logoalt Hacker News

Normal_gaussiantoday at 3:40 PM1 replyview on HN

This is genuinely hilarious. Are you able to elaborate? Which banks? Which B2B? There is probably a shared product stack here that is making some hilariously poor decisions.


Replies

rz2ktoday at 4:15 PM

I couldn’t figure out why US Bank business card applications using a sole proprietorship EIN kept disappearing into a black hole or being denied. Eventually after a few phone calls they complained about the email address.

The other was ferguson.com, so that I could order specialized furnace parts and larger diameter plumbing fittings than I could order from Home Depot. I don’t remember the details, but I think the Ferguson business application kept trying to autofill an address for me. It probably would have required a confirmation from the person who had been turned into the administrator of “fastmail” before I could have been added to their organization and been able to make purchases using their account.

It might not be a problem at larger suppliers like Grainger or Digikey, but it does suggest a vulnerability if you set up a corporate account at a small supplier using a fastmail address. Their backend could assume that anyone able to receive emails on “your” fastmail.com domain is at least authorized by your IT department to use email. If they assume your IT department has an email retention policy, then they might default to treating it like your problem if one of your employees makes an unauthorized purchase.