GIORGIO CAVALLERI

I'm appalled by NeoSurf's verification process, which is powered by IDNow.io. The current system is a ticking time bomb, waiting to be exploited. Here's why:

- *Verification link vulnerability:* The verification link sent via SMS can be shared with anyone, allowing unauthorized access to sensitive information. This link can be used to update names and verify accounts, making it a significant security risk. For example, the verification link looks like this: . This link can be easily shared or exploited.
- *Gallery upload feature:* The verification process allows uploading documents from the gallery instead of taking live pictures. This raises serious concerns about document authenticity and potential tampering. It's alarming that NeoSurf and IDNow.io haven't implemented more robust security measures to prevent this.
- *Lack of live document capture:* Unlike other services, NeoSurf doesn't require live document capture, which makes it easy for users to upload edited or modified documents. This compromises the integrity of the verification process and puts users' sensitive information at risk.
- *In-app verification:* The verification process doesn't take place within the app, instead, it opens in a browser. This increases the risk of exploitation and makes it harder to ensure user safety.
- *Ignored concerns:* I've reported these issues to NeoSurf, but they've ignored my concerns. It's disappointing that they prioritize convenience over security.
We received your case 02258457

I've been investigating NeoSurf's verification process, and it's a major red flag. They use IDNow.io's link-based verification, which sends a link to your phone number. (Neosurf identity verification; if you have a Neosurf account and want to use our payment method, click on this link to continue: link unavailable due to trustpilot rules ) The issue is that this link can be shared with anyone, allowing unauthorized access to sensitive information.

*The Problem:*

1. *Verification link exploitation:* The link can be shared, allowing anyone to update names and verify accounts by uploading documents.
2. *High-limit profile access:* This creates a high-limit profile with full access, enabling potential money laundering and identity theft.
3. *Lack of security:* No 6-digit OTP or robust verification methods are used, making it vulnerable to exploitation.

*Additional Concerns:*

- *In-app verification:* Why isn't the verification process integrated within the app? Instead, the link opens directly in any browser (Chrome, Firefox, etc.), further increasing the risk of exploitation.
- *Lack of security measures:* NeoSurf's verification process seems to prioritize convenience over security, putting users' sensitive information at risk.

*Evidence of Exploitation:*

- People are buying and selling high-limit accounts due to the link-based verification system. (Neosurf identity verification; if you have a Neosurf account and want to use our payment method, click on this link to continue: Link Unavailabledue to trustpilot rules)
- Names can be easily updated, and accounts can be successfully verified.

*Concerns:*

- I've sent evidence of these vulnerabilities to NeoSurf, but they've ignored my concerns.
- It's concerning that a company founded in 2004 wouldn't have a more robust verification system in place.

*Recommendation:*

I think it's time for NeoSurf to switch to a more secure provider like Onfido, which offers a top-notch verification process that doesn't involve sending links that can be exploited.
00498578 Neosurf Customer Support

*Request to Trustpilot:*

- Please warn potential users about the risks associated with NeoSurf's verification process.
- Consider suspending NeoSurf's profile until they revamp their verification system.

I've done my part to highlight the issue. Now it's up to Trustpilot to take action and protect innocent users from potential harm.

I'm writing to bring to your attention, and that of the NeoSurf team, a pressing concern regarding the platform's identity verification process. Despite claims of a secure and reliable service, I've observed that NeoSurf accepts fake documents and allows users to buy and share identities for a fee (around $10-20 USD). The verification process involves sending a link to a phone number, which seems insufficient to prevent identity theft and fraud.

Furthermore, users can upload modified documents with their own face, raising serious concerns about the platform's ability to detect and prevent fraudulent activities. The document upload process is done through a link, not even through the app itself, which is a significant security risk.

To make matters worse, I've noticed people on Telegram buying and selling NeoSurf accounts, suggesting a lack of effective account monitoring and security measures. This lack of oversight creates an environment where users can potentially exploit the system.

I urge you to take immediate action to address these concerns. I request that this review be marked as high priority and brought to the attention of the relevant officers, including *Andrea McGeachin, CEO*. It would be beneficial for the officers to review the situation themselves and take necessary steps to protect users.

I hope this review prompts a thorough investigation and prompt action to rectify these issues
00498578 Neosurf Customer Support i Attached Evidence to my Support Ticket