Data piracy by CRED

[GABBA₹]

I am using CRED from the starting of my credit journey. I gave consent to CRED protect. It really helps to track and remind credit card bills. But recently I have observed something creepy.

Generally after every bill generation CRED sends whatsApp message about bill amount and due date, which are mentioned on the statement mail. But this month after generation of the statement of axis super money card, CRED not only sent message of the as usual bill amount and due date, but also sent total cash back amount earned in this billing cycle. Which is nowhere mentioned in the mail. It’s only mentioned in the password protected pdf attached with the mail. Axis doesn’t even make total of the cash backs. They just provide transaction wise cash back list.

So, did CRED open the password protected PDF? This is dangerous.

 

[cardy]

I am using CRED from the starting of my credit journey. I gave consent to CRED protect. It really helps to track and remind credit card bills. But recently I have observed something creepy.

Generally after every bill generation CRED sends whatsApp message about bill amount and due date, which are mentioned on the statement mail. But this month after generation of the statement of axis super money card, CRED not only sent message of the as usual bill amount and due date, but also sent total cash back amount earned in this billing cycle. Which is nowhere mentioned in the mail. It’s only mentioned in the password protected pdf attached with the mail. Axis doesn’t even make total of the cash backs. They just provide transaction wise cash back list.

So, did CRED open the password protected PDF? This is dangerous.

May not be possible

 

[GABBA₹]

May not be possible

Then how did they know the exact cashback amount earned? any idea?

 

[cardy]

May be by calculation.
I mean they have transactional sms access so may be calculated from there.

 

[KingAAR]

I am using CRED from the starting of my credit journey. I gave consent to CRED protect. It really helps to track and remind credit card bills. But recently I have observed something creepy.

Generally after every bill generation CRED sends whatsApp message about bill amount and due date, which are mentioned on the statement mail. But this month after generation of the statement of axis super money card, CRED not only sent message of the as usual bill amount and due date, but also sent total cash back amount earned in this billing cycle. Which is nowhere mentioned in the mail. It’s only mentioned in the password protected pdf attached with the mail. Axis doesn’t even make total of the cash backs. They just provide transaction wise cash back list.

So, did CRED open the password protected PDF? This is dangerous.

I thought it fetches like that usually

 

[GABBA₹]

May be by calculation.
I mean they have transactional sms access so may be calculated from there.

May be but I don't think so. Then they have to know the MCC exclusions, cashback rates.

 

[praful1947]

I am using CRED from the starting of my credit journey. I gave consent to CRED protect. It really helps to track and remind credit card bills. But recently I have observed something creepy.

Generally after every bill generation CRED sends whatsApp message about bill amount and due date, which are mentioned on the statement mail. But this month after generation of the statement of axis super money card, CRED not only sent message of the as usual bill amount and due date, but also sent total cash back amount earned in this billing cycle. Which is nowhere mentioned in the mail. It’s only mentioned in the password protected pdf attached with the mail. Axis doesn’t even make total of the cash backs. They just provide transaction wise cash back list.

So, did CRED open the password protected PDF? This is dangerous.

Cred tracks our transactions on credit card .
Might possible that the pulled out data from there .

 

[Riva]

The password formats for all credit card bills are similar. Usually dob+last 4 digits of cc.
Am sure Creed has a script that has the formats for each bank and runs that for each acount. It's easier to do this and actually calculate the rewards earned.

 

[gautamcool]

I am using CRED from the starting of my credit journey. I gave consent to CRED protect. It really helps to track and remind credit card bills. But recently I have observed something creepy.

Generally after every bill generation CRED sends whatsApp message about bill amount and due date, which are mentioned on the statement mail. But this month after generation of the statement of axis super money card, CRED not only sent message of the as usual bill amount and due date, but also sent total cash back amount earned in this billing cycle. Which is nowhere mentioned in the mail. It’s only mentioned in the password protected pdf attached with the mail. Axis doesn’t even make total of the cash backs. They just provide transaction wise cash back list.

So, did CRED open the password protected PDF? This is dangerous.

Yes. CRED knows the format of the password of different banks' pdf statements to parse it and display it in a nice format in the app.
How did you think the statements were displayed inside CRED app?
Thats why i have setup auto forward to send ststement mails to dummy email and gave CRED access only to that instead of my main email account

 

[sunit123]

Then how did they know the exact cashback amount earned? any idea?

check the permissions given by you to cred...now do not complain...they know their customer more than their spouse and their parents

What is so rocket science in password...it is mix of first 4 letters of name and ddmm of dob...they know your name and your date of birth

 

[sovon]

May be by calculation.
I mean they have transactional sms access so may be calculated from there.

They always ask for sms access permissions.

 

[GABBA₹]

check the permissions given by you to cred...now do not complain...they know their customer more than their spouse and their parents

I know they pirate out data. I consciously gave them consent for cred protect to be headacheless. But did not expect that they will go ahead beyond limit and access password protected file.

 

[GABBA₹]

Thats why i have setup auto forward to send ststement mails to dummy email and gave CRED access only to that instead of my main email account

Thanks, will try to follow this idea.

 

[HumorSimpson]

Thanks, will try to follow this idea.

And why do you want to do that ? Typical apps like phonepe which read sms aren't enough ?

 

[sovon]

And why do you want to do that ? Typical apps like phonepe which read sms aren't enough ?

Even without sms permission they notify me everytime.
Just fetched my bills once and they always send me reminder for new bills

 

[HumorSimpson]

Even without sms permission they notify me everytime.
Just fetched my bills once and they always send me reminder for new bills

They means phonepe ?

Once they have last 4 digits of a cc, they fetch from BBPS and sms are not needed.

 

[sovon]

They means phonepe ?

Once they have last 4 digits of a cc, they fetch from BBPS and sms are not needed.

PhonePe, Paytm, amazon, even axis app 😒

 

[GABBA₹]

And why do you want to do that ? Typical apps like phonepe which read sms aren't enough ?

Always used cred only. Thought phonepe also need mail access for cc. If phonepe only read sms then now will uninstall cred.

 

[HumorSimpson]

Always used cred only. Thought phonepe also need mail access for cc. If phonepe only read sms then now will uninstall cred.

Google, there is some way to know who has access your gmail. You have to purge those access, having a simple uninstall of cred doesn't do that.

 

[sovon]

Always used cred only. Thought phonepe also need mail access for cc. If phonepe only read sms then now will uninstall cred.

PhonePe can fetch bill without sms permission.
Just give them the last 4 digits and phone number for once.