I put in a credit card application for Bilt and they want address and id verification via fax. They really want me to send a fax apparently
Most of my documents are virtual now, and I don’t have a fax machine. I see that on Google play there are a variety of apps for sending faxes. Is this a good option to go through? Or should I print stuff and find a library with a fax machine
Do they want you to fax them your Id?
Whatever this company is doing, stay away from it. This is ridiculous. Fax isn’t encrypted at all. Anyone asking you to do this has no idea about security and shouldn’t handle your data.
Also please don’t use some random fax app from the play store. They all seem sketchy as hell.
I mean it’s as secure as standard phone call, which most people are comfortable giving things like SSN over, no?
Great question. There is an important difference:
A standard phone call places a burden on malicious listening software to decode raw audio into computer parseable text, before it’s useful to an attacker. Computers are getting to be pretty good at this, but it’s still kinda expensive, relative to the massive amounts of hours of calls that one might need to snoop and parse to get a good tidbit worth stealing.
Fax, being already raw image data, incurs a much lower cost of doing ocular character recognition (OCR).
So an attacker can pay a lot for expensive voice recognition to pull an SSN off a voice call, or pay far less to pull an SSN out of a fax using OCR.
Attackers like both, if they’re motivated and well financed. But an underfunded or lazy attacker is going to prefer to listen in on the fax line.
Note that this is a reversal of previous security preferences, when the snooping would have usually been done by a bored human. Bored humans are great at parsing audio calls, and have no idea what they’ve overheard in a (bleep boop beepity boop) fax call.
This has been: “Cybersecurity insights that make us all sleep a bit more poorly.”
This is a really good point, but I’m still curious how bad actors are doing the actual wiretapping on any more than a targeted scale.
Great point. As far as I’m aware, for the most part, they’re not. Lazy bad actors can just buy a bulk set of fresh SSNs and credit card numbers off of the dark web for cheap.
Fax is still a terrible solution, overall. But it’s not usually a huge risk - other than as a warning sign that one might be working with an incompetent or malicious organization.
Probably nothing bad happens with those faxes. A malicous actor would still need access to the physical analogue line or to the network to sniff the RTP packets (depending on how the fax is transmitted) on one of the two sides. In theory all providers involved could also sniff the traffic since calls/faxes are never end to end encrypted. But something could happen, and I dislike it very much that they demand their users to take this risk.
The financial, legal and medical sectors are built on fax, I know that companies often use efax services.
This means that you email the efax provider, they turn the attached document into a fax and send it, then if the recipient uses an efax service the fax gets turned back into an attachment and emailed to the recipient.
I would like to suggest that anyone who in the year 2024 insists on you communicating with them by fax can’t be trusted and your best solution is therefore to stay away.
May I introduce you to the german government?
Or the American healthcare industry.
Or Japan
This has been an excellent summary. I don’t trust any of these.
https://www.tagesschau.de/wirtschaft/unternehmen/fax-100.htm at least we try to get away from it.
Most things in the Canadian government can only be transferred by fax or post mail.
Yup. So dumb. I’ve heard some German institutions are the same.
They will look you dead in the eye and say their IT people say it can’t be hacked.
some German institutions
most
there you go
The comments here in relation to the arcane nature of fax machines might not be aware that often this relates to legal requirements to receive physical proof.
Interestingly, nobody has to my knowledge challenged the wisdom of this requirement in court. At the end of the day, there is no real way to prove your identity using either a letter or a fax.
Using email, you could exchange an electronic key in person and know that the sender has the agreed key. Note that it still doesn’t prove the identity of the sender.
There’s no reason fax couldn’t be authenticated, it just isn’t. Modern fax is just a JPEG in a weird wrapper format. Email would arguably be worse, because email leaks tons of metadata in the wrapper.
Fax was pretty secure in the day of circuit switched analogue phone lines these days it’s all digital, though. There was an almost direct physical electrical connection between your fax machine and the recipient, something that we never get anymore. Your carrier and the government could listen in on the connection, of course, but that’s not really part of most people’s threat model.
There’s no reason to use fax today, but up to the mid-2000s there was a good reason to use fax over email.
Today, encrypted email is only used by privacy nerds and big businesses. Privacy nerds use PGP, big businesses use S/MIME. The latter is much easier to work with and is supported by basically every mail client out there, the former is free. Neither are usable safely by general consumers, they’re both full of technical details and concepts that very few people care about. L
The most infuriating part is that various governments use smart cards for digital ID that could be used to sign and encrypt emails like these (what’s better proof of ownership of a government ID than an email that can only be signed by the ID in question?), but the technology remains woefully underused.
This requirement is designed to be hard, and as such is a major red flag to me.
What else is this company going to be difficult with?
Can i only get customer support or cancel my account in person, between 9-4 on the 2nd Friday of the month?
I would consider alternatives, if possible.Bilt is backed by Wells Fargo I’m pretty sure. All of their other communication has been through email, it’s just this one thing
Context: I’m trying to get points for rent
Bilt is backed by Wells Fargo I’m pretty sure.
I just threw up in my mouth a little.
Surely those raging asshole scammers (in leadership) at Wells Fargo wouldn’t back an untrustworthy organization. (This was sarcasm. I believe they have before, and will again.)
On getting points for rent, you’ll find that many law abiding organizations don’t allow it, under debt swap laws.
Using points to encourage people to put a large critical expense such as rent, on a high interest rate credit card - is (correctly) considered unacceptably predatory, even in most modern capitalist dystopias.
My recommendation is be very alarmed, and flee from this plan.
I’d email it as an attachment.
In Australia the local post office has fax facilities.
First Union, which was bought by Wachovia, which was bought by Wells Fargo was my first bank account. Sometime around 2009, it came out that they were doing some pretty shady shit along with going out of their way to fuck their customers out of money by posting their purchases in a way that would maximize fees. It was a blatant dickhead move. I immediately closed my account with them and will never go back.
They don’t have fax machines where I live.
The 21st century.
Yes, but also somehow, fax machines will also outlive us all.
Fun fact: It’s actually possible to avoid being exterminated by a T-800, if one sends a properly formatted fax to the correct number, during business hours, with a correct cover page.
A fax machine? LOL wut?! What year is this? Fuck me that’s aggressively backwards.
Have you ever experienced german bureaucracy?
I actually do customer support for a faxing service. You’d be amazed how widely used it is still.
Post offices could work; hovever I wouldn’t really reccomend working with a bank that doesn’t have modern ways to recieve customer data.
FaxSalad. I also have needed to send a fax when I have virtually zero paper, or even when I do have paper I still have no fax machine.
You can even send it as HIPAA-compliant which they don’t (or are not supposed to) keep a server-side copy.
Well that’s a tech I haven’t heard of in a while. I suppose it tracks that if telegrams were still in use till 2006 that fax’s would still be in use today.
To help answer your question, a cursory search turned this up:
https://www.howtogeek.com/218505/how-to-fax-a-document-from-your-smartphone/
https://www.getfaxing.com/2016/05/02/can-i-use-my-mobile-cell-phone-as-a-fax-modem-to-send-a-fax/
Honestly, it should be possible to send faxes from your cell phone for free though. Or from a laptop using your cellphone’s voice line. It’s a phone after all and fax machines sent their data over phone lines. I seem to remember using my cell phone for dial up internet back in the day, so it should have been possible to send faxes at that time as well. Unless there is an OS limitation, I can’t see any reason why that might have changed, even with the changes in tech since then. Hell of a rabbit hole you’ve found for me! Thanks!
Digging into it further it looks like modern phone technology has become incompatible with fax and modem technologies. Seems to be something to do with how voice over IP (VOIP) compresses the voice line which damages any digital signal sent over it. It looks like this affects both cell phones and modern landlines as well.
The only real options in 2024 seem to be to use a fax service, or to purchase a landline that explicitly supports fax and use a fax machine or a computer with a modem to send the fax. A fax service would probably be cheaper for a one off fax. Thanks again for the rabbit hole. That was interesting!
https://forums.macrumors.com/threads/can-i-hook-up-a-fax-machine-to-my-iphone.485116/
https://superuser.com/questions/748154/use-a-smartphone-as-a-dial-up-modem#748163
Have you asked if you can’t use regular physical mail or walk the papers to an office yourself?
Otherwise you’d be better off finding someone in an office somewhere that still has a working fax machine and offering them a few bucks to send it
I’ve used Fax.Plus several times with no issues, though not in at least a couple of years. Also used eFax a ton back in the day.
I used to work at a car dealership, this was like 15 years ago, and even then we already had an email system set up that could send and receive faxes for insurance shit.
there’s an app called eFax but I don’t know if it’s free. your local FedEx store will probably send a fax for you for like a dollar