssen <[hidden email]>
wrote:

> Hoi,
> IMHO we need to advertise how people can transfer money to us. It requires
> an account number. Now if the USA is not able to accommodate this, FINE,
> let us do it in Europe at least..
>
> WHAT AM I MISSING HERE ?
> Thanks,
>        GerardM
>
> On 1 December 2014 at 03:38, Michael Snow <[hidden email]> wrote:
>
> > On 11/30/2014 1:14 PM, Gerard Meijssen wrote:
> >
> >> Hoi,
> >> An IBAN number is NOT a credit card ... You need a ping number in
> >> combination with some smart card functionality in order to make it
> work..
> >> The combination generates a number that is always different..
> >>
> > You seem to have misunderstood the scenario I laid out. I'm not talking
> > about people using the IBAN to steal money out of a Wikimedia account, I
> > depend on the bank to have security robust enough to prevent that. The
> > scenario I'm discussing involves people using the IBAN to fraudulently
> pay
> > money to Wikimedia from someone else's account, such as a credit card.
> That
> > account does not necessarily have an IBAN or chip-and-pin security, and
> at
> > any rate whatever security it has was already breached. The payment would
> > just be a method for the fraudsters to verify the success of the breach.
> > The result would be added costs to Wikimedia and to the financial
> > institutions involved, in order to identify and reverse the fraudulent
> > transactions.
> >
> > To respond to some of the other questions raised about my scenario:
> >
> > This was a risk scenario I presented to answer the question, "How can
> > posting a bank account number lead to fraud?" It may or may not have
> been a
> > factor in the decision to not publicly post the IBAN, I don't know.
> >
> > I'm also not suggesting that this scenario is unique to IBAN, it could
> > affect any type of account number that accepts payments (for example,
> > accounts you might have for various utility services, such as water,
> > electricity, telephone, or internet). It's also possible thru PayPal, of
> > course, and that's the reason for having a $1 minimum donation
> requirement,
> > among other protections. I don't know if there are difficulties with
> > establishing comparable security around the IBAN, or if it's more a
> matter
> > of a cost-benefit analysis indicating that it's worth the resources to
> deal
> > with this for donations via Wikimedia's online payment form, but not for
> > donations directly to Wikimedia's bank account.
> >
> > Also, I'm no expert on EU regulations, but I do observe that according to
> > the European Payments Council, it seems payees receiving SEPA credit
> > transfers are advised to communicate the IBAN "only where necessary":
> > http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-
> > transfer/iban-and-bic/ (and likewise for payers making direct debit
> > payments). It may simply be that the fundraising team has been advised
> that
> > this is more consistent with providing the IBAN upon request, rather than
> > posting it on the website. Not to disparage what may be common practice
> at
> > other organizations, but that does seem like a natural conclusion to draw
> > from that guidance.
> >
> >
> > --Michael Snow
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Lodewijk
In reply to this post by Tim Landscheidt
just for the record: the IBAN we have been talking about al this time is
the bank account number of a WMF bank account in euro, at a bank located in
Paris (and previously in Brussels). Of course the WMF has a euro bank
account, it would be odd if they didn't.

Lodewijk

ps: no need to shout.

On Mon, Dec 1, 2014 at 1:36 AM, Tim Landscheidt <[hidden email]>
wrote:

> Frédéric Schütz <[hidden email]> wrote:
>
> >> Thanks for the clarification. It's surprising to me that posting a bank
> >> account number could lead to fraud - the bank systems are supposed to be
> >> robust enough for that.
>
> > My understanding is this is mostly a problem in the US, from what I
> > heard from Garfield. I asked him because Wikimedia CH broadcast its IBAN
> > number everywhere for the fundraising, so I would have liked to know of
> > any potential problem, but there does not seem to be any in Europe.
>
> > [...]
>
> Nothing prevents WMF from opening a bank account in Europe;
> in fact given that most of the requests in this thread orig-
> inate from within the SEPA region, having a bank account
> outside it would be very inconvient for many donors.
>
> Tim
>
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Federico Leva (Nemo)
In reply to this post by Tim Landscheidt
Tim Landscheidt, 01/12/2014 04:22:

>> >Also, I'm no expert on EU regulations, but I do observe that
>> >according to the European Payments Council, it seems payees
>> >receiving SEPA credit transfers are advised to communicate
>> >the IBAN "only where necessary":
>> >http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-transfer/iban-and-bic/
>> >(and likewise for payers making direct debit payments).
> That text and Regulation 260/2012 it refers to use "only
> where necessary" to refer to the publication of the*BIC*  as
> it is only necessary for routing in the transition period
> that ends February 1st, 2016 at the latest.
>

Besides, «Note: the European Payments Council (EPC), representing the
European banking industry in relation to payments, is not a European
Union (EU) legislative body».

Michael Snow, 01/12/2014 03:59:
 > I'm not sure why you would conclude they are unaware of a possible form
 > for fraud just because they don't specifically identify it on their
 > website.

Because part of the ECB mandate is to identify, combat and educate about
payment systems risks. There are dozens of watchdogs ensuring they
actually do (the biggest might be BEUC). If WMF, with its certainly
outstanding computer security knowledge, identified security risks which
ECB is not forthcoming about, I'd expect WMF to communicate with ECB,
and if necessary partner with consumerist associations, so that such
risks are communicated to 516 millions SEPA area citizens.

Risker, 01/12/2014 06:31:
 >   Banks in Canada regularly call their customers for
 > transactions under $5 because fraud is so common - and that is with chip
 > cards and PINs.

And what does this tell us about EU/SEPA banking system?

Nemo

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Why is bank transfer no longer possible?

Kim Bruning
In reply to this post by Risker
That's very interesting.
However, as stated, in .nl (and SEPA) one pays people using IBAN
accounts.

One not-pays people using not-IBAN.

iDeal is a handy dandy web interface to do (essentially) IBAN transfers.

Them's the options; whether I personally like them or not.[*]

c'est tout!

Incidentally, for a SEPA area bank transfer, at a typical .nl bank, you
fill in the person's name, their IBAN Account Number [**], and the
amount; then click send. [***].  [****]

Alternately, iDeal fills this out for you, and you just click
"Approve".  [****]

Re:Fraud: one bank I work for has the policy to hunt down, find, and
prosecute every single fraud at all costs, and to the fullest extent
possible under law. They do so as a matter of honour. Suffice to say
this does tend to reduce the incidence of fraud in the country O:-)

sincerely,
        Kim Bruning

[*] Actually I kinda like these options; but I do live just ~2 hours from
Brussels, so things tend to work well for me.  YMMV for people who live in
some island kingdom or what have you O:-)
[**] International Bank Account Number account number; brought to you
by the department of redundancy department.
[***] For WMF I'd love it if they also ticked "repeat monthly" ;-)
[****] Not counting security procedures. :-P


On Mon, Dec 01, 2014 at 12:31:23AM -0500, Risker wrote:

> Ummm.  We have all kinds of ways for people to donate, and the process for
> transferring is pretty clear.  Having been in a situation where I had to
> make bank transfers, I felt honestly like I was handing over the keys to
> the kingdom just for the right to pay someone money: far more personal
> information was required than is needed for any other means of payment that
> I've ever used.  Banks in Canada regularly call their customers for
> transactions under $5 because fraud is so common - and that is with chip
> cards and PINs.
>
> Risker
>
>
>
> On 1 December 2014 at 00:08, Gerard Meijssen <[hidden email]>
> wrote:
>
> > Hoi,
> > IMHO we need to advertise how people can transfer money to us. It requires
> > an account number. Now if the USA is not able to accommodate this, FINE,
> > let us do it in Europe at least..
> >
> > WHAT AM I MISSING HERE ?
> > Thanks,
> >        GerardM
> >
> > On 1 December 2014 at 03:38, Michael Snow <[hidden email]> wrote:
> >
> > > On 11/30/2014 1:14 PM, Gerard Meijssen wrote:
> > >
> > >> Hoi,
> > >> An IBAN number is NOT a credit card ... You need a ping number in
> > >> combination with some smart card functionality in order to make it
> > work..
> > >> The combination generates a number that is always different..
> > >>
> > > You seem to have misunderstood the scenario I laid out. I'm not talking
> > > about people using the IBAN to steal money out of a Wikimedia account, I
> > > depend on the bank to have security robust enough to prevent that. The
> > > scenario I'm discussing involves people using the IBAN to fraudulently
> > pay
> > > money to Wikimedia from someone else's account, such as a credit card.
> > That
> > > account does not necessarily have an IBAN or chip-and-pin security, and
> > at
> > > any rate whatever security it has was already breached. The payment would
> > > just be a method for the fraudsters to verify the success of the breach.
> > > The result would be added costs to Wikimedia and to the financial
> > > institutions involved, in order to identify and reverse the fraudulent
> > > transactions.
> > >
> > > To respond to some of the other questions raised about my scenario:
> > >
> > > This was a risk scenario I presented to answer the question, "How can
> > > posting a bank account number lead to fraud?" It may or may not have
> > been a
> > > factor in the decision to not publicly post the IBAN, I don't know.
> > >
> > > I'm also not suggesting that this scenario is unique to IBAN, it could
> > > affect any type of account number that accepts payments (for example,
> > > accounts you might have for various utility services, such as water,
> > > electricity, telephone, or internet). It's also possible thru PayPal, of
> > > course, and that's the reason for having a $1 minimum donation
> > requirement,
> > > among other protections. I don't know if there are difficulties with
> > > establishing comparable security around the IBAN, or if it's more a
> > matter
> > > of a cost-benefit analysis indicating that it's worth the resources to
> > deal
> > > with this for donations via Wikimedia's online payment form, but not for
> > > donations directly to Wikimedia's bank account.
> > >
> > > Also, I'm no expert on EU regulations, but I do observe that according to
> > > the European Payments Council, it seems payees receiving SEPA credit
> > > transfers are advised to communicate the IBAN "only where necessary":
> > > http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-
> > > transfer/iban-and-bic/ (and likewise for payers making direct debit
> > > payments). It may simply be that the fundraising team has been advised
> > that
> > > this is more consistent with providing the IBAN upon request, rather than
> > > posting it on the website. Not to disparage what may be common practice
> > at
> > > other organizations, but that does seem like a natural conclusion to draw
> > > from that guidance.
> > >
> > >
> > > --Michael Snow
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines
> > > [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>

--
[Non-pgp mail clients may show pgp-signature as attachment]
gpg (www.gnupg.org) Fingerprint for key  FEF9DD72
5ED6 E215 73EE AD84 E03A  01C5 94AC 7B0E FEF9 DD72

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
123