Be Security Conscious When Using Financial Apps

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
How to protect your financial apps from getting hacked:

There's been no shortage of high-profile hacks over the last few years — think Target, Sony and Ashley Madison — but one sector that hasn't made as much news for breaches is financial. According to the Identify Theft Resource Center, out of the 781 data breaches tracked in the United States in 2015, just 71 were banking-related.

[…]

Read the fine print
It's unlikely you'll find a company that says it has no security, so it's up to the user to make sure the company is protected.

Start by reading the company's security and privacy disclosures, which should be somewhere on their site, said Westby. You want to be able to get a sense of how they're managing their security and privacy programs and what kind of responsibility they're willing to take if a breach occurs.

The next step is to look at the company's security certifications. A payments card company, for instance, should have the PCI certification, which is given out by a Qualified Security Assessor under the PCI Security Standards Council program.

Other financial institutions might be audited and certified under the Federal Financial Institutions Examination Council (FFEIC). Mint, the personal finance app, is certified through the TRUSTe Privacy Seal Program, which is another popular data privacy management company.

Finally, make sure the company's privacy and security programs have been validated by a third party. The big four accounting firms do this, said Westby, as do businesses like Trustwave, Verizon and Coalfire.

"You don't want the company to just say, 'We're secure. Trust us,'" said Westby. "You want someone to validate that they're actually doing it."

Embrace the longer logins
The companies that do have proper security measures will be encrypting all your sensitive data — they convert information into a complex code that's difficult to decipher — but for privacy experts, that's not enough. Companies should also use two-factor authentication for customer logins, according to Adam Levin, chairman and founder of IDT911, a Montreal-based security solutions company, and author of "Swiped."

When a site doesn't recognize the device you're using, it should ask you a series of questions to verify that you are the user of the account. It may also send a code to a trusted device, like an email address or mobile phone. Essentially, it's adding another layer of authentication beyond a login and password.

Many companies still don't do this — it can be an annoyance for customers, he noted — but it will soon become standard procedure. And users should embrace it, he explains. One extra step goes a long way in keeping your information secure.

Protect yourself
Most financial breaches don't actually happen at the company level, said Levin. Since security is generally strong, hackers tend to hoodwink customers into handing over login passwords or sensitive data.

One way they do this is through phishing. That's when a hacker sends an email to users that looks nearly identical to something a bank or another company might send out to a user. Either the user clicks on a file that installs data-collecting malware onto a computer or they click a link that takes them to a page where they're then asked to enter their account information.

If you ever get an email from a financial company asking for information, don't click the link, says Levin. "The minute you authenticate yourself, you're not in control of the situation anymore," he said. "If you didn't initiate the contact, then delete the email."

It's also a good idea to have different passwords for your money-related apps and sites. Hackers often steal information from non-financial sites that don't have strong security and then use that password to get into a financial application, since most people use the same login information for every site they visit, said Levin..

Continue reading this article at the link at the top of the page
 
Last edited by a moderator:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

"If you ever get an email from a financial company asking for information, don't click the link"

I remember, at the beginning , spelling and grammar errors (french) was helpful to detect these phishing attempts :rolleyes:
Now they make more works to catch people.

The funniest is when we receive a phishing mail from banks or companies where we are not customers :D
(And In another language :) )
 

bunchuu

Level 8
Verified
Well-known
Mar 17, 2015
370

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I believe this security lesson/course is essential for teenagers since they vulnerable not only for financial related threat but also for sextortion scheme:
Sextortion: A threat for everybody, teenagers in particular
You don't have to tell me, I have 3 daughters ages 8, 10 & 12, they are all learning the in's and out's and dangers of the internet. I am not waiting for a school to teach them what i can do here at home.
Good post bunchuu
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The problem nowadays is that security are just enforce through basic measurement, so when a company target by big time breach then that's the time to implement strict security.

Better to invest in such hard setup of security so that adjustment will be much little.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top