O/T Question for all you 'puter freeks
Discussion
Appreciate comments guys. I'm a wrinkly and know nowt about these things (or very little anyway) My question is; what is the safety factor with computer banking? is it? is'nt it? I'm being barraged by my banks about this and I don't like dealing with american style rude call centers. Comments greatly appreciated... A 'puter numptie!John
John,
On the whole I believe it to be perfectly safe. I do all my banking, both here and in the US online as I cant stand the queues and ridiculous administration that seem to go on inside bank branches.
When internet banking first started they were very keen to point out that no fraud regarding this has every occurred on the internet.
There are a number of security experts on here so I am sure they can give you a better technical explanation but I believe it to be perfectly secure.
Matt.
On the whole I believe it to be perfectly safe. I do all my banking, both here and in the US online as I cant stand the queues and ridiculous administration that seem to go on inside bank branches.
When internet banking first started they were very keen to point out that no fraud regarding this has every occurred on the internet.
There are a number of security experts on here so I am sure they can give you a better technical explanation but I believe it to be perfectly secure.
Matt.
IMHO very safe. There was only one c*ck up by Barclays and that was only showing the wrong account (you couldn't actually do anything with it) and it was cleared up very quickly. Also banks would compensate if something was found to be wrong. I have used Internet banking since it was available (I hated having to phone to find my account balances and transfer money from buisness account to personal) I've had no problems nor have I heard of any.
I have been using Natwest online banking for a few years now, and I do everything on there .. mortgage, all bill payments to cards etc, transfer savings, shares you name it .. most things can be done.
I have found it very usefull as I spend all day on the Net so convenience was the key.
Natwest have been changing their login methods to increase safety since the launch.
I also use egg and halifax online with no probs or worries with security.
They are all using 128bit encryption and other methods to secure your accound and login identity.
>> Edited by cleg on Thursday 23 May 11:36
I have found it very usefull as I spend all day on the Net so convenience was the key.
Natwest have been changing their login methods to increase safety since the launch.
I also use egg and halifax online with no probs or worries with security.
They are all using 128bit encryption and other methods to secure your accound and login identity.
>> Edited by cleg on Thursday 23 May 11:36
It's about as safe as using a cash machine really, and probably safer than handing your card over in a shop or restaurant. Your connection to the bank is encrypted (scrambled) and the logon procedure asks for more "secret" information that a cash machine does.
You're still vulnerable to "friends and family" fraud (i.e. someone looking over your shoulder as you type), but that's a bit of a given really.
The Barclays thing wasn't so much a cock-up with the security per se, but with something at the backend that mismatched accounts to the customer ID number. That sort of error on the Bank's part is the most likely to cause a problem, perhaps followed by potential vulnerabilities at their end. That said, they'll be watching their systems like a hawk for any issues/anomalies.
You're still vulnerable to "friends and family" fraud (i.e. someone looking over your shoulder as you type), but that's a bit of a given really.
The Barclays thing wasn't so much a cock-up with the security per se, but with something at the backend that mismatched accounts to the customer ID number. That sort of error on the Bank's part is the most likely to cause a problem, perhaps followed by potential vulnerabilities at their end. That said, they'll be watching their systems like a hawk for any issues/anomalies.
I've used Firstdirect for 12 years, migrating from phone banking to PC banking (effectively private network) to Internet banking. Still got the phone banking as a backup for non-standard stuff.
I've never had a problem with the service or security, and use it from home and work.
I'd hate to go back to anything else.
As the quote goes, the world needs banking, not banks.
I've never had a problem with the service or security, and use it from home and work.
I'd hate to go back to anything else.
As the quote goes, the world needs banking, not banks.
Hi John
Better say what are the risks associated with computer (guess you mean accesing your account over the internet) banking. i.e:
Risk of someone eavesdropping on what you're doing over the net - low, as stated assuming you're using 128 bit encryption and keep your web browser software up to date.
Risk of your bank being hacked (cracked) through their internet portal - again low, (but not impossible) but then again this could happen even if _you_ don't sign up because it's there anyway.
Risk of your computer being hacked (cracked) while connecting to the internet - possible, ideally you should get some sort of personal firewall to stop anyone getting in while you're getting out, and ideally use a reputable ISP who offers email virus scanning.
Risk of someone learning/guessing your password and login details - low, but again not impossible. Lie about your mothers maiden name, pick a random date or whatever they ask for authentication. Bear in mind that if you store any of these on your PC then you have to treat it in the same way you treat, e.g. a credit card.
Risk of a transaction going wrong because there is a flaw in their software - possible, I know of someone who got charged interest on their credit card because the bank's software couldn't accept 2 payments to the same credit card in the same day (second overwrote first) so keep a (paper) note of dates & times of transactions until you're satisfied it all works.
Risk of computer crashing & losing your information - again, possible and ideally you keep a backup of everything, secured to the same extent as you've secured the computer itself.
etc, etc. Hope I haven't scared you off, generally these things are OK as the bank have their reputation to protect so should sort out any problems.
AdrianR
P.S. There are also reduced risks - if you get your credit card bill over the internet the no-one can intercept your physical post or go through your bins!
Better say what are the risks associated with computer (guess you mean accesing your account over the internet) banking. i.e:
Risk of someone eavesdropping on what you're doing over the net - low, as stated assuming you're using 128 bit encryption and keep your web browser software up to date.
Risk of your bank being hacked (cracked) through their internet portal - again low, (but not impossible) but then again this could happen even if _you_ don't sign up because it's there anyway.
Risk of your computer being hacked (cracked) while connecting to the internet - possible, ideally you should get some sort of personal firewall to stop anyone getting in while you're getting out, and ideally use a reputable ISP who offers email virus scanning.
Risk of someone learning/guessing your password and login details - low, but again not impossible. Lie about your mothers maiden name, pick a random date or whatever they ask for authentication. Bear in mind that if you store any of these on your PC then you have to treat it in the same way you treat, e.g. a credit card.
Risk of a transaction going wrong because there is a flaw in their software - possible, I know of someone who got charged interest on their credit card because the bank's software couldn't accept 2 payments to the same credit card in the same day (second overwrote first) so keep a (paper) note of dates & times of transactions until you're satisfied it all works.
Risk of computer crashing & losing your information - again, possible and ideally you keep a backup of everything, secured to the same extent as you've secured the computer itself.
etc, etc. Hope I haven't scared you off, generally these things are OK as the bank have their reputation to protect so should sort out any problems.
AdrianR
P.S. There are also reduced risks - if you get your credit card bill over the internet the no-one can intercept your physical post or go through your bins!
I have used internet banking with Royal Bank of Scotland for years (both personal and business banking) and it's superb.. no security problems because you're running over a 128Bit encrypted connection as has been said before..
Dunno how well any of them work with a non-MS browser though - the RBS offering seems to be tailored towards IE5/6
Like with anything else security-wise, there's always some risk, but it's absolutely miniscule in this case..
Dunno how well any of them work with a non-MS browser though - the RBS offering seems to be tailored towards IE5/6
Like with anything else security-wise, there's always some risk, but it's absolutely miniscule in this case..
I have worked in IT Security for many years and the benefits far out way the risk, how often have you given your credit card to someone you don't know or given the details of it over the phone or throw a credit card receipt in the bin?
Any decent hacker would not attack an 128 bit SSL session but go for the servers.
I have used home bankng since day one and the only down side is the long winded authentication process.
>> Edited by Lee77 on Thursday 23 May 21:59
Any decent hacker would not attack an 128 bit SSL session but go for the servers.
I have used home bankng since day one and the only down side is the long winded authentication process.
>> Edited by Lee77 on Thursday 23 May 21:59
As with anything in life there are risks. I have used internet banking since it first emerged without any problems.
But! My companies last contract was to find flaws in a similar system.
The biggest flaw uncovered was the ability to *attack* the ssl session (The encrypted protocol used for secure transactions).
It is easy to sniff outbound traffic (Promiscious mode NIC) which could consist of usernames passwords etc, even if it is encrypted you can still get the plain data using various methods.
Conclusion: Chances of a potential security problem is very very slim. But possible.
Deester...
But! My companies last contract was to find flaws in a similar system.
quote:
Any decent hacker would not attack an 128 bit SSL session but go for the servers.
The biggest flaw uncovered was the ability to *attack* the ssl session (The encrypted protocol used for secure transactions).
It is easy to sniff outbound traffic (Promiscious mode NIC) which could consist of usernames passwords etc, even if it is encrypted you can still get the plain data using various methods.
Conclusion: Chances of a potential security problem is very very slim. But possible.
Deester...
Its all about risk management - the security is "good enough" for most circumstances and to be honest the number of times that anything goes wrong are small and pretty insignificant.
However, my comment about risk management is how the banks deal with the security of this type of thing. Fraud is a certainty for a bank and what they have to do is reduce it to an absolute minimum. However, fraud will occur - and this is the kicker here - it all depends on the costs of fixing the problems. What I mean is that if there is a risk of only a couple of million fraud then the law of diminishing returns says dont spend more than a couple of million fixing it....
For example a bank in the USA trimmed back on its physical security (guards etc) as they only lost something like $60,000 per quarter in bank raids.... just hand over the money and everyone is OK. But they would loose something like $6,000,000 per quarter in cheque fraud.... So the security focus would be on the cheques and not physical security. You get the picture. While the functionality and number of users are quite low on the banking systems the fraud level is low.... However, when this increases and the functionality gets better (like transferring money to different banks etc) the risks are much higher - lets just hope that they fix this with decent security.
However, as has been already pointed out by Lee77 - any fraudster will target the system as a whole and not the browser or user. There is little point trying to break a 128bit SSL connection for sniffing a potential single username and password. The better return is to target the central servers to support the online service and get thousands of users details.... now that is the interesting part....
So, browser security and authentication is pretty good (though not infalible) but the problem is the bank service. Is this secure, is it managed and administrated in a secure way, does it use best practice and secure application development procedures? These are all questions that you just dont know.....
But, seeing as the banks want us to use these systems (cheaper than a branch) then any fraud or problem wont be an issue - they should payout regardless. But always be careful and consider what you are doing and where. Awareness is the key to addressing the issues - which means that you should be fine and never suffer any problems.
Oh, and a small tip - if they want something like your mothers maiden name - use something that ISNT your mothers maiden name. Less likely for a guess and no way of getting the information. In fact mothers maiden name is actually a really crap method of authentication.....
Cheers,
Paul
However, my comment about risk management is how the banks deal with the security of this type of thing. Fraud is a certainty for a bank and what they have to do is reduce it to an absolute minimum. However, fraud will occur - and this is the kicker here - it all depends on the costs of fixing the problems. What I mean is that if there is a risk of only a couple of million fraud then the law of diminishing returns says dont spend more than a couple of million fixing it....
For example a bank in the USA trimmed back on its physical security (guards etc) as they only lost something like $60,000 per quarter in bank raids.... just hand over the money and everyone is OK. But they would loose something like $6,000,000 per quarter in cheque fraud.... So the security focus would be on the cheques and not physical security. You get the picture. While the functionality and number of users are quite low on the banking systems the fraud level is low.... However, when this increases and the functionality gets better (like transferring money to different banks etc) the risks are much higher - lets just hope that they fix this with decent security.
However, as has been already pointed out by Lee77 - any fraudster will target the system as a whole and not the browser or user. There is little point trying to break a 128bit SSL connection for sniffing a potential single username and password. The better return is to target the central servers to support the online service and get thousands of users details.... now that is the interesting part....
So, browser security and authentication is pretty good (though not infalible) but the problem is the bank service. Is this secure, is it managed and administrated in a secure way, does it use best practice and secure application development procedures? These are all questions that you just dont know.....
But, seeing as the banks want us to use these systems (cheaper than a branch) then any fraud or problem wont be an issue - they should payout regardless. But always be careful and consider what you are doing and where. Awareness is the key to addressing the issues - which means that you should be fine and never suffer any problems.
Oh, and a small tip - if they want something like your mothers maiden name - use something that ISNT your mothers maiden name. Less likely for a guess and no way of getting the information. In fact mothers maiden name is actually a really crap method of authentication.....
Cheers,
Paul
I once encountered a problem when someone spoofed my bank's logon site. But the firewall picked it up straight away and then the only problem I had was a hacker trying to get into my PC for weeks to access the password for the account...
Spoke to the bank about it, they "put measures in place" to stop it happening again. They didn't elaborate, but they did make a point of underlining how good the encryption was, etc. etc.
Never had a problem other than that.
Spoke to the bank about it, they "put measures in place" to stop it happening again. They didn't elaborate, but they did make a point of underlining how good the encryption was, etc. etc.
Never had a problem other than that.
Some banks are now moving to triple DES security, in-line with EMV chip card requirements. The company I work for most of the time provides an Internet banking solution to a number of banks, the number of problems reported is negligible, usually user-error in origination.
I happily transfer money from country to country between different banks using internet-based banking and have never had a problem in the 5 years or so I have been doing this.
I happily transfer money from country to country between different banks using internet-based banking and have never had a problem in the 5 years or so I have been doing this.
Gassing Station | General Gassing [Archive] | Top of Page | What's New | My Stuff