IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [banks]

Use for questions about security practices used by banks and other financial institutions.

220 questions
32
votes
7 answers

Explain to non tech savvy person how to check that your connection to mybank.com is safe?

I was reading the security advice given by the Swedish Bankers' Association. They included these two pieces of advice (my translation), that I assume is to teach the user to check for SSL/TLS and protect from SSL-strip: Check that it is the…
Anders
  • 64,406
  • 24
  • 178
  • 215
29
votes
4 answers

How should I verify a caller is from the bank or company they claim?

I often get telephone calls from my personal bank, mortgage provider or utility companies. In most cases they start by asking me to verify my identity through the usual name/address/date of birth or in the case of the bank, security questions I've…
James Bradbury
  • 2,017
  • 19
  • 27
26
votes
5 answers

Bank asked for a cross login?

I was creating a new bank account here in the US at HSBC's popular online bank... You know the step where you have to verify the account you're sending from, by receiving two small test payments? I was astounded to see HSBC have a new system: You…
Fattie
  • 263
  • 2
  • 10
25
votes
3 answers

Bank complains about rooted Android. Is it really any worse than a Windows desktop?

When I use my bank's Android application, the app notices that my phone is rooted and puts up a message with a big red "danger" symbol and a message saying "vulnerable device." I totally understand that they do this, because financial institutions…
Fiksdal
  • 3,076
  • 3
  • 18
  • 29
24
votes
6 answers

My credit union is reducing its maximum password length to 10 characters

I just received an email from my credit union saying they are redesigning their online banking service and that I will need to change my password by October 22 to conform to the new limit of 10 characters. The current limit is 20 characters. This…
devuxer
  • 341
  • 1
  • 5
23
votes
3 answers

Why do some bank websites use passwords that are not case sensitive?

It was recently brought to my attention that a certain big bank website allows users to log in with passwords that are not case sensitive. After confirming this, I checked other websites I bank with and found a second big bank website that does the…
MDMoore313
  • 978
  • 9
  • 14
23
votes
5 answers

Password strength and banks 4 pin code?

Why is it that some security advisers recommend using an 8 character password with upper, lower, digits, and symbols while banks only use a 4 digit number pin for debit and 3 digit pin for credit card? Isn't it a risk for security using a short…
Esteru
  • 331
  • 1
  • 2
  • 3
21
votes
4 answers

Could my bank's two-factor authentication be hacked?

When I attempt to log in to my bank, an SMS code is sent to my phone. I then type this nine-character code into the bank's Web site, to login to my account. Is this vulnerable to attack, without hacking the bank's software or server, or without…
user13779
21
votes
7 answers

Unexpected email from Yorkshire Bank

I have started receiving unexpected emails from Yorkshire Bank. I have never been a customer. I don't recall applying for any of their products either, although maybe I did many years ago. The first of the strange emails reads: Your partial…
Stewart
  • 343
  • 1
  • 3
  • 8
20
votes
4 answers

What to do about "approved" direct banking MITM sites like sofort.com?

Brussels Airlines allows several payment types, only two of which are free: Maestro and Sofort Banking: The second option was new to me, but direct debit is usually a free and practical way to pay: The request is forwarded to the bank web site, I…
l0b0
  • 2,981
  • 20
  • 29
19
votes
3 answers

How do RSA SecureID ® Keys Work?

I have been using RSA SecureID ® Keys for quite some time now (perhaps 10 years), for things such as securely my home banking account online or accessing my company's network of computers from home. These keys generate a 6-digit numeric token which…
John Sonderson
  • 301
  • 1
  • 2
  • 5
18
votes
4 answers

Voice Biometrics for financial authentication

From this article: http://www.bbc.com/news/business-36762962 Apparently, it takes us 45 seconds on average just to confirm who we are. But by using computers to identify our voices, this authentication process can be cut to 15 seconds on…
lepe
  • 2,184
  • 2
  • 15
  • 29
14
votes
1 answer

How safe is my contactless bank card?

In the past few years Contactless Payment cards have been introduced and I have been reading some articles surrounding security of these cards. The following article "Stealing data from contactless cards is easy, experts warn" states A Which?…
User1
  • 3,041
  • 5
  • 23
  • 30
13
votes
2 answers

My bank makes me enter my password using the mouse. What's up with that?

Internet banking login process for Westpac requires user to enter the password using the mouse. It's annoying, what's up with that? Is it just to try and stop keyloggers on public computers or is there a better reason? Their mobile app lets you…
wim
  • 623
  • 1
  • 5
  • 18
13
votes
1 answer

How is it secure for Venmo to ask for credentials?

When linking a bank account, one of the options on Venmo is to provide the username and password of your online banking account. I can't seem to find people criticizing this practice, which surprises me, since I feel like it goes against every rule…
Daniel B
  • 441
  • 1
  • 3
  • 10
1
2
3
14 15