
I just attempted to open a Paxum account, to try them out. The experience was extremely difficult, and at the end I called Paxum and had them walk me through the process of closing the account. I did not feel safe using it.
Here's what I noticed in the process;
1) Paxum's automated emails use HTML, but have incorrect MIME settings. This means that they are displayed by Thunderbird and the other email clients that I tested as plain text. *That* means that you have to search through a bunch of HTML codes to find the information that you need to confirm your account, etc.
2) Paxum uses attached PDF files to send certain types of critical information, but because of the broken MIME settings, the attachments cannot be viewed or detached in normal email clients. They must be handled by hand, by saving the email as text and then using a utility to demime them. Most users are not up to figuring this out.
3) Paxum's web site is extremely picky about the format of information that it accepts in fields when you are signing up, but does not tell you in advance which symbols are disallowed. Among the issues: periods (.) are not allowed in street addresses, but you find that out only when you include one and get an error back.
4) Paxum will not accept a scanned image above 4 MB in size for identity verification, but states that images must be "high quality" and rejects faxed images. It took me several tries to come up with an image that was of a size it would accept and also a quality it would accept. This is *really* annoying.
I could continue, but frankly, the email and web site tell me that the people managing Paxum's servers are not very good at what they are doing. I work in networking security, manage a mail server, have managed web sites since the mid-1990s, and am intimately familiar with what it takes to run a secure site. My assessment of Paxum's setup is that their technical people do not appear to be experienced enough to be trusted running a site that requests and holds information that will allow identity theft. I didn't run a vulnerability scan on the site, but would not be at all surprised to find cross-site scripts and other vulnerabilities that can be used to steal information.
I recommend not using Paxum. They probably mean well, and after they get their act together on their technical services might be worth using. For now, though, giving them the information that they request to manage your money is IMHO taking an unnecessary and unwise risk.
Thanks for bringing attention an issue with thunderbird and our mail. I'll have it addressed right away. This is the first we've heard of people not being able to open the PDF unless they save the file. I personally have downloaded it from my gmail. Mac's mail aswell as outlook without any issue aswell as all of our clients. I'll have this tested with thunderbird to see if there is an issue but we have sent out 1000's upon 1000's of these pdf's with very minimal issues.
If you are unable to get the proper format we need to verification you can always open a ticket and let a support agent know that you are unable to get the file below 4mb and i'm pretty sure we have an alternative solution for them to verify your documents
As for the security of our site - our sites are often audited by outside sources aswell as our banking partners. We feel our system is very secure and we take security very serious. If you find a bug in our system we would encourage you to let us know so we can address it right away.