Banking Security

While trying to log into my Banking Web site (from a PC), after I had successfully remembered my log-in ID and password, something different happened. The site put up a Pop-up window saying it was testing security and wanted to send me a code to my Cell phone (or call me with the code).

After my initial confusion and then annoyance, I was heartened to see this kind of security come up. Banking security is very important, and the edge of the network (i.e. users logging in) are where the system is usually the weakest. The Desjardins Data breach is a good example of the need for banking security and data security.

Good Test ?

My hope is that this is simply a test, and you will see why.

After I realized I did not have my Cell phone handy, I simply cancelled out of the Security Message screen, which then took me back to the regular bank log-in screen. I thought for a second, and decided to see what would happen if I tried to log-in again. What I saw underwhelmed me. I was able to log-in, no problem, and no “challenge”.

My sincere hope is this is simply a test by my bank, because if I have been “challenged” for an alternate log in, I should not be allowed to log in after an initial failure. The application should continue to challenge me, until I pass the challenge, or until I fail a set number of times. Once someone fails I would hope my account access would be locked.

Banking Security ?

My hope is this is my bank attempting to test out new security for authentication (without enabling 2 factor authentication), and when they do a full roll-out, the rules will be stricter. I like the concept, but if this is how it will work it isn’t a great data protection system.

More Banking Security Resources

{ 0 comments }

How Do Banks Differentiate Themselves?

I have run across a few interesting things that caused me to wonder what exactly are the banks in Canada doing to make folks want to be their customers? Given they continue to have enormous profit margins, do banks differentiate themselves in Canada?

All of the banks advertise (I don’t have their numbers spent on advertising, but no bank in Canada does NOT advertise). You can see some of the ads on this very web site some times, so they must have very deep advertising pockets, I do like the TD ads with the cranky old men, but that wouldn’t cause me to change banks for that reason alone.

Cheques

The first thing I noticed while collecting dues for a basketball team is that  I received 4 cheques from different parents, but I noticed the cheque design for all 4 cheques were EXACTLY the same, even though they came from 3 different banks. The security patterns on the cheques were exactly the same (I compared them under a strong light), the differences were:

  1. Bank Information about which bank this is, address and logo
  2. Customer information (name and such)
  3. What was included in the MICR lettering at the bottom of the cheque

Other than that, there is no difference in the cheque.  In fact most of the banks use the same printer for cheque designs they simply order them, and thus this service is the same.

On Line Bank Interface

This is very different in terms of who designed the interface and such, but my guess is the “back end” of the software is exactly the same. What you can do is remarkably the same, typically there is a lot of advertising around it to get you to try new services with the bank.

Tomorrow, we continue this interesting case study.

{ 2 comments }

Old Financial Technology Habits Die Hard

For the longest of time, I refused to deposit cheques in the ATM machine (after reading horror stories about stolen cheques and the like, from nefarious false fronts which steal cheques), but after a while, I started using this technology (usually because the lines for the tellers were so long). I have written previously about not wanting to use my home WiFi (and absolutely never use public WiFi) for on-line banking, just because I am that kind of paranoid guy, but now I find myself doing most of my on-line banking using my laptop which is connected via WiFi (but not public WiFi). Am I a lover of old financial technology , only ?

old financial technology

Old Technology? Image courtesy of cooldesign, at FreeDigitalPhotos.net

Last night I caught myself in another one of my “still thinking like an old cranky guy” habits, and that was taking cheques with me to work, so that I could deposit them on the way home at the ATM machine at the bank. I dutifully went out of my way to stop at the bank, and deposited the cheques, but since TD has gone to a new ATM interface, it dawned on me, why wasn’t I just doing the “take a photo of the cheque” deposit method?

The TD ATM machine is simply photographing the cheque, and ‘parsing’ it (although they also keep the cheques, although I have no idea whether the darn things are archived or just shredded after a few days), the same methodology as if I was using my phone. Why didn’t I simply use my phone? My only explanation I can give is old habits die hard, and I keep forgetting about some features available from my bank.

I do still feel some paranoia, so I tend to photograph my cheques with WiFi turned off, and using my Cell Phone Providers network (which is marginally more secure), but I have to remember that the feature exists in the first place.

Old financial technology was useful at the time, but maybe it is time for me to move on.

{ 2 comments }

Apple Pay and Interac Together

Is this a good thing is the question to be answered, but later on in this I will discuss that. I have written about Apple Pay and Near Field Communication (NFC) before, but now it seems to be really will be usable in Canada, with Interac announcing an agreement with Apple pay on using this technology.

NFC and Apple Pay

NFC an interesting idea?

Before you leave this page to go set this up remember there are a few limiting factors here:

  1. You need an iPhone 6 series (or above) or a later iPad series (although who would wander around with an iPad to buy things). The Apple Watch has Apple pay  also, but it ends up being “attached” to an iPhone as well.
  2. You need a bank account that you can access via Interac (figured I’d point that one out, just in case you were not sure).
  3. For the Interac part of Apple pay, you need to have an account with RBC or CIBC. CLANG!!! I knew there was going to be a catch.
  4. Apple Pay also works with Amex cards, ATB Mastercards and Canadian Tire Mastercards

OK, so the title is a little bit misleading, as only a few banks are covered here.

The real question, is NFC (Near Field Communication) a good thing? Depends on who you ask. If you read the link I supplied you will know:

NFC is a set of short-range wireless technologies, typically requiring a separation of 10 cm or less

Sounds perfectly safe, doesn’t it? PC World has a very good article about a few steps to take if you are going to use this technology (the reading the fine print and your agreement on use of the technology). The other thing to remember is if you are going to use this technology, your phone had better be secured (i.e. password locked, at least).

It will be interesting to see how well this whole thing works, now that it is more in general usage (in Canada).

{ 2 comments }

Cheques, Cameras and Banking Apps

My loathing of having to go to my local bank branch has caused me to review one of my rules about using banking apps on wireless devices (and using wireless phone networks). Every bank now offers “free cheque” deposit using your phone or tablet camera. Their ATM machines are effectively doing the same thing i.e. photographing your cheque and clearing it that way.

You simply take a picture of the front and the back of the cheque, with your mobile phone (inside of your  banking apps), input in the app how much the cheque is for (with a note to associate with it as well), note on the actual cheque that you have done the deposit (and when), keep the cheque for 10 days (to make sure it clears) and once it clears, shred the cheque (TD offers this, as does Tangerine and a few other banks).

banking apps
Only Work in a Secure Wi Fi Environment

Previously I have ranted about the insecurity of doing your on-line banking over a wireless network (it’s also incredibly bad to do your on-line banking in an Internet Cafe or on any computer that you don’t control (even the one in your office, assuming your place of work is safe can be a dangerous assumption)), however, given using this new service means I don’t have to go to my “brick and mortar” bank, I will qualify my rant about wireless and banking apps .

  • Surprisingly it is better to use this on your a cellular data network (the security on those networks is much better than you might think), so if you are going to use this service and you are not at home don’t use public wi-fi or any stuff like that, use your cellular data network.
  • Don’t use Public Wi-Fi, Restaurant Wi-Fi, or “Hey look I found open Wi-Fi”, for anything, but especially not for Internet Banking, seriously, you aren’t doing that, are you?
  • If you have a home Wi-Fi Network and it is not open (i.e. you use WPA2, WPA or WEP protocols) then you can use your home Wi-Fi (also don’t broadcast your SSID either) for on-line banking.

An interesting issue can arise (that I read about on this Reddit Thread) that if you try to deposit a post dated cheque early (using your camera and your mobile phone app), you are going to end up being in a bit of a mess. To sum it up, the bank will negate the deposit, and the cheque you have will be useless, as it has been refused by a bank, so whomever wrote you the cheque will have to write you a new one (this is why it is well worthwhile reading the /r/PersonalFinanceCanada Reddit sub).

{ 2 comments }

%d bloggers like this: