Home
Join

31 Replies

  • I think it's a great idea for any financial institution to constantly review their security.

    How did I get first?

    Pepper graySpice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • I think its a good idea but that being said maybe banks should be on the forefront of security / monitoring? They are supposed to be securing everyone's finances so...... yeah might be a good idea to make sure anything that has some sort of impact on others at least has a standard level of security to it.

    Pepper graySpice (6) flagReport
    Was this post helpful? thumb_up thumb_down
  • The banks I've consulted for have some of the worst security I've seen.

    Is ironic as it would be, it's almost enough to make an IT pro start keeping his cash in his mattress.

    Edit: Now, in fairness to the banking industry, they are one of the few human endeavors other than the military where they need to defend against physical attack as a real and present danger, while at the same time defending information assets. I think it's just an institution that has been around so long, the inertia of change from having to add the cyber part of defense is making the change happen with glacial slowness.

    Pepper graySpice (11) flagReport
    Was this post helpful? thumb_up thumb_down
  • So some banks are hemorrhaging money left and right yet they issue credit cards?  Maybe instead of jacking up their fees they should be reducing shareholder payouts.

    Pepper graySpice (8) flagReport
    Was this post helpful? thumb_up thumb_down
  • I did some consulting work for a local credit union years ago, and was *stunned* at the lack of physical and logical security. I was there because the head office didn't see the need for IT pros staffed at every branch -- or any branch really. 

    That CU is out of business now -- thankfully.

    If folks are following the Top 3 FBI recommendations (strong passwords, 2FA, separation of duties) then they're doing alot. Trouble is, I'm sure most don't. 

    ..

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • It is encouraging to see that the FBI is providing guidance on security for banks.  However, somehow there should be some requirement for banks to evaluate their security process.  Perhaps they are aware of this need.  On Friday when I visited an ATM machine in one bank, I saw that they were all in the process of being replaced by fancy new (perhaps more secure) machines.  I drove to another bank branch and saw that the machines had already been installed.  

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Beard of Knowledge wrote:

    The banks I've consulted for have some of the worst security I've seen.

    Is ironic as it would be, it's almost enough to make an IT pro start keeping his cash in his mattress.

    Edit: Now, in fairness to the banking industry, they are one of the few human endeavors other than the military where they need to defend against physical attack as a real and present danger, while at the same time defending information assets. I think it's just an institution that has been around so long, the inertia of change from having to add the cyber part of defense is making the change happen with glacial slowness.

    I had a friend who worked for a banking software company, and he actually did keep his cash in the mattress (or somewhere not-bank).  But he was pretty paranoid before he worked there too.

    I think part of the banks problem is they are based on auditable transactions, rather than physical security.  They can basically undo anything that isn't kosher, though the physical issue as in this case relies on converting to cash before the transaction can be stopped and/or undetected account inflationOpens a new window.  But with everything going electronic, I think that is why they get so excited about blockchain.  Rather than security by obscurity, it is security by lots of eyeballs.  I don't think that is enough, but we'll learn after the first giant heist... OopsOpens a new window.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Like I said before in another post, I think my mattress may be the safest place to keep my money now.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Yeah, banks are a crap shoot.  I have been in some where you had to be escorted in\out of areas with card swipes both directions...and I have been in some where they handed me a key and said "third door on your left".

    I think most people look at security like insurance, you don't think you need it until after you need it!

    Now, to go and sit by an ATM for a while, just in case there is a bug in the code and it just starts spitting money!

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Beard of Knowledge wrote:

    The banks I've consulted for have some of the worst security I've seen.

    Is ironic as it would be, it's almost enough to make an IT pro start keeping his cash in his mattress.

    Edit: Now, in fairness to the banking industry, they are one of the few human endeavors other than the military where they need to defend against physical attack as a real and present danger, while at the same time defending information assets. I think it's just an institution that has been around so long, the inertia of change from having to add the cyber part of defense is making the change happen with glacial slowness.

    Why did the mattress become the do it yourself home vault?  Why not the fridge, or the microwave.  The stove maybe?  Even in zip lock bags in the top of the toilet..

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Tuaners wrote:

    Beard of Knowledge wrote:

    The banks I've consulted for have some of the worst security I've seen.

    Is ironic as it would be, it's almost enough to make an IT pro start keeping his cash in his mattress.

    Edit: Now, in fairness to the banking industry, they are one of the few human endeavors other than the military where they need to defend against physical attack as a real and present danger, while at the same time defending information assets. I think it's just an institution that has been around so long, the inertia of change from having to add the cyber part of defense is making the change happen with glacial slowness.

    Why did the mattress become the do it yourself home vault?  Why not the fridge, or the microwave.  The stove maybe?  Even in zip lock bags in the top of the toilet..

    The "money in the mattress" predates those inventions. I mean there have been "fire pits" for cooking longer than mattresses but that literally burns through your savings. And messing with electronics is a fire hazard...

    As for banks... yeah their security is and always has been more focused on the physical. That said, I'll still (currently) trust them more than my mattress. 

    Was this post helpful? thumb_up thumb_down
  • Wow, easy for the FBI to rattle off their couple bullet points.  Having worked at a small bank, pulling off some of these implementations is non-trivial, considering that I don't work midnights but they wouldn't let me close down the bank for security updates either.  Dual-auth, app whitelisting, and geo monitoring aren't just things your casual work-a-day one-man-show IT admin at your friendly local spider bank can just whip off.  I grant their point, that they are good things to do, they just require real dollar and time budgets, which some of these small time banks will never be willing to supply.

    Was this post helpful? thumb_up thumb_down
  • Damn! I thought no-one knew about the toilet cistern. Time to find a new safe place...

    Pepper graySpice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • did have an organisation that installs remote banking software compalin that our system (we are a college !) was too secure - there's had a userid of admin and a passowerd of password !!!!!!!!!!!!!!!!!!

    Was this post helpful? thumb_up thumb_down
  • Bummer! You would think that they are indeed on the forefront - but I sometimes have the impression that they function more like an authority than a business

    Was this post helpful? thumb_up thumb_down
  • BiscuitKing wrote:

    Like I said before in another post, I think my mattress may be the safest place to keep my money now.

    Check out rockefeller over here with a mattress on his bed!

    Pepper graySpice (10) flagReport
    Was this post helpful? thumb_up thumb_down
  • Surely they need to get the money in there in the first place and that is the FBIs job to stop them!

    no one lets anyone into their castle first then blames the internal defence for not stopping them!

    Was this post helpful? thumb_up thumb_down
  • Tuaners wrote:

    Beard of Knowledge wrote:

    The banks I've consulted for have some of the worst security I've seen.

    Is ironic as it would be, it's almost enough to make an IT pro start keeping his cash in his mattress.

    Edit: Now, in fairness to the banking industry, they are one of the few human endeavors other than the military where they need to defend against physical attack as a real and present danger, while at the same time defending information assets. I think it's just an institution that has been around so long, the inertia of change from having to add the cyber part of defense is making the change happen with glacial slowness.

    Why did the mattress become the do it yourself home vault?  Why not the fridge, or the microwave.  The stove maybe?  Even in zip lock bags in the top of the toilet..

    Just wrap up bricks of money in foil and stash them in the back of your freezer.  I can never find my frozen peas.  The money will be safe.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Teamviewer is a terrible tool to be using in a financial institution.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Mike400 wrote:

    So some banks are hemorrhaging money left and right yet they issue credit cards?  Maybe instead of jacking up their fees they should be reducing shareholder payouts.

    It's almost like you think banks are there to serve some other purpose aside from paying shareholders.

    Was this post helpful? thumb_up thumb_down
  • The comments on this thread regarding lack of security at these institutions is terrifying. So our options are:

    A.) Wells Fargo who will rip you off. 

    B.) Credit Union that will get ripped off. 

    Sweet. 

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • David Auth wrote:

    Wow, easy for the FBI to rattle off their couple bullet points.  Having worked at a small bank, pulling off some of these implementations is non-trivial, considering that I don't work midnights but they wouldn't let me close down the bank for security updates either.  Dual-auth, app whitelisting, and geo monitoring aren't just things your casual work-a-day one-man-show IT admin at your friendly local spider bank can just whip off.  I grant their point, that they are good things to do, they just require real dollar and time budgets, which some of these small time banks will never be willing to supply.

    You don't work off hours for change implementation? Lucky you. Your point is well taken though, don't do business with any bank with a lone IT person. 

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • BiscuitKing wrote:

    Like I said before in another post, I think my mattress may be the safest place to keep my money now.

    5 Common Misconceptions About FDIC Insurance ... and the Real Facts.Opens a new window

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • The Data Master wrote:

    Teamviewer is a terrible tool to be using in a financial institution.

    Why is that? What to tool are you recommending in its place?

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • BiscuitKing  wrote:

    Like I said before in another post, I think my mattress may be the safest place to keep my money now.


    I'm starting to think you might just be right. 
    Was this post helpful? thumb_up thumb_down
  • Mike400 wrote:

    So some banks are hemorrhaging money left and right yet they issue credit cards?  Maybe instead of jacking up their fees they should be reducing shareholder payouts.

     Credit Cards are profitable (4.05 percent as a return on assets from the last federal data I can find). 

    Don't want to pay overdraft fees? Disable ovedraft protection. It's quite easy and will force charges to bounce that are beyond what the account can issue. 

    Don't want to pay ATM Fees? Charles Schwab Bank will reimbuse ATM fees, Citi has 60,000 ATM's fee free and Ally's pretty good.

    Want Banks to stop paying shareholders their profits?

    1. Join a Credit Uniion (and become a shareholder!)

    2. Advocate for radical nationalization of the banks and other core financial sectors by starting a revolution of the proletariat. Glorious North Korea doesn't have any capitalist ATM fees or OVERDRAFT FEEs!
    3. Realize that banks are not hemorging money....
    Was this post helpful? thumb_up thumb_down
  • StorageNinja wrote:

    Mike400 wrote:

    So some banks are hemorrhaging money left and right yet they issue credit cards?  Maybe instead of jacking up their fees they should be reducing shareholder payouts.

     Credit Cards are profitable (4.05 percent as a return on assets from the last federal data I can find). 

    Don't want to pay overdraft fees? Disable ovedraft protection. It's quite easy and will force charges to bounce that are beyond what the account can issue. 

    Don't want to pay ATM Fees? Charles Schwab Bank will reimbuse ATM fees, Citi has 60,000 ATM's fee free and Ally's pretty good.

    Want Banks to stop paying shareholders their profits?

    1. Join a Credit Uniion (and become a shareholder!)

    2. Advocate for radical nationalization of the banks and other core financial sectors by starting a revolution of the proletariat. Glorious North Korea doesn't have any capitalist ATM fees or OVERDRAFT FEEs!
    3. Realize that banks are not hemorging money....

    They claim they're always losing money when the reality is they're simply not raking it in as fast as they want.  As for joining a credit union, I've been a credit union member since I graduated college in 1985, and it's just for the list you gave along with other issues.

    Was this post helpful? thumb_up thumb_down
  • Banks still have overdraft protection?  Last time I was at a bank they got rid of credit card linked overdraft protection (a few years ago).  My credit union doesn't have it.  Something about a major change in regulations.

    A quick look around, looks like that was Chase, BofA and Wells Fargo still have it.  Wells Fargo lol.

    Was this post helpful? thumb_up thumb_down
  • Mike400 wrote:

    They claim they're always losing money when the reality is they're simply not raking it in as fast as they want.  As for joining a credit union, I've been a credit union member since I graduated college in 1985, and it's just for the list you gave along with other issues.

    Who's claiming banks are losing money?

    Joel Garry wrote:

    Banks still have overdraft protection?  Last time I was at a bank they got rid of credit card linked overdraft protection (a few years ago).  My credit union doesn't have it.  Something about a major change in regulations.

    A quick look around, looks like that was Chase, BofA and Wells Fargo still have it.  Wells Fargo lol.

    BofA signed me up for it, I got burned by it like 10 years ago (hit with $50) and disabled it in the web portal.

    Was this post helpful? thumb_up thumb_down
  • What do I think of the guidance provided by the FBI?

    I think they gonna have to pay me a minimum of 200 grand a year for my opinion.  I don't work for free.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Marvinthedepressedrobot wrote:

    I think its a good idea but that being said maybe banks should be on the forefront of security / monitoring? They are supposed to be securing everyone's finances so...... yeah might be a good idea to make sure anything that has some sort of impact on others at least has a standard level of security to it.

    I know that my bank is on the forefront of computer security. My wife works there, and their security protocols are breathtakingly strict. Even for someone like me who knows a couple things about security.

    Was this post helpful? thumb_up thumb_down

Read these next...

  • Simple command to monitor Windows 10 temperature?

    Simple command to monitor Windows 10 temperature?

    Hardware

    I feel like this has probably been address before, although I was wondering if someone is aware of a simple command I can run to report the internal temperature of a Windows 10 PC?I think all computers monitor the temperature, although I've only found thi...

  • Remote access to DVR?

    Remote access to DVR?

    Security

    Hi!I have an older Hikvision DVR that I need to provide remote access to. The users would be mainly accessing it from their smartphones. I tested their software, iVMS, by assigning one of my public IP's to the DVR and it worked fine. However the issue is ...

  • Snap! -- Survival Kits, Forest Bubble on Mars, AI Movie Plots, Leprosy & Livers

    Snap! -- Survival Kits, Forest Bubble on Mars, AI Movie Plots, Leprosy & Livers

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: Back on December 6, 1907, Mathematical Logician J. Barkley Rosser Born (Read more HERE.) Bonus Flashback: Back on December 6, 1998, International Space Station assemb...

  • Spark! Pro Series - 6 December 2022

    Spark! Pro Series - 6 December 2022

    Spiceworks Originals

    Today in History: 6 December 1240 – Mongols led by Batu Khan occupy and destroy Kyiv after an 8 day siege; out of 50,000 people in the city only 2,000 survive 1849 – Harriet Tubman escapes from slavery in Maryl...

  • The most boring but interesting Phishing Attempt I've seen

    The most boring but interesting Phishing Attempt I've seen

    Security

    Hello There,We've recently had a phishy email come through to one of our employees with an attachment to something work related. But here's the interesting part: The email was spoofed. When checked, the address was that of our own domain, however the emai...