> From: lopser > > But there is a Click 2 Call form there. I enter my phone number, and they > will > call me. Which I did. And I'll write a little about, in another email...
I got on the phone with a representative from Google Wallet. I explained that I first noticed I wasn't able to purchase something in Google Play, getting a generic error message, so I tried logging into Google Wallet to find out any more information about it, and I get the Account Verification page, which requests me to upload scanned copies of my driver's license, passport, bank statement... He said, that means there's a hold on your account. This could come up for a lot of different reasons, and I do need to verify my identity. They'll need those documents in order to reinstate my account or I won't be able to make purchases. I asked for some sort of statement, reason why it's on hold, or something... I said from my perspective, google is just a vendor, and I wouldn't give copies of my passport and bank statement to random online vendors. He said he understands my concerns, you're basically submitting your identity, and you don't have to if you don't want to ... Which means to me, I can never buy anything from google ever again. So google's telling me they'll refuse to sell me anything unless I provide this information. He said there is no override, for whatever reason, for the security of all the users, they do this... but I cut him off, "This is the exact opposite of security." I told him, even when I go tell people about this, they say, "It must be a phishing attack." Nobody believes Google would really ask for this type of information in order to purchase an app on your phone. I don't have any reason to trust google any more than any other vendor. I would never give this to any vendor. This is something I give to a bank to open an account. He said google wallet is a payment service, so it's more like a bank and not the same as a vendor. "You're not paying google wallet, you're paying *through* google wallet." He said he's never had anyone call in and say "I don't trust google," once you've given them your credit card information, that's all they need to make purchases. (I think I might be the first person who bothered putting in the effort to call in and complain about this. I think most people simply submit to the bullying.) I told him I don't mind giving my credit card number, cvv code, expiration date... Because that's normal to make a credit card purchase, and I'm communicating over https, and it's a verified site, and google is a reputable vendor, but when they're asking for something much more than that... I don't know your security policies. I don't know which google employees have access to this information, or if any employee becomes disgruntled, uploads it all to China... Can you imagine how m any people are out there trying to hack into google? There is no way Google is as secure as the NSA or the CIA, and they've been hacked before. Heck, Google has been hacked before. This is the type of information you simply don't give out to anyone, because it's exactly the type of information some bad guy could use to steal your identity. In response to him saying Google Wallet isn't a vendor, they're a payment service, I said... When you want to buy something from google play or google apps, the only way you have available to pay is through google wallet. And I've never seen google wallet used for anything other than google products. So from my perspective, this looks like a vendor who wants copies of my bank statement and driver's license and passport. He said he understands, he can see my point of view, but google doesn't have a lot of products. The developers are the people who make apps... I said, if I were a vendor with a storefront, selling tomatoes, that I bought from the local farm for $0.50, and I'm selling them for $1.00, that means I'm selling something that I bought from somebody else. As a consumer, buying an app in google play, I'm not buying an app from the vendor. They don't have a storefront, they're not the ones taking my credit info. I'm buying an app from google, and google is a reseller who's distributing the developers' products. He said, that makes sense, if you don't trust it, you shouldn't put your information into it, and he said, he wouldn't put his information into it if he didn't trust it. But he does trust it. So I asked him, How can you say "I trust it?" Google is what, 100,000 employees? You trust all 100,000 of those employees? I have no idea which ones have access to this information.. His response was "Something can happen with *any* payment service. People sometimes get screwed over with PayPal." Which is to me, a blanket acknowledgement, that sure, Google Wallet can make mistakes too. I felt like we were sidetracking too much. So I asked him if he could please look into the system somehow and tell me why my account is getting flagged... I'm a security person myself. I actually generate and memorize random passwords, encrypt all my information everywhere, use 2-factor authentication, have a PIN on all my devices for making purchases, and a gesture-based screen lock... It is extremely unlikely that anyone is using my account without my knowledge or consent. He said he doesn't have access to a whole lot, the only thing he can see is that there's a hold on it. They don't want him telling people why they're being flagged, they don't want him to *know* why people are getting flagged, because then people could figure out what google's doing internally. I quote, "Google doesn't want our people to know, how they work internally." Which is a great reason for *me* not to trust them with my identity information. They don't even trust themselves with knowledge of why an account is on hold, but I'm being fed the kool-aid of blanket trust for the organization as a whole... We finally concluded, with: Google will not sell me anything, now and for the rest of my life, unless I provide this information... Unless... When I pressed him for some escalation or some path to resolution, he did say he can escalate to another team. It can only be escalated via email, there is no phone number, they don't communicate via phone. He said, "I can give them *my* word, but that's not going to mean much to them, they're not going off another employee's word, know what I mean?" He said, they might just tell me the same thing. I quote: "If you want to be able to make purchases from google again, without submitting those documents, this is the only way." So that's where it stands for now. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
