Hacker News new | past | comments | ask | show | jobs | submit login

I tried to find more information about this statement:

"When authenticating the login you authorize one of Klarnas third parties to log into your bank account as you, allowing them to pull records of all your financial transactions, account statements etc.“

Do you have any source to verify this claim? That they can and do pull down this information. I would like to know if they really have all that information or not, if so it's a surprise to me, did not know that.




I don't know if they do have it, but it is absolutely possible after the login. I saw it reported in an IT-security facebook group and made my own purchase from a site that use them (gottebiten.se), paying directly from bank account. The login was indeed done by a Klarna 3rd party using my ID number, and not from my device.

You have to confirm once more for the payment to be sent.


Interesting, thanks for the extra info.

I just paid using their direct payment method two times the last week or so. Will be more on the lookout in the future and try to keep an eye on these things.


Perhaps a GDPR takeout request could answer this? Provided they’re doing things by the book.


This is a good idea, I got tempted to try this. Found this page on their homepage (in Swedish): https://www.klarna.com/se/dataskydd/

Where it says you can email this address "dataskydd@klarna.se" if you either want them to delete your data (except data they are required to store as a bank) or if you want a print out of your personal information they store.

The matching UK site (in English) is here: https://www.klarna.com/uk/privacy-policy/ and has this email for the same purpose: "privacy@klarna.co.uk"


Klarna seems to be under investigation currently for not complying with the GDPR: https://www.insidescandinavianbusiness.com/article.php?id=37...


1.4 ?


Klarna shits on GDPR and giggles while doing so.

Ive been asking them singe GDPR took effect to provide me with all details they have about me, and to delete my account.

Not even a response.

They claim "financial institutions" are exempt due to money laundering laws.

That I understand, financial transactions they can keep, but I know a friend works there, they dont only keep financial transactions, they keep data of every website/shop I visited where they have an "integration with".


Have you sent a complaint to the regulator? At least the Portuguese data protection commission is quite responsive, a clear email containing all the information I could gather was enough to trigger investigations, which resulted in warnings and even a couple of fines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: