The online verification process for HDFC Bank’s credit card application requires users to give the bank permission to view the user’s email messages & settings and permission to view all contacts, in addition to basic info like age range and language and other email addresses. (Hattip: Twitter user N). This information can be read by employees, and is likely not stored in India. Applied for @HDFC_Bank credit card. It sent me a link to "verify" my email address. The verification site needs this access. Yeah right! pic.twitter.com/JeOApLgyek — N (@coderzombie) January 9, 2017 HDFC seems to channel this information though Verifi.Me’s verification services. Verifi.Me seems to provide verification services for ‘many partners’, although it does not specify any of them. It also offers an app for consumers that can be used to save digital copies of documents for verification, as well as to verify through online means such as email verification which the company claims “allows people to to prove their identities and fast-track their applications.” The app isn't accessible in India. According to Verify.Me’s privacy policy, the company collects a lot of personal data, including but not limited to name, email, tax information, employer information, stored contact information, educational background, bank and financial information, family information and information from social media accounts. It also mentions that it only shares information which is required to be known for verification, however, this information is accessible to employees “who are required to know such information in order provide our Services to you.”…
