Which banks are the most secure?
December 19, 2005 10:20 AM Subscribe
Which banks are the most secure?
I'm looking for resources, websites, experiences about bank security. Are they all the same? Is there nothing that can be done to secure your account except never use an atm?
I shred all personal information, I never give out my ss#. I use my ATM debit/visa only for deposits at my bank branches (maybe one purchase every 6 months), I never withdraw money with it, it is never used at an ATM that is not my bank branch.
At some point I assume my card was skimmed. False deposits and withdrawls were made to and from my checking account, the credit card part of the card was never used. This has been reported to my bank and the police, I'm just looking for feedback on what further action I need to take to protect myself.
I see that WaMu cards are the easiest to forge, but is switching to one of the evilest banks, Bank of America, my only choice? I switched to WaMu to get away from Citibank, and now I feel they too have screwed me.
Can I blame my bank for this?
Is changing to an evil bank the answer?
Reccommendations?
I'm looking for resources, websites, experiences about bank security. Are they all the same? Is there nothing that can be done to secure your account except never use an atm?
I shred all personal information, I never give out my ss#. I use my ATM debit/visa only for deposits at my bank branches (maybe one purchase every 6 months), I never withdraw money with it, it is never used at an ATM that is not my bank branch.
At some point I assume my card was skimmed. False deposits and withdrawls were made to and from my checking account, the credit card part of the card was never used. This has been reported to my bank and the police, I'm just looking for feedback on what further action I need to take to protect myself.
I see that WaMu cards are the easiest to forge, but is switching to one of the evilest banks, Bank of America, my only choice? I switched to WaMu to get away from Citibank, and now I feel they too have screwed me.
Can I blame my bank for this?
Is changing to an evil bank the answer?
Reccommendations?
Avoid banks altogether: on the whole credit unions tend to have a much more secure system, acounts that are guaranteed against way more things (banks have much smaller limits on what they guarantee) and their users are targetted much less often.
Just remember, when your financial institution is not in the business of making money off of you they tend to be much more reasonable in all circumstances, especially fraud/id theft.
posted by Cosine at 11:13 AM on December 19, 2005
Just remember, when your financial institution is not in the business of making money off of you they tend to be much more reasonable in all circumstances, especially fraud/id theft.
posted by Cosine at 11:13 AM on December 19, 2005
Not using an ATM card at all is the only way to guarantee protection. Otherwise, monitor your online statement assiduously and report any transactions you don't recognize to the bank immediately. Be careful about what ATMs you use; avoid third-party standalones (there have been many cases in which they were owned by scammers) and be on the lookout for skimming hardware.
BofA does have a 100% fraud guarantee on its debit cards, and they respond very quickly in my experience, which is nice, but you still have to notice the transactions before they cause a financial crisis.
If you are really paranoid, ask if your bank can disable the use of your card at ATMs entirely, and do your withdrawals via cashback debit card transactions (e.g. post office, grocery store). This makes it much less likely to be skimmed, and if it is, your thieves will almost certainly use ATMs rather than POS because their cards probably wouldn't pass muster if someone actually looked at them.
I will say that a friend of mine had her checkbook for a WaMu credit line stolen and the bank has been dragging its feet on replacing the money for nearly a year even though she reported the checkbook stolen and the signatures were obviously not hers. So getting away from them would probably be a good idea.
posted by kindall at 11:19 AM on December 19, 2005
BofA does have a 100% fraud guarantee on its debit cards, and they respond very quickly in my experience, which is nice, but you still have to notice the transactions before they cause a financial crisis.
If you are really paranoid, ask if your bank can disable the use of your card at ATMs entirely, and do your withdrawals via cashback debit card transactions (e.g. post office, grocery store). This makes it much less likely to be skimmed, and if it is, your thieves will almost certainly use ATMs rather than POS because their cards probably wouldn't pass muster if someone actually looked at them.
I will say that a friend of mine had her checkbook for a WaMu credit line stolen and the bank has been dragging its feet on replacing the money for nearly a year even though she reported the checkbook stolen and the signatures were obviously not hers. So getting away from them would probably be a good idea.
posted by kindall at 11:19 AM on December 19, 2005
scazza: didn't you get your money back? If so, how can you blame the bank? What are you upset about, exactly? No bank can prevent someone from cloning a debit card if the hackers know the PIN number and everything.
posted by delmoi at 11:21 AM on December 19, 2005
posted by delmoi at 11:21 AM on December 19, 2005
What recommends BOA at all? I've had nothing but trouble from them.
I recommend them highly, actually. I have had nothing but excellent service from them. They beat everyone in town on a rate for a car loan for me, they were the first to offer me a real credit card after my credit troubles, and they handled things very quickly when I had some fraud on my debit card. Their cards are among the most secure because they have a photo and a signature printed right on the front of them and they protect both debit and credit cards 100% against fraud (the law limits your liability to I think $50, but they go further). And they have a ton of ATMs located in very convenient locations. They are one of the best big evil banks I have used.
posted by kindall at 11:24 AM on December 19, 2005
I recommend them highly, actually. I have had nothing but excellent service from them. They beat everyone in town on a rate for a car loan for me, they were the first to offer me a real credit card after my credit troubles, and they handled things very quickly when I had some fraud on my debit card. Their cards are among the most secure because they have a photo and a signature printed right on the front of them and they protect both debit and credit cards 100% against fraud (the law limits your liability to I think $50, but they go further). And they have a ton of ATMs located in very convenient locations. They are one of the best big evil banks I have used.
posted by kindall at 11:24 AM on December 19, 2005
BofA does have a 100% fraud guarantee on its debit cards
Keep in mind this is only marginally more valuable than the "No CFC propellants!" that all shaving cream cans have printed on them. Oh really, you're CFC-free just as you have been required to be by federal law since the middle 70s? How special of you.
Similarly your protections on debit card fraud llimits your liability to $50 in almost all circumstances and usually not even that. It's rare for a bank not to eat that $50, for a variety of reasons. Not the least of which is they want to continue to avoid what many people claim is the only way identity theft is ever going to get solved: make the people with the most power to resolve the situation the ones who are liable for the problems. (see http://www.schneier.com/blog/archives/2005/03/id_theft_is_ine.html and other Schneier articles for his take)
For those who actually read links: yes, while there is a plateau above $50, the letter of the law is that you have to report it within two days of discovering the theft, so unless there's some magical power allowing knowledge of when you noticed, it's $50.
I'd not that you shouldn't be penny-wise and pound-foolish here. Moving to a bank where you'll for sure pay $5 more every month in fees so as to save yourself $50 maybe possibly someday is a bad trade. Hell, it's a bad trade even if it happens every 12 months - you'll still be $10 down.
As far as the actual question, the best way to not get your checking account skimmed is not to keep much money in it. This is fairly easy these days with telephone and internet banking; keep the lion's share in your savings account and transfer it over as you need more. Decline any automatic anti-bounce functionality the bank may want to press on you; often they hit you with the bounce fee anyway
posted by phearlez at 12:02 PM on December 19, 2005
Keep in mind this is only marginally more valuable than the "No CFC propellants!" that all shaving cream cans have printed on them. Oh really, you're CFC-free just as you have been required to be by federal law since the middle 70s? How special of you.
Similarly your protections on debit card fraud llimits your liability to $50 in almost all circumstances and usually not even that. It's rare for a bank not to eat that $50, for a variety of reasons. Not the least of which is they want to continue to avoid what many people claim is the only way identity theft is ever going to get solved: make the people with the most power to resolve the situation the ones who are liable for the problems. (see http://www.schneier.com/blog/archives/2005/03/id_theft_is_ine.html and other Schneier articles for his take)
For those who actually read links: yes, while there is a plateau above $50, the letter of the law is that you have to report it within two days of discovering the theft, so unless there's some magical power allowing knowledge of when you noticed, it's $50.
I'd not that you shouldn't be penny-wise and pound-foolish here. Moving to a bank where you'll for sure pay $5 more every month in fees so as to save yourself $50 maybe possibly someday is a bad trade. Hell, it's a bad trade even if it happens every 12 months - you'll still be $10 down.
As far as the actual question, the best way to not get your checking account skimmed is not to keep much money in it. This is fairly easy these days with telephone and internet banking; keep the lion's share in your savings account and transfer it over as you need more. Decline any automatic anti-bounce functionality the bank may want to press on you; often they hit you with the bounce fee anyway
posted by phearlez at 12:02 PM on December 19, 2005
Response by poster: delmoi: I am not upset at all actually, the police assuaged those emotions. My inquiry is completely rational.
I can blame the bank, 1. because it was the bank's lax security that allowed skimming devices on their ATMs, since theirs are the only ATMs I use. And 2. for their crappy cards. If you follow the link, WaMu cards are the least encrypted, and BofA's cards are the most secure. Hence my question: WaMu's security is a joke, but is there really anything more they can do? Is switching to the biggest evillest banks the only way to be secure?
Sorry if I wasn't clear.
I checked around and BofA only gives free checking with direct deposit, so that eliminates them. Any other banks, credit unions I should consider?
As far as the actual question, the best way to not get your checking account skimmed is not to keep much money in it.
I had $120 in the account before it got hijacked. They made fake large deposits and withdrew money out of that. It does not matter how much money you have in the account.
So, thank you everyone. Anyone have any resources for me to check up on bank security?
posted by scazza at 12:39 PM on December 19, 2005
I can blame the bank, 1. because it was the bank's lax security that allowed skimming devices on their ATMs, since theirs are the only ATMs I use. And 2. for their crappy cards. If you follow the link, WaMu cards are the least encrypted, and BofA's cards are the most secure. Hence my question: WaMu's security is a joke, but is there really anything more they can do? Is switching to the biggest evillest banks the only way to be secure?
Sorry if I wasn't clear.
I checked around and BofA only gives free checking with direct deposit, so that eliminates them. Any other banks, credit unions I should consider?
As far as the actual question, the best way to not get your checking account skimmed is not to keep much money in it.
I had $120 in the account before it got hijacked. They made fake large deposits and withdrew money out of that. It does not matter how much money you have in the account.
So, thank you everyone. Anyone have any resources for me to check up on bank security?
posted by scazza at 12:39 PM on December 19, 2005
so you really want to go back to a bank? fool me once....
posted by Cosine at 12:56 PM on December 19, 2005
posted by Cosine at 12:56 PM on December 19, 2005
If you follow the link, WaMu cards are the least encrypted, and BofA's cards are the most secure.
This is nice to know but I don't see why it really matters. It keeps a skimmer from getting your actual account number, but they don't need your actual account number, they just need to duplicate the codes from your card to a new one, and they can easily do that without decrypting them. (Getting the actual account number is nice if you're going to do things like ACH transfers out of the account, but if they're hitting ATMs, then BofA's cards are no less vulnerable than anyone else's.)
The debit card number (e.g. the number that gets used when you use it as a Visa or Mastercard) is always stored unencrypted, I believe. If different banks used different encryption for this, it would be impossible to scan cards in stores, defeating the purpose.
This is your real problem:
They made fake large deposits and withdrew money out of that.
This is an utterly stupid thing for a bank to allow and I can't believe WaMu does. BofA definitely only allows you to take out money that's actually in your account.
I checked around and BofA only gives free checking with direct deposit, so that eliminates them.
At least here in Washington, they also have an account that is free if you bank mostly by ATM or telephone. (More than two uses of a teller per month incurs a fee, IIRC.) They may not offer that account everywhere, however. In any case, it looks like their minimum balance for for waiving fees in regular checking is a reasonable $750.
Keep in mind this is only marginally more valuable than the "No CFC propellants!" that all shaving cream cans have printed on them. ... Similarly your protections on debit card fraud llimits your liability to $50 in almost all circumstances and usually not even that. It's rare for a bank not to eat that $50, for a variety of reasons.
Most do not guarantee this, however.
posted by kindall at 1:27 PM on December 19, 2005
This is nice to know but I don't see why it really matters. It keeps a skimmer from getting your actual account number, but they don't need your actual account number, they just need to duplicate the codes from your card to a new one, and they can easily do that without decrypting them. (Getting the actual account number is nice if you're going to do things like ACH transfers out of the account, but if they're hitting ATMs, then BofA's cards are no less vulnerable than anyone else's.)
The debit card number (e.g. the number that gets used when you use it as a Visa or Mastercard) is always stored unencrypted, I believe. If different banks used different encryption for this, it would be impossible to scan cards in stores, defeating the purpose.
This is your real problem:
They made fake large deposits and withdrew money out of that.
This is an utterly stupid thing for a bank to allow and I can't believe WaMu does. BofA definitely only allows you to take out money that's actually in your account.
I checked around and BofA only gives free checking with direct deposit, so that eliminates them.
At least here in Washington, they also have an account that is free if you bank mostly by ATM or telephone. (More than two uses of a teller per month incurs a fee, IIRC.) They may not offer that account everywhere, however. In any case, it looks like their minimum balance for for waiving fees in regular checking is a reasonable $750.
Keep in mind this is only marginally more valuable than the "No CFC propellants!" that all shaving cream cans have printed on them. ... Similarly your protections on debit card fraud llimits your liability to $50 in almost all circumstances and usually not even that. It's rare for a bank not to eat that $50, for a variety of reasons.
Most do not guarantee this, however.
posted by kindall at 1:27 PM on December 19, 2005
Response by poster: Cosine, did I ever say that I would absolutely only ever use a bank? No, I'm taking all reccommendations. Come on.
posted by scazza at 1:55 PM on December 19, 2005
posted by scazza at 1:55 PM on December 19, 2005
but it hurts when you don't even acknowledge my post man, it hurts bad... lol
posted by Cosine at 2:57 PM on December 19, 2005
posted by Cosine at 2:57 PM on December 19, 2005
Avoid banks altogether: on the whole credit unions tend to have a much more secure system, accounts that are guaranteed against way more things (banks have much smaller limits on what they guarantee) and their users are targetted much less often.
Full Disclosure: I work for a bank, albeit not a *nationwide* evil behemoth, or even a super-regional - but sizable nonetheless.
I'm interested in hearing a source or sources cited for the first part of this statement - how do credit unions have "more secure systems"? Do you have industry knowledge of this you can share? Just curious, no snark intended.
As far as credit unions being targeted much less often, scammers tend to fish *and* phish the larger ponds, then work their way down. This past year saw SOARING levels of all kinds of fraud in the middle of the market (banks AND credit unions), because Citi, BofA, SunTrust, etc have all tried to do a better job of educating their customers about all types of fraud - online and otherwise.
FYI, a recent FFIEC guideline states that financial institutions must implement or be well on the way to implementing stronger controls via online channels (and I know you talked about skimmers and I'm edging around that) by the end of 2006. More importantly, I think, the guideline also essentially states that FIs must all do a better job of educating customers about fraud. How to prevent, protect, spot, report.
I can climb a soap box and pontificate for hours about how banking online is one of the best ways to protect yourself against many types of fraud, but these guys get paid to research and offer analysis.
Oh, and Visa offers a branded "zero liability" guarantee for most but not all of the Visa logo'd cards - debit, credit, and in some cases some of their pre-paid product.
If you're not US, ignore all of the above. Ahem.
posted by ersatzkat at 4:45 PM on December 19, 2005
Full Disclosure: I work for a bank, albeit not a *nationwide* evil behemoth, or even a super-regional - but sizable nonetheless.
I'm interested in hearing a source or sources cited for the first part of this statement - how do credit unions have "more secure systems"? Do you have industry knowledge of this you can share? Just curious, no snark intended.
As far as credit unions being targeted much less often, scammers tend to fish *and* phish the larger ponds, then work their way down. This past year saw SOARING levels of all kinds of fraud in the middle of the market (banks AND credit unions), because Citi, BofA, SunTrust, etc have all tried to do a better job of educating their customers about all types of fraud - online and otherwise.
FYI, a recent FFIEC guideline states that financial institutions must implement or be well on the way to implementing stronger controls via online channels (and I know you talked about skimmers and I'm edging around that) by the end of 2006. More importantly, I think, the guideline also essentially states that FIs must all do a better job of educating customers about fraud. How to prevent, protect, spot, report.
I can climb a soap box and pontificate for hours about how banking online is one of the best ways to protect yourself against many types of fraud, but these guys get paid to research and offer analysis.
Oh, and Visa offers a branded "zero liability" guarantee for most but not all of the Visa logo'd cards - debit, credit, and in some cases some of their pre-paid product.
If you're not US, ignore all of the above. Ahem.
posted by ersatzkat at 4:45 PM on December 19, 2005
SOAPBOX ALERT lol:
erdatzkat - I've been in banking my entire working life, the main point I was referring to was that ALL credit union accounts are fully insured against fraud, bank closures, financial institution bankrucies, etc, by law. Banks only guarantee accounts up to a certain amount and under much more stringent conditions.
I should have pointed out that I am Canadian, the US credit union and banking systems are remarkable similar though.
In British Columbia, where I live and work, Credit Unions have a market share much greater than anywhere else in North America so some of my comments and opinions are coloured by this, however it is because people like the poster became fed up with banks in the first place that this desirable situation occured in the first place.
Speaking at least for the area I live in I honestly do not understand ANYONE using a bank, as a CU member I pay no service charges for anything, ever, under any circumstances, I have basically unlimited overdraft protection, I will never bounce a cheque or payment (they cover it and call me to see what's up), I can use any bank machine anywhere without charges.
At least in Canada CU's have led the way in offering new technologies for banking with the major national banks usually lagging 2-3 years behind. I work in tech and get to see the internal operations of most of the majors so my opinion is fairly well informed.
The CU in your area may not offer all of these benefits but remember that it has to start somewhere and as long as you bank somewhere that exists to steal as much as they possibly can from your accounts through hidden fees and service charges there is very little incentive to grow/change/invent/improve.
posted by Cosine at 1:02 PM on December 20, 2005
erdatzkat - I've been in banking my entire working life, the main point I was referring to was that ALL credit union accounts are fully insured against fraud, bank closures, financial institution bankrucies, etc, by law. Banks only guarantee accounts up to a certain amount and under much more stringent conditions.
I should have pointed out that I am Canadian, the US credit union and banking systems are remarkable similar though.
In British Columbia, where I live and work, Credit Unions have a market share much greater than anywhere else in North America so some of my comments and opinions are coloured by this, however it is because people like the poster became fed up with banks in the first place that this desirable situation occured in the first place.
Speaking at least for the area I live in I honestly do not understand ANYONE using a bank, as a CU member I pay no service charges for anything, ever, under any circumstances, I have basically unlimited overdraft protection, I will never bounce a cheque or payment (they cover it and call me to see what's up), I can use any bank machine anywhere without charges.
At least in Canada CU's have led the way in offering new technologies for banking with the major national banks usually lagging 2-3 years behind. I work in tech and get to see the internal operations of most of the majors so my opinion is fairly well informed.
The CU in your area may not offer all of these benefits but remember that it has to start somewhere and as long as you bank somewhere that exists to steal as much as they possibly can from your accounts through hidden fees and service charges there is very little incentive to grow/change/invent/improve.
posted by Cosine at 1:02 PM on December 20, 2005
In the US, the NCUA insures credit union members up to $100k. This limit applies to the total aggregate value of all accounts owned by that member at one credit union. Link.
posted by ryanrs at 10:06 PM on December 26, 2005
posted by ryanrs at 10:06 PM on December 26, 2005
This thread is closed to new comments.
(What recommends BOA at all? I've had nothing but trouble from them.)
posted by IndigoJones at 11:08 AM on December 19, 2005