Monday, July 21, 2008

Keep Identity Thieves out of your Bank Account

To provide extra protection for our members, Hawthorne has made stolen IDs and passwords all but unusable by adopting "multifactor authentication" technology. When members register their computer "machine ID" with the credit union thieves cannot use another computer to pretend to access the account. The member chooses a picture or question-and-answer set that would appear every time she logged in on the financial institution's site.

This makes online banking and bill paying slightly less convenient for our members since they can’t use just any old computer to log into their account. But, given the risks of using public or borrowed computers for online financial transactions, though, that's probably not something you should be doing anyway.

A friend of mine was recently the victim of identity theft so I am becoming familiar with the hassles this kind of theft can cause.

Like most targets, she isn't exactly sure how her account was compromised, but she suspects it happened the one time she used a debit card to buy something online. The thief used her account information to set up a PayPal account with himself as the payee.

The thief took a small amount to start -- just to "probe" the account and see if the theft would be noticed. My girlfriend spotted the unauthorized payment almost immediately, but still had a heck of a time trying to convince PayPal to shut down the bogus account.

Personally, I love the convenience of conducting my finances online and I know it decreases the likely hood that I will fall victim to identity theft. I also know that there are risk/reward tradeoffs to virtually every thing that we do, and that doing my banking online has increased my vulnerability in some ways but has decreased my risks in other ways.

There are plenty of ways for thieves to access your checking account offline. Here are just a few:



  • Thieves can swipe your mail, pull out a check you've written, soak off the ink with nail-polish remover and write themselves a fat payday.

  • They can steal your wallet and use your ATM, particularly if you wrote the PIN on your card (a big no-no -- but people still do it).

  • They can set up phony ATM machines, or devices that fit over legitimate ATMs, then record the information from the magnetic stripe along with your PIN.

The rise in checking-account hijacks also corresponds with the rise in "phishing" -- e-mails that purport to be from a financial institution but that route the user to a bogus site that collects their account numbers and passwords.

A Gartner study in May found that 92% of the known phishing attacks had occurred in the previous 12 months, with 76% occurring since October 2003. About 5% of the victims Gartner surveyed admitted providing sensitive account information in response to a phishing e-mail, and Gartner believes the percentage of victims fooled by this scam was probably higher.

There's a lot we need to do to protect ourselves while we wait for better security solutions, such as:




  • Don't expose yourself. Never use a public computer or wireless "hot spot" for financial transactions.

  • Beef up your security. If you use Internet Explorer, Microsoft recommends cranking the security setting on your Internet browser up to "high" (you'll find it under the Tools menu; click on Internet Options and look for the security tab, then select Internet Zone). This may keep some Web sites from working properly, but you can make exceptions for trusted sites. (You can find more details here.)

  • Use a credit card for online purchases. Technically, debit cards with the Visa or MasterCard logo offer you the same no-liability coverage for fraud that credit cards give you, but you have to wait a few days for the bank to restore the money to your account. Better to have a middleman like a credit card company between a thief and your checking account.

  • Don't click. You probably know by now not to open spam e-mails or download attachments from unknown sources. But e-mail links in instant messages, Web message boards and Internet relay chats (IRC) also can be malicious. If a financial institution sends you an e-mail relating to an "urgent problem" or other matter pertaining to your account, use the phone number printed on your statement to respond.

  • Block pop-ups. Besides being incredibly annoying, pop-ups can be used to install hackers' software on your computer. Many Internet service providers now have pop-up software built in, or you can get blocking software from sites such as Panicware.com.

  • Monitor, monitor, monitor. You need to take a careful look at your bank and bill-pay transactions. Don't assume that odd $40 electronic transfer or check is a payment you just forgot about; it could be a scammer probing to see if the fraud will go unnoticed. With bill payment systems, review your payment history as well as your payee list to make sure there aren't any unauthorized transactions. The sooner you report the theft the better; after 60 days, the bank may be under no legal obligation to provide a refund.

  • Stay up to date. Run Windows Update to keep current on the latest security patches. If you use Internet Explorer and have increased your security to "high," you'll need to follow the instructions on this link for the update to work properly.

  • Inject some variety. Don't use the same user ID and passwords at different financial institutions. If you're asked to create a security question and answer, don't use one that's relatively easy to discover, such as your mother's maiden name.

  • Inoculate yourself. Keep your virus software up-to-date and run frequent scans to check for problems.


You can also reduce your offline risk somewhat by:



  • Using gel pens to write checks. These inks can't be easily dissolved.

  • Get a locking mailbox. Make theft of your checks more difficult by locking up your mail and delivering any outgoing checks directly to the post office (In other words, don't let them sit in your mailbox).

  • Don't write down your password. Especially don't scribble the PIN on the ATM or debit card itself, or anywhere else in your wallet.

  • Use your credit card for "out of sight" transactions. That waiter who disappears with your debit card could swipe it through a "skimmer," a handheld device that records the information on the magnetic stripe. They can do that with a credit card, too, but again, fixing a fraud problem is easier with a credit card than with a debit card.


    Thursday, July 3, 2008

    Declare your Independence from High Gas Prices

    I love this stuff. This article from TheDailyGreen.com suggests ways to cut and maximize your use of gas so that your average cost per gallon drops to $1! Below is a summary of the ways to save, but read the entire article here.

    How to Pay Less Than $1 For Gas
    The average price of gasoline in the United States has topped $4 a gallon, and won't peak until it hits $4.15 in August, according to the latest government prediction. (The last prediction: Gas would peak at $3.73 in June, so take it with a grain of salt.)

    We've seen
    11 straight weeks of record price increase. Oil is threatening to rise to $150 a barrel, according to Goldman Sachs. That's 50% higher than the milestone of $100 a barrel that some analysts thought impossible just a few months ago.
    Some areas of the country, like California, are already seeing gas prices rise toward $4.50 a gallon.

    That has some speculating we're in the midst of a bubble bred by greedy speculators. Everyone else is just trying to save a few pennies on gas.

    Here are five road-tested ways to save money on gas. Of course the more gas we save, the less pollution we create, and the less beholden we are to those who control the oil supply.

    1) Take public transportation. Sure, it costs money to take the bus or subway. But consider this: The average U.S. commute is 16 miles, and at these prices the average U.S. passenger car will go just 11 miles on $2, a typical public transit fare.

    2) Car pool. Share your trip to work with one other person and split the bill. That's like paying $2 for gas, instead of $4. Put a third person in the car, and the price per gallon drops to $1.33. With a full car of four people, the cost is just $1 a gallon.

    3) Pay nothing: walk or bike. Every mile you pedal or stride saves you gas, saves you money and puts you in better shape.

    4) Trade in for a fuel efficient vehicle. If you must drive, replace your gas guzzler with a fuel-efficient model.

    5) Drive smarter. Start by checking your tire pressure and inflating your tires to the appropriate level. Visit your mechanic for a tune-up if you're due. Be sure to have your tires aligned, your air filter checked and your oil changed if needed.