DO NOT PASS GO – Banking Security Risks at your ATM, POS, PC, and Mobile – Part Two

Posted: October 27, 2014 in Hacking, Network Security, Physical Security, Security, Social Engineering
Tags: , , , , ,

By William V. Burns

 October 27, 2014 

Secure your accounts

Secure your accounts

 In my previous blog post, I described a number of scenarios, in several different locations, that demonstrated risks to your banking. As they say, the Internet is a bad neighborhood. It is possible to safely use your banking resources even in such a sketchy environment. Just as you need to take physical precautions when you use money, you also need to take Internet security into account.

Let’s look at the precautions you can take to help reduce the risk in each of those places:

Right at the ATM you just left.

Skimming and shoulder surfing are two big threats here. Be familiar with your surroundings. If there is something different about the ATM, go inside and ask an employee about it, or delay your withdrawal and go to another ATM location. Don’t let people get close while you enter your PIN. In case something or someone is watching, make a habit of hiding your PIN entry with your other hand.

 Back at home, on your PC.

Phishing and malware are your two biggest threats. Phishing can be defeated by guarding your banking and personal information as zealously as you would the contents of all your bank accounts were they in an envelope. Don’t click on any link emailed to you. Never respond to any request, by phone, mail, email or whatever, that asks you to send them your password and account information. No legitimate institution will request that. Only use the bank’s website to logon, and don’t keep the password written down or on a file in the computer.

 Malware is a virus, or keylogging program, or a reconfigured web browser. Scan your PC for viruses and other malware often, using well-known software. Don’t ever download some security package at random from the Internet.

 Lock your session, or log out, from any machine you’re using, if you’re going to be away from it. Set your screensaver to lock automatically after a minute of inactivity. When you dispose of your system, make sure the hard drive has been destroyed properly.

 At the store, or the fuel pump, or the supermarket.

Skimming, shoulder surfing, employee copying of your info, the main protection is to either use cash or visit the same locations as much as possible and keep your eyes open. When traveling, you can buy some refillable VISA or gift cards to use at these places instead of your main bank card.

 Inside your smartphone.

You want to do your banking from your phone. In coordination with your investment app, your email app, and your text and Twitter and FaceBook connections, all your life is tied into one communications center. Here’s how to do mobile banking safely. Whether it’s a tablet or a smartphone, the only way to install an app is directly from your financial institution or via a link from that site. Don’t go to an application store directly and download an app, and especially don’t follow a link from an email or an unfamiliar website to get your banking app.

 Secure your mobile device. Keep it with you, make sure it automatically locks within seconds of idleness, password protect it, and make sure you have installed an app or method (some devices come with this feature install) to remotely disable it. Make sure you have looked up this method and made yourself familiar with it, before you have a lost device and have to spend precious minutes or hours trying to figure this out.

Don’t use public Wi-Fi connectivity for your mobile device. It’s far too easy to break into a mobile device using unsecured Wi-Fi. Use your 3G or 4G network. If your device doesn’t connect to such, ‘tether’ the device to your phone which does. If you feel you must use public Wi-Fi, never use your banking or other financial app while you’re connected.

Change your passwords often, at least one a month. This goes for your device, your apps, and if possible, your home Wi-Fi. Difficult? Yes, but with people phishing around for your information, it’s essential. If you have trouble keeping track of your passwords, I suggest a ‘container’ for all of them that’s much more secure than a sheet of paper or a text file (don’t use those), such as RoboForm, which manages and even creates secure passwords and stores them in an encrypted form. It’s about ten US dollars a year for the subscription, and is usable on almost every system or even a USB stick.

On the other side of the world, in a corporate server.

So you do your best. You become more aware of your surroundings, you update your PC, you are careful where you click and where you log on. But one day, you trust your financial information to a company or institution (school, another bank, your own bank, the government, etc.) and they lose it to a hacker.

What do you do now?

Learn the laws about your financial responsibility, and the financial institution, and the company that lost your information. Study this now, before you have such a loss. You may find that your bank, or the company that had the breach, has to make you whole. If you use a major credit card or a debit card with a VISA, MasterCard, or other major payment processor logo on it, you may be completely covered from loss.

In the immediate aftermath of a loss, call the bank or financial institution immediately. They may be able to reverse or replace the loss right then, or after a short period. Give them as much information as you can. Assume that all your other information is compromised, and change and cancel current cards as soon as possible and feasible.

Monitor your credit. Make sure you get an annual free credit report from the three major credit agencies, and see if everything on there came from you. You can also ‘freeze’ your credit files so nobody can use your identity to open new accounts of any sort unless you unlock it.

In short, use common sense, lower your amount of trust in strangers, read more about banking security (we link some excellent articles in the bibliography) and keep aware of risk.


CreditCards.Com – 8 Tips to Stop Banking App Fraud

Net Teller – Protecting Yourself from Online Banking Fraud

 Kaspersky – What is a Keylogger?

Fidelity – Protecting your mobile and online banking

RoboForm – Password Manager

Clark Howard – Credit Freeze and Thaw Guide


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s