How safe is Internet Banking?

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › How safe is Internet Banking?

1 | 2 | 3 | 4 | 5

3928 posts

Uber Geek

Trusted

#1302091 11-May-2015 16:37

The thing about internet banking is that provided you don't knowingly disclose your PIN or Password to a third party, and run antivirus, your bank will refund you in the unlikely situation an undetected trojan, or similar, has taken off with some of your funds. So all good.

dafman

3928 posts

Uber Geek

Trusted

#1302093 11-May-2015 16:39

frankv:
jarledb: So I use unique and random passwords for every single service I use. 1Password is my software of choice for keeping them all handy.

And what does 1Password do with them? How do you know?

If you add up all the letters in "1Password" you'll find that it adds up to exactly the same as "NSA". 'Nuff said.

I use KeePass (Keepass droid on my android) for discrete encrypted password management that is not provided by a third party.

dafman

3928 posts

Uber Geek

Trusted

#1302094 11-May-2015 16:42

jarledb: For internet banking I only use services that require an extra token to login. Like a code calculator, SMS message with onetime code etc.

For your own piece of mind, fair call - however, not required. For eg. Kiwibank don't offer extra token facility (as far as I am aware). Therefore, provided you abide by their terms and conditions in using internet banking, your funds are safe.

mattwnz

20177 posts

Uber Geek

#1302098 11-May-2015 16:46

The problem is that banks still send customers emails with links to click, and many people won't be able to tell if they are legitimate emails or not. Scammers have got a lot better at faking these emails recently, and I have had to look at the actual email source code to see if they are legit or not. So as a rule of thumb I now never click on links in emails from banks, even the legit ones.

freitasm

BDFL - Memuneh
79314 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1302102 11-May-2015 17:04

1995. That is when I started using Internet Banking.

Keep password safe, do not reuse passwords, try using a bank with a 2FA, do not follow links received via emails.

Most importantly do not give your password over the phone just because someone called and said "It is from your bank". You might ask for a name, hang up and call your bank on a number you know - do not ever call from a number someone gives to you to call back as it could be as fake as the person calling.

Social engineering is where people fall.

Finch

2851 posts

Uber Geek

#1302174 11-May-2015 18:32

Once again thanks everyone, especially for the information.

I knew about not clicking on links etc, however it is nice to get a refresh and see what others are saying :)

frankv

5680 posts

Uber Geek

Lifetime subscriber

#1302180 11-May-2015 18:41

One last thing...

You need to post your account number and password here, so that we can all help you keep it secret.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

johnr

19282 posts

Uber Geek
Inactive user

#1302182 11-May-2015 18:42

frankv: One last thing...

You need to post your account number and password here, so that we can all help you keep it secret.

Just email me your Kwibank user name / password and secret answers and I will help you out

;)

richms

28199 posts

Uber Geek

Trusted

Lifetime subscriber

#1302183 11-May-2015 18:43

Also your date of birth and mothers maiden name because those are supposed to be secret. I mean to identify you....

Richard rich.ms

freitasm

BDFL - Memuneh
79314 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1302198 11-May-2015 19:05

If you are really paranoid you would create fake answers to "secret questions". For example some "Bad Person" can easily find out someone's mother's name or date of birth on Facebook.

Or if someone has access to email (not impossible seeing some people reuse passwords and there are breaches every day in lots of services) then it's trivial to get a password reset link to a service such as Amazon for example. And then looking at the Amazon account page you could find said person's credti card's last four digits. And then use this information to reset another service that only asks for an email or for partial credit card information - and so on.

It's not impossible for this to happen, from a single leaked password.

dafman

3928 posts

Uber Geek

Trusted

#1302211 11-May-2015 19:23

mattwnz: The problem is that banks still send customers emails with links to click, and many people won't be able to tell if they are legitimate emails or not. Scammers have got a lot better at faking these emails recently, and I have had to look at the actual email source code to see if they are legit or not. So as a rule of thumb I now never click on links in emails from banks, even the legit ones.

No they don't. Banks do not send emails to customers with links to internet banking logon. Never.

Inphinity

2780 posts

Uber Geek

#1302212 11-May-2015 19:28

mattwnz: The problem is that banks still send customers emails with links to click, and many people won't be able to tell if they are legitimate emails or not. Scammers have got a lot better at faking these emails recently, and I have had to look at the actual email source code to see if they are legit or not. So as a rule of thumb I now never click on links in emails from banks, even the legit ones.

No legitimate bank I've dealt with (which is most of the ones in NZ and Aus, in some form or another) has ever sent me an email with a link to follow.

khull

1245 posts

Uber Geek

#1302220 11-May-2015 19:41

I feel this is like the whole PayPass/Paywave discussion.

If you feel it is unsafe (unwarranted) then don't use it. Not intending to offend, but asking a forum of strangers like this one is just poor excuse and darn lazy. If it was truly important, then one would look up security principals such two factor authentication, encryption mechanisms, phishing and decide and if the level of risk is acceptable for the convenience of not having to physically manage your finances at a branch.

My folks often insist on hearing from others (and non family members seem to have a higher weighting) before making decisions. If it has financial implications, wouldn't it make sense to validate it yourself rather than using strangers as a litmus test?

Having said that, all the responses I have seen so far are valid and have merit but I also seriously hope that OP has also done more homework rather than just relying from one source like this.

sidefx

3714 posts

Uber Geek

Trusted

#1302233 11-May-2015 19:56

Inphinity:
No legitimate bank I've dealt with (which is most of the ones in NZ and Aus, in some form or another) has ever sent me an email with a link to follow.

I couldn't recall any bank doing this either, but upon searching in gmail I find 2 from ANZ with links to follow in them, and they certainly aren't phishing emails. They are not links to login to internet banking or anything like that - they're links to "manage your communication preferences" and "more security options" and unsubscribe... but it does set a slightly dangerous precedent as they do go some of the way to undermining the other big security warning in the email that says:

"Never follow a hyperlink when you log on to ANZ Internet Banking, or any web page where financial transactions can be made. Always type the full address into the address bar"

The other thing that undermines this somewhat with anz is the fact that their front page of anz.co.nz isn't https so the big "log on to internet banking" button on there could take you anywhere if you've been MITM'd...

I think sometimes it pays to be a little paranoid - yes frequently people have only themselves to blame when their internet banking details get "owned" but the banks don't always get it right either...

"I was born not knowing and have had only a little time to change that here and there." | Octopus Energy | Sharesies
- Richard Feynman

alasta

6709 posts

Uber Geek

Trusted

Subscriber

#1302246 11-May-2015 20:15

Inphinity:
mattwnz: The problem is that banks still send customers emails with links to click, and many people won't be able to tell if they are legitimate emails or not. Scammers have got a lot better at faking these emails recently, and I have had to look at the actual email source code to see if they are legit or not. So as a rule of thumb I now never click on links in emails from banks, even the legit ones.

No legitimate bank I've dealt with (which is most of the ones in NZ and Aus, in some form or another) has ever sent me an email with a link to follow.

When I get notices from Rabobank about changes to interest rates, terms & conditions, etc. they always have a link to their main web site which, in turn, has a direct link to log into Internet banking. Admittedly these emails don't encourage or prompt the user to log in, but they could still fool someone of they were spoofed.

1 | 2 | 3 | 4 | 5