Ideas to prevent account theft?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
squirm
Posts: 4239
Joined: Sat Mar 19, 2011 11:53 am

Ideas to prevent account theft?

Post by squirm »

What are some ways to prevent someone from getting into or stealing money from my bank and broker accounts?

I have always had a linked savings and checking account. However, now I'm wondering if that is a good idea. I do transfer a lot of transfer between the accounts, however is it a good idea to have overdraft protection? I'm afraid someone might be able to get a hold of a old check that has the routing and account number and drain my savings account. I keep much more $ in my savings, then checking. There was only one time in the last ten years that I have had to use over-draft protection, if that is any help. But what about moving money between the two accounts?

Also what about online brokerage accounts? I have several spread over different firms. I keep my computer up to date with anti-virus and OS system updates, but what about the passwords? Do you use a different password for different brokers if you have more than one? What about an online password system, such as Lastpass? Someone told me they use that service and are happy with them.

BTW, I also shred all my account statements.

Thanks in advance for your replies.
User avatar
CaliJim
Posts: 3050
Joined: Sun Feb 28, 2010 7:47 pm
Location: California, near the beach

Re: Ideas to prevent account theft?

Post by CaliJim »

squirm wrote:however is it a good idea to have overdraft protection?
I turned overdraft off and only keep a month's worth of money in my checking account at any given time
squirm wrote:Do you use a different password for different brokers if you have more than one?
ABSOLUTELY. YOU SHOULD USE DIFFERENT PASSWORDS EVERYWHERE. You should use different passwords for every online account you have (itunes, netflix, gmail, amazon, bogleheads...)
squirm wrote:What about an online password system,
I keep my passwords in a KeePass database. I keep my KeePass database on a USB drive, with a hardcopy printout in a file drawer.

I have a 16 character password to get into the KeePass file. I unplug the USB drive except when I need it.

I use 20 character, KeePass system generated passwords for all my financial accounts. I don't even bother to memorize them. I just cut and paste them from my KeePass application. I do not store financial passwords in browser (firefox) based password vaults.
-calijim- | | For more info, click this Wiki
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Re: Ideas to prevent account theft?

Post by Rupert »

You might also consider using a different browser and a different email address for your sensitive accounts. Google's Chrome is probably the safest browser at the moment. Install it and use it only for accessing your financial accounts. Use another browser, such as Firefox, to do your general Internet surfing and on-line shopping. Also create a secret email account just for communications to/from your financial services providers. Don't give out that address to anyone else for any purpose.

You should un-link your checking and savings account in my opinion. If you're a Boglehead, I doubt you bounce a lot of checks. So why do you need that?
carolinaman
Posts: 5463
Joined: Wed Dec 28, 2011 8:56 am
Location: North Carolina

Re: Ideas to prevent account theft?

Post by carolinaman »

Rupert wrote:You might also consider using a different browser and a different email address for your sensitive accounts. Google's Chrome is probably the safest browser at the moment. Install it and use it only for accessing your financial accounts. Use another browser, such as Firefox, to do your general Internet surfing and on-line shopping. Also create a secret email account just for communications to/from your financial services providers. Don't give out that address to anyone else for any purpose.

You should un-link your checking and savings account in my opinion. If you're a Boglehead, I doubt you bounce a lot of checks. So why do you need that?
+1
Excellent advice. Also setup strong passwords for your financial, each unique. This is a little bit of a pain but effective. I have heard that at least one of these password services has been hacked. that makes me nervous so I have avoided to date.
DaveS
Posts: 1308
Joined: Fri Jun 15, 2007 9:42 am
Location: Reno, NV

Re: Ideas to prevent account theft?

Post by DaveS »

I have a secure computer and an insecure computer. The secure one goes to the bank and brokerage, and court sites - I am a lawyer. The other computer surfs the web, e-mails everything else. There is no relationship between my passwords for secure sites and other passwords. I have the passwords written down but they don't identify any site. You don't want a burglar to be able to steal your passwords. I change the passwords at least once a year. Passwords need to be a mix of numbers letters and punctuation marks. Including the latter greatly increases the difficulty of breaking them. Dave
stlutz
Posts: 5585
Joined: Fri Jan 02, 2009 12:08 am

Re: Ideas to prevent account theft?

Post by stlutz »

As has been discussed on other threads, using false answers to "security questions" (which you'll then need to keep track of on paper or in a KeePass database) is also important. Anyone can figure out where you went to high school. So, if your mascot was the bears, make the security answer something else. Then, use different answers to the same question for other accounts.

On the e-mail accounts, you could take it one step further an have a separate e-mail address for each financial account. If someone hacks into one account, they are then only aware of that single relationship, not all of the firms you do business with.

Or, you could be less paranoid about the whole thing and only do business with firms that have a liberal security guarantee.
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Ideas to prevent account theft?

Post by Epsilon Delta »

DaveS wrote: I have the passwords written down but they don't identify any site. You don't want a burglar to be able to steal your passwords.
Not writing the sites is not much of an obstacle. Most people either use the same username at all sites or include them on the password list. Trying all the possibilities at the 20 locally biggest banks, a bunch of legal related sites and a few national firms is likely to get some hits and it won't trigger alarms because each username is tried only once at any particular site.
User avatar
Jerilynn
Posts: 1929
Joined: Tue Sep 06, 2011 12:49 pm
Location: USA, Earth

Re: Ideas to prevent account theft?

Post by Jerilynn »

DaveS wrote:I have a secure computer and an insecure computer.
Maybe the insecure one just needs therapy?
Cordially, Jeri . . . 100% all natural asset allocation. (no supernatural methods used)
User avatar
OldOne
Posts: 199
Joined: Sat Jun 25, 2011 7:02 pm
Location: Texas

Re: Ideas to prevent account theft?

Post by OldOne »

Maybe the insecure one just needs therapy?
Didn't work for you did it?
cbeck
Posts: 640
Joined: Sun Jun 24, 2012 1:28 am

Re: Ideas to prevent account theft?

Post by cbeck »

Don't start by analyzing the security of your computer. Start by identifying where the risk arises. Overwhelmingly (97%?), the risk of having your account hacked arises on the systems of the institution, not your personal computer. Also, the obligation acknowledged by brokerage firms to make you whole for a loss to your brokerage account is much less clear than it is for banks and credit cards. Therefore the significant risk is at the institution. You will never have to skill or information necessary to assess how effectively any institution manages that risk to your assets. It follows from these facts that the most important step you can take in securing your assets is to divide them between institutions, i.e. do not put it all at Vanguard however convenient that might make your daily life.

After that, by all means, follow the best practices you read about for managing your login credentials: long, randomly-selected passwords that are unique and change often, etc. etc.
User avatar
Jerilynn
Posts: 1929
Joined: Tue Sep 06, 2011 12:49 pm
Location: USA, Earth

Re: Ideas to prevent account theft?

Post by Jerilynn »

OldOne wrote:
Maybe the insecure one just needs therapy?
Didn't work for you did it?
Not yet. :wink:
Touche.
Cordially, Jeri . . . 100% all natural asset allocation. (no supernatural methods used)
User avatar
BlueEars
Posts: 3968
Joined: Fri Mar 09, 2007 11:15 pm
Location: West Coast

Re: Ideas to prevent account theft?

Post by BlueEars »

You will see conflicting advice on this, I fear.

We can all agree on strong passwords.
For financial sites, use unique passwords and logins.
My opinion, only deal with the minimum number of institutions you can get down to. Then make those dealings as solid as possible.
Do not use on-line email for dealing with financial institution's critical communications.
Be aware of scam methods - some paranoia is appropriate regarding money.
Keep your computer up to date. Good anti-virus, Secunia for checking software updates.
User avatar
Sunny Sarkar
Posts: 2443
Joined: Fri Mar 02, 2007 12:02 am
Location: Flower Mound, TX
Contact:

Re: Ideas to prevent account theft?

Post by Sunny Sarkar »

I got to thinking about this recently and decided to enforce the following steps:

Secure the email account first. "You are only as safe as your email is". Every other account's security setup funnels into the email account (password resets, user-id resets, account verification, etc.). On top of the usual long complex passwords, something like Gmail's 2-step authentication that sends single use codes to the phone every time is imperative.**

Use LastPass to generate & manage long random complex passwords, a separate one for each account. Use random user-ids also, since LastPass is managing that as well. 2-step authentication for LastPass too, obviously.

Enforce additional security steps like Vanguard's security questions during login, but use wrong answers to prevent social engineering (for example: if your actual pet's name is Jackie, use Rocky as the answer to the security question "what is your favorite pet's name?").

Use Google Chrome incognito mode: Chrome is apparently the safest browser among the top 4 - IE, Firefox, Chrome, Safari. Changed the settings so that all cookies must be deleted every time the browser is exited even when not using incognito mode.

Use Linux instead of Windows whenever possible. Installed Ubuntu alongside Windows, and choose Ubuntu when planning to just go online and use a browser. Thinking about a $249 Chromebook since 90% of my computer usage at home is browsing the internet on a browser only.

---

** Regarding email security, I went one step farther. I bought my own domain ($12/yr) and implemented free Google Apps to use Gmail. This gave me a separate admin/root/superuser login that I can use to reset the password of my regular email account if it gets hacked.
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
User avatar
Phineas J. Whoopee
Posts: 9675
Joined: Sun Dec 18, 2011 5:18 pm

Re: Ideas to prevent account theft?

Post by Phineas J. Whoopee »

Hi BlueEars,
BlueEars wrote:You will see conflicting advice on this, I fear. ...
Indeed. I'm afraid I'm about to give some right now. :D
BlueEars wrote:... My opinion, only deal with the minimum number of institutions you can get down to. ...
There's the conflict.

Hi Squirm,

You've received great advice in answer to your question on preventing access and theft, and I take most of those precautions myself. I'd like to add some points about limiting damage in the event your security is compromised anyway.

Although I don't say anyone should excessively proliferate accounts, I make a point of keeping deposits, borrowings, and investments at separate institutions.

My reasoning is it would be easiest for a thief to steal my checking account or credit card numbers. Therefore I do what I can to limit how much they might be able to take, even if eventually I would be reimbursed.

I have my checking account at an online bank, and I like to keep a savings account next to it to avoid any temporary liquidity issues. Like you I keep little in checking. I do have the accounts linked for overdraft protection. The way I minimize danger is to keep my balances there strictly limited, so the most anyone could steal is not very much. This bank offers two-factor authentication, so its is the only financial website I ordinarily access while traveling. That protects me from key loggers. I am still vulnerable to man-in-the-middle attacks, so there are no links to other accounts where I have assets. For good measure, I also maintain a secondary no-fee checking account at a small local brick-and-mortar thrift. Such local financial institutions have their own advantages.

My CDs and main savings account are at another, higher yielding bank where I have no transaction account to be compromised. From it I can transfer funds to checking, which takes three business days.

My credit cards are elsewhere, because sometimes in the event of a dispute a credit card issuer can seize money from deposit accounts one holds with them. I've never been in a dispute, but this way they would have to use formal legal process to access my assets.

My non-CD investments are at Vanguard, Treasury Direct, and a 401(k) provider. Vanguard and TD know my checking account number, but as said by others, what could anybody do but sell my assets and send the proceeds to me? One can also instruct Vanguard in writing to disallow any transfers out. You can still transfer in, and rebalance within your accounts. To rescind the order takes another letter. Transfers from my 401(k) can only be made via signed pieces of physical paper.

Operationally, I log in to each account weekly. While I'm there I click my mouse a few extra times to be sure nobody changed my address or phone number, and that there are no new linked accounts. I know someone who says such tasks should be the vendor's responsibility, not mine, but who is more motivated to protect my assets than I?

Hope that helps.

PJW
[Edited twice to correct the incorrect "into" into the correct "in to." Gargh! :oops:]
Last edited by Phineas J. Whoopee on Fri Dec 14, 2012 6:08 pm, edited 2 times in total.
User avatar
BlueEars
Posts: 3968
Joined: Fri Mar 09, 2007 11:15 pm
Location: West Coast

Re: Ideas to prevent account theft?

Post by BlueEars »

Hi PJW,
FWIW I have the most active financial accounts at about 3 institutions nowadays. Plus a few others that are not very active ones. So maybe we are not that dissimilar.

Some people have multiple accounts (401k's, IRA's, checking, CD's, stocks, bonds, ....) partly because their employers (current and previous maybe) required them to funnel money somewhere. It gets even messier if a spouse has to have additional accounts at even more institutions. After retiring I consolidated where possible. It's particularly important for portfolio management -- at least the way I do things.
User avatar
Phineas J. Whoopee
Posts: 9675
Joined: Sun Dec 18, 2011 5:18 pm

Re: Ideas to prevent account theft?

Post by Phineas J. Whoopee »

BlueEars wrote:Hi PJW,
... maybe we are not that dissimilar. ...
:sharebeer
User avatar
bUU
Posts: 608
Joined: Sun Nov 25, 2012 10:41 am

Re: Ideas to prevent account theft?

Post by bUU »

Some people have multiple accounts (401k's, IRA's, checking, CD's, stocks, bonds, ....) partly because their employers (current and previous maybe) required them to funnel money somewhere. It gets even messier if a spouse has to have additional accounts at even more institutions. After retiring I consolidated where possible. It's particularly important for portfolio management -- at least the way I do things.
When my mother passed away, I found her accounts scattered. Even within her investment accounts I found itty-bitty holdings, like 3 shares of Liberty Media and 2 shares of Discovery Communications. It was maddening to try to make sense of all of it.

What I'm finding is that as much as I try to consolidate, there are "forces at work" thwarting my efforts. First, current employers aren't necessarily cooperating by having my preferred brokerage host their 401(k) programs. ;) Second, I'm concerned about old employee stock ownership programs - they go back before we got our financial records in order, and so we don't have a good read on just how much of a discount we got. If we liquidate them I would hope that the current brokerage will provide some useful information for determining cost basis, but if we transfer them to consolidate our holdings, how will we know how to declare the gains? Third, part of the inherited holdings were funds that seem to be non-transferable - funds that Fidelity doesn't (can't?) hold.
jimkinny
Posts: 1856
Joined: Sun Mar 14, 2010 1:51 pm

Re: Ideas to prevent account theft?

Post by jimkinny »

Many good suggestions.

I log onto my primary banking/credit card account daily. I do the same at Vanguard. Vanguard has a pending transaction function that I check, as well as my last log on at Vanguard.

I do this before the opening of business and just recently started doing this, because of the Apple security issue of several months ago. Human failure resulted in an Apple employee giving information to a person who called Apple, in order to hack some accounts. Not much you and I can do to prevent that.

Several years ago a NYT article suggested that if you are using one computer, to have a user with the administrator functions password protected. I use that user to go to the above two web accounts. I use another user to do my general browsing.

As suggested above, I use an email account only for these 2 accounts and other email accounts for everything else. I started doing this because of the Apple fiasco several months ago. I do not use anything close to real word answers to security questions.


jim
User avatar
BlueEars
Posts: 3968
Joined: Fri Mar 09, 2007 11:15 pm
Location: West Coast

Re: Ideas to prevent account theft?

Post by BlueEars »

How about just slightly modifying security questions?

For example, for your first pet's name instead of just putting "fido" you add "usb" (for US Bank) to give "fidousb".
So this is unique and easy to remember.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: Ideas to prevent account theft?

Post by The Wizard »

The main problem with all these complex schemes is that once Alzheimer's kicks in, you'll never again be able to log into any of your accounts.
Periodic things already set up will continue, but that will be it.
Eventually, your survivors will get court orders forcing Vanguard to liberate your securely locked account, etc.
:(
Attempted new signature...
User avatar
Sbashore
Posts: 952
Joined: Wed Feb 20, 2008 9:38 pm
Location: USA

Re: Ideas to prevent account theft?

Post by Sbashore »

Another thing to consider is to use openDNS and download their dnsCrypt. It encrypts dns requests so they aren't sent in the clear and thus cannot be intercepted.
Steve | Semper Fi
User avatar
Phineas J. Whoopee
Posts: 9675
Joined: Sun Dec 18, 2011 5:18 pm

Re: Ideas to prevent account theft?

Post by Phineas J. Whoopee »

The Wizard wrote:The main problem with all these complex schemes is that once Alzheimer's kicks in, you'll never again be able to log into any of your accounts.
Periodic things already set up will continue, but that will be it.
Eventually, your survivors will get court orders forcing Vanguard to liberate your securely locked account, etc.
:(
Certainly a fair criticism. One chooses among the available options as best one can, and all have disadvantages.

PJW
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Ideas to prevent account theft?

Post by Mudpuppy »

squirm wrote:What are some ways to prevent someone from getting into or stealing money from my bank and broker accounts?
First, you need to come to terms with the fact that you will never be able to absolutely, 100% prevent other people from stealing money from your accounts. There are just too many avenues for such fraud to have iron-clad prevention (short of not having bank accounts at all, but then what if someone steals your "mattress"). Once you have accepted this basic security precept, you can then get to work on devising a reasonable plan for both prevention AND recovery. You already have many good suggestions from others on prevention, so let's focus on recovery.

Your recovery plan starts with reading the financial institutions' policies and understanding the regulations relating to fraudulent transactions in the various types of accounts. You should only choose to do business with institutions that have solid coverage for their customers in the event of a fraudulent transaction. Next, you must monitor your accounts frequently to look for fraudulent transactions. If you find one, you must notify the financial institution immediately so that they can block further fraudulent transactions and begin an investigation. Finally, have a backup plan in case one account gets tied up in fraud investigation. In my case, I have accounts at two different local credit unions so if one is tied up in investigations, I can use the other to cover expenses until the investigation completes (which can take as long as 3-4 weeks depending on the type and severity of the fraud).
Post Reply