|
|
Online bank security at login
10-20-2011, 03:02 PM
|
#1
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Online bank security at login
I wonder if there is going to be a new wave of increased security when logging in to financial institutions. A few weeks ago HSBC UK told me that in January I will be issued with a new device to be used when logging in. Sounds similar to the RCA security key, except it comes with a keypad for me to enter my PIN and then type in the security code it displays, which will be different at every login.
Last week I got the following message from HSBC USA that they are changing their login process as follows:
Quote:
At HSBC, we are always searching for ways to protect the security of your account.
Starting November 13, HSBC will be implementing a new technology to keep your Personal Internet Banking account as secure as possible.
Your existing user name, password, and security key will remain the same. Now, you will be prompted to enter different characters of your security key each time you log in. You will enter these characters using your computer keypad rather than the virtual keyboard you have been using. This will aid in deflecting "keystroke logging" the most frequent form of password theft.
HSBC is making this change as part of our ongoing efforts to identify the most secure technology available for our customers.
|
And today I get an e-mail from Treasury Direct that they also are changing their login process as follows:
Quote:
Dear TreasuryDirect Account Holder:
We're committed to providing a secure environment for your investments and personal information.
In a few weeks, we'll be replacing the access card with personalized images, one time passcodes, and computer registration as new layers of security to your TreasuryDirect account. Continue to use your access card until you're notified within your TreasuryDirect account.
Thank you for using TreasuryDirect.
|
Anyone else seeing upcoming changes?
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
10-20-2011, 03:19 PM
|
#2
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Feb 2004
Location: Portland, Oregon
Posts: 7,113
|
Did you read of the recent discussion by Symantec about a stolen security key and a new version of the stuxnet worm? Maybe that is driving those changes.
__________________
Duck bjorn.
|
|
|
10-20-2011, 03:31 PM
|
#3
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Quote:
Originally Posted by Brat
Did you read of the recent discussion by Symantec about a stolen security key and a new version of the stuxnet worm? Maybe that is driving those changes.
|
I had not heard that, but you may be correct. After googling the interweb:
Quote:
Key points:
• Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered.
• The executables are designed to capture information such as keystrokes and system information.
• Current analysis shows no code related to industrial control systems, exploits, or self-replication.
• The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
• The exfiltrated data may be used to enable a future Stuxnet-like attack.
|
If they are concerned about sophisticated key-logging worms then this may be the reason. However:
HSBC UK already has a log in that does not require you to type in all your password ( please enter the 3rd, 4th, next to last and last charcters in your password)
Treasury Direct and HSBC USA uses a virtual key board for you to click on the characters in your password, and TD also asks for random characters from the card you were issued with.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-20-2011, 04:01 PM
|
#4
|
Moderator Emeritus
Join Date: Jan 2007
Location: New Orleans
Posts: 47,500
|
I would like all the security possible. It scares me to death to think of some hacker getting into my bank or investment accounts.
Often when logging in to these accounts I use the software keyboard that comes with Windows, though I know that isn't a security be-all and end-all. Still, it's pretty easy to do. I also have a ton of security software on my computer and use it. I am open to future improvements in security.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities. - - H. Melville, 1851.
Happily retired since 2009, at age 61. Best years of my life by far!
|
|
|
10-20-2011, 04:03 PM
|
#5
|
Administrator
Join Date: Jan 2008
Location: Chicagoland
Posts: 40,709
|
The HSBC plan looks interesting and much more secure. More banks and financial institutions should follow this example and beef up their security.
|
|
|
10-20-2011, 04:07 PM
|
#6
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Quote:
Originally Posted by MichaelB
The HSBC plan looks interesting and much more secure. More banks and financial institutions should follow this example and beef up their security.
|
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-20-2011, 04:10 PM
|
#7
|
Moderator Emeritus
Join Date: Jan 2007
Location: New Orleans
Posts: 47,500
|
Quote:
Originally Posted by Alan
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
|
Maybe you can string a dozen of them on a beaded metal chain, and persuade your wife to wear it as a fashion statement. (Just kidding!)
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities. - - H. Melville, 1851.
Happily retired since 2009, at age 61. Best years of my life by far!
|
|
|
10-20-2011, 04:15 PM
|
#8
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-20-2011, 04:18 PM
|
#9
|
Administrator
Join Date: Jan 2008
Location: Chicagoland
Posts: 40,709
|
Quote:
Originally Posted by Alan
I have accounts at 6 banks and brokerages and if they all go the HSBC route then I'll have to carry 6 electronic gadgets when I'm traveling. If the CC companies followed suit, then it starts getting a bit over-whelming.
|
Silly me. I was thinking one keypad for the bunch. If I were to put another half dozen devices on the desk I'd end up sleeping alone on the couch...
|
|
|
10-20-2011, 04:26 PM
|
#10
|
Moderator Emeritus
Join Date: Jan 2007
Location: New Orleans
Posts: 47,500
|
Quote:
Originally Posted by MichaelB
Silly me. I was thinking one keypad for the bunch. If I were to put another half dozen devices on the desk I'd end up sleeping alone on the couch...
|
On the desk? What about break-ins? You'd have to have a safe installed firmly into the foundation of your house, hide it under something, and put the devices in the safe.
Then, as long as you remember the combination to the safe...
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities. - - H. Melville, 1851.
Happily retired since 2009, at age 61. Best years of my life by far!
|
|
|
10-20-2011, 04:36 PM
|
#11
|
Administrator
Join Date: Jan 2008
Location: Chicagoland
Posts: 40,709
|
Quote:
Originally Posted by W2R
On the desk? What about break-ins? You'd have to have a safe installed firmly into the foundation of your house, hide it under something, and put the devices in the safe.
Then, as long as you remember the combination to the safe...
|
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
|
|
|
10-20-2011, 04:46 PM
|
#12
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2009
Posts: 9,343
|
Quote:
Originally Posted by MichaelB
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
|
That's the problem. I'm sure my device if I have to have one will be laying on my notepad marked on the cover-" account passwords", laying next to the computer.
|
|
|
10-20-2011, 05:37 PM
|
#13
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Quote:
Originally Posted by MichaelB
As a separate device it is useless without some corresponding information. If lost or stolen easily excluded from network access. Actually, a card reader so one could swipe a magnetic card, along with some keyboard entry, would be a good alternative.
|
I had a colleague from England where, 2 years ago, his bank did provide a device where he had to insert his smart chip debit card and enter his PIN to get the device to generate a number to allow him to log on.
This new system at HSBC, they brag about not needing a card, just a PIN number. So, if someone has your PIN and device plus username .....
Here are the details, with a demo video as well, not sure if the link will work for non-customers.
https://www.hsbc.co.uk/1/2/security-...2FA_I_SC2_0711
We're the first UK bank to introduce a two factor authentication device like this. Some devices are larger and require the user to insert their card, this device is one of the smallest and simplest to use.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-20-2011, 05:52 PM
|
#14
|
Administrator
Join Date: Jan 2008
Location: Chicagoland
Posts: 40,709
|
Video works fine. The security may as well but it looks like the login process is getting longer. It is an improvement over simple keyboard internet access.
|
|
|
10-20-2011, 06:03 PM
|
#15
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
The day after we arrived in the UK we unexpectedly needed £1,600 in cash. I went to the branch of HSBC in the town I was staying but they didn't have tellers and the business person told me where the closest branch with a teller was, and to be sure I brought photo ID with me.
I went and told the teller what I wanted. He said to write out a check for cash for £1,600 which I did and he handed over the money without ever asking for ID. Now, my account details has my home address, in the USA, they don't know I'm in the UK, and I am at a branch about 20 miles away from the branch where I have my account.
To me it looks like anyone who steals my checkbook can write checks for cash very easily with only a signature. (rant over)
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-20-2011, 07:38 PM
|
#16
|
Thinks s/he gets paid by the post
Join Date: Feb 2007
Posts: 1,015
|
Interesting thread as DD just called and told me her debit card has been compromised. She learned of it when she got an alert of a several hundred dollar transaction at a store in California - she immediately called her bank and they've already cancelled her card, but she's still very upset. What a pain!
|
|
|
10-20-2011, 08:18 PM
|
#17
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Quote:
Originally Posted by Achiever51
Interesting thread as DD just called and told me her debit card has been compromised. She learned of it when she got an alert of a several hundred dollar transaction at a store in California - she immediately called her bank and they've already cancelled her card, but she's still very upset. What a pain!
|
I'm sorry to hear that, what a nuisance.
We used our UK debit cards a lot while in the UK this last 7 months. These days the stores, pubs and restaurants all have "smart chip" readers so to buy anything requires you to enter your PIN, and the card never leaves your posession as the card reader is brought to your table.
However, some purchases over the internet still only require card details, unless the site requires "verified by Visa" where you have had to have already set a password on your card through your bank.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-21-2011, 05:19 AM
|
#18
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Oct 2006
Posts: 7,733
|
The scheme that I am seeing which I approve of is to text a pin number to your cell phone when you log into a financial institution from a new computer.
Schwab had pretty interesting scheme, when I logged into from Chinese internet Cafe (ya I know risky but I was in the middle of escrow on my house. ). Before they gave me access they gave me a list of stocks and said you own one of these stocks, on and by the way you have one chance to get it right. Luckily I am very familiar with my portfolio.
|
|
|
10-21-2011, 11:15 AM
|
#19
|
Thinks s/he gets paid by the post
Join Date: Apr 2008
Posts: 1,251
|
Concerned about Security
I love online account access and management. I'm amazed at how easy it is to move large sums of money around the banking system. In fact, it's so easy that my concerns about security have escalated as well.
So, how real is the threat? Assuming I'm not sharing account numbers and pins/passwords, how hard would it be for someone to steal from those accounts.
And how serious is the keylogging threat?
I have security software (Norton Security Suite) and it's current but should I be doing more?
Thx
__________________
"Don't you draw the queen of diamonds, boy, she'll beat you if she's able.
You know the queen of hearts is always your best bet" -- The Eagles, Desperado
|
|
|
10-21-2011, 12:31 PM
|
#20
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,125
|
Quote:
Originally Posted by misanman
I love online account access and management. I'm amazed at how easy it is to move large sums of money around the banking system. In fact, it's so easy that my concerns about security have escalated as well.
So, how real is the threat? Assuming I'm not sharing account numbers and pins/passwords, how hard would it be for someone to steal from those accounts.
And how serious is the keylogging threat?
I have security software (Norton Security Suite) and it's current but should I be doing more?
Thx
|
I also love online banking and recently registered with a money changing site (HiFx) completely on-line, sent images of my password and pdf copies of US bank statements to prove who I was, and then easily moved £35k (~$60k) from my bank in the UK to my bank in the US. Quite scary, really, how easily that was achieved.
I only log onto my accounts from our laptops, as I'm sure they have the latest anti-virus software, but I still worry about keystroke logging software which is why I like sites that use virtual keyboards and/or only ask for a random selection of characters from the password.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|