Secure image uploads to Tide support

safetyandsecurity

#1

I’ve been really pleased with my Tide account, especially since the Free Agent integration which has meant one less admin activity for me to perform several times a month. There has been just one glitch with this integration which resulted in duplicate entries in Free Agent. The feedback I want to provide is that I was asked by the in-app help to email screenshots of the problem as attachments to hello@tide.co

The problem is primarily that emails are not sent encrypted end-to-end, and the screenshots from Tide would have contained my account details as well as transaction information. Some email providers and servers will encrypt messages, but this is not guaranteed. It’s no better than making a purchase on a website and sending your card details over HTTP (without the padlock in the browser bar). I’m disappointed that the customer service rep suggested this, and when I said I wouldn’t because this is insecure I got another response again suggesting that this was appropriate and secure.

I’m a software engineer and have worked for a cybersecurity company, so I know better than to email screenshots with my details, but it concerns me that Tide doesn’t have any alternative means of securely getting information from their customers and that this insecure practice was suggested in the first place by your customer service. As a bank, I’d hope and expect you to be guiding customers appropriately, which means not asking customers to send sensitive information insecurely, or treating email as a secure means of communication which it is not. It’s a small but important point which I hope Tide will address.


#2

Thanks for your feedback @andrew, totally agree.

There are major improvements to our in-app help on the roadmap for the coming months. Notably, one of which being the ability to securely upload files straight to the in-app chat.

In the meantime we do have a few workarounds we can use, such as sharing files via a secure Google Drive link, the member encrypting at their end before emailing then sending the encryption key via the in-app chat, or for us to forward a Dropbox file request directly to the member.

Generally when we’re requesting emailed screenshots it should be something non-sensitive such as an error message. I’m really sorry that one of the above options was not suggested to you, and I have passed your feedback on to the wider team.

If you’ve any questions, or if you’d like to discuss this further, just let me know and I’ll get in touch :slight_smile: