Author Topic: Don't bank online  (Read 44560 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Don't bank online
« on: March 04, 2019, 12:39:34 AM »

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #1 on: November 15, 2019, 12:56:18 AM »
EU: This Bank Had the Worst Password Policy We've Ever Seen
https://www.vice.com/en_us/article/kz4jjv/this-bank-had-the-worst-password-policy-weve-ever-seen

TL;DR:  A European bank makes customers pay to change their passwords, and suggests they Google their password to check if it is secure.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #2 on: September 24, 2020, 04:53:12 PM »

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #3 on: September 24, 2020, 05:29:51 PM »
People who would download AnyDesk and let a stranger access their computer should not be banking online, I'll grant that.

A friend who is very non-tech-savvy called me about something he thought might be fishy. I don't remember what scam it was, but it's the kind of thing everyone here would recognize immediately.

I ask him a few questions about password security. The answers are frightening. So I asked him
 - do you bank online? No
 - do you get email notices from your bank? No
 - do you do paperless statements? No
 - do you get text alerts? No

I said, "Okay, keep it that way." As far as his bank is concerned, he has a physical address and a landline.

All of us can be hacked by a determined foe, of course, but some people really should not do anything confidential or financial online. He hardly even shops online, and I told him that was probably a good thing.

But then, there are some people who set themselves up as experts and they say things like
Quote
“Insert it on Google: if it returns less than 10 results it means it’s a good password.”

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #4 on: September 24, 2020, 05:32:45 PM »
PS - "asdf" plus my four-digit birthdate returns 8 results. I guess it's a secure password. Whew! I was thinking I might have to use my eight-digit birthdate and I hate doing all that typing.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #5 on: September 24, 2020, 05:42:29 PM »
Password tip:  Local or regional places or geo-features make for memorable passwords, particularly if they a hyper-local and not on maps.  Example: A local intersection has been called 'Dog Corner' since before I was born.   Add a string of significant-to-you digits and it is easily memorized. 

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #6 on: September 24, 2020, 10:19:27 PM »
Asdf Pond is right around the corner ;-)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #7 on: September 25, 2020, 01:30:42 AM »
UK: £200m lost to bank transfer fraud - Only a third of losses were reimbursed despite new bank code

https://www.which.co.uk/news/2020/09/over-200m-lost-to-bank-transfer-fraud-in-the-first-half-of-2020/

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #8 on: December 20, 2020, 08:02:46 PM »
This one was apparently more automated.

"used emulators to mimic the phones of more than 16,000 customers whose mobile bank accounts had been compromised."

A Massive Fraud Operation Stole Millions From Online Bank Accounts | WIRED
https://www.wired.com/story/massive-fraud-operation-stole-millions-online-bank-accounts/

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #9 on: March 09, 2021, 03:09:48 PM »
Column: If this is how banks prevent fraud, we're in trouble - Los Angeles Times
https://www.latimes.com/business/story/2021-03-09/column-pandemic-bank-fraud

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #10 on: July 01, 2021, 07:26:36 PM »
My bank has messed up their authentication system, frankly. Auth is by SMS only, and now internet-based text message services don't work for some reason (Ring Central, Google Voice, etc). Since I do not have cell service without having to drive somewhere, I can no longer authenticate from home.

I called and, after answering a battery of questions, they sent me a one-time code. But, again, they send it via SMS which I cannot receive. So they asked me a bunch more security questions, and they let me in.

Of all the questions asked, only one would be difficult to find through public records. You don't have to a state-sponsored hacker to get a list of streets I used to live on and universities I've gone to.

Kinda scary....
« Last Edit: July 01, 2021, 07:29:19 PM by ergophobe »

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #11 on: July 07, 2021, 06:51:30 PM »
A Banking App Has Been Suddenly Closing Accounts, Sometimes Not Returning Customers’ Money — ProPublica
https://www.propublica.org/article/chime

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #12 on: July 07, 2021, 10:29:17 PM »
Quote
For all of Chime’s Silicon Valley tech patina, one thing it’s not is an actual bank. Like others in its category, Chime is a digital interface that hands over the actual banking to, in this instance, two regional institutions, The Bancorp Bank and Stride Bank. Chime customers interact with the Chime app, but Bancorp and Stride, both of which are FDIC-insured, hold their money.

Since Chime is not a bank, that leaves it in a regulatory no man’s land

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Re: Don't bank online
« Reply #13 on: July 07, 2021, 10:35:42 PM »
PS - Marrero's story reminds me... back in the late 1970s, my brother's bank messed up three times. One time they bounced a check they shouldn't have. I forget the other two. But they admitted they were wrong and canceled the charges, but of course offered no other compensation for the hassle.

So one day he gets his statement and sees they've screwed up a fourth time, but this time accidentally crediting his account for an extra $30. He went down to the bank and took out all his money. They contacted him and demanded the $30 back. He said, "I'm sorry, those are three $10 service charges for the mistakes you made."

The person said, "I'm sorry, we don't pay service charges TO customers." My brother insisted they do, they insisted they don't. He said, "Well, I guess I'll just see your lawyers in small claims court then." Never heard from them again.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #14 on: July 14, 2021, 02:19:28 PM »
Cybercriminals took advantage of Work From Home to target financial services companies, says Financial Stability Board report • The Register

https://www.theregister.com/2021/07/14/financial_stability_board_pandemic_report/