Recommendations for Banks with Excellent Cyber Security?

[48Fire]

My wife's bank account was hacked. A relatively small charge of $400, but it's very stressful for her. She caught it three days after the charge. It appears to be crypto currency, according to the bank. The bank froze her account and our joint account. I changed some passwords on other accounts, ran malware scans, and looked for anything suspicious on other accounts. So far, looks good, and this could be a one-off hacker.

My question is really about what we do in the long term. Tomorrow we are going to the bank to close our account and establish a new one within the same bank. I am thinking that we just close it completely, and move on to a new bank that is better with cyber security. We pay everything on-line with automatic payments, shop on-line, and my wife is on Facebook a couple hours each day. We could keep a small account for cash somewhere nearby, but all of the on-line transactions could be anywhere.

I wouldn't mind have a two-step security for every purchase. For example, you buy a new TV, and you get a text message that says, "Did you just buy a new TV?" This would shorten the cycle of reporting the fraud to seconds if we're paying attention.

Thanks for your inputs

 

[njhowie]

Hacking, stolen credit card numbers, etc. is simply part of the world we live in. No bank is going to be completely immune, even the seemingly best protected - can't be.

As long as the bank you choose has a policy of reimbursing for unauthorized charges/withdrawals/access, that's likely the best you can do and feel comfortable about banking with them.

I wouldn't mind have a two-step security for every purchase. For example, you buy a new TV, and you get a text message that says, "Did you just buy a new TV?" This would shorten the cycle of reporting the fraud to seconds if we're paying attention.

PayPal does this today. In my bank accounts at a couple banks they provide lots of options for notification of transactions - I believe you can set it that you are notified of every transaction...and 2 factor authentication for login to the online account. Then there is Fidelity's "Lockdown Mode" which you can enable on any of your accounts which prevents withdrawals.

 

[48Fire]

Hacking, stolen credit card numbers, etc. is simply part of the world we live in. No bank is going to be completely immune, even the seemingly best protected - can't be.

As long as the bank you choose has a policy of reimbursing for unauthorized charges/withdrawals/access, that's likely the best you can do and feel comfortable about banking with them.



PayPal does this today. In my bank accounts at a couple banks they provide lots of options for notification of transactions - I believe you can set it that you are notified of every transaction...and 2 factor authentication for login to the online account. Then there is Fidelity's "Lockdown Mode" which you can enable on any of your accounts which prevents withdrawals.

Great, thanks! We have PayPal. I like the sounds of the Fidelity options

 

[OldShooter]

Hacking, stolen credit card numbers, etc. is simply part of the world we live in. No bank is going to be completely immune, even the seemingly best protected - can't be.

As long as the bank you choose has a policy of reimbursing for unauthorized charges/withdrawals/access, that's likely the best you can do and feel comfortable about banking with them. ...

This.

In some cases a financial institution will offer an option to get an electronic token that provides authentication codes. Schwab does this without promoting it, or at least they used to. IMO they are not worth the hassle but YMMV -- you could look for those.

You can know two things about whatever bank has the best security. First, you have no way to test it so you will never know. Second, some other bank will probably be better tomorrow.

I have read that something like 95% of breaches are due to successful phishing attacks. If so, your best defense is your own careful behavior.

 

[48Fire]

This.

In some cases a financial institution will offer an option to get an electronic token that provides authentication codes. Schwab does this without promoting it, or at least they used to. IMO they are not worth the hassle but YMMV -- you could look for those.

You can know two things about whatever bank has the best security. First, you have no way to test it so you will never know. Second, some other bank will probably be better tomorrow.

I have read that something like 95% of breaches are due to successful phishing attacks. If so, your best defense is your own careful behavior.

Thanks, good advice. I started to think, if this happens to my wife's account, what about my parents that are 87 and 85 years old? What if $400 turns in to $400,000? And at some point soon, they will be incapable of being careful. Yipes

 

[njhowie]

Great, thanks! We have PayPal. I like the sounds of the Fidelity options

With PayPal, you can also enable 2FA - which kicks in when going to pay for anything using your PayPal account.

 

[dixonge]

Your biggest risks are debit card transactions, either at the gas pump, the grocery store or online. If the numbers get hacked, you just cancel the card and they ship a new one. I would *never* even think about switching banks because of something like this. It's a universal risk. Nothing to do w/ bank security procedures.

 

[48Fire]

Your biggest risks are debit card transactions, either at the gas pump, the grocery store or online. If the numbers get hacked, you just cancel the card and they ship a new one. I would *never* even think about switching banks because of something like this. It's a universal risk. Nothing to do w/ bank security procedures.

The bank said it was a hack of the account, not the debit card. Part of my consideration is that we have another bank with accounts. Two accounts is one too many in my opinion, especially as we age.

Thanks for your advice, though. Not to hijack my own thread, but we're going to Merida next month, and I read several of your previous posts, so thank you for those as well

 

[jebmke]

Your biggest risks are debit card transactions, either at the gas pump, the grocery store or online. If the numbers get hacked, you just cancel the card and they ship a new one. I would *never* even think about switching banks because of something like this. It's a universal risk. Nothing to do w/ bank security procedures.

At USAA I can lock the ATM/Debit card; since I never use it, it can stay locked.

Cardholders don't really bear any risk with credit cards but mine can be locked and unlocked with my phone if I wanted to go that far. These days I use my Apple Pay much more than my CC even so the risk is quite low.

 

[dixonge]

The bank said it was a hack of the account, not the debit card. Part of my consideration is that we have another bank with accounts. Two accounts is one too many in my opinion, especially as we age.

Thanks for your advice, though. Not to hijack my own thread, but we're going to Merida next month, and I read several of your previous posts, so thank you for those as well

OK, well if your account was hacked that's a whole different kettle of fish! But yeah, maybe just do 2FA on your bank and email account, and also put a PIN # on your phone SIM card. Protect against that kind of threat as well.

Enjoy Merida - take an umbrella, leave the long sleeves at home.

 

[jebmke]

OK, well if your account was hacked that's a whole different kettle of fish! But yeah, maybe just do 2FA on your bank and email account, and also put a PIN # on your phone SIM card. Protect against that kind of threat as well.

Enjoy Merida - take an umbrella, leave the long sleeves at home.

Those three things should cover most risks and are easy.

 

[48Fire]

OK, well if your account was hacked that's a whole different kettle of fish! But yeah, maybe just do 2FA on your bank and email account, and also put a PIN # on your phone SIM card. Protect against that kind of threat as well.

Enjoy Merida - take an umbrella, leave the long sleeves at home.

Great! thanks! I will

 

[48Fire]

Those three things should cover most risks and are easy.

Thanks for the confirmation! I plan on doing that today. Heading to the bank soon to close our joint account. My wife wants to maintain her existing account, but she's very open to the additional security measures.

 

[gt5059b]

Then there is Fidelity's "Lockdown Mode" which you can enable on any of your accounts which prevents withdrawals.

Fyi, Bogleheads had a thread about a similar topic not too long ago. I don't remember the exact details but went something like this.

A hacker was able to create a new account at a brokerage impersonating the victim. With the new account, the hacker initiated an electronic transfer of assets from a different existing brokerage account the victim had which was successful.

The conclusion from the thread is that Fidelity is the only brokerage that has the ability (i.e. lockdown mode) to stop a fraudulent ACATS transfer.

Ideally the hacker should never have been able to create that new account impersonating the victim. That's on the brokerage that let that happen. I assume this is not easy to do but obviously it can happen. Also the hacker had to know some details about the existing brokerage account as well.

 

[48Fire]

That's scary