Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Glurp
9712 posts

Uber Geek
+1 received by user: 4636

Subscriber

Topic # 247952 4-Mar-2019 18:08
Send private message quote this post

My security is fairly primitive. As a pensioner my needs are simple and I don’t bother with Internet banking. I don’t keep anything of value on my computers and I don’t visit shady sites so I only have basic security (Windows firewall, Defender, Malwarebytes). I have never had any issues. My security is basically keeping a low profile.

 

I need to undergo some medical procedures in Thailand in a few months and I have to figure out a good way of making substantial payments from my Kiwibank account. I will probably have to activate Internet banking. I do not have a credit card but I do have the usual Visa debit/EFTPOS card and I can make overseas payments with that. Until now I have kept most of my funds in a Saver account with only the Now account linked to the card. That way even I can only access what is on that account. To transfer funds I have to ring the bank or physically go there. This has the virtue of simplicity and it has worked well for me until now.

 

However I may be using borrowed computers or odd browsers on unknown ISPs in Thailand, so I need to find the best possible way of protecting my account when making overseas payments or withdrawals. I don’t carry a cell phone and I don’t really want to, so I am looking at other 2FA alternatives, but I’m not sure what to look for. I did read the Yubikey review @freitasm has posted. Something like that, such as a USB dongle I can plug into any computer, sounds like it might be exactly what I need, but I’m not completely sure. Any advice, recommendations or suggestions are welcome. Thanks in advance.

 

 





I reject your reality and substitute my own. - Adam Savage
 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
63009 posts

Uber Geek
+1 received by user: 13586

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2190869 4-Mar-2019 18:10
One person supports this post
Send private message quote this post

You will have to use what the bank offer. NZ Banks don't seem to support FIDO standards yet so it is either a card, app, SMS or a hardware token (depending on the bank). Talk to your bank.

 

As for other services then you will be using 2FA as an authenticator app on a smartphone (I recommend Authy) or a hardware key (like the Yubikey). Again it will depend of the service.







Glurp
9712 posts

Uber Geek
+1 received by user: 4636

Subscriber

  Reply # 2190873 4-Mar-2019 18:18
Send private message quote this post

Okay, thanks for that. Very helpful.

 

 





I reject your reality and substitute my own. - Adam Savage
 


 
 
 
 


3741 posts

Uber Geek
+1 received by user: 1128


  Reply # 2190883 4-Mar-2019 18:45
2 people support this post
Send private message quote this post

I do have the usual Visa debit/EFTPOS card and I can make overseas payments with that.

 

Upgrading to credit rather than debit card will give you an extra level of protection in that "your" funds are not actually used in any transactions until you get the bill at the end of the month... if there is anything dodgy you can dispute it more easily, .. pretty sure all the banks offer a no frills low annual fee card..

 

You might even be able to time it so that you dont have to pay you credit card bill until you are back in NZ.. (depending on how long you are away)


BDFL - Memuneh
63009 posts

Uber Geek
+1 received by user: 13586

Administrator
Trusted
Geekzone
Lifetime subscriber

14640 posts

Uber Geek
+1 received by user: 2722

Trusted
Subscriber

  Reply # 2190949 4-Mar-2019 20:12
One person supports this post
Send private message quote this post

It's a shame Kiwibank don't offer a physical token you can take.

 

While the advice here is good, when it comes to banking you should validate any advice you get online with your bank.


354 posts

Ultimate Geek
+1 received by user: 37

Lifetime subscriber

  Reply # 2190960 4-Mar-2019 20:45
Send private message quote this post

I can understand your reluctance to use Internet Banking, and you clearly face major medical issues (with associated stress) if you are headed offshore for treatment.  I would strongly suggest you talk to your bank about your concerns and see what options they suggest.  Make sure they cover concerns you have such as the use of devices you dont own.

 

Post back to this thread if you need independent advice on what your bank is suggesting you do.





--

OldGeek.


3508 posts

Uber Geek
+1 received by user: 910


  Reply # 2190961 4-Mar-2019 20:48
2 people support this post
Send private message quote this post

I generally use the Kiwbank app on my phone, and (once set up) this uses one's fingerprint for logging in.

 

As for other authentication protocols: Kiwibank's 2FA is fairly weak - to log into the website (ie, via a browser) they use a random selection of one of three (I think) 'questions' to which you need to add the missing letters to the marked box; there are preset options (of the type 'What city did your parents meet in?'), but you can also set your own questions/answers. This doesn't get used on the phone app (perhaps initially for set-up?).

 

On my phone I've also noticed that for certain transactions (perhaps the first to a new account number and/or over a certain amount?) I've been texted a code to authenticate the transaction. 


14724 posts

Uber Geek
+1 received by user: 1987


  Reply # 2190992 4-Mar-2019 21:37
Send private message quote this post

jonathan18:


I generally use the Kiwbank app on my phone, and (once set up) this uses one's fingerprint for logging in.


As for other authentication protocols: Kiwibank's 2FA is fairly weak - to log into the website (ie, via a browser) they use a random selection of one of three (I think) 'questions' to which you need to add the missing letters to the marked box; there are preset options (of the type 'What city did your parents meet in?'), but you can also set your own questions/answers. This doesn't get used on the phone app (perhaps initially for set-up?).


On my phone I've also noticed that for certain transactions (perhaps the first to a new account number and/or over a certain amount?) I've been texted a code to authenticate the transaction. 



 


I don't think the interface  has been updated for many years. The fact that it doesn't use mobile responsive design, or even a mobile view shows it is pretty ancient. 


mdf

2190 posts

Uber Geek
+1 received by user: 671

Trusted
Subscriber

  Reply # 2191007 4-Mar-2019 22:14
Send private message quote this post

You should have a chat to Kiwibank. Some years ago I got locked out of Kiwibank online banking as they detected "suspicious activity" - in my case an internet banking log on from a country they thought was suspicious even though I was on holiday there. Perhaps because I was on holiday there? All got sorted relatively quickly but it is worth letting them know your travel plans are. They may have suggestions too.

 

In any event, Kiwibank have a Loaded for Travel prepaid card that could be an alternative to a Visa. You can load it via internet banking from your existing accounts, or if it is an option, you can have someone else load in from NZ using a secure account number (there is a load only account number and a spend account number). The latter would save you having to register for online banking at all, and you can't spend more than is loaded on it. You'd need some way of contacting that person though which may well be the dreaded cell phone, though you might be able to avoid a smart phone and just text?


1637 posts

Uber Geek
+1 received by user: 245


  Reply # 2191057 5-Mar-2019 08:58
Send private message quote this post

It should be more secure to use a banks app on a phone rather than try to log into their website. You've also got a bit more come-back if something goes wrong.

 

A credit card gives you more protection than a debit card. My credit card was skimmed in London several years ago and the crooks went on a spending spree in Harrods to wrack up several thousand pounds worth of debt. I didn't find out until I had returned to NZ but my bank took ownership and removed the debt.

 

Don't forget to tell your bank where you're going and the dates. That way they won't flag your ligit transactions as being suspicious.


14640 posts

Uber Geek
+1 received by user: 2722

Trusted
Subscriber

  Reply # 2191075 5-Mar-2019 09:08
Send private message quote this post

A cheap Android phone, purchased in New Zealand, using a Thailand SIM is probably the best, easiest, and most secure way to do this.




Glurp
9712 posts

Uber Geek
+1 received by user: 4636

Subscriber

  Reply # 2191102 5-Mar-2019 09:22
One person supports this post
Send private message quote this post

I would rather avoid a phone if possible. I don't know anything about phones. I have never had one. On the few occasions I tried to use one I couldn't figure out how to make it work.

 

If I am in a foreign country undergoing treatment and trying to make a major financial transaction, I will already be anxious. At my age I don't want to compound that by having to screw with a piece of technology I am not familiar with and don't feel confident about. That may sound silly to anyone younger than 60 but it is how I feel.

 

Edited to add this postscript: I actually tried to do this once. Someone gave me a cheap Spark phone and I took it to Thailand just to use as a phone. I had forgotten about that. When I got to Thailand I did buy a local SIM but couldn't get it to work. A Thai computer technician I consulted couldn't get it to work either. It never did work and the phone is still sitting on a shelf somewhere. I can't afford to have something like that happen again after I am already there.

 

 

 

 

 

 





I reject your reality and substitute my own. - Adam Savage
 


14640 posts

Uber Geek
+1 received by user: 2722

Trusted
Subscriber

  Reply # 2191103 5-Mar-2019 09:25
Send private message quote this post

Can you just call Kiwibank on the phone and ask them to do the transaction manually? They'll ask standard questions to make sure it's you. They might charge a fee, but it'd probably be worth paying for ease of use and peace of mind.


Mad Scientist
19991 posts

Uber Geek
+1 received by user: 2713

Trusted
Lifetime subscriber

  Reply # 2191105 5-Mar-2019 09:26
Send private message quote this post

The phone is not the most secure thing in the world.

 

Someone who really wanted your money would get your phone and they will get all the codes to get in if they knew a couple more information about your account.





Swype on iOS is detrimental to accurate typing. Apologies in advance.


BDFL - Memuneh
63009 posts

Uber Geek
+1 received by user: 13586

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2191106 5-Mar-2019 09:35
Send private message quote this post

Batman:

 

The phone is not the most secure thing in the world.

 

Someone who really wanted your money would get your phone and they will get all the codes to get in if they knew a couple more information about your account.

 

 

It depends what "phone" is in this context. A voice call? Yes, not secure - know a few things about you and a person with social engineering skills could drain someone's account. An app? More secure than phone calls. Phones can be locked out, require fingerprint for transactions/login, require a second authentication factor for transactions, etc.





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.