Banking Security

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
blueman457
Posts: 411
Joined: Sun Jul 26, 2015 12:19 pm

Banking Security

Post by blueman457 » Sun Jun 03, 2018 3:23 pm

Q: How have folks protected themselves in the event their primary source of money was hacked?  Or has someone had a significant amount of money stolen from their primary account and what happened? Or am I thinking too hard?

In the digital era, it seems that its not if you will be hacked but when.  So I've contemplated ideas to keep my financial life quasi intact in the event that my primary source of daily money (primary checking account) was hacked and money withdrawn.  Currently, money is from my primary account is withdrawn automatically to pay credit cards, insurance, and other random bills I can't charge to my credit card.

I do have secondary checking/savings accounts at various institutions, but they hold only a couple thousands of dollars.  Paypal, venmo, 529, etc... accounts are linked to here.  I don't have a large enough taxable account at Fidelity/Vanguard/etc to fall back on.

I'm not quite sure what the best solution for me would be (I also have a wife who I have to keep in mind as well).  Part of me thinks that I should just have everything paid out of the secondary account so keep my primary checking relatively safe. 

I do 2FA, having different passwords, etc... etc.

What do folks think?

Blue Man

jebmke
Posts: 8458
Joined: Thu Apr 05, 2007 2:44 pm

Re: Banking Security

Post by jebmke » Sun Jun 03, 2018 3:30 pm

I take reasonable precautions (2FA, I don't do banking on mobile devices etc). I don't keep much money in my checking account so I don't worry too much about it.
When you discover that you are riding a dead horse, the best strategy is to dismount.

ResearchMed
Posts: 7575
Joined: Fri Dec 26, 2008 11:25 pm

Re: Banking Security

Post by ResearchMed » Sun Jun 03, 2018 3:30 pm

blueman457 wrote:
Sun Jun 03, 2018 3:23 pm
Q: How have folks protected themselves in the event their primary source of money was hacked?  Or has someone had a significant amount of money stolen from their primary account and what happened? Or am I thinking too hard?

In the digital era, it seems that its not if you will be hacked but when.  So I've contemplated ideas to keep my financial life quasi intact in the event that my primary source of daily money (primary checking account) was hacked and money withdrawn.  Currently, money is from my primary account is withdrawn automatically to pay credit cards, insurance, and other random bills I can't charge to my credit card.

I do have secondary checking/savings accounts at various institutions, but they hold only a couple thousands of dollars.  Paypal, venmo, 529, etc... accounts are linked to here.  I don't have a large enough taxable account at Fidelity/Vanguard/etc to fall back on.

I'm not quite sure what the best solution for me would be (I also have a wife who I have to keep in mind as well).  Part of me thinks that I should just have everything paid out of the secondary account so keep my primary checking relatively safe. 

I do 2FA, having different passwords, etc... etc.

What do folks think?

Blue Man
We keep our money and our investments at more than one financial institution, and probably always will.

Even if we weren't concerned about "fraud"/etc., we are definitely be concerned about computer/system hiccups, which can be brief... or not so much.

We don't keep a huge sum in any easily accessible account such as the checking account we use (where the account numbers can "get out there", etc.).

We also monitor all accounts very frequently.

A side benefit of this monitoring is that we've become accustomed to the ups and downs of investment balances, as "the market" goes up and down, etc.

RM
This signature is a placebo. You are in the control group.

AllMostThere
Posts: 68
Joined: Sat Dec 31, 2016 2:04 pm

Re: Banking Security

Post by AllMostThere » Sun Jun 03, 2018 4:59 pm

Other than occasional credit card issues, No, I have not had any of my financial accounts hacked, yet. I too wonder if it's just a matter of time before it happens. In coming months I will be following the recommendations of Clark Howard. I have established a new e-mail account @ Proton mail to be used for my financial accounts only which is very secure and no privacy issues/concerns like with Yahoo & Google mail. I will then be obtaining a Chromebook for use a my "financial laptop" - use for financial banking, 401K, IRA, and Brokerage access only. No web surfacing with it, and no e-mail access other than the Proton mail. Also, increase in Password complexity is in order and perhaps 2FA where available. Given all the new hacking reports, etc., I think it makes sense to separate financial electronic access methods from recreational web access

Cheyenne
Posts: 428
Joined: Sun Jun 14, 2015 6:46 am

Re: Banking Security

Post by Cheyenne » Sun Jun 03, 2018 5:39 pm

I have my 2FA sent to a Google Voice account that is dedicated to that only, and I log into the Google Voice account on my computer with Google Authenticator and read the 2FA code. That removes the weak link of 2FA going to my cell phone. "Social hacking" (which is becoming more prevalent) is where a hacker impersonates you in a cell phone store and convinces the store clerks that you have lost your phone and need a new SIM card. Then they place the new SIM in their phone, change the password and they own you. Your phone is then dead. They will then receive your 2FA. At that point it's on you to try to convince the cell phone store clerks that you are the real you. Fun.

2015
Posts: 2152
Joined: Mon Feb 10, 2014 2:32 pm

Re: Banking Security

Post by 2015 » Sun Jun 03, 2018 6:20 pm

It's not possible for any significant amount of money to be stolen from any account I have without my knowing it soon thereafter. I'm set up with many different kinds of text and email alerts for all accounts. Simple (?) things, like using a password manager, having pins on accounts where accepted, nonsensical answers to all security questions, 2FA, Yubikey where accepted, voice identification where accepted, using a dedicated email with no phone number attached for financial accounts, etc.

squirm
Posts: 1503
Joined: Sat Mar 19, 2011 11:53 am

Re: Banking Security

Post by squirm » Sun Jun 03, 2018 6:30 pm

Hasn't everyone already been hacked via Equafax fiasco? I don't hear about it anymore but all our names, SSN, and addresses, etc are out in the wild.
Last edited by squirm on Sun Jun 03, 2018 7:07 pm, edited 1 time in total.

blueman457
Posts: 411
Joined: Sun Jul 26, 2015 12:19 pm

Re: Banking Security

Post by blueman457 » Sun Jun 03, 2018 6:38 pm

2015 wrote:
Sun Jun 03, 2018 6:20 pm
It's not possible for any significant amount of money to be stolen from any account I have without my knowing it soon thereafter. I'm set up with many different kinds of text and email alerts for all accounts. Simple (?) things, like using a password manager, having pins on accounts where accepted, nonsensical answers to all security questions, 2FA, Yubikey where accepted, voice identification where accepted, using a dedicated email with no phone number attached for financial accounts, etc.
But what happens if your primary checking account went to zero because of theft - does the bank make you whole while they're determining what happened?

Blue Man

golfCaddy
Posts: 728
Joined: Wed Jan 10, 2018 10:02 pm

Re: Banking Security

Post by golfCaddy » Sun Jun 03, 2018 7:17 pm

I don't think it's necessary, but the obvious solution is to have checking at two banks if you are that worried. Note, that most cyber fraud isn't about someone hacking your individual account. It's that every merchant you give your credit or debit card to has all the information they need to make fraudulent charges. It's that all it takes to make a withdrawal from a checking account is the routing and account number. Or social engineering where someone calls your bank or broker pretending to be you and says they forgot their password. Or identity theft where someone uses your SSN to take out loans. 2FA/strong passwords/software updates are all good, but only defend against a subset of the many types of fraud.

mpsz
Posts: 302
Joined: Sat Jan 09, 2016 7:11 pm

Re: Banking Security

Post by mpsz » Sun Jun 03, 2018 8:07 pm

I take the "everything is already hacked" approach. Follow the best practices but realize that these won't protect you absolutely:
- two factor authentication and a strong, unique password
- check account frequently
- turn on ALL available alerts
- never, ever, ever swipe debit (both for security and to get credit card rewards points instead)

Keep two functional checking accounts at different banks. By functional, I mean enough money at both that will get you through maybe 1-2 months should the other account be unavailable. Consider this as part of your emergency fund. I also keep all of my payees in bill pay at both banks.

My take is that unless it's my fault, I'll eventually be made whole, so I just need to get through 1-2 months until everything is resolved.

2015
Posts: 2152
Joined: Mon Feb 10, 2014 2:32 pm

Re: Banking Security

Post by 2015 » Mon Jun 04, 2018 2:00 pm

blueman457 wrote:
Sun Jun 03, 2018 6:38 pm
2015 wrote:
Sun Jun 03, 2018 6:20 pm
It's not possible for any significant amount of money to be stolen from any account I have without my knowing it soon thereafter. I'm set up with many different kinds of text and email alerts for all accounts. Simple (?) things, like using a password manager, having pins on accounts where accepted, nonsensical answers to all security questions, 2FA, Yubikey where accepted, voice identification where accepted, using a dedicated email with no phone number attached for financial accounts, etc.
But what happens if your primary checking account went to zero because of theft - does the bank make you whole while they're determining what happened?

Blue Man
You can paranoid about this stuff (many do) and have your wallet stolen in the mean time. How is it possible for an account to undergo theft when identifying information necessary to do so is unavailable? I had this discussion with a VG rep some months ago who informed me of some methodologies VG uses to verify identity in the event a customer states they've lost all information, which satisfied me. The rep told me other methodologies exist which he was not at liberty to share with me.

Post Reply