Page 3 of 3 FirstFirst 123
Results 61 to 70 of 70

Thread: On-line Banking

  1. #61
    Join Date
    Jul 2005
    Posts
    18,357
    Quote Originally Posted by Strange View Post
    I don't think it is too worrying. It is about what I would expect.

    I guess it would be better if the security devices were personalised for each bank or account. Or, better, each user. But I assume the banks trade off the extra security against the extra cost.
    Yes, that has been the recurring criticism I've seen, from security experts and commentators, of how banks have instituted 2FA. It's of course driven by market forces - if you make internet banking costly and complicated by instituting high levels of security, you'll lose customers to the cheap-and-cheerful banking sector. So what we've got is a system that merely works well for most people, most of the time.
    These things improve one mega-hack at a time, sadly.

    Grant Hutchison

  2. #62
    Join Date
    Jun 2004
    Location
    The Great NorthWet
    Posts
    14,830
    Now that I think about it, aren't you doing a form of on-line banking every time you use an ATM?
    Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt.

  3. #63
    Join Date
    Oct 2001
    Location
    Sioux Falls, SD
    Posts
    8,859
    Quote Originally Posted by Strange View Post
    In the case of the more complex device (the one where you need to insert your ATM card and enter the PIN) this generates a code for logging into the account. As this just requires a button press (rather than entering details of the transaction) I assume this uses the same counter method. However, I ended up with three of these devices (mine and my wife's for this account, and an identical looking device from a different bank). I have used all three of these to log in to the same account (partly because I was curious if the other bank device really was identical).
    I'm guessing that's a different situation - they're not confirming that you have the device, they're confirming that you have the card. Any card works in any device for the same reason you can use any card in any ATM.

    I'm just guessing, however.
    Sometimes you win, sometimes you learn

  4. #64
    Join Date
    Oct 2009
    Location
    a long way away
    Posts
    10,902
    Quote Originally Posted by grant hutchison View Post
    Yes, that has been the recurring criticism I've seen, from security experts and commentators, of how banks have instituted 2FA. It's of course driven by market forces - if you make internet banking costly and complicated by instituting high levels of security, you'll lose customers to the cheap-and-cheerful banking sector. So what we've got is a system that merely works well for most people, most of the time.
    That is true of all of us though. If I lived in a big city, I might have two locks on my front door and double-check it is locked every time I go out. On the other hand, where I live, I only have one lock and don't always lock it. People often leave the key in their front door so visitors can get in.

  5. #65
    Join Date
    Jul 2005
    Posts
    18,357
    Quote Originally Posted by Strange View Post
    That is true of all of us though. If I lived in a big city, I might have two locks on my front door and double-check it is locked every time I go out. On the other hand, where I live, I only have one lock and don't always lock it. People often leave the key in their front door so visitors can get in.
    The difference is that, in the realms of internet security, the Big City can suddenly just turn up where you live. The fact that it is relatively rare for an average Joe to be SIM-jacked and robbed of his savings doesn't make it any less distressing if you're the average Joe in question.
    (I also live in Sleepy Hollow. I have three locks on the back door, two on the front, and a burglar alarm. Because thieves have been known to drive to places where people don't worry much about security.)

    Grant Hutchison

  6. #66
    Join Date
    Oct 2009
    Location
    a long way away
    Posts
    10,902
    Quote Originally Posted by grant hutchison View Post
    The difference is that, in the realms of internet security, the Big City can suddenly just turn up where you live.
    Hmmm. You're right the analogy doesn't quite work in the online case. But it was more about choosing a balance of cost vs security that you (or your bank) is happy with.

    (I also live in Sleepy Hollow. I have three locks on the back door, two on the front, and a burglar alarm. Because thieves have been known to drive to places where people don't worry much about security.)
    I haven't seen any figures but I wonder if there is some sort of "bathtub" curve where you are least likely to be robbed in a smallish town, compared to either being out in the country or in a big city. Anecdotally, at least, it seems as if the people who live in isolated houses out in the countryside get broken into more than those in town.

  7. #67
    Join Date
    Oct 2009
    Location
    a long way away
    Posts
    10,902
    Quote Originally Posted by grant hutchison View Post
    Or does something else happen so as to reduce the risk of people inadvertently "booking a holiday" by sending their deposit to a Ukrainian teenager?
    I don't know if it is new feature, but I just set up a new payment from my account and one of the questions was "What type of payment is this" with choice like "Friends/family", "Invoice", "Property purchase" etc. Answering that takes you to a page with warnings specific to that type of thing. Well, I assume it is specific.
    Maybe it always shows the same thing and it is just to slow you down and make you think.

    And there were frequent "Are you sure" screens to go through before finalising the thing. Obviously, the system was being much more "cautious" for a new payee.

  8. #68
    Join Date
    Jan 2004
    Location
    No longer near Grover's Mill
    Posts
    4,960
    I really worried when doing a wire transfer for my house purchase, and confirmed the number multiple times, including having Mrs EV check the account number before I hit ďsendĒ.

    Apparently, my paranoia wasnít completely misplaced. I recently heard of a scheme where hackers get into the email system of a title agency and simply monitor things until a large wire transfer is about to happen.

    At that point, they send an official-looking message to the customer telling them to wire the funds to an illegitimate account.

    And... itís gone.


    Sent from my iPhone using Tapatalk
    I may have many faults, but being wrong ain't one of them. - Jimmy Hoffa

  9. #69
    Join Date
    Jul 2005
    Posts
    18,357
    Quote Originally Posted by Extravoice View Post
    At that point, they send an official-looking message to the customer telling them to wire the funds to an illegitimate account.
    Yes - one of the questions our bank asks is "Have you at any time during this transaction received a notification changing the payee's bank details?"

    Grant Hutchison

  10. #70
    Join Date
    Oct 2001
    Location
    Clear Lake City, TX
    Posts
    12,698
    Well, my mortgage was with my bank, so they simply pulled funds from one account and gave it to the other.

    Also, when I pay bills on line I do it through the creditor's website, not my bank's.
    Never attribute to malice that which can be adequately explained by ignorance or stupidity.
    Isaac Asimov

    You know, the very powerful and the very stupid have one thing in common. They donít alter their views to fit the facts. They alter the facts to fit their views.
    Doctor Who

    Moderation will be in purple.
    Rules for Posting to This Board

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •