[Clips] Banks Seek Better Online-Security Tools

Sun Dec 4 00:33:14 EST 2005

dan, maybe you should just keep less money in the bank.

i use online banking and financial services of almost every kind
(except bill presentment, because i like paper bills).  i ccannot do
without it.

it seems to me the question is how much liability do i expose myself to by
doing this, in return for what savings and convenience.  

i don't keep a lot of money in banks (why would anyone?)  -- most of
the assets are in (e.g.)  brokerage accounts.  at most  i'm exposing
a month of payroll check to an attacker briefly until it pays some
bill or is transferred to another asset account.  

	(the lack of payment planning tools is my biggest beef with bill
	paying systems... it's so stupid that they don't show you the future
	running balances based on already arranged scheduled payments and
	regular withdrawals).

i have an slightly too elaborate drip-feed system set up, with direct
deposit of the paycheck into an account which pays (as scheduled
payments) my fixed bills automatically every month and makes minimum
credit card payments too, so i don't often pay nuisance fees.  (my
utilities have been switched to "average payment" plans, or more
recently to bill to credit cards so they fit into this plan).

i haven't written more than a few paper checks in years.  i just add the
payee to the online system and have the bank do it.  the online system
has paid around 200 bills so far this year. 

so i save on time, on postage, on the float (since the banks do ach
transfers to the larger payees which often post in 2-3 days), on
nuisance and finance charges, and on the phone, complaining about
problems posting paper checks.

i would notice a fraudulent transfer on my online backing long before
i would notice a fraudulent paper check written against the same account.

not only do i use online banking, i use aggregation systems which scrape
screens for most of my accounts and display recent transactions,
current balances, etc.  

		i think i've tried almost all of these.
		fidelity's "full view" seems among the best of the group (they use
		yodlee for the scraping but manage their own password store).
		(while dan is surveying, i'll ask if anyone is using gnucash for this).

i find this extremely helpful in managing diversification across
several accounts, and in noticing such details such as both sides of
payments or transfers between institutions or charges on infrequently
used credit card accounts.

	an interesting question regarding aggregation was whether i should let
	them use the information they scraped to decide what to offer me.  (so
	far they haven't offered me a free toaster to entice me to move assets
	to them.  according to an informant, they don't use the information
	for poaching.)

On Fri, Dec 02, 2005 at 11:05:29PM -0500, dan at geer.org wrote:
> 
> You know, I'd wonder how many people on this
> list use or have used online banking.  
> 
> To start the ball rolling, I have not and won't.
> 
> --dan
> 
> 
> Cryptography is nothing more than a mathematical framework for
> discussing the implications of various paranoid delusions.
>     -- Don Alvarez 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com