Hello Everyone & Techies!!
There are certain products out there in the market which will help customers to identify with which Merchants/Companies they have set up or register accounts. This is usually done by scanning customer e-mails and parsing through each e-mail message.
An algorithm may determine who the e-mail is from (Merchants such as Facebook, Amazon, Uber, etc) and classify e-mails (New Account/Welcome E-mail, Password Reset E-mail, Order or Transaction).
Based on the merchants they have set up accounts with, these so called products can inform the user about the data breach. The customer can view the data on a User Interface
I would like to know and curious how far this is a possible and secure solution ? Can we really encourage these kind of products?
can anyone share thoughts and questions
I came to know these products back end will continuously scan the customer’s e-mail for new messages, and will be storing Access Tokens for various e-mail providers, such as Google, Yahoo, Outlook. etc., So the back end may store customer credentials for e-mail providers that do not support OAuth.
.
Chandra Mouli, CISSP, CCSP, CSSLP