• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Is our online banking safe?

I've recently watched a YouTube video where a guy was sharing his screen and showing how a Man-in-the-Browser attack allowed a criminal to get 40k PLN from his account by replacing the bank account number. He mentioned he had Norton software installed. Of course, we don't know if it was up-to-date, what other software he had installed, etc. Nevertheless, it was quite disturbing to hear that an attack like that could happen.

My point is this - what mechanisms are included in Norton Security to prevent such attacks? Is there an antikeylogger module in place? Why is there no dedicated browser for banking, like the ones offered by Kaspersky or Bitdefender? I was planning to extend my subsription, but would rather be assured first that Norton protects my online banking no worse than biggest rivals (ESET, KIS, BD).

Replies

Kudos0

Re: Is our online banking safe?

FWIW: These KIS and BDIS dedicated-safe pay browsers, Bitdefender's especially, for years have either failed to work or caused nothing but problems.

Kudos0

Re: Is our online banking safe?

Ah, if only we could be 100% protected from threats like this just by picking the "correct" security software.  In fact, all of the major brands of security products that provide outstanding "real world" protection, such as Norton and some of the others you mention, will offer several layers of defense against keystroke loggers and other malware.  For a full discussion of the protection components offered by Norton, I would suggest reading the latest reviews, such as this:

http://www.pcmag.com/article2/0,2817,2488738,00.asp

But a lot depends on other factors as well, such as how careful you are about opening email attachments and how religiously you keep your system and programs updated with the latest security patches.  For a discussion about keeping yourself safe from online financial threats, please see the following:

https://community.norton.com/en/blogs/norton-protection-blog/symantec-fi...

Kudos0

Re: Is our online banking safe?

FYI: This week's Windows 10 update borked both KIS and BDIS Safepay. Just another example of the headaches these "features" have been causing for years.

Prior to switching back to NS I used KIS for over a year. I had to disable its safe pay feature because it would never allow me to complete a transaction.

Bitdefender's "safe pay" feature for years was notorious for not working at all.

Because of the toolbar issue I am currently not using NS. The IS program I am using now has no protected browser but in published tests by highly regarded testing organizations it has proven to be 100% effective against banking malware and trojans that were in the wild at the time. I have no reason to suspect that NS is any less effective, despite its not having a protected browser. It appears that such a feature is more trouble than its worth.

Personally until just last year, I believed that anyone using online banking was foolish. I still do, but now for a variety of physical/medical reasons I have been forced to use it, but I do so as little as possible. I hate using it. Convenient? Yes. But what you are really doing is allowing your bank to increase its profits while increasing your risk.

In any event, Personal Banking hacks are not as prevalent as in previous years, now that the major Eastern European Cyber-Criminal Syndicates have realized that Ransomeware Attacks, especially against vulnerable large corporations and especially security lax hospitals is a far more profitable endeavor with far less effort. It appears to be unstoppable. Even The FBI has thrown up its hands and advises victims to just pay the ransome. Some of the criminal syndicates now have Ransomeware Help Desks, realizing that to increase victim compliance they need to help victims buy and transfer bitcons and reassure victims that if they pay the ransome their files will be unencrypted.** Even the dirtiest Eastern European and Russian Organized Crime Organizations are de-emphasing sordid crimes such as human trafficking and drugs and reallocating their efforts to cyber-crime and ransomeware in particular. It's "cleaner", safer,  and far more profitable.

Also the large financial institutions have started to be successfully attacked with increasing frequency and cyber criminal success at scoring huge jackpots. I believe your bank is more likely to be successfully hacked than any personal transaction you make with it. Why steal thounds USD when they can steal 10s-100s of millions USD?

** Just today a cybercrime outfit committed a cardinal sin in the criminal's personal code. They received the ransome but failed to unencrypt the corporation's files. Rest assured that that organization will be swiftly dealt with in a criminal way as it poses a risk to the profits of organized crime. Their gonna get "bumped off" for sure. Russian Mafia is ruthless and unforgiving.

Kudos0

Re: Is our online banking safe?

Whatever you use is only as safe as you are careful.

It's a lot easier to demonstrate how a "setup" enables someone to steal from you than to actually set up the necessary invasion of someone's computer when sensible precautions are taken.

The best protection in the world can be beaten ..... ask NSA!

Hugh
Kudos1 Stats

Re: Is our online banking safe?

hok:

Personally until just last year, I believed that anyone using online banking was foolish....Convenient? Yes. But what you are really doing is allowing your bank to increase its profits while increasing your risk.

Actually, the risk to an individual account holder is minimal.  Most banks will replace any funds lost from your account due to a fraudulent transaction as long as you notify the bank promptly.  The banks are the ones shouldering the risk (which is why some of them push Trusteer Rapport so heavily).  Furthermore, most banks have options to send you notifications for transactions that exceed a preset dollar amount or meet other thresholds that you specify so that you are immediately alerted to anything out of the ordinary.

And it's not as if paper banking or plastic card transactions are all that safe, either.  Remember forgery?  Checks in the mail can be stolen and washed, card numbers can be stolen by POS skimmers.  As long as you follow best practices for online banking, the risks are not that great.

Kudos0

Re: Is our online banking safe?

Epidemic of ATM Scanner hacking by adding another reader around Florida led to a warning from our own BoA.

Gas station pumps are common too.

Hugh
Kudos0

Re: Is our online banking safe?

deleted by hok

Kudos0

Re: Is our online banking safe?

SendOfJive:
hok:

Personally until just last year, I believed that anyone using online banking was foolish....Convenient? Yes. But what you are really doing is allowing your bank to increase its profits while increasing your risk.

Actually, the risk to an individual account holder is minimal.  Most banks will replace any funds lost from your account due to a fraudulent transaction as long as you notify the bank promptly.  The banks are the ones shouldering the risk (which is why some of them push Trusteer Rapport so heavily).  Furthermore, most banks have options to send you notifications for transactions that exceed a preset dollar amount or meet other thresholds that you specify so that you are immediately alerted to anything out of the ordinary.

And it's not as if paper banking or plastic card transactions are all that safe, either.  Remember forgery?  Checks in the mail can be stolen and washed, card numbers can be stolen by POS skimmers.  As long as you follow best practices for online banking, the risks are not that great.

All generally true BUT 1) It can take some time before the banks restores the funds fraudulent withdrawn/spent and 2) you make yourself more suseptible to idenity theft if you have an online account. A financial institution may use state-of-the-art security measures to protect your information, but once you have your account available online, your information is at higher risk from hackers. Most banks have safeguards against hacking, but your personal computer may not have the sophisticated technology that the banks incorporate.

Kudos0

Re: Is our online banking safe?

From Bruce Schneier, one of the world's foremost cybersecurity experts (the entire short article is worth reading):

In fact, Federal regulations require banks to reimburse customers for fraud amounts over $50, provided the customer reports the theft or fraud within 60 days....

The bottom line here is, bank customers generally don't suffer directly from internet and mobile crime: banks do. Do the banks then pass those losses on to consumers in the form of higher fees? Almost certainly. The gist of it is, you're already paying for the losses from crime related to mobile and iPhone banking, so you might as well use it.

Is iPhone Banking Perfectly Safe?
In a word, no. iPhone banking and mobile banking in general, like anything, can never be perfectly safe.
'It's not perfectly secure of course,' says Schneier. 'Are you secure against murder? Yes. Does that mean murder is impossible? Of course not. But are you afraid to go outside? No. Of course not. And it's not because you're wearing a bullet proof vest, right? Because you don't wear a bullet proof vest.'

 https://www.schneier.com/news/archives/2015/07/is_iphone_banking_sa.html

It should also be noted that banks do monitor account activity for anything out of the ordinary, and so you would almost certainly be notified immediately about something like a wire transaction for a large amount of money.  It's very unlikely that your account could be cleaned out without the bank contacting you to ask about it.

Kudos0

Re: Is our online banking safe?

https://www.schneier.com/news/archives/2015/07/is_iphone_banking_sa.html

It's a pity it reads as if it had anything to do with iPhones -- just a passing reference to "mobile banking" 

Hugh
Kudos0

Re: Is our online banking safe?

Although the iPhone is the device mentioned most often in the article, there are several places where it is stated that the advice pertains generally to all forms of internet banking.

But banking customers themselves almost certainly lose very little money from iPhone banking or from mobile or online banking....

According to Schneier, yes, iPhone banking is safe. Mobile banking is safe. Internet banking is safe.

'I bank online. I don't worry about it,' says Schneier. 'Anybody who drives a car, that's the biggest risk in their life.'

Kudos0

Re: Is our online banking safe?

Android malware coders have come up with a clever trick to mask fraudulent bank transactions, operating by changing the user's smartphone PIN, then locking the device, and by doing so keeping him busy while they empty his bank account.

http://news.softpedia.com/news/malware-empties-bank-accounts-while-users-desperately-try-to-unlock-their-phones-504592.shtml 

Kudos0

Re: Is our online banking safe?

SendOfJive:

From Bruce Schneier, one of the world's foremost cybersecurity experts (the entire short article is worth reading):

In fact, Federal regulations require banks to reimburse customers for fraud amounts over $50, provided the customer reports the theft or fraud within 60 days....

Two months with no funds in your bank account in many circumstances can feel like an eternity.  00

It's not a trifiling matter.

I came this AM to post about the latest android banking heist that bjm posted. Yes, it requires a lot of client ignorance to work, but most peeps in the general population are relatively ignorant about following instructions from what appears to be a critical email from their bank.

Last month I received an email from my bank that my PW would expire in 10 days and was insructed to log in to update it. [The bank has a policy of requiring customers to change their PWs annualy,which I did not know about and which appears nowhere on its site.] I delayed following that direction until I forwarded to a bank VP that had helped me in the past expressing my concerns as to its legitamacy and did not change my PW until I receieved a confirmation email from the bank's operations division.

I did change my PW, but sent an email criticizing the policy. A hacker knowing of such a requirement could make a targeted atttack against a bank customer and capture the new PW with a previously dropped keylogger. Because the bank has such a policy the client would most likely comply. A week later I sent the VP a link to an article in a highly respected security blog that was entitled "Requiring Frequent Changes in PWs Makes Systems Less Secure."

LOL-That's how much faith I have in the security of online banking.

UPDATE:Schneier is slightly off in the 60 day reuirement. Depending on the type of transaction, the Bank has 10 days to initially investigate a claim of fraud and to restore your funds on a conditional basis. After that the bank has 40 - 90 days to continue its investigation and after that time if it concludes there is no evidence of fraud it can take back the funds it had previously restored.

https://www.consumer.ftc.gov/articles/0218-electronic-banking

Kudos0

Re: Is our online banking safe?

It's sort of like the fear of flying.  Just because I am afraid to fly does not mean that airline travel is unsafe.  It's unquestionably the safest form of transportation, and the deaths per passenger-mile make almost anything else, like just getting out of bed, more risky.  The issue is the notion of perceived risk, not the actual amount of risk, which is minimal. And yet, there are flights that do not arrive at their destinations successfully.  We all have different risk tolerances, and if online banking makes you nervous, then yes, stay away.  And for anyone who doesn't check their bank statements regularly, or who clicks on links in emails to go to "your bank's" sign-in page, you probably should not be doing any online banking either. 

Kudos0

Re: Is our online banking safe?

Naturally, the Bank of England is trying to push for new laws that will allow it to deny reimbursement for online fraud victims if evidence surfaces that the user has been ignoring online security best practices.

bjm_:

http://news.softpedia.com/news/uk-banks-may-not-reimburse-fraud-victims-that-use-old-browsers-504491.shtml

Throughout this topic it has been mentioned that online banking safely requires that users follow best practices.  It isn't unreasonable that banks should not want to reimburse customers for losses that the customer could have prevented by observing basic online security guidelines.  In that case, it isn't a matter of online banking being inherently unsafe, it is a matter of the user behaving in an unsafe manner.

Kudos0

Re: Is our online banking safe?

Regardless of user best practice and regardless of best practice arbiter. 
With Fractional Reserve Banking.
Best to be first on-line.  

Kudos0

Re: Is our online banking safe?

Kudos0

Re: Is our online banking safe?

Using the internet itself is risky enough. This is especially true when you are not careful enough: your PII could be the next target for cyber attackers, which could frequently trigger both computer infections and direct financial loss. The following links have offered a series of Online Banking Safety Tips - just make the best of those pages to build and/or enhance your current lines of defense:

 The first, and most important step, should be looking for the green "lock" icon in your browser if you're a fan of eCommerce. Because:

A closed lock or padlock indicates that the website you are on (or the communication between your system and the site's server) is secure and/or encrypted.

 

Please keep in mind that, HTTPS can also secure/encrypt data as it travels between the server and the client. When it comes to clearing browser's cache, you can make the best of this vid.

Personally, your mouse can hugely impact your internet security. That's being said, a single click could easily trigger an aggressive adware infection. This could happen to your computer when you run some downware (aka, custom installer), or some wolf in sheep's clothing. Examples are, WeatherBug for Windows, Drive-by Download, and more other forms of computer attack, because of some aggressive internet marketing.

The last thing we can do before you choose to format or reinstall your system is to choose a RIGHT, valid backup software. Or, one can also consider using Norton Security Premium.

Offers 25 GB of secure PC cloud backup, providing additional protection against ransomware.

Just, keep cool when running into trouble. Example are, place a "Fraud Alert" in time (see additional info about Extended Fraud Alert here.), find the right & efficient solution (computer virus vs. Riskware (from adware to spyware and to hijckware and to endless Windows PUPs) vs. Malware)

Learn more?

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Is our online banking safe?

Kudos0

Re: Is our online banking safe?

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Is our online banking safe?

Buhaj47: My point is this - what mechanisms are included in Norton Security to prevent such attacks? Is there an antikeylogger module in place? Why is there no dedicated browser for banking, like the ones offered by Kaspersky or Bitdefender? I was planning to extend my subsription, but would rather be assured first that Norton protects my online banking no worse than biggest rivals (ESET, KIS, BD).

Have your questions / concerns been addressed....?
Norton | Learn How Norton Goes Beyond Antivirus  

Kudos0

Re: Is our online banking safe?

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Is our online banking safe?

A data breach is different, and not directly related to online banking.  Whether you bank online or not, your account and personal information can still be stolen if the bank suffers a data breach.

Kudos0

Re: Is our online banking safe?

Kudos0

Re: Is our online banking safe?

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Is our online banking safe?

bjm_:

Have your questions / concerns been addressed....?
Norton | Learn How Norton Goes Beyond Antivirus  

I'd say so, thank you.

Kudos0

Re: Is our online banking safe?

Buhaj47:
bjm_:

Have your questions / concerns been addressed....?
Norton | Learn How Norton Goes Beyond Antivirus  

I'd say so, thank you.

http://us.norton.com/wi-fi-privacy 

Kudos0

Re: Is our online banking safe?

Hello

bjm's last link is for smartphones and tablets.


While public Wi-Fi is convenient, it’s never safe. Accessing the Web on an unsecured Wi-Fi hotspot can expose your most sensitive information like passwords, photos and credit card numbers to hackers and identity thieves. Norton WiFi Privacy helps encrypt this information so you can use your smartphone or tablet on any public Wi-Fi hotspot without worry.


copied from  http://us.norton.com/wi-fi-privacy   Surprised it isn't a https  site..

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Is our online banking safe?

Norton Wifi Privacy is available now for Android devices.

https://play.google.com/store/apps/details?id=com.symantec.securewifi

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.