How safe is internet banking?

IncredibleHulk

If i log on to my account now do I not store the number somewhere in my computer? And if my computer is ever hit by a spyware will they be able to access the number and empty my piggy bank?

How long does it take to update account. Ordered something 2 weeks ago and it was sent but when checked account more than a week later there was no record of it being debited. Ordered statement just to check.

Because of my concern i do not want to log on now until someone - hopefully- can enlighten me as to how secure it is. I know their site is secure but is the number not retained in my PC?

If it did happen would the bank have to reimburse me

cazzy

Internet banking is as safe and prob safer than going into the branch. Over half of the banking population use it ! The banks are well protected security wise, don't worry. Your account details will not be saved on the PC and cant be assessed by Spyware. (At least of the main banks operating in Ireland - be aware of bogus emails looking for info./PIN etc similar to the Nigerian letters - never give your details to a email that says it is the bank. The bank would never ask for a PIN and if you do get a mail from someone saying they are a bank call the internet banking service to report it / check it out)

What do you mean by how long does it take to update an account ?

Do you mean for transactions to show on your account ? Like purchases, ATM transactions etc

IncredibleHulk

cazzy wrote: »

Internet banking is as safe and prob safer than going into the branch.

Really? how do you figure the danger in the branch

Your account details will not be saved on the PC and cant be assessed by Spyware.

Good I was under the impression every password typed on a PC was saved somewhere - password cache?

The bank would never ask for a PIN and if you do get a mail from someone saying they are a bank..

No problem there, way ahead of em.Only concerned about my end although my computer is well protected too

What do you mean by how long does it take to update an account ?

I meant how long it would take a purchase to show, but I chanced logging in and the money was taken for the purchase. So that is OK

Thanks for the info!

cazzy

Danger in the branch - it being raided when you're there, you losing your cheque book/lodgement en route and someone picking it up etc etc (Silly example I know)

if the big banks (AIB, BOI etc) had any security concerns bout their service they would discontinue it immediately as they would have to reimburse all customers for fraud thats their fault.

The time it takes for a transactions to hit an account can depend on where it took place, when, how (ATM/Laser/Foregin debit/DD etc) where the merchant banks with, what bank the ATM is with etc. See a post on banking from someone who says ATM transactions from Halifax ATM's seem to take ages to hit an account. Some transactions are immediate, some not, it totally depends.

IncredibleHulk

Danger in the branch - it being raided when you're there, you losing your cheque book/lodgement en route and someone picking it up etc etc (Silly example I know)

Oh see what you mean

if the big banks (AIB, BOI etc) had any security concerns bout their service they would discontinue it immediately as they would have to reimburse all customers for fraud thats their fault

. Even if the spyware was on my PC for the sake of argument?


As for giving my number to a fraud email - applied for course recently, had to fill application form, asked for bank account number, wrote 'if go on course will give number;)

TheDriver

remember what you see on internet banking is same as your bank records so a transaction not showing yet is more delay in banking sytems or not presented as opposed to internet banking.

Sam Vimes

with aib internet banking, if you want to do anything that could hurt you like adding an account to send money to or viewing a statement that could be printed for ID theft, you have to enter a code from a card that's sent to you in the post.

there are 100 4 digit numbers on the card and each one is only asked for once at which point you're sent a new card. so basically it doesn't matter if they* store every bit of info you type in unless they also have access to your wallet



*they being the interweb boogyman

Fajitas!

Does BOI have any system like the above?

I really get paranoid about spyware.

Sangre

With BOI you don't enter the random 3 numbers from your 6 digit number with your keyboard but select it from a drop down menu. Means key loggers can't store it.

Murt10

NIB has an ActivCard. It looks like a very small slim calculator.

When you log onto your account you have to enter your account number into the computer. Then you turn on the ActivCard and insert your 4 digit PIN. The card then generates an 8 digit number that you have to key into the computer. Then you are in and you can do what you like, check your balance, transfer money, pay bills etc. When you are finished you must log off. In order to get back in again you have to get the card to generate a new number.

NIB confirmed to me that this card was safe to use in cyber cafes while on holiday. Normally I would not log into my account with a normal password on a public computer unless I was looking to be robbed.

IncredibleHulk

with aib internet banking, if you want to do anything that could hurt you like adding an account to send money to or viewing a statement that could be printed for ID theft, you have to enter a code from a card that's sent to you in the post.

That is right I have that card

there are 100 4 digit numbers on the card and each one is only asked for once at which point you're sent a new card. so basically it doesn't matter if they* store every bit of info you type in unless they also have access to your wallet

Yes but I am still not sure if the password number is stored in a password caches on the PC and could be spywared

IncredibleHulk

NIB confirmed to me that this card was safe to use in cyber cafes while on holiday.

Even though you put in your account number?

Murt10

Yes. It's a 4 digit number followed by 2 letters.

It's totally useless without the card generated password.

I presume that after a number of attempts to access the account, with the wrong password, the bank will lock you out until you contact them. As it's an 8 digit passwor the chance of someone guessing it right are nil.

IncredibleHulk

with the wrong password, the bank will lock you out until you contact them.

That is true seem secure to me except for possible spyware

IncredibleHulk

IncredibleHulk wrote: »

That is true seem secure to me except for possible spyware

http://www.whitecanyon.com/remember-my-password.php

Murt10

IncredibleHulk wrote: »

http://www.whitecanyon.com/remember-my-password.php

NIB uses a different password each time you log on.

Once you have used your password once, it is no longer any use whatsoever to anyone.

IncredibleHulk

Murt10 wrote: »

NIB uses a different password each time you log on.

How does it do that, does the user choose?

seamus

Every bank carries out its internet banking over a secure connection.

Put at a simple level, when you access the site, before you send them any information, your browser initiates a secure connection between your machine and the bank's web server. This prevents anyone from eavesdropping on any of the networks between yours and the bank.

To the best of my knowledge, none of the browsers store password information for secure connections - that's asking for trouble. The main problem is that many people will use the same password for everything. So when the browser remembers your password for a non-secured site (such as logging into boards), then spyware could get that password and use that password against your online banking details, if it's the same.

Keyloggers allow someone to record every single thing typed into your keyboard. These are the biggest threat to anyone's security. In reality however, keyloggers are indicative of a seriously bad virus infection, I mean riddled.

Most spyware is of the irritating kind - pop-ups, redirects and so forth. The malicious stuff is less common and decent AV packages generally keep your spyware at bay, along with a dose of common sense and the odd scan with something like ad-aware.

For the sake of keeping your few hundred thousand cents safe, I wouldn't shy away from internet banking. Just use your head

I have yet to meet of or hear of anyone who's lost money from their online account due to a virus infection or spyware.

As for the account update, generally your balance is up to the minute. If a transaction doesn't appear, it's because it hasn't hit your account yet.

jor el

IncredibleHulk wrote: »

Yes but I am still not sure if the password number is stored in a password caches on the PC and could be spywared

Web browsers don't store passwords for secure sites. Even if they did, what good would it do someone to look at your account. They can't clean it out as it's not possible to add accounts online. All they could possibly do is pay your ESB bill.

That site linked, is a bit over the top. They tell you to stop remembering passwords as if it's always a bad thing. As seamus says, use your head. There's no problem with getting your browser to remember your boards login, for example, unless you're on a public, college or Internet Cafe PC where someone could abuse your account. It's not dangerous in any way and if some malicious website or program decides to look at your passwords, what's the worst that will happen?

IncredibleHulk

Web browsers don't store passwords for secure sites. Even if they did, what good would it do someone to look at your account. They can't clean it out as it's not possible to add accounts online. All they could possibly do is pay your ESB bill.

Why are people told be careful with passwords then

if some malicious website or program decides to look at your passwords, what's the worst that will happen?

You tell me you seem to know everything;)

seamus

IncredibleHulk wrote: »

Why are people told be careful with passwords then

As I said...

The main problem is that many people will use the same password for everything.

IncredibleHulk

I have yet to meet of or hear of anyone who's lost money from their online account due to a virus infection or spyware.

Hope you're right
http://www.wilderssecurity.com/showthread.php?t=187370

Papad

jor el wrote: »

They can't clean it out as it's not possible to add accounts online.

Not true.
It is possible to add new accounts online (and transfer money between them) with at least one of our bigger banks.

IncredibleHulk

seamus wrote: »

As I said...

I can see your point there;), that did not come out properly. What meant was can see point re people using same password everywhere

IncredibleHulk

Over half of the banking population use it !

14% according to http://www.independent.ie/opinion/columnists/charlie-weston/internetbanking-nottrusted-yet-trusted-1038830.html?r=RSS

IncredibleHulk

..it immediately as they would have to reimburse all customers for fraud thats their fault.

BOI don't compensate according to
http://www.enn.ie/article/9769163.html thoughthat was 2006, maybe they do now?

jor el

seamus wrote: »

As I said...

There's no accounting for stupidity.

Papad wrote: »

Not true.
It is possible to add new accounts online (and transfer money between them) with at least one of our bigger banks.

Which one? You can't do it with BOI and going by what people here say, it's not possible on NIB or AIB, except with a special numbered card with AIB, which wouldn't be stored on the computer.

IncredibleHulk wrote: »

You tell me you seem to know everything;)

Assuming you don't have the same password used for everything, then the worst that could happen would be someone would post on forums under your name, or access all those pay porn sites you have.

It won't do them much good, and won't do you much harm.

IncredibleHulk wrote:

BOI don't compensate according to
http://www.enn.ie/article/9769163.html thoughthat was 2006, maybe they do now?

Reading that article, it seems to hint at the scam looking for online banking details, but I don't think that's the full picture. Getting someones BOI login details would be practically useless, as you cannot add a new account online.

Most phishing scams try to get your full bank or credit card details, rather than just log in information. If someone is stupid enough to follow the links in these mails and give away their details, then they deserve to have the €49,000 taken and the bank shouldn't be under any obligation to compensate.