IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [financial]

50 questions
48
votes
5 answers

How does a website instantly know if a certain credit card number is wrong?

I was renewing my Internet subscription through the online portal of my ISP. What struck me was when I was entering my credit card details, I entered the type of my credit card (MasterCard, Visa, AA, etc), and when I entered the numbers, there was…
tony9099
  • 779
  • 1
  • 5
  • 10
48
votes
9 answers

How should high net worth individuals secure their financial accounts?

I try to follow account security best-practices (strong random passwords, password manager, multi-factor authentication, etc.) but I still find myself worried about potential compromises to my accounts, in particular financial accounts (e.g., banks,…
Logical Fallacy
  • 715
  • 8
  • 12
29
votes
1 answer

Are credit-card security codes theoretically insecure (if not entirely broken) already?

I was reading the Wikipedia article on Card security codes (CSC, CVD, CVV, CVC, V-code, SPC, CID, CV2, CVN2, CAcronym2, etc) and a certain assertion caught my eye (emphasis mine): The CSC for each card (form 1 and 2) is generated by the card issuer…
Dai
  • 1,686
  • 1
  • 13
  • 20
16
votes
2 answers

Can bankers' rounding be exploited to maliciously increase balances?

Everyone knows about the sure thing retirement strategy that is the Superman 3 exploit, but is there a way to exploit bankers' rounding to grab some of the less than half pennies "floating around out there"? Specifically, assuming that the internal…
Jim Bob
  • 303
  • 2
  • 7
12
votes
5 answers

Why should I have secure passwords for sites that I pay bills on?

What's the worst that can happen, the hackers will pay my bills for me? Assume that this isn't a malicious hacker out to disconnect my electricity. What kind of concerns are there for my finances, property, and personal data?
Bigbio2002
  • 287
  • 1
  • 3
  • 6
12
votes
1 answer

Why is it considered safe for services like Mint to store bank password?

My understanding is that, typically websites are recommended to store only hashes of passwords using one-way cryptographic hash function. This way, there is no way to retrieve the passwords even when somebody can hack the database.[1] On the other…
user69715
  • 231
  • 1
  • 2
  • 4
11
votes
8 answers

Is it possible to steal money directly from the systems of a big bank?

Sometimes I imagine: My money in the bank is just a floating point number in a mainframe's memory... So, if I just change 1 bit, I will win a lot of money... The most common way to steal money in banks today is to just ask people for their account…
Rodrigo
  • 317
  • 1
  • 3
  • 13
6
votes
2 answers

Couldn't credit/debit cards easily be made more secure?

As a person who is going to get my first credit or debit card, I began researching a bit about security of them and a couple of questions came up about why the system is designed the way it is. I read about large leaks of credit card data from…
George
  • 271
  • 2
  • 6
5
votes
1 answer

What is an ITGC Audit?

I don't get the purpose of such an audit especially given the way it is conducted. We have a 3rd party auditor who I won't name, but let's just say they probably audit the majority of the publicly traded companies in the world. The kind of requests…
maplemale
  • 153
  • 1
  • 5
5
votes
1 answer

Is TLS 1.0 sufficiently secure for a bank?

I disabled SSL2 and SSL3 in my Firefox browser, version 24. I only enabled TLS 1.1 and 1.2. Unfortunately when I went to my bank's website, I found that it didn't work until I re-enabled TLS 1.0. Additional information: my bank site uses RSA…
user28179
  • 51
  • 1
  • 2
5
votes
2 answers

What security controls should be in place for online updates of user's correspondance address?

Addresses are one of the key pieces of security information for an account. They're used for authentication, determine where statements go, and changing an address on an account provide enough information to allow an attacker to drain an account if…
ABC
  • 101
  • 1
  • 2
5
votes
1 answer

I emailed someone a picture of a check I wrote for them. What now?

On a whim, I emailed the intended recipient of a check I wrote a picture of that filled-in check to indicate I was about to mail it out. The full front of the check, with amount, my signature, account number, and everything else is plainly visible.…
Bigbio2002
  • 287
  • 1
  • 3
  • 6
3
votes
1 answer

Why recommend "letters, numbers, and special characters" in a User ID?

Why do some sites recommend "letters, numbers, and special characters" in a username or User ID? When creating a User ID at the www.discovercard.com website, the "User ID Strength" indicator meter bar indicates that a User ID is "weak" unless it…
David Cary
  • 2,720
  • 4
  • 19
  • 20
3
votes
1 answer

Storing basic financial data

I'm working on a project similar-ish to a budgeting app like mint or ynab. I'll be using the Plaid api, which abstracts away account/routing numbers, etc. Thus, what I'll have access to, and be trying to store, would be the account name, balance,…
Mike
  • 45
  • 4
3
votes
2 answers

Security of the Indian AadhaarPay fingerprint based payment system?

India recently launched a payment system where merchants install an app on an Android phone, and connects a fingerprint reader it. Clients provide their Aadhaar number (like a national identity number), and scan their finger to authorize…
anon
1
2 3 4