Free Ebook.

Enter your email address:

Delivered by FeedBurner

« Why You Should Ignore Stock Recommendations from "Experts" | Main | H&R Block's At Home Premium Federal Tax Product Review #2 »

March 03, 2011


Feed You can follow this conversation by subscribing to the comment feed for this post.

For bank secret questions I like to use places and people from science fiction. That way it cannot be easily answered by gaining info about me (like say childhood best friend could) and it will survive a dictionary hack.

For example, I might choose as a secret question, "Where was your honeymoon?" and I might give the answer as El-Adrel. To any Trekkie, the answer is easily memorable. Another way to make that even more secure is to misspell it purposefully.

> All financial services companies have two-factor authentication.
> So you typically have to put in a password plus something else.
> A lot of banks use questions ...

This is not two factor authentication. The factors involved are something you HAVE (e.g. hardware token), something you KNOW (e.g. password or question/answer) or something you ARE (e.g. biometrics). Something you KNOW plus something else you KNOW is still single factor.


Even if you're using open WiFi with no security, there will still be security between your computer and the secure website you're communicating with. Saying that there is "no security" is not really accurate. Any kind of financial website, plus most e-mail sites now, will be using secure connections. Nobody will be able to steal your CC number or passwords just by wireless sniffing.

"Thieves installed their own ATM machines in places with skimmers inside them?"
It is not a new thing, it has been using in many countires.

For the security questions, even though you trick the answers a little bit but how many answers you can remember for so many different webiste? So, end up you are using almsot the same tricky answers which is not that secured from the security stand point.

With all the advanced technologies today, we may geet more convenient but also less security and privacy. What I'm doing is using the CC carefully and checking my accounts everyday, so I can take action asap if needed.

I use Amex almost exclusively and I have not had the experience that retailers ask for more info when I use my Amex vs MC/Visa.

I had my debit card swiped like that at a gas station in DC once. Two days later BoA shuts down my credit card while I am in flight from San Diego back to DC. Card worked in one airport, landed, card shut off. BoA stopped $3000 in charges after the first $700 hit my account and had been stolen. Their fraud dept had left me a VM while flying and we verified that while in flight, I could not have been buying a TV in NYC. The money was replaced next day.
Since then, I moved over to a rewards card, and have not had any further issues.

If a thief wants to get your credit card information they can sadly obtain in using the techniques you describe above. I purchased some items from Amazon using my Visa debit card and our credit union called me. I didn't answer it but did call them back and they wanted to verify the purchases were legit. This caught me off guard as we purchase quite a few things from Amazon but I think since they saw several charges from Amazon it drew a red flag and they called us, that was great. Every time I go into our credit union they swipe my debit card and also ask a security question to verify that I am the actual owner of the bank account. Again, I like that. I have not used an ATM machine in several years as I can get cash from a teller or at the grocery store using my ATM card with PIN.

* Tim - The "secure connection" you spoke of are SSL encryption, which has now been broken. You are right there is not NO security, but it is not really a secure connection any more.

* Anyone used the hard shell wallets advertised on tv that supposedly block RFID readers from accessing your credit card?

* Rumor is that the new Iphone 5 coming out in a few months can replace your credit cards, a scanner is held up to the screen, and it charges to your credit card.

* I've never been hacked or skimmed, but have had low-tech fraud(the old carbon copy) where charges went to the account.

@Michael G: This is an awesome idea. I'm going to have some fun with my id questions now...

History is replete with each side overcoming the advantage that each has at one time or another. Yes, even with the chip cards, there are now 'readers' which use RF to query and download the information on the chip when one is in close proximity to the chip. Use of a shell to cover the card and protect it from unwanted RF advances is of more importance nowadays.

I am not a fan of the 'touch and go' technology for exactly the reason of ease of use for a criminal as well as yourself.

As always, it pays to be vigilant.

I've known all this for a long time. It's why I *never* carry a debit card around, and almost never use one. The rare few times I do use one, it's at the bank's inside ATM only, to withdraw cash (and I go to the bank, and come right back home).

I guess that's one of the great things about being a pessimist. You already are suspicious of everything, so you take a lot of safety measures, LOL. :)

@BD - if you only use your debit card for cash you should have an ATM/cash card instead of the debit card. That way if it's hacked it can only be used at an ATM instead of anywhere else.

Re: credit reports - what works for me has been to set up an Outlook reminder every 4 months, with a link to to (the ONLY website that allows you to actually check your credit report for free) in the body. The subject line is "EQUIFAX" (April 1) "EXPERIAN" (Aug 1) and "TRANS UNION" (Dec 1). That way I am checking regularly without having to pay for the privilege.

For the "security questions", just treat them like a secondary password. "Where were you married?" "Xq~1fnj03M" "What is the name of your childhood best friend?" "Xq~1fnj03M" "What is your mother's maiden name?" "Xq~1fnj03M"

And, of course, never log in over unencrypted wireless, EVER.

@Jclimber : Do banks even offer those any more? I know when I joined my bank here (a small local bank only in this area), they didn't offer a choice. The only card that withdraws cash that they offered (other than a credit card) was a debit card.

"Then again, how do you remember all the fake answers you give around various websites?"

I don't know how others do it, but I have created a small encrypted file using the freeware program TrueCrypt. When I want access to ANY of my passwords or security information I can't remember, I just open that file (using the only password that I actually MUST remember) and there are all my passwords, login IDs, and nonsensical ID verification questions and answers. (Plus some 'real' ones I recorded from back before I started using nonsensical ones)

I second those above who use fictional (even science fictional)answers. I've told websites my first job was as an attache for the Obsidian Order, and another that I got married in Thunderia. Hard to remember unless you record it, and of course the record must be kept very secure, and you've got to keep backups.

(In case anyone is wondering, those security answers are for 'dead' accounts, for instance, a bank I haven't used in about 5 years)

@BD: I guess it depends on your bank. I've had an atm-only card from my credit union for over ten years but I don't know about other banks.

My bank texts me my bank balance every morning. When my debit card was stolen and used to rack up $400 in Xbox charges one night (and I don't own an Xbox!) I knew it within hours. I contacted my bank and they provisionally refunded the money within 2 hours. The money was permanently credited in less than 3 biz days.

If your bank doesn't offer that level of service ... find a new bank.

I find it easy to remember "fake" answers by using not quite true answers. Like if you were married at a church on Charleston Ave and they ask what city you were married in, don't say the actual city, say Charleston. It's easy to remember because it's "True" and associated with the question, but it's not the city listed on your marriage certificate.

Mostly, I try to avoid using any answer that's documented anywhere. If it's written down, there's the potential that they can find it. So I might use my pet's nickname that only I use instead of the actual name for instance. Works pretty well, and is fairly easy to remember.

The comments to this entry are closed.

Start a Blog


  • Any information shared on Free Money Finance does not constitute financial advice. The Website is intended to provide general information only and does not attempt to give you advice that relates to your specific circumstances. You are advised to discuss your specific requirements with an independent financial adviser. Per FTC guidelines, this website may be compensated by companies mentioned through advertising, affiliate programs or otherwise. All posts are © 2005-2012, Free Money Finance.