Home |
Search |
Today's Posts |
|
Home Repair (alt.home.repair) For all homeowners and DIYers with many experienced tradesmen. Solve your toughest home fix-it problems. |
Reply |
|
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. This simpler sign-in will be introduced on our different sites before the end of the year. To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for: www.bankofamerica.com Green text/shading Lock icon " Of course that is the way it was originally, putting in the ID and password on the first page. That was it for the first few years. It was their idea to have a SiteKey in the first place, an image that they chose that I would see on the screen that showed me I was actually communicating with whom I thought I was, the bank**. Now they have 3 things, the list at the end above, but none of them are personalized for me. Anyone with an account would get these same three things and could duplicate them in a phony site (the existance of which, one which would intercept my attempt to get to them, was a concern when they came up with the SiteKey". **Because no one else would know what they showed on my screen. Even if there were a key-logger on my computer, it wouldn't read what came in, iiuc, that is, the sitekey, the little sketch they showed me and maybe 1000th of their online customers. (That is, they had 1000 sketches, and if I didn't get the one I expected, I should stop what I was doing and not put in my password.) Do you do online banking with other banks? Do they have something like the SiteKey, a password or picture they send to you, instead of the other way around, so that you know you're talking to them, in the same way they want a password from you so they know they're talking to you? |
#2
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Monday, July 27, 2015 at 3:23:53 AM UTC-5, micky wrote:
OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey(R) -- the image you used to see before entering your Passcode -- is no longer part of the way you sign in to Online Banking. This simpler sign-in will be introduced on our different sites before the end of the year. To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for: www.bankofamerica.com Green text/shading Lock icon " Of course that is the way it was originally, putting in the ID and password on the first page. That was it for the first few years. It was their idea to have a SiteKey in the first place, an image that they chose that I would see on the screen that showed me I was actually communicating with whom I thought I was, the bank**. Now they have 3 things, the list at the end above, but none of them are personalized for me. Anyone with an account would get these same three things and could duplicate them in a phony site (the existance of which, one which would intercept my attempt to get to them, was a concern when they came up with the SiteKey". **Because no one else would know what they showed on my screen. Even if there were a key-logger on my computer, it wouldn't read what came in, iiuc, that is, the sitekey, the little sketch they showed me and maybe 1000th of their online customers. (That is, they had 1000 sketches, and if I didn't get the one I expected, I should stop what I was doing and not put in my password.) Do you do online banking with other banks? Do they have something like the SiteKey, a password or picture they send to you, instead of the other way around, so that you know you're talking to them, in the same way they want a password from you so they know they're talking to you? I use Wells Fargo and their security is very good. I'm using a VPN that indicates I'm in The Netherlands right now because of the server I've chosen. If I want to log in to my online banking, I must turn off the VPN because the site security notices that access is being attempted from an unusual location. I was contacted by the bank's security division last year when access to my credit/debit card was attempted from Pakistan. They had me change my login name, password and PIN. I assumed my card number had been harvested when I bought fuel at a convenience store owned by a Paki. The convenience stores and grocery store are the only places in the area I've ever used my card. Oh yea, I logon with a user name and separate password. ^_^ [8~{} Uncle Bank Monster |
#3
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Mon, 27 Jul 2015 04:23:43 -0400, micky
wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. |
#4
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Mon, 27 Jul 2015 05:48:44 -0400, Ed Pawlowski
wrote: On Mon, 27 Jul 2015 04:23:43 -0400, micky wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. Yes, that idea occurred to me. It makes sense. Especially when they've thought of something, to abandon it would leave them open to lawsuits if they hadn't somehow improved things. But stilll...... |
#5
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Mon, 27 Jul 2015 06:30:07 -0400, micky
wrote: In alt.home.repair, on Mon, 27 Jul 2015 05:48:44 -0400, Ed Pawlowski wrote: On Mon, 27 Jul 2015 04:23:43 -0400, micky wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. Yes, that idea occurred to me. It makes sense. Especially when they've thought of something, to abandon it would leave them open to lawsuits if they hadn't somehow improved things. But stilll...... My Bank of America sign-in still uses dual sign-in with the picture. Are you sure the above message came from the real bank? |
#6
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In micky writes:
OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? [snip[ There are numerous ways for the bank to "fingerprint], so to speak, your computer (or smartphone) to verify that it's yours. Note that this would be a problem if someone grabbed it, but that's another story. The simplest, of course, id looking at the IP address. That's comparable to checking the "area code" on your phone if you call them as opposed to the complete phone number, but it's a start. Then there are lots and lots more. For an example of this, check out the followng website brought to you by the great golk at the EFF (electronig freedom foundation) http://panopticlick.eff.org/ Note that all of this is pretyt much invisble to the user... -- __________________________________________________ ___ Knowledge may be power, but communications is the key [to foil spammers, my address has been double rot-13 encoded] |
#7
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 07/27/2015 07:27 AM, Pat wrote:
OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. Yes, that idea occurred to me. It makes sense. Especially when they've thought of something, to abandon it would leave them open to lawsuits if they hadn't somehow improved things. But stilll...... My Bank of America sign-in still uses dual sign-in with the picture. Are you sure the above message came from the real bank? When I signed in to my BofA account this morning, I had to answer one of my "challenge questions" before I got to the SiteKey picture, but then I too saw the notice that SiteKey was to be discontinued before the end of the year. Perce |
#8
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 07/27/2015 05:44 AM, danny burstein wrote:
The simplest, of course, id looking at the IP address. That's comparable to checking the "area code" on your phone if you call them as opposed to the complete phone number, but it's a start. My home computer goes through a wireless network so the IP isn't a constant. The weather and ads I get are often for the Utah area since that's one location where IP's are drawn from the pool. A couple of times I've gotten a blacklisted IP and had to verify that I wasn't a spammer. |
#9
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 07/27/2015 02:23 AM, micky wrote:
Do you do online banking with other banks? Do they have something like the SiteKey, a password or picture they send to you, instead of the other way around, so that you know you're talking to them, in the same way they want a password from you so they know they're talking to you? I haven't hit a bank that does it but we deal with one sit that has implemented two factor authentication. The first step is a conventional username/password. Then they text a one time passcode to your mobile phone. The two factors may be something the user knows (password), something a user has (phone, thumbdrive, card), or some physical characteristic (thumbprint, retinal scan). The site key doesn't make it for the second factor. You know your password and that it's supposed to be a picture of a platypus. |
#10
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Monday, July 27, 2015 at 4:23:53 AM UTC-4, micky wrote:
OT Bank relaxes security. Acceptable? Given that no other website that I deal with has the procedure that BA currently has, apparently it's acceptable to the industry and their customers. IDK why BA would want to change it. Presenting you with an image you chose and recognize would certainly help eliminate the skunks that pretend to be the bank, have you try to log in, etc. But I don't know any other site that does that. |
#11
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
"micky" wrote in message ...
To be frank, all of that **** is totally fuskin' meaningless to me since I'm not liable for unauthorized accesses to any of my accounts. |
#12
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Mon, 27 Jul 2015 11:44:29 +0000 (UTC), danny burstein
wrote: http://panopticlick.eff.org/ I got two results. One with scripts allowed and one without scripts. |
#13
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
"Edmund J. Burke" wrote in message ... "micky" wrote in message ... To be frank, all of that **** is totally fuskin' meaningless to me since I'm not liable for unauthorized accesses to any of my accounts. Do you really want to go through the hassle of getting things back to normal after an unauthorized access to your account? Do you really want to be in limbo in the meantime? |
#14
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Mon, 27 Jul 2015 08:12:26 -0700 (PDT), trader_4
wrote: On Monday, July 27, 2015 at 4:23:53 AM UTC-4, micky wrote: OT Bank relaxes security. Acceptable? Given that no other website that I deal with has the procedure that BA currently has, apparently it's acceptable to the industry and their customers. IDK why BA would want to change it. Presenting you with an image you chose and recognize would certainly For the record, as if it matters, I didn't choose it. They just gave it to me, I presume from a large collection of possible small black & white images. But that part seems okay. There certainly wasn't a spoof site giving out images at the time (so that when I came back I would insist on getting the same spoof site, when the real BoA wasn't even using images) when all a spoof site would want to do was collect ids and passwords. Everything else you have here is right on. help eliminate the skunks that pretend to be the bank, have you try to log in, etc. But I don't know any other site that does that. |
#15
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Mon, 27 Jul 2015 11:44:29 +0000 (UTC), danny
burstein wrote: In micky writes: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? [snip[ There are numerous ways for the bank to "fingerprint], so to speak, your computer (or smartphone) to verify that it's yours. Note that As I said, the purpose of the SiteKey was not for them to verify that it is me. It was for me to verify that it is them. this would be a problem if someone grabbed it, but that's another story. The simplest, of course, id looking at the IP address. That's comparable to checking the "area code" on your phone if you call them as opposed to the complete phone number, but it's a start. Then there are lots and lots more. For an example of this, check out the followng website brought to you by the great golk at the EFF (electronig freedom foundation) http://panopticlick.eff.org/ Note that all of this is pretyt much invisble to the user... |
#16
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Mon, 27 Jul 2015 07:55:19 -0400, "Percival P.
Cassidy" wrote: On 07/27/2015 07:27 AM, Pat wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. Yes, that idea occurred to me. It makes sense. Especially when they've thought of something, to abandon it would leave them open to lawsuits if they hadn't somehow improved things. But stilll...... My Bank of America sign-in still uses dual sign-in with the picture. Are you sure the above message came from the real bank? When I signed in to my BofA account this morning, I had to answer one of my "challenge questions" before I got to the SiteKey picture, but then I too saw the notice that SiteKey was to be discontinued before the end of the year. I didn't see the SiteKey, so I must be in an early batch of those who lose it. OTOH, I havent' logged in for weeks, so it might not be so early. As to IP addresses, I understand that even if one has a fixed one, as with a high speed connection, they still get reset every few weeks or months. I forget why and I forget the exact words the tech I talked to used. . Perce |
#17
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
Per Edmund J. Burke:
To be frank, all of that **** is totally fuskin' meaningless to me since I'm not liable for unauthorized accesses to any of my accounts. The problem I would see is that once somebody drained my account, it would be on me to get the financial institution to put money back into the account. May sound simple on the face of it, but I would expect a major PITA and much pain. Speaking as a long-term developer of computer applications, I would not even consider online banking or any other online financial transactions except for those against my VISA credit card. That is not to claim any particular expertise in online development or security... but I know in my heart that there are thousands, if not tens or hundreds of thousands, really, *really*, REALLY smart people all over the world trying to figure out how to separate me from what little money I have. It also seems like the first line of "defense" of most large corporations where online fraud is concerned is stonewalling it - denying that anything happened. -- Pete Cresswell |
#18
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
"(PeteCresswell)" wrote:
once somebody drained my account, it would be on me to get the financial institution to put money back into the account. May sound simple on the face of it, but I would expect a major PITA and much pain. How big a PITA it is probably depends on the bank. Speaking as a long-term developer of computer applications, I would not even consider online banking or any other online financial transactions except for those against my VISA credit card. However paranoia is causing you a bigger PITA. I haven't been to a branch in over a year. I do everything online, most of it from my phone. I'd hate to have to go back to the bad old days. That is not to claim any particular expertise in online development or security... but I know in my heart that there are thousands, if not tens or hundreds of thousands, really, *really*, REALLY smart people all over the world trying to figure out how to separate me from what little money I have. I can't lose anything from unauthorized transfers or debits from any of my accounts. It's likely the same for you. It also seems like the first line of "defense" of most large corporations where online fraud is concerned is stonewalling it - denying that anything happened. I hate to add to your paranoia but you don't need an online bank account to be a victim. Wasn't it around 50 million card numbers that Target lost? Shop at Target? You say you use Visa... 8-O |
#19
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Mon, 27 Jul 2015 07:27:38 -0400, Pat
wrote: On Mon, 27 Jul 2015 06:30:07 -0400, micky wrote: In alt.home.repair, on Mon, 27 Jul 2015 05:48:44 -0400, Ed Pawlowski wrote: On Mon, 27 Jul 2015 04:23:43 -0400, micky wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. I use a bank and three CC accounts and only my wife's BofA has the site key. Never had a problem with any of them. Whatever changes are being made, I'm sure any bank is going to be as secure as they can be and the new system is meant to be more, not less, secure. Yes, that idea occurred to me. It makes sense. Especially when they've thought of something, to abandon it would leave them open to lawsuits if they hadn't somehow improved things. But stilll...... My Bank of America sign-in still uses dual sign-in with the picture. Are you sure the above message came from the real bank? Well, no. That's exactly what concerns me. Though if you read the OP, the message also said "This simpler sign-in will be introduced on our different sites before the end of the year." I guess I have to call them. Maybe I shoudl have changed my password last night, or at least now. Okay. I just called them (and I didn't have to wait on hold more than 5 seconds, though I did have to go through their menu a little bit, and it asked the 3 digit code on the back 3 times before I could find my code) and, assuming they didn't intercept my phone call too, she said that Yes, they have gotten rid of the siteey. She said, in different words, that it matters that the url is at the root level, with no slash or anything "behind it" as if that makes it harder to foist a phoney site on someone. Sometimes I think the customer service people are taught to bluff, that is agree that there is a problem even if they have no idea what I'm talking about. OTOH she said that she herself had gotten other calls about this very thing. No accent btw. Standard American English. There was a short recording before she answered that said I had to let them know if I went out of town. I told her my father told me to tell anyone but friends that I was going out of town. She acknowledged the problem! She said if I left the state, they might put my card on hold. Or if I spent more money than usual, even if I stayed here. Maybe I have heard something like that before. Anyone know? |
#20
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In article ,
micky wrote: OT Bank relaxes security. Acceptable? Is there a good newsgroup for internet security (not involving viruses or malware)? Until then, this is what I got when I logged into my bank account just now to check my balance: "We're simplifying the way you sign in You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® — the image you used to see before entering your Passcode — is no longer part of the way you sign in to Online Banking. This simpler sign-in will be introduced on our different sites before the end of the year. To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for: www.bankofamerica.com Green text/shading Lock icon " Of course that is the way it was originally, putting in the ID and password on the first page. That was it for the first few years. It was their idea to have a SiteKey in the first place, an image that they chose that I would see on the screen that showed me I was actually communicating with whom I thought I was, the bank**. Now they have 3 things, the list at the end above, but none of them are personalized for me. Anyone with an account would get these same three things and could duplicate them in a phony site (the existance of which, one which would intercept my attempt to get to them, was a concern when they came up with the SiteKey". **Because no one else would know what they showed on my screen. Even if there were a key-logger on my computer, it wouldn't read what came in, iiuc, that is, the sitekey, the little sketch they showed me and maybe 1000th of their online customers. (That is, they had 1000 sketches, and if I didn't get the one I expected, I should stop what I was doing and not put in my password.) Do you do online banking with other banks? Do they have something like the SiteKey, a password or picture they send to you, instead of the other way around, so that you know you're talking to them, in the same way they want a password from you so they know they're talking to you? Ah, Blank of America... I suspect they gave up on SiteKey because its was ans extra step AND it did not improve security. Several years ago an experiment (or an actual scam, IDR now) where subjects were served spoofed signOn pages which had the wrong SiteKey image and almost all of them logged in anyway. SiteKey had another component. In addition to selecting an image from their catalog you also entered your own caption. If the experiment had showed the correct picture but wrong caption I bet virtually everyone would have ploughed ahead. m |
#21
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
|
#22
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Tuesday, July 28, 2015 at 3:33:05 AM UTC-4, micky wrote:
There was a short recording before she answered that said I had to let them know if I went out of town. I told her my father told me to tell anyone but friends that I was going out of town. She acknowledged the problem! She said if I left the state, they might put my card on hold. Or if I spent more money than usual, even if I stayed here. Maybe I have heard something like that before. Anyone know? It depends on the CC issuer, their policies, algorithms, and you. I've had a CC shut down only once in many years. I have had them call me to alert me to what they thought was unusual activity because I was using the card somewhere unusual. If you rarely travel and suddenly go to Sudan, you're more likely to have that occur than if you travel frequently on business, go to a lot of the same or similar cities, etc. |
#23
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
Per J0HNS0N:
I hate to add to your paranoia but you don't need an online bank account to be a victim. Wasn't it around 50 million card numbers that Target lost? Shop at Target? You say you use Visa... 8-O There is a legal firewall on the VISA card. $50 is the maximum amount I can lose in the event of fraud or loss - and that is only if I delay reporting a lost card for too long - otherwise it's zero. And, if there is fraud, the card issuer is the one on the hook until/unless I pay the VISA bill. I still have my money. That contrasts with a debit card where somebody can clean out my account and it's on me to get the money back. Ditto stock trading accounts and whatever other online facilities are out there. I would say there is a continuum from reasonable expectations to paranoia - it's not a binary condition. -- Pete Cresswell |
#24
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
"taxed and spent" wrote in message ...
"Edmund J. Burke" wrote in message ... "micky" wrote in message ... To be frank, all of that **** is totally fuskin' meaningless to me since I'm not liable for unauthorized accesses to any of my accounts. Do you really want to go through the hassle of getting things back to normal after an unauthorized access to your account? Do you really want to be in limbo in the meantime? No, but I'm not gonna worry about it neither. |
#25
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 7/28/2015 3:33 AM, micky wrote:
There was a short recording before she answered that said I had to let them know if I went out of town. I told her my father told me to tell anyone but friends that I was going out of town. She acknowledged the problem! She said if I left the state, they might put my card on hold. Or if I spent more money than usual, even if I stayed here. Maybe I have heard something like that before. Anyone know? My credit card has a form on line where you can tell them where and when you will be traveling. It really does help. I also tell them when I will be out of the country. I have a CC that I rarely use, but I often use it on vacation. One day one first day of vacation we had breakfast, bought gas, went to a retail store, three charges in about an hour. At the store, the clerk had to call and they asked me a security question. No problem the rest of the trip. Another time I was on my way home from work and got a text from the CC card company. They asked if I was buying something in France. Texted back "no" and they stopped payment and sent me a new card. In any case, you can be sure security is being increased, not decreased when you sign in on line. |
#26
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 7/28/2015 7:34 AM, trader_4 wrote:
If you rarely travel and suddenly go to Sudan, you're more likely to have that occur than if you travel frequently on business, go to a lot of the same or similar cities, etc. If you tell them you are going to Nigeria they will double your credit limit and will even set up a meeting with local bankers and members of royalty. |
#27
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Tue, 28 Jul 2015 09:16:17 -0400, "(PeteCresswell)"
wrote: Per J0HNS0N: I hate to add to your paranoia but you don't need an online bank account to be a victim. Wasn't it around 50 million card numbers that Target lost? Shop at Target? You say you use Visa... 8-O There is a legal firewall on the VISA card. $50 is the maximum amount I can lose in the event of fraud or loss - and that is only if I delay reporting a lost card for too long - otherwise it's zero. And, if there is fraud, the card issuer is the one on the hook until/unless I pay the VISA bill. I still have my money. Agreed. Further my cash back no-annual-fee AE card pays me around $400/year just to use it. BTW my CC allows online alerts. I get emails/texts when it's used out of a certain area, over a certain limit, etc. Further even if you know my online bank account user name and password you can't access it unless you have my phone in your possession. (2 step verification.) That contrasts with a debit card where somebody can clean out my account and it's on me to get the money back. I only use my debit card for ATM cash since it pays me nothing back. But my bank gives me the same protection as my credit card. Likely yours does too. Ditto stock trading accounts and whatever other online facilities are out there. There is a $500K protection on stock accounts. I would say there is a continuum from reasonable expectations to paranoia - it's not a binary condition. IMO you are in more danger giving your card to the waiter or stuffing it in a gas machine than I am banking online. If you take reasonable precautions you will lose nothing and your financial life will be much easier. |
#28
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In article ,
J0HNS0N wrote: Ditto stock trading accounts and whatever other online facilities are out there. There is a $500K protection on stock accounts. That is not for that. The $500K is in case the firm goes belly up and is the rough equivalent of the FDIC. -- "Statistics are like bikinis. What they reveal is suggestive, but what they conceal is vital." -- Aaron Levenstein |
#29
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Tue, 28 Jul 2015 13:00:21 -0400, Kurt Ullman
wrote: In article , J0HNS0N wrote: Ditto stock trading accounts and whatever other online facilities are out there. There is a $500K protection on stock accounts. That is not for that. The $500K is in case the firm goes belly up and is the rough equivalent of the FDIC. "If you ever discover an error in a trade confirmation or brokerage statement, you should immediately bring the error to the attention of the brokerage firm in writing. Unless you complain in writing, your eligibility for SIPC protection may be compromised." http://www.sipc.org/for-investors/pr...-against-fraud |
#30
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In alt.home.repair, on Tue, 28 Jul 2015 13:00:21 -0400, Kurt Ullman
wrote: In article , J0HNS0N wrote: Ditto stock trading accounts and whatever other online facilities are out there. There is a $500K protection on stock accounts. That is not for that. The $500K is in case the firm goes belly up and is the rough equivalent of the FDIC. And also for theft by a broker or other employee, right? Some member of the HOA one time thought it included stocks going down in price and I couldn't talk him out of that. He was a real pip. Apparently there was a group home for mentally something** children in the n'hood, only 10 townhouses away from me. They never caused any problem, except once when I wasn't outside, one of the kids didn't want to get on their bus, or didnt' want to get off. That lasted less than 5 minutes. **childrhoold mental retardation or illness, I forget which. These are 3 BR houses with a 450 ft2 room in the basement fwiw. And there was a person in charge and only 4 or 5 kids. Now the same company wanted to buy or rent a second house and someone got wind of it and there was a meeting. The pip's wife stood up to speak. She said, My brother had this problem, and I spent years watching him suffer from it, and..... I don't want to watch it anymore. Silly me, halfway through I thought she loved her brother and had learned compassion for such people from him. But she only learned to avoid them, And so she didn't want them here. And they lived on the next block, a parallel street, and would never see them anyhow. IIRC I ended the meetng by saying something that should have embarrassed anyone opposed to house, and the first house at least was there for another year with no problem, until one day it was gone. Well, not the house itself. |
#31
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In article ,
J0HNS0N wrote: On Tue, 28 Jul 2015 13:00:21 -0400, Kurt Ullman wrote: In article , J0HNS0N wrote: Ditto stock trading accounts and whatever other online facilities are out there. There is a $500K protection on stock accounts. That is not for that. The $500K is in case the firm goes belly up and is the rough equivalent of the FDIC. "If you ever discover an error in a trade confirmation or brokerage statement, you should immediately bring the error to the attention of the brokerage firm in writing. Unless you complain in writing, your eligibility for SIPC protection may be compromised." http://www.sipc.org/for-investors/pr...-against-fraud Fraud on the part of the broker, not the kind of fraud where someone gets the account and cleans it out. -- "Statistics are like bikinis. What they reveal is suggestive, but what they conceal is vital." -- Aaron Levenstein |
#32
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
Kurt Ullman wrote:
Fraud on the part of the broker, not the kind of fraud where someone gets the account and cleans it out. Yes, we were talking about online fraud weren't we. The two online brokers I deal with (ETrade and Vanguard) both say they will cover ALL online fraud security losses. (Except those where the client is negligent.) And they both keep broker account cash in their respective FDIC insured banks. |
#33
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
Per J0HNS0N:
(Except those where the client is negligent.) Got to wonder if "negligent" includes the presupposition that if a third party was able to get to the account the account holder is assumed to be "negligent" because it is assumed that the only way the third party could have gotten to the account was if the account holder was "negligent" in keeping their ID/PW secret. -- Pete Cresswell |
#34
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In article ,
micky wrote: In alt.home.repair, on 28 Jul 2015 09:03:22 GMT, (Fake ID) wrote: Ah, Blank of America... I suspect they gave up on SiteKey because its was ans extra step AND it did not improve security. Several years ago an experiment (or an actual scam, IDR now) where subjects were served spoofed signOn pages which had the wrong SiteKey image and almost all of them logged in anyway. Yeah, I can imagine that happening, even with me. LIke, I intend to by gas at the Gulf station on the corner and it's a Standard station now, but I stop anyhow. But if it was a worrthwhile precaution and the big problem is no one uses it right, there should be some way to make people use it right. Maybe show you the wrong image then take $5 from your account if you sign in anyway. I can see the merits over insecure comms, but now the encryption scheme is supposed to verify that you're communicating with the correct party, although even that gets thwarted when the MITM can install their certificates in your browser (like an employer). SiteKey had another component. In addition to selecting an image from their catalog you also entered your own caption. If the experiment had showed the correct picture but wrong caption I bet virtually everyone would have ploughed ahead. Sure, words are less important than pictures and take more time to notice. We didnt' have words, and we didn't select our own image, and already I'm starting to forget what it was. A clothes iron maybe. If they showed me something else, I might think that was it. Sounds like they tweaked the implementation over time. I thought it a bit clever since the caption I create doesn't necessarily have to be related to the image. Going though old BofA paperwork a couple weeks ago I ran across a promo for their online banking...1980's vintage. Even had an order form for a dedicated terminal in case I didn't own a computer. In some ways I miss the simplicity of text based system. m |
#35
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Tue, 28 Jul 2015 21:44:58 -0400, "(PeteCresswell)"
wrote: Per J0HNS0N: (Except those where the client is negligent.) Got to wonder if "negligent" includes the presupposition that if a third party was able to get to the account the account holder is assumed to be "negligent" because it is assumed that the only way the third party could have gotten to the account was if the account holder was "negligent" in keeping their ID/PW secret. I guess that's what lawyers are for. IMO I am in much more danger of losing money from bad investing than from online fraud. That said, here is Vanguard's fine print. I agree there's lots of wiggle room. "At a minimum, in order for this protection to apply, you must take the following steps: Review your accounts regularly. Check your account frequently. Promptly and completely review all information we send you. Report any errors or discrepancies in your account and any suspected unauthorized transactions or account changes to Vanguard immediately. Protect your Vanguard.com user name, password, and other account-related information. Make sure your user name, password, and answers to your security questions are unique and strong. Never share your user name, password, or other account-related information with anyone. Never store your user name, password, or answers to security questions in your browser. Clear any temporarily stored copies of online information by closing your browser after signing off. Do not leave your computer unattended while logged on to Vanguard.com. Protect your computer. Make certain that any computer you use to access Vanguard.com has up-to-date security and anti-spyware, antivirus, and firewall software. Do not reply to e-mail requests for personal or financial information. Do not respond to, open an attachment in, or click on a link within an e-mail if you suspect the message is fraudulent. Vanguard will not ask for personal information such as your Social Security number, account numbers, or passwords in an e-mail. Cooperate with us and stay informed. Cooperate fully with Vanguard in investigating and prosecuting any unauthorized activity in your account, and follow our recommendations about how to protect your account. We may require you to file a police report, complete a notarized affidavit, or permit access to your computer." https://personal.vanguard.com/us/hel...dgeContent.jsp |
#36
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Tuesday, July 28, 2015 at 11:20:10 AM UTC-4, Ed Pawlowski wrote:
In any case, you can be sure security is being increased, not decreased when you sign in on line. Except in the case of what BA is doing, it clearly decreases security. By presenting you with an image that you select and know *before* you give them your password, you know that you're actually engaging with the real BA website, not some hackers that have duplicated BA to steal your logon credentials. If you don't see the image, you know something is wrong. Without it, hackers could and do present what looks like a real logon page. So, you try to log on and now the hackers have your user name and pwd. |
#37
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On Wednesday, July 29, 2015 at 3:38:42 AM UTC-4, J0HNS0N wrote:
On Tue, 28 Jul 2015 21:44:58 -0400, "(PeteCresswell)" wrote: Per J0HNS0N: (Except those where the client is negligent.) Got to wonder if "negligent" includes the presupposition that if a third party was able to get to the account the account holder is assumed to be "negligent" because it is assumed that the only way the third party could have gotten to the account was if the account holder was "negligent" in keeping their ID/PW secret. I guess that's what lawyers are for. IMO I am in much more danger of losing money from bad investing than from online fraud. That said, here is Vanguard's fine print. I agree there's lots of wiggle room. "At a minimum, in order for this protection to apply, you must take the following steps: Review your accounts regularly. Check your account frequently. Promptly and completely review all information we send you. Report any errors or discrepancies in your account and any suspected unauthorized transactions or account changes to Vanguard immediately. Protect your Vanguard.com user name, password, and other account-related information. Make sure your user name, password, and answers to your security questions are unique and strong. Never share your user name, password, or other account-related information with anyone. Never store your user name, password, or answers to security questions in your browser. Clear any temporarily stored copies of online information by closing your browser after signing off. Do not leave your computer unattended while logged on to Vanguard.com. Protect your computer. Make certain that any computer you use to access Vanguard.com has up-to-date security and anti-spyware, antivirus, and firewall software. Do not reply to e-mail requests for personal or financial information. Do not respond to, open an attachment in, or click on a link within an e-mail if you suspect the message is fraudulent. Vanguard will not ask for personal information such as your Social Security number, account numbers, or passwords in an e-mail. Cooperate with us and stay informed. Cooperate fully with Vanguard in investigating and prosecuting any unauthorized activity in your account, and follow our recommendations about how to protect your account. We may require you to file a police report, complete a notarized affidavit, or permit access to your computer." https://personal.vanguard.com/us/hel...dgeContent.jsp Kurt's point was that *SIPC* does not protect against online fraud in a brokerage account. And he's correct: From SIPC: "Does SIPC protect me if my account is hacked and cash and/or securities are stolen? SIPC's role and responsibilities are as defined under the Securities Investor Protection Act (SIPA). Under that law, SIPC only becomes involved when a SIPC member brokerage firm is eligible for liquidation under the Securities Investor Protection Act. If you discover that your account has been hacked or your securities or cash have been stolen, you should contact your brokerage firm, the SEC, FINRA, your state securities regulator, and/or law enforcement authorities." So, there is no automatic $500K, universal, SIPC protection. Apparently how a broker treats online fraud is typically up to them and they set the rules. |
#38
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
In article ,
J0HNS0N wrote: Kurt Ullman wrote: Fraud on the part of the broker, not the kind of fraud where someone gets the account and cleans it out. Yes, we were talking about online fraud weren't we. The two online brokers I deal with (ETrade and Vanguard) both say they will cover ALL online fraud security losses. (Except those where the client is negligent.) And they both keep broker account cash in their respective FDIC insured banks. That is different from suggesting the SIPC will. T -- "Statistics are like bikinis. What they reveal is suggestive, but what they conceal is vital." -- Aaron Levenstein |
#39
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
"Make sure your user name, password, and answers to your security questions are unique and...." Usually lawyer talk makes a certain amount of sense once parsed - but that one just doesn't make it. To my (possibly overly-literal) mind it even implies that the user somehow has access to the universe of Vanguard IDs and PWs so they can check themselves.... I've got every dime I own in Vanguard funds and make a point of not using their online access. OTOH, I probably do when I download their version of Quicken at tax time. -- Pete Cresswell |
#40
Posted to alt.home.repair
|
|||
|
|||
OT Bank relaxes security. Acceptable?
On 7/29/2015 4:12 AM, trader_4 wrote:
On Tuesday, July 28, 2015 at 11:20:10 AM UTC-4, Ed Pawlowski wrote: In any case, you can be sure security is being increased, not decreased when you sign in on line. Except in the case of what BA is doing, it clearly decreases security. By presenting you with an image that you select and know *before* you give them your password, you know that you're actually engaging with the real BA website, not some hackers that have duplicated BA to steal your logon credentials. If you don't see the image, you know something is wrong. Without it, hackers could and do present what looks like a real logon page. So, you try to log on and now the hackers have your user name and pwd. Considering the recent data breaches all over, do you really think BA decided to shortcut and lessen security? Perhaps they don't want to publicly give details,but I think they are just doing new security in a different manner. There are probably stronger methods employed that obsolete the site key. If the site key was a great enhancement, they would all be doing it by now. |
Reply |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
TOT Barclay bank, crazy security | UK diy | |||
Acceptable ply | Woodworking Plans and Photos | |||
How much sagging is acceptable? | Home Repair | |||
Security fears stunt online bank growth | UK diy | |||
Security fears stunt online bank growth | UK diy |