On line banking

[devonwoody]

On the Yamaha music forum a member has had his bank and credit card details hacked.

So how can on line financial transactions be considered safe?

Hi Al

Yes I am sure. A few days after ordering some goods on the internet I received a call from Argos asking if I had ordered goods to the value of £1750 to be delivered to a different address. I had not ordered any thing from Argos. I notified Barclaycard and they cancelled the card, then I had a phone call from a stranger asking if I had been in touch with Barclaycard and stopped use of the card, he was obviously the hacker.
He appeared to have got hold of my name, address, phone number and credit card number, thanks to Argos being alert no money was lost. After this I went over to Kaspersky and, touch wood, there has been no problems.

Peter

 

[billw]

I was a bit peeved when chip and pin was introduced.

Being left handed I wrote "sign left handed" on the signature strip of all my bank cards. The end result of this was that 90% of cashiers did in fact check that I was left handed. Hence given only 10% of people are left handed, 90% of thieves (unless thieving is a left handed trait :lol: ) would have been able to steal anything by using my card.

Problem for me now is that any silly person can remember a 4 digit code. How does that make me safer? I'd be much happier if we could have 12 digit PINs if we so chose.

Back on track, as for online banking I can't say I have ever had a problem with it. My mum had her credit card cloned but that was traced back to a petrol station.

Oh and to close with a funny - when I was selling my last house the estate agent told me about an old woman who refused to let them put the details of her house on the internet because she thought it would allow criminals to steal her bank details :shock:

 

[woodbloke]

I'd be much happier if we could have 12 digit PINs if we so chose.

...credit card cloned but that was traced back to a petrol station.

I'd never remember a twelve digit pin, I can't even remember my post code and it took me two years to memorize my 'phone number...don't even know what my mobile no. is :?
Same thing happened to me in a petrol station a few years ago on the way up to Scotland - Rob

 

[wizer]

I've been using online banking since it's conception and never once had any problems over fraud.

 

[tekno.mage]

I don't like chip & pin either & I don't use it. I don't think 4 digits is secure enough & I think the system was introduced for the convenience of the banks, not their customers. In the old days of a signature, if there was an issue with fraud, there was a piece of paper with a signature on it - and it was up to the bank to prove that signature was yours - in cases of real doubt forensic handwriting analysis could be used. Now there is no bit of paper and no way to prove one way or another who pressed 4 buttons on a keypad.

I do access my bank account online & I've shopped online for years & have never had any problems - but I only do this from my own well-secured Mac computer in my house and I don't use wireless networking.

tekno.mage

 

[RogerS]

Yes a couple of Cambridge (IIRC) boffins worked out some algorithm that meant you could get the PIN relatively easily.

Then, of course, there are the card skimmers attached to the front of ATMs, the card skimmers in garages to gather the card strip details and a camera looking over your shoulder to get your PIN as you enter it.

Then you have the guy sitting outside a restaurant with his wifi connection sniffing the card and PIN details that are sent in clear (so much for bank security - idiots) from the handheld terminal back to the base station....solution always insist that you go inside and use the hardwired terminal...they all have them usually in a back office.

I do agree that PIN has now moved the onus from the bank and retail outlet to you and me but seem to recall a test case going through the courts but could be wrong.

And can anyone tell me what the purpose of the 3 or 4 digit security code on the back of the card actually protects against?

Anti-fraud software in many financial institutions seems pretty good at highlighting out of the ordinary spending as instanced by the Argos reference.

I use online banking a lot. The only thing that really annoys me are those sites that won't let me re-use a password which is a real pain.

 

[billw]

And can anyone tell me what the purpose of the 3 or 4 digit security code on the back of the card actually protects against?

I believe that particular number is not stored electronically anywhere on the card, so you'd need the physical card to know what it was. Migh be completely wrong on that though, and it doesn't help in the slightest for purchases made in person or money taken out from cash machines. It is only of assistance in reducing "cardholder not present" fraud.

 

[RogerS]

And can anyone tell me what the purpose of the 3 or 4 digit security code on the back of the card actually protects against?

.... It is only of assistance in reducing "cardholder not present" fraud.

Exactly...that was my understanding but I can't see how this protects us. If someone has nicked the card and is using it to place an order on the internet then they've already got the card and so have the number......

:idea: ...if someone just nicks your credit card number then it's no use without the security number. Thinks 'stable door'. Maybe this was brought in at the time when the paper receipts given out had the card number on...which they don't any more... So it is protection against skip diving, I guess. But then again, anyone dumb enough to simply stick their credit card statements in a trash bin or skip deserves what they get.

 

[billw]

Many internet places require delivery to the cardholder's address - doesn't help for the sites that don't care though!

 

[RogerS]

Many internet places require delivery to the cardholder's address - doesn't help for the sites that don't care though!

Some of them don't even check that!

To get round the delivery problem you've highlighted, I've been using the address of the renovation cottage as my billing address for a while and every time the card payment has gone through and goods delivered.

 

[Shultzy]

I use the Cahoots webcard which you can set to a fixed amount so that even if someone hacks the details they can't be used again.

 

[johncs]

On the Yamaha music forum a member has had his bank and credit card details hacked.

So how can on line financial transactions be considered safe?

For me, I have confidence.
I do not normally use Windows.
If I did, I most certainly would not use Internet Exploder. Instead, I'd download and use Firefox or Seamonkey.
If I did use Windows, I'd keep current with updates.
ff I did use Windows, I would most certainly not use an account with administrative rights.
If I did use Windows, I would not use Lookout or Lookout Espresso either. It tastes bad.

Most probably, I should say Most Certainly, the banking transactions themselves were okay. Instead, the victim has downloaded and installed some malware that has located the banking details, maybe by capturing keypresses, and forwarded them to someone else.


I was going to make a lengthy response, but mostly I'd just be rehashing this

ps For the curious, I use Linux.

 

[RogerS]

........
I was going to make a lengthy response, but mostly I'd just be rehashing this

Good link, John. There's none so dumb as a user...what was the figure estimated? 12 million zombie PC's aka 12 million zombie users.

Sounds like you're a similar vintage to me. CP/M - that brings back memories! Intel 8080. Zilog Z80. S-100 bus aka central heating replacement unit.

 

[johncs]

........
I was going to make a lengthy response, but mostly I'd just be rehashing this

Good link, John. There's none so dumb as a user...what was the figure estimated? 12 million zombie PC's aka 12 million zombie users.

Sounds like you're a similar vintage to me. CP/M - that brings back memories! Intel 8080. Zilog Z80. S-100 bus aka central heating replacement unit.

Osborne 1, NEC APC, C/CPM-86, WordStar Professional.

I think I've got Z80 (inside a Microprofessor) and 8086 (replaced one with a compatible NEC cpu) CPUs here someplace.