Thread: Is it really wise to bank online?

Police in the UK are questioning 19 people about an internet banking fraud. Take a look at the attached article:

The Press Association: Police quiz 19 over hi-tech net banking fraud

Account details were obtained using a computer virus and funds were then transferred into bogus accounts for laundering.

Is it up to the bank or the customer to ensure adequate securities? I've not been happy about banking securities since it was no longer decided necessary to put a physical signature on a direct debit mandate. With all the other issues relating to standards of modern banking set aside, isn't it time they invested a little more into the security of their customers?

I no longer bank online at all except for using Paypal as a necessity. I keep no banking information on any computer that's connected to the internet and I see nothing in banking practice that would give me confidence to change. My own opinion is that internet banking is just a means of cutting overheads on staff at the expense of the customer's financial safety. I'd rather see more staff in the banks to reduce those queues until they can get internet security right.

While I have recently entered into the foray of modern banking, I share your concerns. By making online banking possible, the banks have opened up a whole new host of methods for fraudsters to get in.

RBS, as part of their security, sent out a device, about the size of a calculator. I put my physical card in to a physical device, and with a few button pushes, I have a response key for a challenge the bank sends when I try to do a transfer. The problem? Once you have physical access to a device (the response key generator) it is no longer secure. Granted, to breach using this, I would need a valid card and PIN (something you have, something you know, 2 factor security), as well as the device, as well as access to the account online. All this could be emulated in software, but so far it has proven secure enough. That's just the physical security layer.

We then come to the software security layer. Phishing sites, fake sites, even man-in-the-middle attacks can give an attacker the information needed to get into an account. Heck, if a direct debit agreement gets sent to the wrong address, or taken by a post office employee, it may have the account number and sort code, just enough for a less reputable organisation to syphon off your funds.

Recently, we needed to transfer a large sum of cash from one account to another. Even via online banking, the transfer would have taken 3 days. Why? I withdrew the cash, walked down the street to the other bank, and made the deposit in 10 minutes. Over 400 times faster, but arguably just as secure as online banking.

I know a number of people who had their accounts hacked via internet banking.

I work in payday loans, and I often register customers for internet banking because it makes acquiring the recent transaction history that I need that much easier.
Some people express concern, many don't, the number of customers who don't even remember to sign out of the customer-computer boggles the mind.

I use net banking, I guess I'd be happy if someone took over my bank accounts, they can pay all my debts
If I had money to lose I suppose I would put more thought into it.

I have SMS security on all my accounts, so while I'm sure that won't fool any hacker, I do think that's a good security measure.

While I don't and will never use online banking, my bank has an electronic security token available that creates a new PIN every 30 seconds. This means the PIN doesn't even exist until you are about to undertake a transaction. Can't get much better protection than that.

There is added risk. The subjective risk is much higher than the objective risk, though, i.e. you think its a lot more dangerous than it is. Never log in on unsecured connections, log out promptly and never give out your account information to anyone, and never respond by email to emails ostensibly coming from the bank, and your risk of losing money this way will be akin to your chance of winning big money in a lottery.

Call me old fashioned, but I prefer the old way. The one where you physically walk up to a real live human bank teller, talk a bit if nobody's waiting, do your banking and then leave with a printed receipt or update. If there's enough of us, then at least the tellers get to keep their jobs, and I have the satisfaction of knowing no one can get into my accounts except by gunpoint.

Every time I use the ATM I see withdrawal slips that people have dropped on the floor or tossed in the wastebasket. I take mine home and put it in the compost pail in the kitchen. If the earthworms ever learn to figure out the numbers I'll be in trouble.

I'm not sure that electronic banking really reduces the number of employees needed or reduces the payroll. Electronic banking may reduce the number of tellers needed, but banks may be like radio stations. Automate the station and you can eliminate the disc jockey, something station engineers have dreamed of doing forever, but you still have need for people to feed the system. Local commercials, local news, local features of all sorts have to be produced. So the number of jobs isn't necessarily reduced, but the job descriptions change and in many cases result in the need for more production and maintenance people making more money than the 'oh-god-I'm-good' disc jockeys.

The ATM is more efficient than the live teller in handing over cash when I make a withdrawal. The technicians who maintain the ATM and keep the bank's computers working probably make more money than the tellers.

Originally Posted by Hawke

Call me old fashioned, but I prefer the old way. The one where you physically walk up to a real live human bank teller, talk a bit if nobody's waiting, do your banking and then leave with a printed receipt or update. If there's enough of us, then at least the tellers get to keep their jobs, and I have the satisfaction of knowing no one can get into my accounts except by gunpoint.

or teller dishonesty, which often takes longer to catch because they target the vulnerable customers.

Originally Posted by alanmt

or teller dishonesty, which often takes longer to catch because they target the vulnerable customers.

One of my first-ever jobs was with a bank, and after a few days wandering around goggle-eyed at what really went on behind the scenes, the senior teller took me aside and said, "Son, about the only thing you'll get sacked for is sleeping with the Manager's wife."

One point to remember is that the bank's online service is there and possibly vulnerable even if we never use it. I do use it. Frankly, I'm lazy, and the idea that I can sit here, press a few keys, and my bills are paid appeals to me.

Due to a career change, I am having to enter the world of online banking. I keep putting it off, not needing to rely on it yet, but soon I will have to. I don't trust anything I can't touch, smell or see and I don't trust the banks when I'm out of sight (I don't really trust them when I'm in sight either), but I do not see an alternative to banking online short of carrying wads of cash on me. Working with money this way leaves me feeling like money is less of a real thing then it used to be. I no longer get a physical paychek handed to me, I rarely use cash anymore, it's all "out there", like it's part of the air. The world is getting more and more slippery, less tangible. It's a scary feeling. I work for money, I want to do things with the money I make, but I'm spending a-lot of time crossing my fingers with this stuff.

Guys I know, who run IT support for a couple of large papers at a large international publishing house, were helping me put a program on my netbook the other day and were surprised when I said I'd pay for it with my credit card. They told me they will never use a wireless connection to pay for things, only a wired one, they keep a small amount of money in a special account so they can only be ripped for so much and use Pay Pal whenever they can. "If you do use a wireless" they told me "You can program the wireless end to recognise individual computers by their unique identification number and only connect to them". I thought, "No I can't", but I guess it can be done.

Is PayPal safe?