Banking and Money

Here’s another case of why it is close to idiotic to write checks in today’s world. Bob Sullivan of MSNBC writes about demand drafts. Demand drafts are a type of check that doesn’t require any signature and can be easily forged with nothing more than the information that already appears on the checks you write.

In other words, it is possible that your account can be drained by anyone you hand a check to. And the only skill they need to rip you off is the ability to read. REALLY.

Unbeknownst to a lot of Americans (although not the readers of my book, grin), a fair portion of bank transactions get reported to the US Government. And given recent news, we can expect more.

The Treasury Department is working on a plan to require banks to share records on all international wire transfers. Estimates are that this would cover over half a billion transactions. While the administration wants to complete the plan by the end of the year, banks are already responding…they are giving the government a lot more information than they used to.

Because banks can be prosecuted for withholding information, a New York Times article by Eric Lichtblau on the proposed wire transfer regulations cites banking officials as saying that banks are filing record numbers of Suspicious Activity Reports. These reports simply identify transactions or customers who appear suspicious to the bank. And by the law that created them, banks cannot tell you if they file one on you.

(also posted in All the Rest)

This has happened a couple of times now, so it seems worth mentioning. As we’ve been hearing about data breaches in the past two months, we’ve been focused on computer weaknesses: hacking, social engineering for database access or plain old theft of laptops.

Well, there’s another technology being implicated in poor data control: the fax machine.

A hospital in New Zealand accidentally sent confidential medical files to a brewery instead of the patient’s doctor. Seems that someone dialed most of the number correctly but got the area code/prefix wrong. The brewery says the same mistake has been made on several other occasions. Hospital authorities are very sorry.

In a similar vein, the Canadian Imperial Bank of Commerce is fighting a $9 million lawsuit filed last month for mistakenly faxing sensitive financial data on its customers to a West Virginia scrap yard over the past three years. The bank is sorry, too.

In a recent survey sponsored by Wells Fargo, 21 computer industry experts, CIO's and information tech managers, weighed in on questions also asked of 644 adult Internet users.

The results were impressive.

On key questions about online banking and bill pay, the experts were overwhelmingly confident that the risks associated with these activities were low. The majority of consumers thought exactly the opposite.

So who is right? Well, let's just put it this way. An overwhelming majority of consumers also thought it was fine to send personal information to a financial institution in response to an email. If you think that's fine too, check out my posts on phishing before it's too late...

ChexSystems, the much maligned check tracking company discussed in my book, is trying to improve its customer service and with it, its image. They have launched a Financial Literacy program and are making a special offer to anyone on their blacklist of bad check writers.

As part of a new gentler, kinder approach to banking, anyone who bounces checks and finds themselves flagged by ChexSystems can go to a class to learn about responsible money habits. Once they do this AND pay off their bad debts to the bank they owe, they will be given a second chance...which means that they won't be turned down if they want to open a new account at one of the program's participating banks. Think of it as traffic school for check bouncers.

At the moment the ChexSystems courses are available in about 15 states. But it's a terrific idea and worth exploring if you've made a mistake that you want to make right. For more information on the courses and where they are offered, visit ChexSystems educational website called About Checking.

According to a June 2004 study from DoubleClick, 80 million Americans - or about half of the Americans thought to be online - were using some kind of electronic payment over the Internet. Activities include banking, paying credit card bills, managing investments and applying for loans.

Here's still more info on why it's you, not your bank, that is likely to compromise the Personal Identification Number (PIN) that you use to get cash from your ATM machine. (thanks to Bruce Schneier who pointed out the following article in last month's Cryptogram)

Visa International has a program to certify the keypads we punch our secret codes into at the ATM. The keypads, more properly known as "PIN entry devices", or PEDs in double acronymization land, are being subjected to a certification process that includes 50 points of evaluation and, as Kevin Poulsen's article in the Register details, is reassuringly exhaustive.

This is what caught my eye...when you input your PIN into an ATM machine, it is encrypted within "milliseconds of its entry, and within centimeters of the customer's fingertips." That's pretty fast and pretty close. It means that your raw PIN number doesn't get transmitted over any network. It doesn't leave the ATM machine. In fact, even the ATM's processor doesn't know what the real number is. Which all makes it very tough for a hacker to steal your code.

Now, if only those of us who choose PIN's that people can easily guess or write the PIN on the actual ATM card or type it into phishing emails or don't watch out for shoulder surfing would just be as careful about protecting this important number...