Invisible ATM Card skimming
-
@scottalanmiller said:
@Dashrender said:
You don't think adding the password makes the account more secure? I suppose perhaps not, if the password was easily guessable, and the bank didn't require any of the previous account verifications.
Honestly, I'd think not having one before that was completely reckless. That's what's odd, to me your system is not very secure but you are going through a lot of pain based on the hope for more security.
OK I'll blame that one on my bank (and myself for not correcting it sooner) - as I've never had any bank account I've setup require/request a password for phone access. But then again I opened that account in 1984 as a savings account only, then added services as I got older.
So I assume everyone here has a password/phrase on their accounts for phone access?
-
To me, phone security is like car safety. We all know that airplanes are far safer than cars, but cars feel safer so we often trust them out of an emotional response even when logically we know that they are the most dangerous form of transportation that we can take. People are emotionally terrified of airplanes, no matter how safe they are. They point to rare crashes that make the news as validation for this, but it is purely anecdotal. People die in car crashes constantly to the point that the news does not report them.
Phones are not very secure, they are extremely difficult to make secure. Yes, you can add a password, but online we don't consider just a password to be all that secure, right? And computers cannot be social engineered, but people can. Using the phone to talk to a person is the best way to be exposed.
I don't see you being extra secure here. I only see extra effort. Giving up the luxuries of modern life but not gaining anything. And is there really much to gain?
-
@Dashrender said:
So I assume everyone here has a password/phrase on their accounts for phone access?
I'm not even aware of phone access options. That sounds crazy. The only thing I use the phone for is to shut off a card that is exposed.
-
@scottalanmiller said:
@Dashrender said:
Is my life more difficult - absolutely. Am I less secure than you - no way! Only if you've setup your accounts to not allow phone access, and only allow in person or online would you maybe be more secure. If you have two factor authentication on your bank account and disabled phone access, then I'd say you are more secure.
But I do have two factor, that's standard even for little local banks. I don't see how you are more secure.
For example, how often do you check your statements? How do you even do that well when on the phone? You must spend a lot of time listening to statements over the phone trying to make sure that things are still secure. How many hours a month does that take?
I do it with my monthly statements. But really my bank account is used for three things - receiving my paycheck and paying my CC and my mortgage. There is so little traffic on the account as to not make it an issue.
Now my CC - that's a whole different story.
-
@scottalanmiller said:
@Dashrender said:
So I assume everyone here has a password/phrase on their accounts for phone access?
I'm not even aware of phone access options. That sounds crazy. The only thing I use the phone for is to shut off a card that is exposed.
Try calling your bank and see if you can at minimum get information about your account over the phone. If nothing else it would be an interesting test.
-
Another factor that you may not have considered, often banks block phone calls from outside of the country. Sounds good for a security standpoint, but it isn't. For someone attempting to hack an account faking an internal number is trivial. But for you as a customer when traveling outside of the country being blocked from accessing your own account could be a really big deal. You can't check your balance, you can't disable your card, you can't verify an attack, etc.
For me going internationally, giving up online access would be another total degree of risk and exposure.
-
Just so we're on the same page, I couldn't tell you the last time I called the bank for any account information. It's just not something I need, and frankly I could disable it and it would probably be just fine.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Is my life more difficult - absolutely. Am I less secure than you - no way! Only if you've setup your accounts to not allow phone access, and only allow in person or online would you maybe be more secure. If you have two factor authentication on your bank account and disabled phone access, then I'd say you are more secure.
But I do have two factor, that's standard even for little local banks. I don't see how you are more secure.
For example, how often do you check your statements? How do you even do that well when on the phone? You must spend a lot of time listening to statements over the phone trying to make sure that things are still secure. How many hours a month does that take?
I do it with my monthly statements. But really my bank account is used for three things - receiving my paycheck and paying my CC and my mortgage. There is so little traffic on the account as to not make it an issue.
Now my CC - that's a whole different story.
So your CC is online, just not the bank?
-
@Dashrender said:
Just so we're on the same page, I couldn't tell you the last time I called the bank for any account information. It's just not something I need, and frankly I could disable it and it would probably be just fine.
How do you verify that there are no malicious transactions? That's why I often log in.
-
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
So I assume everyone here has a password/phrase on their accounts for phone access?
I'm not even aware of phone access options. That sounds crazy. The only thing I use the phone for is to shut off a card that is exposed.
Try calling your bank and see if you can at minimum get information about your account over the phone. If nothing else it would be an interesting test.
Without basic information, you will not be able to get it from my bank. Same as with yours. My bank will require a few pieces of information about the account and the answer to a security question (one of 3) setup. The security question is the "password" part of the puzzle and is how all banks I have used for a decade or more operate. I would suspect that almost all banks operate this way.
The point is that you did these things and someone still tried. So why make it so hard on yourself when people are still going to try and get into your account?
Make proper use of the technology at hand. Same as with anything else in IT.
-
@scottalanmiller said:
@Dashrender said:
Just so we're on the same page, I couldn't tell you the last time I called the bank for any account information. It's just not something I need, and frankly I could disable it and it would probably be just fine.
How do you verify that there are no malicious transactions? That's why I often log in.
I don't worry about my bank account because I use it so infrequently except as I mentioned to pay the CC and the mortgage. Both of which are done through electronic direct withdrawls. I check my statements monthly when I get my statements from the bank.
As for the CC, living where I do where fraud is pretty darned low - I don't check my CC statements more than monthly, but if I was in your situation, I might be in the habit of checking daily. Not to mention the other safeguards you've put into place (multiple accounts, moving money from one account to another when you need to use the ATM, etc).
-
@Dashrender said:
I don't worry about my bank account because I use it so infrequently except as I mentioned to pay the CC and the mortgage. Both of which are done through electronic direct withdrawls. I check my statements monthly when I get my statements from the bank.
If you don't worry about it, what's causing all of this extra effort?
-
@Dashrender said:
As for the CC, living where I do where fraud is pretty darned low - I don't check my CC statements more than monthly, but if I was in your situation, I might be in the habit of checking daily. Not to mention the other safeguards you've put into place (multiple accounts, moving money from one account to another when you need to use the ATM, etc).
More like once or twice a week, not daily. But "often." If something is awry I want to know quickly. And in reality, the highest risk places are in the US, not abroad (except when I go to Africa.)
-
or everyone could just switch to a system that uses smartphones, a qr code that expires after 45 seconds and your 2 factor authentication on your smartphones banking app.
nothing can be skimmed in the current methods doing this way that I am aware of.
-
@david.wiese said:
or everyone could just switch to a system that uses smartphones, a qr code that expires after 45 seconds and your 2 factor authentication on your smartphones banking app.
nothing can be skimmed in the current methods doing this way that I am aware of.
I need to start trying that out. I keep meaning to.
-
@scottalanmiller
I use it and it's great. Still some quirks but for the most part it's very easy to use. No card to use and to me a lot more secure and I avoid the possibility of my card getting skimmed. I am getting my wife to use it as well so the only time it could get skimmed is at a POS terminal. -
I agree - things like Apple Pay and Android Pay - hell, even using Paypal at places like Home Depot - way safer than using ATMs and CCs for the reasons @david-wiese mentions.
-
@scottalanmiller said:
@Dashrender said:
I don't worry about my bank account because I use it so infrequently except as I mentioned to pay the CC and the mortgage. Both of which are done through electronic direct withdrawals. I check my statements monthly when I get my statements from the bank.
If you don't worry about it, what's causing all of this extra effort?
I'm not sure what extra effort you're speaking of? The only none standard thing I have on this account is the required password for phone access (which the teller's even see when I visit a branch - which is rare).
I suppose if I should do anything, it would be to disable phone access altogether, leaving with electronic transferred CC and mortgage payments, and visiting in person when I need/want cash.
-
@scottalanmiller said:
And in reality, the highest risk places are in the US, not abroad (except when I go to Africa.)
So you've had more fraud against your accounts in the US than anywhere else?
The news story in question here is specifically about Mexico.
I've heard these skimmers are in places like LA and maybe places up and down the east coast, but haven't seen them be rampant.
