Online bank customers who give up their user names and passwords to phishers are protected by zero liability, an industry standard that offers full restitution.
(From The New York Times)
The story "Don't take this bait (but you're safe if you do)" published November 29, 2009 at 10:48 AM is no longer available on CNET News.
My credit union uses a two-factor authentication that can authenticate a specific computer, user and browser if I want. When I go to another computer, use another Windows account, browser or OS, I have to enter the extra keyword again. On my laptop I leverage the added security by requiring the second level key word.
Frankly it is not that inconvenient and gives one a bit of piece of mind. If the financial institutions explaiin it correctly and offer incentives such as zero liability, free USB security devices or such things then customers will be more comfortable with online banking. I know many people who do not because of costly experiences or general mistrust of online banking. Banks also need to specify that they do not send emails with a link to respond, but only as information or confirmation.
I started using online banking nearly 20 years ago with through the German BTX (videotext) and then through CompuServe. I had to use a transaction nr from a hardcopy list sent to me by mail as will as my PIN. The PayPal text message thing sounds much more convenient to say the least. I did feel more secure with the paper list of transaction codes although cumbersome. Now I do a lot more transactions, so it would be less feasible.
Financial institutions should agree on a cheap USB solution that would be so widely used that they could offer it effectively for free. Offer it as an option for a small fee, $5 say, and give a credit if the device is used for a year. A lot of people would opt for it and save us all some of the costs of online fraud. It would be a good marketing tool showing customers that the financial institutions are serious about protecting your assets and personal information.
That is what Bank of America uses as well. Not only a password, but a 'special cookie' that they save on your computer that is made by putting in another, EXTRA password which they call a 'site-lock'. I've had to 'reset' it a few times when I haven't gone on the internet for a long time and have forgotten it.... it HARD to do. They want to confirm your e-mail address, some personal information, and send ANOTHER e-mail to your e-mail address with a link in it before you are allowed to change your SiteLock password.
Every email I receive from my bank clearly states that they will never ever ask for my login information in an email or linked through an email, and that instances of this should be immediately reported. Anyone who does fall for this should be banned from online banking, as it isn't exactly fair for the banks to have to cover everyone's excessive stupidity.
So true. One should never click on a link in an email. Instead one should go to the company claimed to be represented directly.
That banks do send out legitimate emails at all that have links in them is the problem. Banks should stop this practice. Credit card companies too. THEY are creating the environment where people are more easily deceived. If financial companies made it a policy to NEVER put a link in their emails, ever, ever, then when you get an email from a "bank" with a link, you will know it is fake 100% of the time.
You should know the thing is fake when you see that they are asking for your password anyway. There is nothing wrong with having links in banking e-mails, the real problem is people who are too in a hurry, don't use their brains, and click blindly on links.
The banks could help take care of this as well by immediately reporting any fake websites that have the look of their website, and the Feds should be given permission to DDoS these sites.
I believe the article is correct for personal accounts but there was an article in Forbes recently about a couple who had their business account linked with their personal accounts and the hacker broke in, moved the money to the commercial account and then transferred it to a bogus account. The bank claimed that since it was a commercial account they weren't liable.
The bank was wrong. The law says that they are liable FOR ANY ACCOUNT: savings, commercial, etc. If the bank tried that, they should have called their lawyer and sued the bank in question.
Zero liability? I think not. You're paying for fraud somehow -- increased fees, lowever interest rates, whatever-- and the worst part is that you're paying for other people's stupidity and cupidity and gullibility.
Uh..... there are a lot of people who are not 'stupid' who fall for these things. Personally, I haven't, because my bank puts it in black letters on their website everytime I log-in that they will never, repeat, NEVER ask you for your e-mail address, username or password by e-mail or by anything else other than a registered letter, with a phone number (which you SHOULD CHECK) to call.
SecureID is the way to go. I wish Wells Fargo would hurry up and implement it as well as all credit card online sites. There should be a law forcing them to provide SecureID.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Save on Sony cameras. Free shipping.
%20-%20CNET%20News&srcUrl=http://news.cnet.com/Dont-take-this-bait-but-youre-safe-if-you-do/2100-1029_3-6250267.html&x_breadcrumb=1009:1029&x_arw_bkts=MAD:high_wireless_switcher){kind=small}
Frankly it is not that inconvenient and gives one a bit of piece of mind. If the financial institutions explaiin it correctly and offer incentives such as zero liability, free USB security devices or such things then customers will be more comfortable with online banking. I know many people who do not because of costly experiences or general mistrust of online banking. Banks also need to specify that they do not send emails with a link to respond, but only as information or confirmation.
I started using online banking nearly 20 years ago with through the German BTX (videotext) and then through CompuServe. I had to use a transaction nr from a hardcopy list sent to me by mail as will as my PIN. The PayPal text message thing sounds much more convenient to say the least. I did feel more secure with the paper list of transaction codes although cumbersome. Now I do a lot more transactions, so it would be less feasible.
Financial institutions should agree on a cheap USB solution that would be so widely used that they could offer it effectively for free. Offer it as an option for a small fee, $5 say, and give a credit if the device is used for a year. A lot of people would opt for it and save us all some of the costs of online fraud. It would be a good marketing tool showing customers that the financial institutions are serious about protecting your assets and personal information.
I've had to 'reset' it a few times when I haven't gone on the internet for a long time and have forgotten it.... it HARD to do. They want to confirm your e-mail address, some personal information, and send ANOTHER e-mail to your e-mail address with a link in it before you are allowed to change your SiteLock password.
That banks do send out legitimate emails at all that have links in them is the problem. Banks should stop this practice. Credit card companies too. THEY are creating the environment where people are more easily deceived. If financial companies made it a policy to NEVER put a link in their emails, ever, ever, then when you get an email from a "bank" with a link, you will know it is fake 100% of the time.
The banks could help take care of this as well by immediately reporting any fake websites that have the look of their website, and the Feds should be given permission to DDoS these sites.
If the bank tried that, they should have called their lawyer and sued the bank in question.