IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [banks]

Use for questions about security practices used by banks and other financial institutions.

220 questions
191
votes
4 answers

Is Plaid, a service which collects user’s banking login information, safe to use?

I recently signed up for Privacy.com, which uses a service called Plaid to link a bank account. To do this, it requires the user to provide their banking username and password to a webpage from Plaid, not their bank. Then, Plaid accesses the…
gfrung4
  • 2,489
  • 3
  • 7
  • 8
146
votes
1 answer

How does Shutterstock keep getting my latest debit card number?

I've made a single photo purchase from Shutterstock back in 2012. I created an account and gave them my debit card #. I haven't made a single purchase from them since. Silently in 2018, they activated auto-renew without my consent, without notifying…
Marquizzo
  • 1,907
  • 4
  • 9
  • 13
128
votes
3 answers

Should I be worried of tracking domains on a banking website?

Finland's largest bank OP (former Osuuspankki) has added tracking domains (all three owned by Adobe) in their website redesign: These domains are loaded when signed in: 2o7.net demdex.net omtrdc.net Is this considered acceptable? What information…
user598527
  • 1,303
  • 2
  • 9
  • 16
98
votes
13 answers

Is a 6 digit numerical password secure enough for online banking?

My bank went through a major redesign of their customer online banking system recently. The way security is managed across the platform was also reviewed. The password I am able to set now to log in is forced to be 6 digits long, numerical. This…
mika
  • 963
  • 1
  • 7
  • 9
76
votes
10 answers

Bank wants my Online-banking PIN through the telephone

My new girocard did not reach me. I wanted to call the bank to block the old and get a new one. So I checked my online banking and found a phone number ("Block card: girocard or visa card lost? Call 04106-...). I called said number, and I talked to…
Alexander
  • 2,143
  • 2
  • 16
  • 22
71
votes
10 answers

Can I scratch off the magnetic strip off a debit card to only allow chip and PIN?

I have been robbed in the past by thieves using my HSBC Debit Card (issued by UAE branch) to purchase mobile phones and accessories by signing for the purchases. While the card has chip & PIN protection, HSBC mention (in the fine print) that,…
Brian
  • 711
  • 1
  • 5
  • 3
71
votes
10 answers

Does disabling right click have any impact on security?

On a banking website I see that they have disabled right-click. Does that make the site any more secure? Is it a good general practice?
18bytes
  • 885
  • 1
  • 10
  • 12
71
votes
9 answers

How can "USB stick" online identification possibly work?

My bank recently revamped its website, and it changed for the better as far as I’m concerned. Especially, security seems to have been dramatically enhanced. Most importantly, they introduced a rather unusual (I’ve never seen this before)…
user135452
63
votes
8 answers

My bank support just asked me for my online banking credentials

As title says, I was asked for my online banking password while on the process of getting in touch with a real person. This is something I'd never do and knowing that the call was being recorded (for further improvement of the bot I was talking to)…
sysfiend
  • 2,364
  • 4
  • 14
  • 22
51
votes
9 answers

Can users make use of a password manager when banks tell them never to write passwords down?

Consider a user who wants to use a password manager for their banking passwords. Advice from banks usually says they should never write down their password. The user would be concerned about going against that advice, as it could mean their bank…
paj28
  • 32,736
  • 8
  • 92
  • 130
42
votes
3 answers

How does HSBC's "Secure Key" actually work?

My bank has recently sent me a Digipass/Secure Key, which looks like a tiny calculator. You press the green button to turn it on, type a PIN to unlock it, then press the green button again to generate a 6-digit code that you type when logging…
DisgruntledGoat
  • 524
  • 1
  • 4
  • 9
42
votes
3 answers

Why are my plastic credit card and activation code sent separately?

Capital One recently sent my plastic credit card by post mail and its activation code by a separate post mail. What security problem does this mitigate? If a rogue element has access to my mail box or home, they will have both the plastic card as…
Lord Loh.
  • 559
  • 4
  • 7
42
votes
3 answers

Why do some internet banks force logout on back button?

A design pattern I've noticed on internet banking sites is that you get automatically logged out and sent to a warning page if/when you hit the back button on your browser, ending your session and obliging you to log in again. I'm presuming this is…
Nick F
  • 545
  • 4
  • 7
38
votes
5 answers

New payment option on Paypal "Enter your online banking ID + password": Any mechanism that could make this safe?

Paypal has a new payment option called "Bank Account" which says: Enter your online banking ID + password QUESTION: To me it sounds unsafe (ie: sends my password to a third-party organization like Paypal), but does there actually exist any…
Nicolas Raoul
  • 1,276
  • 2
  • 12
  • 17
38
votes
8 answers

Why does my digital bank need my phone date and hour to be correct?

I'm not from Information Security or any IT related area. But I want to know if there is any security reason for my digital bank to demand my phone to be on "Automatic Date & Time"? For example, if I'm abroad, I cannot transfer some money to a…
RA828
  • 493
  • 4
  • 7
1
2 3
14 15