Internet Banking Warning

[Spotty]

Quote:

Originally Posted by BlewThunder

Ok so lets say some punk breached the banks system...why on gods green earth would he steal just a measley $2000 from YOUR PERSONAL account, when he would have MILLIONS available from the banks system. Sorry dude but your story doesn't add up, you got your money back, get some facts and stop whinging.



I'm not sure about westpac and other banks systems, but I know with ING direct and their online login it has a numeric keypad that pops up that you click on, the lay out of the keys is different every time, so this virus would have to a) decode this keypad b) work out where my mouse clicks c) put the two together. The probability of that seems off the scale....but hey it could be possible.





Paranoid MUCH? If they monitor your account through a breach in your system, and you don't notice, more fool you. You will probably find a last logon time for your banking which you should always check and make sure it was a time you actually logged on...if it wasn't then id be calling the bank. If they monitor your account through a breach in the banks software, do you not think they would steal from a shitload more peoples accounts and therefore prompt an investigation by the bank as to why its losing ITS money....

Sorry to rain on you parade....but what's the saying...no point crying over spilt milk...especially when you dropped the carton....especially when the bank replaced said carton. :Up_to_som

Your not raining on my parade.......you've just dropped one in your own jocks.
Why are you so defensive about the lack of security of internet banking? People ARE being ripped off. The backlog of internet banking fraud cases in my bank is now 3 -5 weeks or around 500+ transactions. And why are the banks taking the financial hit by reimbursing customers the money that has been stolen? ....their very concerned and do not want the publicity. Can you answer this.....would a bank give you your money back if you took out cash via teller and were then robbed out in the street? I will answer it for you NO. The banks have to much to lose if their is a substantial drop in confidence in the security of internet banking. In answer to your comment as to why millions arent being ripped off (and I dont recall mentioning any specific amount being taken from my account- where did you dream that one up??) - the answer is quite simple there are daily withdrawl limits placed on these accounts and the fraudsters prefer to embezzle smaller amounts to minmise attention.

So dude...you say my 'story' doesnt add up?? Really? A story you claim. and .....am I really a fool for forgetting to logon on to my internet banking account at 4.16am and noticing that their had been a fraudulent withdrawl at 4.09am? and that my last login in time was 8.50pm 7 days prior.

Actually on reflection I feel sorry for you....or perhaps you work in a bank whatever, my 'story' was put out there in the public interest and its a pity you have attempted to discredit it. I have no idea why, but I wish you well with your confidence with the security of internet banking.

[Laminge]

Quote:

Originally Posted by 05MkIIFutura

From Nov 11, SUNCORP will also be offering these secure ID cards as an option to customers. Once again, they seem to be at the front of the pack.

Secure ID Cards for internet banking... are you sure its leading edge technology? : : :

Anyone heard of the EPOLI system, developers have managed to intergrate a payment gateway system to pre populate feilds in your Internet Banking window for ease of payments....

[GOLDIE]

I am glad that with the nab to do a transfer to some one elses bank it sends a sms to my nomidated moblie phone with a code that has to be entred before it will do the transfer.

It also tells me in the sms the amount and who to so if that code is wrong no money goes out of the account.

This code is different for every transfer.

Ian

[Spotty]

Quote:

Originally Posted by jeffb

Sorry dude, I work in the financial sector, you cant just break down the banks gate and help youself, your system was comprimised not the banks. if you were using quality spyware and antivirus tools along with a firewall this would not have happened.

My PC (which by the way did have spyware, latest symantec anti vrius and a 2 way firewall + Xp with service pack 2 installed) was the most certainly the access point to the 'banks system'. When I talk about the 'banks system' I am not referring to the banks databases. By system I mean the 'whole business system' which when looked at holistically in an internet banking context encompasses the interconnectiveness of banks internet banking policies, my PC and their database. One would think that the level of security referred to above would be sufficient....but it seems not.

[EA2BA]

Spotty money was taken from your account without your knowledge as you say, the bank gave you the money back, if it turns out you are lying and trying to fraud the bank then they will take the money back and haul your **** to jail, so its easier to shut people up first then prosecute them later if needed isnt it.

At the end of the day the bank may still deem your loss was your fault and take the money back off you, they can and will do that.

[Laminge]

Quote:

Originally Posted by Spotty

My system was not breached it was the banks. .....

No, the banks system was not breached, once you come to accept this, you will realise the flaws at your end.

No internet banking system has been breached.

I have over 21years experience in this industry.

As it is your right to run around the room with this theory being waived madly at others, so is mine to dispute it with a tad little more experience.

Your answer of NO to the ATM in the street is also of interest, but I am afraid the answer is not so straight forward as a NO.

I have seen enough people go through the justice system who would also disagree.

[Spotty]

Quote:

Originally Posted by EA2BA

Spotty money was taken from your account without your knowledge as you say, the bank gave you the money back, if it turns out you are lying and trying to fraud the bank then they will take the money back and haul your **** to jail, so its easier to shut people up first then prosecute them later if needed isnt it.

At the end of the day the bank may still deem your loss was your fault and take the money back off you, they can and will do that.

Yes I do understand that and so they should if that was the case. My case was interesting.....funds were transferred late in the day and transferred to an account interstate. From there smaller amounts were then transferred to other bank accounts and so on. All I have been able to find out is that there are anumber of syndicates doing this. Fortunetaly in my case my money never reached the destination account was the crook stuffed up the BSB/Account number details and the money was parked in never never land for a few weeks.

[EA2BA]

Quote:

Originally Posted by Spotty

Yes I do understand that and so they should if that was the case. My case was interesting.....funds were transferred late in the day and transferred to an account interstate. From there smaller amounts were then transferred to other bank accounts and so on. All I have been able to find out is that there are anumber of syndicates doing this. Fortunetaly in my case my money never reached the destination account was the crook stuffed up the BSB/Account number details and the money was parked in never never land for a few weeks.

Hence it got back to you rather quickly, otherwise I do suspect you would be in the list of waiting people, banks dont hand money out like lollies.

[Homer1]

Quote:

Originally Posted by niko

that's why westpac's logon system is perfect... push button system (on screen keyboard)

HSBC have a random PIN code where they issue you a small keyring thing and you press the button to get the code for that particular date and time. This is after you have entered your personal acc no. and PIN

[4.9 EF Futura]

Quote:

Originally Posted by Homer1

HSBC have a random PIN code where they issue you a small keyring thing and you press the button to get the code for that particular date and time. This is after you have entered your personal acc no. and PIN

Yes, the secure RSA ID tags which i mentioned before. Unfortunately it's not economically feasible for someone like the CBA to issue an RSA tag to every customer with a transaction account. Seeing as they approve 250,000 home loans alone each month, and every one of those people would prob have an S1 savings account.

Indeed, the RSA tags are currently considered (by the banks at least) to be the pinnacle security device for online transactions.

Quote:

I am glad that with the nab to do a transfer to some one elses bank it sends a sms to my nomidated moblie phone with a code that has to be entred before it will do the transfer.

I think the notification systems are excellent. Im not purporting to be an expert in the field, but this is the kind of technology i expect to see being utilised increasingly, at least, before we see widespread deployment of expensive RSA tags.

Quote:

The backlog of internet banking fraud cases in my bank is now 3 -5 weeks or around 500+ transactions.

And?

I just met with the executive management team of a bank (i kid you not, i just got back then) who have had a number of frauds over the past 12 months that you could count on one hand. But this is a small entity, its of no suprise.

My point? 500 transactions is a lot of transactions to some banks. To others, it represents mere MINUTES of activity.

500 potentially fraudulent transactions... Out of, what, 1,000,000 per day for a large bank? 2,000,000? Heck, even they prob cant quantify the total number of transactions occuring within their core banking system.

More noteably, do you think they care about each individual transaction? About as much as they do about each loan they write. It's managed from a portfolio perspective. So long as the "Average" observations are within a tolerable limit - then so be it.

In a perfect world, we could stamp out fraud. In light of the pussbucket in which we do live, the best we can do is manage the risk.

Quote:

All I have been able to find out is that there are anumber of syndicates doing this

Excuse the pun, but I'll pay that. Aside from your amatuers (who are the people that actually get caught), it's big bucks for international organised crime. Small value (a few grand), large volume. As opposed to single transactions trying to take large amounts.

What's even scarier is the identidy fraud which is becoming a prevalent way to rob the banks. $600 will get you a bogus passport, drivers licence and payslips. That's all you need to set up an account and get loan fundings deposited into it. Heck, can prob do it cheaper than that if you're handy with the mouse in photoshop. Poor bank doesnt even know until the loan hits 90 days arrears and goes into default.

I just... i cant see where you're going with your views Spotty. Are you demanding something be done about it? Are you trying to blow the whistle on something that we already know about?

Im certainly not questioning the valdity of your experience. Sounds pretty typical to me.

But if the problem had reached the pandemic proportions which you are claiming, dont you think we'd figure it out for ourselves? If 1 in 3 people are getting ripped off via internet banking then we dont need the issue publicised because we'll figure it out for ourselves.

But if 500 out of every million are having a problem... well, is 0.05% really a systemic problem?

I would also point that a LARGE percentage of frauds are recoverable under various insurance policies. So, dont take the bank's refunding of your loss like some sort of gag payment. Chances are it came in their back door as an insurance recovery prior to you recieving the refund.

I must also congratulate you on the reactive formation of your views. Im sure you would have gotten around to launching your campaign against internet banking had you not been the victim of fraud yourself? For any Maddox fans out there, i think this is a fairly severe case of Christopher Reeve/MJ Fox syndrome (i.e. backing a cause because you're a victim yourself).

Quote:

Your answer of NO to the ATM in the street is also of interest, but I am afraid the answer is not so straight forward as a NO.

Agreed. In fact if it were not a deliberate breach of my legilsative obligations i'd be happy to produce documentary evidence which coincides with Laminge's sentiments.

[Spotty]

I just... i cant see where you're going with your views Spotty. Are you demanding something be done about it? Are you trying to blow the whistle on something that we already know about?


But if the problem had reached the pandemic proportions which you are claiming, dont you think we'd figure it out for ourselves? If 1 in 3 people are getting ripped off via internet banking then we dont need the issue publicised because we'll figure it out for ourselves.

But if 500 out of every million are having a problem... well, is 0.05% really a systemic problem?

I would also point that a LARGE percentage of frauds are recoverable under various insurance policies. So, dont take the bank's refunding of your loss like some sort of gag payment. Chances are it came in their back door as an insurance recovery prior to you recieving the refund.

I must also congratulate you on the reactive formation of your views. Im sure you would have gotten around to launching your campaign against internet banking had you not been the victim of fraud yourself? For any Maddox fans out there, i think this is a fairly severe case of Christopher Reeve/MJ Fox syndrome (i.e. backing a cause because you're a victim yourself).


Agreed. In fact if it were not a deliberate breach of my legilsative obligations i'd be happy to produce documentary evidence which coincides with Laminge's sentiments.[/QUOTE]

Isnt it interesting just how often the view or opinion of the customer differ from that of the banks or those closely associated with banks? Who is serving who? You have used the word pandemic.....not me...do you know something we don't? Your argument regarding insurance is typical of the limited systemic view that permeates the thinking of banks....yeah right its been claimed back through insurance....now tell me what drives the insurance premium and who pays for the increased premium? It certainly wont by the bank taking a reduction in profits....increase charges perhaps. As for the reactive formation of my views....perhaps..but this expereince has at least provided me with some facts on which to base my thoughts and opinions. But then again...being reactive is the customers prerogative....perhaps something else you have overlooked.

[Jeeepers]

Having read this trhead, I can say I have had no issues in the 3 years I've been doing the banking on the net. My bank uses the keypad system too. You are only as secure as your PC. Firewalls, anti-viral, and anti-spyware software are a must. Regardless of what you do on the net. The losses ocur from the theft of your details. And the use of this data.

[AEF_Silver94]

i always use internet banking

up to date antivirus
zone alarm firewall set on high ( your stealthed )
2 anti spyware programs

never a problem.

[GasoLane]

Just out of interest Spotty (no banking pun intended) are your passwords kept on the PC?

Mine are in a desk drawer here, lets see a virus get into that!

[4.9 EF Futura]

Quote:

Originally Posted by Spotty

Isnt it interesting just how often the view or opinion of the customer differ from that of the banks or those closely associated with banks? Who is serving who? You have used the word pandemic.....not me...do you know something we don't? Your argument regarding insurance is typical of the limited systemic view that permeates the thinking of banks....yeah right its been claimed back through insurance....now tell me what drives the insurance premium and who pays for the increased premium? It certainly wont by the bank taking a reduction in profits....increase charges perhaps. As for the reactive formation of my views....perhaps..but this expereince has at least provided me with some facts on which to base my thoughts and opinions. But then again...being reactive is the customers prerogative....perhaps something else you have overlooked.

If you're suggesting that my views are influenced by me being "aligned" with the banks then rest assured this is not the case. In fact my colleagues and I are probably the banking industry's 'most hated' group of people.

Lol, i had a large block of text to talk around this issue - but its sufficient to state that i am certainly not 'in bed' with any of the banks. Indeed, independence is cruical to the success of my role.

[Laminge]

I unlike 4.9 EF Futura, am certainly aligned to the one of the big Banks and am highly amused at the discussion in this thread

[fmc351]

Ive used internet banking for several years and never had a problem.

Quote:

Originally Posted by 4.9 EF Futura

Exactly. From the bank's perspective, their system was working fine. Had you not reported the fraud, they would not have even known because on their "dashboard", all the "gauges" were working fine.

And this is the unique risk which arises from internet banking. The bank is allowing you to access a very secure system from a very unsecure terminal.

And also results in what may appear to be some pretty rude behaviour. They need to be confident that you were indeed ripped off - and that you're not just trying to scam them. To do any less would be a slap in the face to other depositors and also the bank's shareholders.

At the end of the day, the Banks will be forever chasing their tail - and they know this. For every measure they implement, the crooks will get around it. It's a matter of staying a step ahead of them... maybe even half a step.

Closing of branches, the hours that start after most are at work and finish before many get off, the standard practice of income being directly deposited into your account and the removal of being paid in cash, forces 'customers' (I use this term lightly, as you really have no choice but to patron a bank) to use the services available; that in itself makes them at least somewhat responsible for what occurs on a home PC when the best of systems within reasonable pricing is inherently lacking given the time and resources white collar criminals put into these exercises. Its akin to Laminges post about the banks responsibility when patrons use an ATM.

I agree with the necessity of verifying the legitimacy of claims though.

Banks payout because they want people to use this system, its cheaper for them. People wont use it, if they must assume all the responsibility, especially when they cant due to its complexity and the dynamic nature of computer crime and prevention.

Quote:

Originally Posted by Laminge

Your answer of NO to the ATM in the street is also of interest, but I am afraid the answer is not so straight forward as a NO.

I have seen enough people go through the justice system who would also disagree.

Quoted for truth.

[havoc19]

haha this is the biggest load of **** ive heard in a while a bank wont give us id tag protection or better protection coz its cheaper to just not what the hell are we paying billions in dollars of fees for so they can sit around and think gosh golly were ******* them in the **** we may aswell pay them back. 10 million a year to stop internet fraud or atleast serverly reduce it seems quite logical to me but not to money hungry corporations like banks that constantly rip us of in fees then when they pay some poor guy bak coz there penny pinching resulted in him losing money hes meant to be grateful what a crock of ****

[GasoLane]

Quote:

Originally Posted by havoc19

haha this is the biggest load of **** ive heard in a while a bank wont give us id tag protection or better protection coz its cheaper to just not what the hell are we paying billions in dollars of fees for so they can sit around and think gosh golly were ******* them in the **** we may aswell pay them back. 10 million a year to stop internet fraud or atleast serverly reduce it seems quite logical to me but not to money hungry corporations like banks that constantly rip us of in fees then when they pay some poor guy bak coz there penny pinching resulted in him losing money hes meant to be grateful what a crock of ****

Erm ... could you please re-post this in English?

[Laminge]

Don't ask him to do that for gods sake, he may have something sensible to say, and we wouldn't want to ruin his image

[HLC]

i can check my accounts on the net. but cannont transfer money or something?

i dont really know. my parents set it up. but no hassles here.

[05MkIIFutura]

Quote:

Originally Posted by GasOLane

Mine are in a desk drawer here, lets see a virus get into that!

Err, but what about the bare-foot and preganant crack addict wagga wagga bogan who will probably turn your house over tonight?? That isnt one of the more secure places to hide passwords either, in fact the bank can probably get out of recovering your lost funds for that!!!

[fmc351]

Quote:

Originally Posted by 05MkIIFutura

Err, but what about the bare-foot and preganant crack addict wagga wagga bogan who will probably turn your house over tonight?? That isnt one of the more secure places to hide passwords either, in fact the bank can probably get out of recovering your lost funds for that!!!

My bank is happy with passwords in drawers, they take exception to keeping it on the PC though. The only thing they suggest is to try and disguise it. They understand (Im choking on that one) people, especially older people : , will forget such tings.

[GasoLane]

Quote:

Originally Posted by 05MkIIFutura

Err, but what about the bare-foot and preganant crack addict wagga wagga bogan who will probably turn your house over tonight?? That isnt one of the more secure places to hide passwords either, in fact the bank can probably get out of recovering your lost funds for that!!!

It's possible. If they could get in, find the right room, find the right drawer and work out which password is for what.

This is assuming that your regulation "crackhead" -you really do watch too much TV- knows out how to turn on a PC.

But this is getting off topic... I am still curious though as to whether Spotty keeps his passwords on the PC or not.

[DTFRMONT]

Quote:

Originally Posted by Homer1

HSBC have a random PIN code where they issue you a small keyring thing and you press the button to get the code for that particular date and time. This is after you have entered your personal acc no. and PIN

With the HSBC keytag thing not only do you have to enter a code when you log on, it also asks you for a code when paying bills or completing a transfer. Great system, haven't had any problems yet.

[strife]

Quote:

Originally Posted by EA2BA

I like how the banks set a minumum securtity policy for the use of the services they provide, yet do no checks before allowing you to use the services, let alone a splash page with the current requirements, no wonder fraud is so high.

whats the saying all care but no responability.

I go through alot of trouble to keep everything up to date on our network, both patches and anti-virus and regular scans, but at the end of the day if someone gets a virus they put it there, I can't baby sit users 24/7.

that would be the business v there it security folk...business win all the time

[strife]

[QUOTE=Laminge]Secure ID Cards for internet banking... are you sure its leading edge technology? : : :



its not westpac has used that for payment authorisation for nearly 5 or more years

[strife]

Quote:

Originally Posted by Spotty

My PC (which by the way did have spyware, latest symantec anti vrius and a 2 way firewall + Xp with service pack 2 installed) was the most certainly the access point to the 'banks system'. When I talk about the 'banks system' I am not referring to the banks databases. By system I mean the 'whole business system' which when looked at holistically in an internet banking context encompasses the interconnectiveness of banks internet banking policies, my PC and their database. One would think that the level of security referred to above would be sufficient....but it seems not.

The extent of interent banking fraud is very high and I would say 95 percent would be delivered via consumer pcs

[strife]

Quote:

Originally Posted by havoc19

haha this is the biggest load of **** ive heard in a while a bank wont give us id tag protection or better protection coz its cheaper to just not what the hell are we paying billions in dollars of fees for so they can sit around and think gosh golly were ******* them in the **** we may aswell pay them back. 10 million a year to stop internet fraud or atleast serverly reduce it seems quite logical to me but not to money hungry corporations like banks that constantly rip us of in fees then when they pay some poor guy bak coz there penny pinching resulted in him losing money hes meant to be grateful what a crock of ****

there is some kinda of interesting points you may be able to pull out of here.

The australian consumer base expects that the banks pay for their security, the north american market this is certainly different.

[strife]

Quote:

Originally Posted by fmc351

My bank is happy with passwords in drawers, they take exception to keeping it on the PC though. The only thing they suggest is to try and disguise it. They understand (Im choking on that one) people, especially older people : , will forget such tings.

5.6 (c) of the EFT code of conduct requires you to make reasonable attempts at protecting the data.

link for everyone else thats a read

http://www.asic.gov.au/asic/pdflib.nsf/LookupByFileName/eft_code.pdf/$file/eft_code.pdf