There are numerous ways for the bank to "fingerprint], so to speak,
your computer (or smartphone) to verify that it's yours. Note that
this would be a problem if someone grabbed it, but that's another story.
The simplest, of course, id looking at the IP address. That's comparable
to checking the "area code" on your phone if you call them as opposed
to the complete phone number, but it's a start.
Then there are lots and lots more.
For an example of this, check out the followng website
brought to you by the great golk at the EFF (electronig
Note that all of this is pretyt much invisble to the user...
Knowledge may be power, but communications is the key
My home computer goes through a wireless network so the IP isn't a
constant. The weather and ads I get are often for the Utah area since
that's one location where IP's are drawn from the pool. A couple of
times I've gotten a blacklisted IP and had to verify that I wasn't a
I haven't hit a bank that does it but we deal with one sit that has
implemented two factor authentication. The first step is a conventional
username/password. Then they text a one time passcode to your mobile phone.
The two factors may be something the user knows (password), something a
user has (phone, thumbdrive, card), or some physical characteristic
(thumbprint, retinal scan).
The site key doesn't make it for the second factor. You know your
password and that it's supposed to be a picture of a platypus.
On Monday, July 27, 2015 at 4:23:53 AM UTC-4, micky wrote:
Given that no other website that I deal with has the procedure
that BA currently has, apparently it's acceptable to the industry
and their customers. IDK why BA would want to change it.
Presenting you with an image you chose and recognize would certainly
help eliminate the skunks that pretend to be the bank, have you
try to log in, etc. But I don't know any other site that does
In alt.home.repair, on Mon, 27 Jul 2015 08:12:26 -0700 (PDT), trader_4
For the record, as if it matters, I didn't choose it. They just gave it
to me, I presume from a large collection of possible small black & white
images. But that part seems okay. There certainly wasn't a spoof site
giving out images at the time (so that when I came back I would insist
on getting the same spoof site, when the real BoA wasn't even using
images) when all a spoof site would want to do was collect ids and
Everything else you have here is right on.
The problem I would see is that once somebody drained my account, it
would be on me to get the financial institution to put money back into
the account. May sound simple on the face of it, but I would expect a
major PITA and much pain.
Speaking as a long-term developer of computer applications, I would not
even consider online banking or any other online financial transactions
except for those against my VISA credit card.
That is not to claim any particular expertise in online development or
security... but I know in my heart that there are thousands, if not tens
or hundreds of thousands, really, *really*, REALLY smart people all over
the world trying to figure out how to separate me from what little money
It also seems like the first line of "defense" of most large
corporations where online fraud is concerned is stonewalling it -
denying that anything happened.
There is a legal firewall on the VISA card. $50 is the maximum amount
I can lose in the event of fraud or loss - and that is only if I delay
reporting a lost card for too long - otherwise it's zero.
And, if there is fraud, the card issuer is the one on the hook
until/unless I pay the VISA bill. I still have my money. That
contrasts with a debit card where somebody can clean out my account and
it's on me to get the money back. Ditto stock trading accounts and
whatever other online facilities are out there.
I would say there is a continuum from reasonable expectations to
paranoia - it's not a binary condition.
Agreed. Further my cash back no-annual-fee AE card pays me around
$400/year just to use it.
BTW my CC allows online alerts. I get emails/texts when it's used out
of a certain area, over a certain limit, etc. Further even if you know
my online bank account user name and password you can't access it
unless you have my phone in your possession. (2 step verification.)
I only use my debit card for ATM cash since it pays me nothing back.
But my bank gives me the same protection as my credit card. Likely
yours does too.
There is a $500K protection on stock accounts.
IMO you are in more danger giving your card to the waiter or stuffing
it in a gas machine than I am banking online. If you take reasonable
precautions you will lose nothing and your financial life will be much
"If you ever discover an error in a trade confirmation or brokerage
statement, you should immediately bring the error to the attention of
the brokerage firm in writing. Unless you complain in writing, your
eligibility for SIPC protection may be compromised."
Yes, we were talking about online fraud weren't we.
The two online brokers I deal with (ETrade and Vanguard) both say they
will cover ALL online fraud security losses. (Except those where the
client is negligent.) And they both keep broker account cash in their
respective FDIC insured banks.
Got to wonder if "negligent" includes the presupposition that if a third
party was able to get to the account the account holder is assumed to be
"negligent" because it is assumed that the only way the third party
could have gotten to the account was if the account holder was
"negligent" in keeping their ID/PW secret.
I guess that's what lawyers are for. IMO I am in much more danger of
losing money from bad investing than from online fraud. That said,
here is Vanguard's fine print. I agree there's lots of wiggle room.
"At a minimum, in order for this protection to apply, you must take
the following steps:
Review your accounts regularly.
Check your account frequently. Promptly and completely review all
information we send you.
Report any errors or discrepancies in your account and any suspected
unauthorized transactions or account changes to Vanguard immediately.
Protect your Vanguard.com user name, password, and other
Make sure your user name, password, and answers to your security
questions are unique and strong.
Never share your user name, password, or other account-related
information with anyone.
Never store your user name, password, or answers to security questions
in your browser.
Clear any temporarily stored copies of online information by closing
your browser after signing off. Do not leave your computer unattended
while logged on to Vanguard.com.
Protect your computer.
Make certain that any computer you use to access Vanguard.com has
up-to-date security and anti-spyware, antivirus, and firewall
Do not reply to e-mail requests for personal or financial information.
Do not respond to, open an attachment in, or click on a link within an
e-mail if you suspect the message is fraudulent. Vanguard will not ask
for personal information such as your Social Security number, account
numbers, or passwords in an e-mail.
Cooperate with us and stay informed.
Cooperate fully with Vanguard in investigating and prosecuting any
unauthorized activity in your account, and follow our recommendations
about how to protect your account. We may require you to file a police
report, complete a notarized affidavit, or permit access to your
On Wednesday, July 29, 2015 at 3:38:42 AM UTC-4, J0HNS0N wrote:
Kurt's point was that *SIPC* does not protect against online
fraud in a brokerage account. And he's correct:
"Does SIPC protect me if my account is hacked and cash and/or securities ar
SIPC's role and responsibilities are as defined under the Securities Invest
or Protection Act (SIPA). Under that law, SIPC only becomes involved when a
SIPC member brokerage firm is eligible for liquidation under the Securitie
s Investor Protection Act. If you discover that your account has been hacke
d or your securities or cash have been stolen, you should contact your brok
erage firm, the SEC, FINRA, your state securities regulator, and/or law enf
So, there is no automatic $500K, universal, SIPC protection.
Apparently how a broker treats online fraud is typically up to
them and they set the rules.
I stand corrected then.
In my case I was pleased to find out that I was not just protected for
$500K but for ALL of any loss. Although it makes little difference
since $500K would have been waaaaaaaay more than adequate.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.