Thread: Online banking

Originally Posted by majurey

That does read like you're indeed very careful. But can't that same level of care be taken with online banking with the same effect?

Yes, I could. At this moment, there is no need, since my bank is 5 minutes from here and has secure terminals where I can do everything. And since I also use the bank for getting cash, it doesn't inconvenience me to skip online banking, thus minimizing my risk as much as possible.

If or when I will have to use online banking, the banking sessions will run in a read-only virtual machine, firewalled in software to only allow outgoing connections, running connections through my hardware firewall. Said firewall would only allow outbound traffic from the virtual machine, and only to the banking domain (and windows update). I would also choose a banking setup that uses one of those RSA token or hardware authentication devices.

This is how I would implement it. And I would not fret over it either if I had to do it. I just believe in minimizing the attack surface as much as possible.

Originally Posted by Bruno

How many people of you do online banking?
I never have and -if possible- never will. I drive to the bank if I want to pay bills. When people ask me: you're a computer geek, software developer and system admin. How come you of all people don't use online banking?

To which my stock answer is: because I am a computer geek, software developer and system admin.

Honestly, there is so much shockingly bad security around that it is appalling, even in the banking business. My banking contracts all exclude online banking.

I do 100% of my banking online. In fact, the only time a teller sees me is when I turn my coins into cash.

I bank online from my Mac. Just to pay bills.

I online bank, in fact, I switched banks earlier in the year and good online service was quite high on my list of things to look for.

Originally Posted by Bruno

Yes, I could. At this moment, there is no need, since my bank is 5 minutes from here and has secure terminals where I can do everything. And since I also use the bank for getting cash, it doesn't inconvenience me to skip online banking, thus minimizing my risk as much as possible.

OK, now I get it. Seems like it's not too inconvenient to forego online in your case. In mine (with a 2-hour commute to work each way everyday), it's a godsend.

Originally Posted by Bruno

or when I will have to use online banking, the banking sessions will run in a read-only virtual machine, firewalled in software to only allow outgoing connections, running connections through my hardware firewall. Said firewall would only allow outbound traffic from the virtual machine, and only to the banking domain (and windows update). I would also choose a banking setup that uses one of those RSA token or hardware authentication devices.

Again, something I may need to understand better... do you shop online with a CC? If so, why don't those stringent security specs not also apply?

Interesting thoughts. Online banking is nearly a must for me. Our banks around here close around 3PM... when you work until 3:30PM or later, that doesn't make things very convenient. I signed up for USAA banking so I can even deposit from home now, because I got tired of keeping checks in my wallet for weeks on end before I could get to a bank that was open.

My pay is direct deposit, my mortgage, and most bills are automatic withdrawal. If I've done things right the only checks I write are for local services (trash/sewer) where I have to mail the stub in with payment.

Internet buying is riskier than on-line banking.
When you give your credit card number over the phone or through the Internet, you don't know who is on the other end of the line.
How about paying with a credit card at a restaurant, store, etc?

Originally Posted by Navaja

Internet buying is riskier than on-line banking.
When you give your credit card number over the phone or through the Internet, you don't know who is on the other end of the line.
How about paying with a credit card at a restaurant, store, etc?

The last time someone tried to steal money from my account was when some scum in London wrote down the number of my credit card, probably in one of the restaurants. His mistake was attempting to charge $400 for food in a Knightsbridge Indian bistro three months later.