Should people be afraid of doing online banking?

[vcfan]

Who on earth wants the hassle of all that? Then there's identity theft, and a host of other problems, like having your bank log in details stolen.

who on earth wants the hassle of learning Linux just so they can log into their bank accounts?

[Syanide]

I just made my wifi open and did some online banking. simplezz be like

 

[sc302 Veteran]

You should be more concerned with cloud storage than online banking. There are far less rules and sanctioned bodies to protect the end user for cloud than online banking.

[timster]

yes. you should be terrified to do anything on the internet that involves using your credit card. 101% of the time, your information will be stolen and someone will "borrow" your identity.

 

/s

[+Warwagon MVC]

yes. you should be terrified to do anything on the internet that involves using your credit card. 101% of the time, your information will be stolen and someone will "borrow" your identity.

 

/s

 

Except the average users computer looks like a cesspool! 

[Tudumm]

Im comfortable with paypal but i dont have habit of putting my card number on other sites. Good thing if someone steal my card number, there wouldn't be much they can take .

[dragon2611]

I've personally never had any issues, but I wouldn't do it on open WiFi or any machine I don't trust.  I also wouldn't be considered your "average user".

 

Many sites also use PayPal now which makes me feel a little better because I don't have to hand out my bank/card info directly to as many sites.

 

 

I recently setup a HTTPS proxy for when I want to at least try and secure my browsing session on networks that are open or I don't trust

Generally I'd vpn anyway but there are some cases where it's more useful to have a proxy instead.

 

 

Just to clarify I actually mean a HTTPS/SSL connection between the browser and the proxy server rather than a proxy that intercepts HTTPS.

Chrome can be set to use HTTPS for the proxy by using the proxyswitcher omega extension, firefox above v33 supports it but it has to be configured via a PAC rather than via the proxy settings itself (Although it seems happy to load a local.pac file from the machine it's running on)

[HawkMan]

I would never log in into online banking on someone elses machine.

Credit card I could not care less.

they will reimburse me if anything.

I change my cc numbers every 6 month to a year... Just in case anyway.

 

Should be opposite. online banking only works while you are logged in, as soon as you log out, they can't get back in no matter how much of you activity they log. they need your code card/dongle. 

 

as for credit/debit card, over here. online banks on most sites require you to verify purchases with your electronic bank ID after you use the card, it's annoying. More so because foreign sites usually won't require it since they're not in the whole Visa/MasterCard verified/safety thing.some sites do it but most don't but all Norwegian sites require you to input your code and e-id codes. 

[HawkMan]

If you're using a Windows PC, you absolutely should be afraid. And this isn't about scaremongering, being anti-Windows or anything like that, it's a matter of practicality. Everyone knows that Windows is the main target of almost all malware, viruses, rootkits, keyloggers, etc. There are zero day exploits reported every other month. It's only logical to avoid doing any financial or important work on it. If you must run Windows, do it from a VM inside Linux where you can simply restore a clean backup VM disk file without interrupting your main system. But for the love of the gods, never, ever, do your banking on Windows period.

 

It is exactly what it sounds like, it's FUD. plain and simple. 

 

Millions of people do banking on Windows every day without getting hijacked or stolen from. The only way for these hijacks to really work is a very sophisticated and TARGETED man in the middle attack, with a hacker actively guiding the process and doing much of the work. and guess what, this attack doesn't care the slightest what OS you do your banking on at your end or the banks end. 

[simplezz]

It is exactly what it sounds like, it's FUD. plain and simple.

It's the reality of Windows. Not FUD. We hear about reports of thousands of systems getting infected all the time. One merely has to look at the statistics to realise how widespread Windows malware truly is. It's everywhere.

 

Millions of people do banking on Windows every day without getting hijacked or stolen from.

That's not much consolation if you're one of the 10's of thousands who get their accounts/money stolen. We don't know the full extent of it.

 

The only way for these hijacks to really work is a very sophisticated and TARGETED man in the middle attack, with a hacker actively guiding the process and doing much of the work. and guess what, this attack doesn't care the slightest what OS you do your banking on at your end or the banks end.

Hardly. All you need is a simple trojan that installs a keylogger and remote server.

[Flawedspirit]

It's the reality of Windows every operating system in the world, some more so than Windows in this day and age.

 

FTFY.

[Obry]

I don't always use open Wi-Fi networks but when I do, I use VPN

[simplezz]

FTFY.

No because there's very little, if any at all, malware targeting GNU/Linux for example. A lot of it has to do with how users acquire software. Repositories and App Stores are provably safer sources than Windows' download model. Windows 8 would be a lot safer too if people exclusively used Microsoft's App Store (excluding IE of course, because that's probably the worst piece of software around for exploits). Unfortunately hardly anyone does.

[HawkMan]

Hardly. All you need is a simple trojan that installs a keylogger and remote server.

 

So not only are you spreading FUD, you have NO clue how online banking works ?

 

As I said, Linux is just as much at risk (or rather little) as windows since it's a very technical and targeted hack required. 

No because there's very little, if any at all, malware targeting GNU/Linux for example. A lot of it has to do with how users acquire software. Repositories and App Stores are provably safer sources than Windows' download model. Windows 8 would be a lot safer too if people exclusively used Microsoft's App Store (excluding IE of course, because that's probably the worst piece of software around for exploits). Unfortunately hardly anyone does.

 

Malware does not hack your bank. 

[+E.Worm Jimmy Subscriber¹]

simplezz is pretty stubborn (and simple?) in his view.  

 

even though it was proven that linux is just as vunerable (actually more) he will never believe it.

windows can be more secure if you take a bit of precaution, but that is not an argument for him.

 

because m$ windoze iz teh 3Vil.    or something.

Repositories and App Stores are provably safer sources than Windows' download model.

 

 

I am glad you are so sure and you know what you are talking about there buddy

[simplezz]

even though it was proven that linux is just as vunerable (actually more) he will never believe it.

You're confusing the number of vulnerabilities reported, which is quite meaningless, with the actual security of a system. Look at where all the zero-day attacks are occurring, the OS' that malware, viruses, rootkits, and keyloggers are targeting, then tell me Linux users are just as vulnerable as Windows users. Yeah right.

 

windows can be more secure if you take a bit of precaution, but that is not an argument for him.

Windows can never be more secure, because the user is the weakest link in the security chain. And Windows users predominately still obtain their software from the internet or storage media, both of which are primary reservoirs of malware.

 

I am glad you are so sure and you know what you are talking about there buddy

Don't take my word for it. Compare the infection rates of Windows Phone to Windows desktop, or Google's Playstore vs third party Asian stores. Properly curated or peer reviewed software repositories increase security. It's unquestionable. Microsoft, Google, and Apple all knows it.

[HawkMan]

simplezz is pretty stubborn (and simple?) in his view.  

 

even though it was proven that linux is just as vunerable (actually more) he will never believe it.

windows can be more secure if you take a bit of precaution, but that is not an argument for him.

 

because m$ windoze iz teh 3Vil.    or something.

 

 

I am glad you are so sure and you know what you are talking about there buddy

 

He also ignores the very real fact that repositories tend to have older version of software in them without the latest security fixes. 

[+Warwagon MVC]

Should be opposite. online banking only works while you are logged in, as soon as you log out, they can't get back in no matter how much of you activity they log. they need your code card/dongle.

 

Code card dongle? For the bank?

 

I wish my bank had two factor authentication Via a dongle or a code sent to my cell phone. I've called them and requested such a feature.

[HawkMan]

You're confusing the number of vulnerabilities reported, which is quite meaningless, with the actual security of a system. Look at where all the zero-day attacks are occurring, the OS' that malware, viruses, rootkits, and keyloggers are targeting, then tell me Linux users are just as vulnerable as Windows users. Yeah right.

 

 

 

And you still don't understand how online banking hacks and security works do you...

 

 

 

Windows can never be more secure, because the user is the weakest link in the security chain. And Windows users predominately still obtain their software from the internet or storage media, both of which are primary reservoirs of malware.

 

 

So... the user is the weakest link... yet windows, not whatever OS the users uses what's not secure...  despite the fact that security problems with online banking doesn't even lie with the local computer.... OMG...

 

 

 

 

Don't take my word for it. Compare the infection rates of Windows Phone to Windows desktop, or Google's Playstore vs third party Asian stores. Properly curated or peer reviewed software repositories increase security. It's unquestionable. Microsoft, Google, and Apple all knows it.

 

ugh... :facepalm:  it's not about the effin software.... 

[simplezz]

So not only are you spreading FUD, you have NO clue how online banking works ?

How do you log on to your bank? How do you enter your credit card details and passwords? By typing on your keyboard! It's fairly trivial to record/access what websites you visit as well. Put the two together, and you can steal personal details, passwords, accounts, etc. The hardest part is getting the user to run the trojan. It happens all the time, even to banks or government organisations themselves. A single user running an email attachment can do it.

 

As I said, Linux is just as much at risk (or rather little) as windows since it's a very technical and targeted hack required.

Wrong again. It doesn't have to be targeted. And the Heterogeneous environment of Linux makes it extremely difficult to reliably execute something like this on the masses. That and the fact that users normally obtain their software from peer reviewed repositories.

Malware does not hack your bank.

It can record what sites you visit and the passwords you enter, if it's designed that way. You're naive if it think it can't.

[HawkMan]

Code card dongle? For the bank?

 

I wish my bank had two factor authentication Via a dongle or a code sent to my cell phone. I've called them and requested such a feature.

 

All banks in scandinavia use two factor and has since the start. For the last several years Norway's banks all used BankID, which is a true electronic e-ID signature you can use to sign documents electronically as well.

 

Annoyingly they also insist on you signing for nearly every action you do, sign in, sign, add a payment receiver, sign, make payment, sign. luckily you can do multiple payments and then perform them with one sign. 

How do you log on to your bank? How do you enter your credit card details and passwords? By typing on your keyboard! It's fairly trivial to record/access what websites you visit as well. Put the two together, and you can steal personal details, passwords, accounts, etc. The hardest part is getting the user to run the trojan. It happens all the time, even to banks or government organisations themselves. A single user running an email attachment can do it.

 

Wrong again. It doesn't have to be targeted. And the Heterogeneous environment of Linux makes it extremely difficult to reliably execute something like this on the masses. That and the fact that users normally obtain their software from peer reviewed repositories.

It can record what sites you visit and the passwords you enter, if it's designed that way. You're naive if it think it can't.

 

You need to change banks. 

[tompkin]

For the average user I would advise them not to, however I believe that they probably would anyway. 

[+Warwagon MVC]

All banks in scandinavia use two factor and has since the start. For the last several years Norway's banks all used BankID, which is a true electronic e-ID signature you can use to sign documents electronically as well.

 

Annoyingly they also insist on you signing for nearly every action you do, sign in, sign, add a payment receiver, sign, make payment, sign. luckily you can do multiple payments and then perform them with one sign. 

 

It can record what sites you visit and the passwords you enter, if it's designed that way. You're naive if it think it can't.

 

 

You are both right.

 

HawkMan I agree with Simplezz in that more malware infections are desinged to run on Windows than on Linux. Go where the user base is. Why try to infect the 2% when you can infect the 98%. He is also correct that if you happen to have a keylogger on your system which is recording your banks username, security question and password they would have access to your bank after you log off.

 

A lot of the malvertising is also tailored (at the moment) towards a Windows machine.

 

On the other hand Simplezz I agree with HawkMan, if a bank did support two factor authentication, which I wish mine did, then once the session ended they would have to have access to the 2nd factor device to get back in.

 

In the case of my credit card I have to enter a password sometimes before an card can be processed. But that password is static and could be picked up by a keylogger. I wish they would text my phone with a code for that authentication.

 

I also use a Windows laptop for Quicbooks which sits on a shelf and is only accessed via RDP and has firewall rules to prevent file access to it. It has also never been on the internet. All that machine has ever seen is windows updates and Quickbooks.

 

I also use my main machine for Online Banking, but I also block all flash, don't have Java installed and Sandbox all internet activity and keep all my 3rd party applications current. So I take much more precautions online than the average user does.

 

As far as which of the big ones do and don't support two-factor authentication,you can find a list here

 

https://twofactorauth.org/

[simplezz]

He also ignores the very real fact that repositories tend to have older version of software in them without the latest security fixes.

You're joking right? So you're saying that a GNU/Linux's package management, which updates an entire system from an online repository, including third party software, is more likely to have out-of-date software on it than Windows which has no such system at all. You just lost all credibility HawkMan.

One of the biggest problems with Windows security is just that. The inability to update all third party software seamlessly. It means Windows is far more likely to have outdated and vulnerable software running on it.

[+Warwagon MVC]

One of the biggest problems with Windows security is just that. The inability to update all third party software seamlessly. It means Windows is far more likely to have outdated and vulnerable software running on it.

 

That is a valid point.