Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Online bank security at login
Old 10-20-2011, 04:02 PM   #1
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Online bank security at login

I wonder if there is going to be a new wave of increased security when logging in to financial institutions. A few weeks ago HSBC UK told me that in January I will be issued with a new device to be used when logging in. Sounds similar to the RCA security key, except it comes with a keypad for me to enter my PIN and then type in the security code it displays, which will be different at every login.

Last week I got the following message from HSBC USA that they are changing their login process as follows:

Quote:
At HSBC, we are always searching for ways to protect the security of your account.
Starting November 13, HSBC will be implementing a new technology to keep your Personal Internet Banking account as secure as possible.
Your existing user name, password, and security key will remain the same. Now, you will be prompted to enter different characters of your security key each time you log in. You will enter these characters using your computer keypad rather than the virtual keyboard you have been using. This will aid in deflecting "keystroke logging" the most frequent form of password theft.
HSBC is making this change as part of our ongoing efforts to identify the most secure technology available for our customers.

And today I get an e-mail from Treasury Direct that they also are changing their login process as follows:

Quote:
Dear TreasuryDirect Account Holder:
We're committed to providing a secure environment for your investments and personal information.
In a few weeks, we'll be replacing the access card with personalized images, one time passcodes, and computer registration as new layers of security to your TreasuryDirect account. Continue to use your access card until you're notified within your TreasuryDirect account.
Thank you for using TreasuryDirect.
Anyone else seeing upcoming changes?
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-20-2011, 04:19 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Brat's Avatar
 
Join Date: Feb 2004
Location: Portland, Oregon
Posts: 5,914
Did you read of the recent discussion by Symantec about a stolen security key and a new version of the stuxnet worm? Maybe that is driving those changes.
__________________

__________________
Duck bjorn.
Brat is offline   Reply With Quote
Old 10-20-2011, 04:31 PM   #3
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by Brat View Post
Did you read of the recent discussion by Symantec about a stolen security key and a new version of the stuxnet worm? Maybe that is driving those changes.
I had not heard that, but you may be correct. After googling the interweb:

Quote:
Key points:
Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered.
The executables are designed to capture information such as keystrokes and system information.
Current analysis shows no code related to industrial control systems, exploits, or self-replication.
The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
The exfiltrated data may be used to enable a future Stuxnet-like attack.
If they are concerned about sophisticated key-logging worms then this may be the reason. However:

HSBC UK already has a log in that does not require you to type in all your password (please enter the 3rd, 4th, next to last and last charcters in your password)

Treasury Direct and HSBC USA uses a virtual key board for you to click on the characters in your password, and TD also asks for random characters from the card you were issued with.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-20-2011, 05:01 PM   #4
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,905
I would like all the security possible. It scares me to death to think of some hacker getting into my bank or investment accounts.

Often when logging in to these accounts I use the software keyboard that comes with Windows, though I know that isn't a security be-all and end-all. Still, it's pretty easy to do. I also have a ton of security software on my computer and use it. I am open to future improvements in security.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is offline   Reply With Quote
Old 10-20-2011, 05:03 PM   #5
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
The HSBC plan looks interesting and much more secure. More banks and financial institutions should follow this example and beef up their security.
__________________
MichaelB is online now   Reply With Quote
Old 10-20-2011, 05:07 PM   #6
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by MichaelB View Post
The HSBC plan looks interesting and much more secure. More banks and financial institutions should follow this example and beef up their security.
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-20-2011, 05:10 PM   #7
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,905
Quote:
Originally Posted by Alan View Post
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
Maybe you can string a dozen of them on a beaded metal chain, and persuade your wife to wear it as a fashion statement. (Just kidding!)
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is offline   Reply With Quote
Old 10-20-2011, 05:15 PM   #8
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by W2R View Post
Maybe you can string a dozen of them on a beaded metal chain, and persuade your wife to wear it as a fashion statement. (Just kidding!)


With that, I'm off to cook dinner
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-20-2011, 05:18 PM   #9
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
Quote:
Originally Posted by Alan View Post
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
Silly me. I was thinking one keypad for the bunch. If I were to put another half dozen devices on the desk I'd end up sleeping alone on the couch...
__________________
MichaelB is online now   Reply With Quote
Old 10-20-2011, 05:26 PM   #10
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,905
Quote:
Originally Posted by MichaelB View Post
Silly me. I was thinking one keypad for the bunch. If I were to put another half dozen devices on the desk I'd end up sleeping alone on the couch...
On the desk? What about break-ins? You'd have to have a safe installed firmly into the foundation of your house, hide it under something, and put the devices in the safe.

Then, as long as you remember the combination to the safe...
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is offline   Reply With Quote
Old 10-20-2011, 05:36 PM   #11
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
Quote:
Originally Posted by W2R View Post
On the desk? What about break-ins? You'd have to have a safe installed firmly into the foundation of your house, hide it under something, and put the devices in the safe.

Then, as long as you remember the combination to the safe...
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
__________________
MichaelB is online now   Reply With Quote
Old 10-20-2011, 05:46 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Mulligan's Avatar
 
Join Date: May 2009
Posts: 7,381
Quote:
Originally Posted by MichaelB
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
That's the problem. I'm sure my device if I have to have one will be laying on my notepad marked on the cover-" account passwords", laying next to the computer.
__________________
Mulligan is offline   Reply With Quote
Old 10-20-2011, 06:37 PM   #13
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by MichaelB View Post
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
I had a colleague from England where, 2 years ago, his bank did provide a device where he had to insert his smart chip debit card and enter his PIN to get the device to generate a number to allow him to log on.

This new system at HSBC, they brag about not needing a card, just a PIN number. So, if someone has your PIN and device plus username .....

Here are the details, with a demo video as well, not sure if the link will work for non-customers.

https://www.hsbc.co.uk/1/2/security-...2FA_I_SC2_0711

We're the first UK bank to introduce a two factor authentication device like this. Some devices are larger and require the user to insert their card, this device is one of the smallest and simplest to use.
Attached Images
File Type: jpg Capture.JPG (17.0 KB, 113 views)
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-20-2011, 06:52 PM   #14
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,465
Video works fine. The security may as well but it looks like the login process is getting longer. It is an improvement over simple keyboard internet access.
__________________
MichaelB is online now   Reply With Quote
Old 10-20-2011, 07:03 PM   #15
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
The day after we arrived in the UK we unexpectedly needed 1,600 in cash. I went to the branch of HSBC in the town I was staying but they didn't have tellers and the business person told me where the closest branch with a teller was, and to be sure I brought photo ID with me.

I went and told the teller what I wanted. He said to write out a check for cash for 1,600 which I did and he handed over the money without ever asking for ID. Now, my account details has my home address, in the USA, they don't know I'm in the UK, and I am at a branch about 20 miles away from the branch where I have my account.

To me it looks like anyone who steals my checkbook can write checks for cash very easily with only a signature. (rant over)
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-20-2011, 08:38 PM   #16
Thinks s/he gets paid by the post
 
Join Date: Feb 2007
Posts: 1,015
Interesting thread as DD just called and told me her debit card has been compromised. She learned of it when she got an alert of a several hundred dollar transaction at a store in California - she immediately called her bank and they've already cancelled her card, but she's still very upset. What a pain!
__________________
Achiever51 is offline   Reply With Quote
Old 10-20-2011, 09:18 PM   #17
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by Achiever51 View Post
Interesting thread as DD just called and told me her debit card has been compromised. She learned of it when she got an alert of a several hundred dollar transaction at a store in California - she immediately called her bank and they've already cancelled her card, but she's still very upset. What a pain!
I'm sorry to hear that, what a nuisance.

We used our UK debit cards a lot while in the UK this last 7 months. These days the stores, pubs and restaurants all have "smart chip" readers so to buy anything requires you to enter your PIN, and the card never leaves your posession as the card reader is brought to your table.

However, some purchases over the internet still only require card details, unless the site requires "verified by Visa" where you have had to have already set a password on your card through your bank.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 10-21-2011, 06:19 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
clifp's Avatar
 
Join Date: Oct 2006
Posts: 7,450
The scheme that I am seeing which I approve of is to text a pin number to your cell phone when you log into a financial institution from a new computer.

Schwab had pretty interesting scheme, when I logged into from Chinese internet Cafe (ya I know risky but I was in the middle of escrow on my house. ). Before they gave me access they gave me a list of stocks and said you own one of these stocks, on and by the way you have one chance to get it right. Luckily I am very familiar with my portfolio.
__________________
clifp is online now   Reply With Quote
Concerned about Security
Old 10-21-2011, 12:15 PM   #19
Full time employment: Posting here.
misanman's Avatar
 
Join Date: Apr 2008
Posts: 536
Concerned about Security

I love online account access and management. I'm amazed at how easy it is to move large sums of money around the banking system. In fact, it's so easy that my concerns about security have escalated as well.

So, how real is the threat? Assuming I'm not sharing account numbers and pins/passwords, how hard would it be for someone to steal from those accounts.

And how serious is the keylogging threat?

I have security software (Norton Security Suite) and it's current but should I be doing more?

Thx
__________________
"The best thing about the future is that it happens one day at a time." -- A. Lincoln
misanman is offline   Reply With Quote
Old 10-21-2011, 01:31 PM   #20
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by misanman View Post
I love online account access and management. I'm amazed at how easy it is to move large sums of money around the banking system. In fact, it's so easy that my concerns about security have escalated as well.

So, how real is the threat? Assuming I'm not sharing account numbers and pins/passwords, how hard would it be for someone to steal from those accounts.

And how serious is the keylogging threat?

I have security software (Norton Security Suite) and it's current but should I be doing more?

Thx
I also love online banking and recently registered with a money changing site (HiFx) completely on-line, sent images of my password and pdf copies of US bank statements to prove who I was, and then easily moved 35k (~$60k) from my bank in the UK to my bank in the US. Quite scary, really, how easily that was achieved.

I only log onto my accounts from our laptops, as I'm sure they have the latest anti-virus software, but I still worry about keystroke logging software which is why I like sites that use virtual keyboards and/or only ask for a random selection of characters from the password.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What happens if Bank Of America goes under? Karloff Other topics 39 10-11-2011 11:11 AM
Bank of America to charge $5 debit card fee MasterBlaster FIRE and Money 92 10-01-2011 02:19 PM
Net Present Value of State Government Pension and Social Security Benefit nico08 FIRE and Money 19 08-22-2011 12:44 AM
USAA Bank ending debit-card rewards mickeyd FIRE and Money 6 07-09-2011 08:05 PM

 

 
All times are GMT -6. The time now is 05:29 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.