If all you had to worry about is "Many people would be able to view my transactions such as employees from the bank and IT personnel's. They would also have access to my account. In fact, anybody just by calling the bank on the phone, with my personal details would be able to access my account over the phone."
then get over it. All of that is available today, without adding internet banking into the mix. Don't believe me? With just somebody's account number, you can usually call the bank branch and ask "I have a check from xyz for $000, and wanted to make sure funds are available before I deposit it". They will usually confirm it for you right over the phone, no ?s asked. They won't tell you how much is in the account, but they will say "yes funds are available" or "no". With a couple of calls (asking about a mythical $250, $500 and then $2500 check) to different branches of the bank, you can get a pretty good idea how much is on deposit. Most banks require you to have 128-bit security on your browser. Is that secure? Maybe - it's certainly beyond the ability of casual crackers to break. Three letter agencies? That may be a different story, but for the majority of us, we're probably not of interest to them (or more precisely if we are of interest to them, we have much bigger problems than internet banking issues). Does "Internet" banking - whatever that means to your bank and software provider - place confidential information in other places. Probably. Quicken and CheckFree (their service provider) have account and payee information for anybody I've paid electronically. My transactions route through Quicken's software to the various banks, credit cards, etc. Transactions route back from these companies through Quicken to my PC. Does this mean that Quicken and/or CheckFree have my account # and other personal information on their servers. Certainly. Is the in-flight transaction information encrypted? Yes. Is it secure enough (say triple DES or something else with a real history and analysis behind it)(i.e. not ROT-13)? ASK! Are legal protections in place? Maybe - depends on your country's laws and the specifics of the transaction (i.e. US law makes a distinction between credit and debit card purchases). A lot of banks/credit card companies, etc. extend protection beyond the statutory requirements to make customers "feel good" about using their products (XYZ bank's: "use our debit card and be 100% protected from fraud")? Yes. Are these worth anything? Maybe... Would taking advantage of those protections be a pain if necessary? Yes! Could somebody crack into the server and steal lists of accounts. Sure. And we've all seen news stories about it... And that's much easier to do than trying to intercept your transaction to the local water utility... Buying online almost certainly puts your credit card # in places that could be vulnerable. Mom&Pop storefronts go online via a few canned scripts, never updated and don't realize how vulnerable they are... Banking online will also put banking information in places that could be vulnerable. The difference? Banks know that they are targets, and have long experience being targets. They have security officers, formal policies, etc. Does that make banks more secure? Doubtful... Willy Sutton (http://www.fbi.gov/fbinbrief/historic/famcases/sutton/sutton.htm) said it best... (When asked why he robbed banks, Sutton simply replied, "Because that's where the money is.") Suggestions: 1. READ the security policy posted by the bank, credit card, whatever (e.g. https://www.bankofamerica.com/signin/index.cfm?template=security_details.cfm ) 2. READ the privacy policy (continuing to pick on BofA just because I have their page up: http://www.bankofamerica.com/privacy/) If you decide to go ahead - and I think you have to realistically look at the risks/rewards and make an informed and very personal decision. 3. Start small - just like people needed to make a few credit card purchases to get comfortable, sign up and put only ONE account on-line. 4. Get a separate credit card account and use ONLY that one online. Some credit card companies even issue "on-line only" cards that don't have a mag strip on the back, so they can't be used in stores. Keep the limit small - resist the temptation to have a $100,000 line of credit! 5. Monitor account usage - read your credit card/bank statement when it comes in and call if there is ANYTHING you don't understand or remember. It could be that the book store in the next town over has a funny name or uses a merchant processing service you don't understand. Or it could be fraud - that $19.95 - is it your ISP or an "online newsletter subscription" you never ordered??? Ultimately it's a personal decision. You'll have to balance some very real (and also unknown!) risks against the convenience and protections available. -----Burton -----Original Message----- From: Jasmine Sim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 1:23 AM To: [EMAIL PROTECTED] Subject: Security Issues on Internet Banking Hi! I wish to get some views and expertise on the security issues of using Internet Banking. As a user, I see the benefits of having the convenience of being able to see my transactions online and paying my monthly bills without physically leaving my home. However, I know alot of people is still not be able to accept this concept. And I do understand their concerns on the security issue that is involved. I can roughly visualise how many people would be involved in the process. Many people would be able to view my transactions such as employees from the bank and IT personnels. They would also have access to my account. In fact, anybody just by calling the bank on the phone, with my personal details would be able to access my account over the phone. The idea of banking over the Internet is scary. One would like to think that it is safe to do my banking on the Internet. However, is it? Is it safe for one to do banking over the Internet? What are the security issues involved? What are the measurements can one take in order to improve the security while doing internet banking? I was wondering if anybody would be able to provide their expertise and explain the process for me. I would also like to hear views or comments on the idea of using Internet Banking. Thanks! Jasmine
