U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 05-20-2009, 06:20 PM
 
Location: Austin, TX
16,791 posts, read 45,517,856 times
Reputation: 9446

Advertisements

On-line banking, how safe is it? It seems to me that its probably safer then writing and mailing checks, assuming one is using a private internet connection from home. But I'd like to hear what you technology experts have to say about it. Is it safe?

I understand one should not use passwords and pin numbers while connecting via a public wireless connections.
Rate this post positively Reply With Quote Quick reply to this message

 
Old 05-20-2009, 06:36 PM
 
10,847 posts, read 20,017,010 times
Reputation: 10422
As far as others getting access to your account, it's only as safe as you are. If your PC gets infected with a keylogger or some such, there goes your password, account info, and money. I've been paying all my bills online for a few years now with no problems, you just have to be sure your computer isn't compromised and your not one to fall for the many phishing emails that wander into your inbox.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 06:56 AM
 
41,817 posts, read 47,073,024 times
Reputation: 17785
Quote:
Originally Posted by CptnRn View Post
It seems to me that its probably safer then writing and mailing checks,.
I would tend to agree however I've also gone to greater lengths than the average person to make sure I'm secure.

When you connect to a banking site or any site that requires personal information you'll be doing so over SSL (the lock). This uses public/private key encryption. In a nutshell you are sent a key by the server that can be used to encrypt data. The browser encrypts the data and sends it back to the server. The reason this works so well is because the public key sent to you can only be used to encrypt data. Once encrypted it can only be decrypted using the private key.

The same method can be used for email communication and is pretty much the standard for any secure communication because you can easily distribute public keys because they are useless except to encrypt data.

When and if security breaks down is before the data is encrypted such as the keylogger already mentioned or afterwards if the server is insecure. Doesn't matter how secure the data transfer is if a hacker can break into the system and grab the details of hundreds of thousands of people that have been decrypted.

While on the topic check out keepass , you can use this to store all your login/passwords locally. It require you to remeber one password to gain acess to it. One very large benefit is being able to use much longer and complex passwords without having to wite them down or remeber them.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 09:40 AM
 
Location: The DMV
5,609 posts, read 9,609,477 times
Reputation: 6751
Bottom line - no less secure than other banking methods, and probably more so because you minimize the biggest threat to information security - people. Meaning because most of it is automated, you run less risks of human errors, intent, etc.

Its just a different method of doing something - and the risks fall in different areas. With OLB, the customer has to take more responsiblity as part of the risk factor is now in your own system.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 11:24 AM
 
Location: Maryland not Murlin
8,334 posts, read 23,951,622 times
Reputation: 6454
Quote:
Originally Posted by macroy View Post
Bottom line - no less secure than other banking methods, and probably more so because you minimize the biggest threat to information security - people. Meaning because most of it is automated, you run less risks of human errors, intent, etc.
I wouldn't take it that far. While it may have been easier for someone to rip you off in the past, it was only easier because it took longer to trace and track down the culprit(s). The only real difference is that the cat and mouse game today has become less cat and mouse. The person sitting next to you with his laptop or smart phone would be draining your bank account and you will never know it, at least not at that moment.

Online banking, or anything really, is neither more secure nor less secure than now than it was in the past with the old way of doing things. Any lock can be picked, any wall can be climbed, and any bit of code be hacked. At least currently.

About a year ago, here in Maine, someone stole credit card and bank information at one of the chain grocery stores to the tune of tens of thousands of accounts. How did they get the information? They found a security flaw in the software that ran the credit-card swipe machines.

The truth is that your information is not going to be 100% safe. Anyone can hack into the DMV (or BMV), any company, bank, etc. and steal your information. You can take every precaution, and you should, but most of your 'information' is out there in areas that are beyond your control. If someone really wanted to, they could steal it. Not much you can do about it. If you are really paranoid than the only real way to avoid it is to pay with cash, don't have a bank account, phone account, any bill in your name, etc. and go live out in a cave.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 12:04 PM
 
Location: Austin, TX
16,791 posts, read 45,517,856 times
Reputation: 9446
Quote:
Originally Posted by thecoalman View Post
I would tend to agree however I've also gone to greater lengths than the average person to make sure I'm secure.

When you connect to a banking site or any site that requires personal information you'll be doing so over SSL (the lock). This uses public/private key encryption. In a nutshell you are sent a key by the server that can be used to encrypt data. The browser encrypts the data and sends it back to the server. The reason this works so well is because the public key sent to you can only be used to encrypt data. Once encrypted it can only be decrypted using the private key.

The same method can be used for email communication and is pretty much the standard for any secure communication because you can easily distribute public keys because they are useless except to encrypt data.

When and if security breaks down is before the data is encrypted such as the keylogger already mentioned or afterwards if the server is insecure. Doesn't matter how secure the data transfer is if a hacker can break into the system and grab the details of hundreds of thousands of people that have been decrypted.

While on the topic check out keepass , you can use this to store all your login/passwords locally. It require you to remeber one password to gain acess to it. One very large benefit is being able to use much longer and complex passwords without having to wite them down or remeber them.
Thanks, that is the kind of information I was hoping for, to better understand how it worked.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 12:54 PM
 
Location: The DMV
5,609 posts, read 9,609,477 times
Reputation: 6751
Quote:
Originally Posted by K-Luv View Post
I wouldn't take it that far. While it may have been easier for someone to rip you off in the past, it was only easier because it took longer to trace and track down the culprit(s). The only real difference is that the cat and mouse game today has become less cat and mouse. The person sitting next to you with his laptop or smart phone would be draining your bank account and you will never know it, at least not at that moment.

Online banking, or anything really, is neither more secure nor less secure than now than it was in the past with the old way of doing things. Any lock can be picked, any wall can be climbed, and any bit of code be hacked. At least currently.

About a year ago, here in Maine, someone stole credit card and bank information at one of the chain grocery stores to the tune of tens of thousands of accounts. How did they get the information? They found a security flaw in the software that ran the credit-card swipe machines.

The truth is that your information is not going to be 100% safe. Anyone can hack into the DMV (or BMV), any company, bank, etc. and steal your information. You can take every precaution, and you should, but most of your 'information' is out there in areas that are beyond your control. If someone really wanted to, they could steal it. Not much you can do about it. If you are really paranoid than the only real way to avoid it is to pay with cash, don't have a bank account, phone account, any bill in your name, etc. and go live out in a cave.
Information security is not just about stopping breaches and exposures, but also about availability, integrity and privacy. With automated systems, you lessen the amount of people that need access/manipulate the info. And while a fault in the technology can affect the entire process, its usually more consistent and easier to fix as a whole than mistakes made by people at all different levels.

And you're absolutely right, there is no 100% with regards to security - but given the risks - I'd take technology over manual procedures.
I'd take a cc swiper over the old imprints / carbon receipts.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 12:57 PM
 
16,308 posts, read 26,901,131 times
Reputation: 8340
Quote:
Originally Posted by K-Luv View Post
The person sitting next to you with his laptop or smart phone would be draining your bank account and you will never know it, at least not at that moment.
Well yes, if you are reckless enough to do this in an open WiFi hotspot your computer is available to be surfed. I don't worry about what the person sitting next to me is doing, I'm married to her

Quote:
Originally Posted by K-Luv View Post
Online banking, or anything really, is neither more secure nor less secure than now than it was in the past with the old way of doing things. Any lock can be picked, any wall can be climbed, and any bit of code be hacked. At least currently.
Point taken, there IS NO ABSOLUTE SECURITY, and if someone wants in bad enough, they will eventually succeed. However; there is a point of diminssioning returns. I have a number of safe guards in place, but I also recognize that someone if they spent enough time could penetrate it. They would probably make 50 cents on the hour for their efforts. Little fish don't need to worry about extensive efforts to hack in, they will go after the big fish, or those that don't have any protection in place.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-21-2009, 06:25 PM
 
41,817 posts, read 47,073,024 times
Reputation: 17785
Quote:
Originally Posted by K-Luv View Post
Any lock can be picked.
Well I wouldn't put it in that context as far as encryption goes, encrypted data using 128 bit encryption is impossible to break for the average person or even large countries with a lot of resources. There's speculation whether NSA is capable of breaking it and 128 bit is getting pretty old. The context I would put it in is you have a 3 foot thick steel front door but some flimsy cardboard for the back door.

Generally speaking when security breaches occur it's done through a simple exploit or some work around. Again the keylogger is an excellent example and social engineering such as the phishing sites are another great example. Security is only as good as the weakest link. Hackers attack easy targets, make yourself less of a target and they'll move onto someone else.
Rate this post positively Reply With Quote Quick reply to this message
 
Old 05-22-2009, 08:38 AM
 
16,308 posts, read 26,901,131 times
Reputation: 8340
Quote:
Originally Posted by thecoalman View Post
Well I wouldn't put it in that context as far as encryption goes, encrypted data using 128 bit encryption is impossible to break for the average person or even large countries with a lot of resources. There's speculation whether NSA is capable of breaking it and 128 bit is getting pretty old. The context I would put it in is you have a 3 foot thick steel front door but some flimsy cardboard for the back door.
128-bit SSL encryption has been considered 'secure' for a long time, yet has recently been compromised. A flaw in the MD5 algorithm has been exploited, and yes it is still a tough nut to crack.

The key to cracking any encryption is processing power, be it the anagram in the morning paper or 256-bit AES encryption. As more and more processing power becomes available, it is only a matter of time until even that can be compromised.

And if you look at the big picture, keep in mind that a chain is no stronger than the weakest link.
Rate this post positively Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads

All times are GMT -6. The time now is 06:02 AM.

© 2005-2022, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Contact Us - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37 - Top