OT Bank relaxes security. Acceptable?

Page 2 of 4  


[snip[
There are numerous ways for the bank to "fingerprint], so to speak, your computer (or smartphone) to verify that it's yours. Note that this would be a problem if someone grabbed it, but that's another story.
The simplest, of course, id looking at the IP address. That's comparable to checking the "area code" on your phone if you call them as opposed to the complete phone number, but it's a start.
Then there are lots and lots more.
For an example of this, check out the followng website brought to you by the great golk at the EFF (electronig freedom foundation)
    http://panopticlick.eff.org/
Note that all of this is pretyt much invisble to the user...
--
_____________________________________________________
Knowledge may be power, but communications is the key
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 07/27/2015 05:44 AM, danny burstein wrote:

My home computer goes through a wireless network so the IP isn't a constant. The weather and ads I get are often for the Utah area since that's one location where IP's are drawn from the pool. A couple of times I've gotten a blacklisted IP and had to verify that I wasn't a spammer.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
In alt.home.repair, on Mon, 27 Jul 2015 11:44:29 +0000 (UTC), danny

As I said, the purpose of the SiteKey was not for them to verify that it is me.
It was for me to verify that it is them.

        
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 07/27/2015 02:23 AM, micky wrote:

I haven't hit a bank that does it but we deal with one sit that has implemented two factor authentication. The first step is a conventional username/password. Then they text a one time passcode to your mobile phone.
The two factors may be something the user knows (password), something a user has (phone, thumbdrive, card), or some physical characteristic (thumbprint, retinal scan).
The site key doesn't make it for the second factor. You know your password and that it's supposed to be a picture of a platypus.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, July 27, 2015 at 4:23:53 AM UTC-4, micky wrote:

Given that no other website that I deal with has the procedure that BA currently has, apparently it's acceptable to the industry and their customers. IDK why BA would want to change it. Presenting you with an image you chose and recognize would certainly help eliminate the skunks that pretend to be the bank, have you try to log in, etc. But I don't know any other site that does that.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
In alt.home.repair, on Mon, 27 Jul 2015 08:12:26 -0700 (PDT), trader_4

For the record, as if it matters, I didn't choose it. They just gave it to me, I presume from a large collection of possible small black & white images. But that part seems okay. There certainly wasn't a spoof site giving out images at the time (so that when I came back I would insist on getting the same spoof site, when the real BoA wasn't even using images) when all a spoof site would want to do was collect ids and passwords.
Everything else you have here is right on.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"micky" wrote in message
To be frank, all of that shit is totally fuskin' meaningless to me since I'm not liable for unauthorized accesses to any of my accounts.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload


Do you really want to go through the hassle of getting things back to normal after an unauthorized access to your account?
Do you really want to be in limbo in the meantime?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Per Edmund J. Burke:

The problem I would see is that once somebody drained my account, it would be on me to get the financial institution to put money back into the account. May sound simple on the face of it, but I would expect a major PITA and much pain.
Speaking as a long-term developer of computer applications, I would not even consider online banking or any other online financial transactions except for those against my VISA credit card.
That is not to claim any particular expertise in online development or security... but I know in my heart that there are thousands, if not tens or hundreds of thousands, really, *really*, REALLY smart people all over the world trying to figure out how to separate me from what little money I have.
It also seems like the first line of "defense" of most large corporations where online fraud is concerned is stonewalling it - denying that anything happened.
--
Pete Cresswell

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

How big a PITA it is probably depends on the bank.

However paranoia is causing you a bigger PITA.
I haven't been to a branch in over a year. I do everything online, most of it from my phone. I'd hate to have to go back to the bad old days.

I can't lose anything from unauthorized transfers or debits from any of my accounts. It's likely the same for you.

I hate to add to your paranoia but you don't need an online bank account to be a victim. Wasn't it around 50 million card numbers that Target lost? Shop at Target? You say you use Visa... 8-O
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Per J0HNS0N:

There is a legal firewall on the VISA card. $50 is the maximum amount I can lose in the event of fraud or loss - and that is only if I delay reporting a lost card for too long - otherwise it's zero.
And, if there is fraud, the card issuer is the one on the hook until/unless I pay the VISA bill. I still have my money. That contrasts with a debit card where somebody can clean out my account and it's on me to get the money back. Ditto stock trading accounts and whatever other online facilities are out there.
I would say there is a continuum from reasonable expectations to paranoia - it's not a binary condition.
--
Pete Cresswell

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Agreed. Further my cash back no-annual-fee AE card pays me around $400/year just to use it.
BTW my CC allows online alerts. I get emails/texts when it's used out of a certain area, over a certain limit, etc. Further even if you know my online bank account user name and password you can't access it unless you have my phone in your possession. (2 step verification.)

I only use my debit card for ATM cash since it pays me nothing back. But my bank gives me the same protection as my credit card. Likely yours does too.

There is a $500K protection on stock accounts.

IMO you are in more danger giving your card to the waiter or stuffing it in a gas machine than I am banking online. If you take reasonable precautions you will lose nothing and your financial life will be much easier.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That is not for that. The $500K is in case the firm goes belly up and is the rough equivalent of the FDIC.

--
"Statistics are like bikinis. What they reveal is suggestive,
but what they conceal is vital."
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

"If you ever discover an error in a trade confirmation or brokerage statement, you should immediately bring the error to the attention of the brokerage firm in writing. Unless you complain in writing, your eligibility for SIPC protection may be compromised."
http://www.sipc.org/for-investors/protecting-against-fraud
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Fraud on the part of the broker, not the kind of fraud where someone gets the account and cleans it out.
--
"Statistics are like bikinis. What they reveal is suggestive,
but what they conceal is vital."
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes, we were talking about online fraud weren't we.
The two online brokers I deal with (ETrade and Vanguard) both say they will cover ALL online fraud security losses. (Except those where the client is negligent.) And they both keep broker account cash in their respective FDIC insured banks.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Per J0HNS0N:

Got to wonder if "negligent" includes the presupposition that if a third party was able to get to the account the account holder is assumed to be "negligent" because it is assumed that the only way the third party could have gotten to the account was if the account holder was "negligent" in keeping their ID/PW secret.
--
Pete Cresswell

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

I guess that's what lawyers are for. IMO I am in much more danger of losing money from bad investing than from online fraud. That said, here is Vanguard's fine print. I agree there's lots of wiggle room.
"At a minimum, in order for this protection to apply, you must take the following steps: Review your accounts regularly.     Check your account frequently. Promptly and completely review all information we send you. Report any errors or discrepancies in your account and any suspected unauthorized transactions or account changes to Vanguard immediately. Protect your Vanguard.com user name, password, and other account-related information.     Make sure your user name, password, and answers to your security questions are unique and strong. Never share your user name, password, or other account-related information with anyone. Never store your user name, password, or answers to security questions in your browser. Clear any temporarily stored copies of online information by closing your browser after signing off. Do not leave your computer unattended while logged on to Vanguard.com. Protect your computer.     Make certain that any computer you use to access Vanguard.com has up-to-date security and anti-spyware, antivirus, and firewall software. Do not reply to e-mail requests for personal or financial information. Do not respond to, open an attachment in, or click on a link within an e-mail if you suspect the message is fraudulent. Vanguard will not ask for personal information such as your Social Security number, account numbers, or passwords in an e-mail. Cooperate with us and stay informed.     Cooperate fully with Vanguard in investigating and prosecuting any unauthorized activity in your account, and follow our recommendations about how to protect your account. We may require you to file a police report, complete a notarized affidavit, or permit access to your computer."
https://personal.vanguard.com/us/help/SecurityOnlineFraudPledgeContent.jsp
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wednesday, July 29, 2015 at 3:38:42 AM UTC-4, J0HNS0N wrote:

p
Kurt's point was that *SIPC* does not protect against online fraud in a brokerage account. And he's correct:
From SIPC:
"Does SIPC protect me if my account is hacked and cash and/or securities ar e stolen?
SIPC's role and responsibilities are as defined under the Securities Invest or Protection Act (SIPA). Under that law, SIPC only becomes involved when a SIPC member brokerage firm is eligible for liquidation under the Securitie s Investor Protection Act. If you discover that your account has been hacke d or your securities or cash have been stolen, you should contact your brok erage firm, the SEC, FINRA, your state securities regulator, and/or law enf orcement authorities."
So, there is no automatic $500K, universal, SIPC protection. Apparently how a broker treats online fraud is typically up to them and they set the rules.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I stand corrected then.
In my case I was pleased to find out that I was not just protected for $500K but for ALL of any loss. Although it makes little difference since $500K would have been waaaaaaaay more than adequate.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.