Suggestions for easy and safe internet banking requested

Discussion in 'other security issues & news' started by Fly, Nov 4, 2008.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    (OS: Windows XP Home Edition service pack 2, IE 7 with elevated security setting, McAfee Virusscan Plus 2009 (uses .NET setup) and Spy Sweeper 5.5.7, I plan to remove these two security applications in the future, but probably not very soon)

    I know internet banking has been discussed in many threads, in fact, a search yielded a very large number of threads, but I have a somewhat specific question.

    I apologize for the length of this post.

    European bank, I log in using a login 'name/string', stored on my computer, a password not stored on my computer except maybe in temporary internet files, a cache or something like that). That's enough to access my account, but for making payments a third 'token' is needed, I'd rather not be more specific in a public thread. That third token (specific for the particular payment) is not stored on my computer, except when entering it for making the payment, and after that it can't be used anymore.

    I'm not sure what it's called In English, but in IE 7 there is an option for <sending non-encrypted form data>, maybe a bad translation. It is set at enabled. Whenever I set it to prompt, Mcfee or the .NET setup reenables it. To avoid a misunderstanding: somewhere else in the OS there is an option to enable autocomplete URLs, form data, passwords, and I have set only URLs to autocomplete.

    Also, I reboot before logging in, and after I'm done I shut down/reboot the computer. (I prefer not to remove the browser history every time, too many disadvantages)

    Decent security measures, but I don't like the possibility of the presence of any malware on my computer when I log in. Especially since a https:// connection is used, which protects the connection between my computer and 'the bank's computer', but a https:// connection also allows (malicious)action on either my computer or the bank's computer. I don't know if a http:// connection is used during part of internet banking.

    I'm not an expert. I used to visit one other presumably safe website before going to my bank's website, because of possible referrer information. I could go to my bank's website right after reboot, but I'm not sure whether that's safe, because of possible referrer data of the previous website I visited that might (?) cause trouble. Is something like that a valid concern ?

    I do have an imaging system, and I have used it a few times when I wasn't completely sure if my computer was 'clean'.

    I've considered using a bootable CD-R just for the purpose of internet banking. However, I use a wireless connection (through my own router, using WPA-PSK) to access the internet, and I use the vendor's software to make that connection, I'm not sure how to pull that off. For example, I can't use the wireless connection in safe mode. I theory, I might be able to set up a wireless connection by means of a Windows XP wizard, but that would get rather technical, and difficult since technical support of my ISP barely exists.

    Any suggestions ?

    I'm not a Firefox believer.
     
  2. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    If you use a bank such as Rabobank , HSBC or others, and their OSD's then this third 'token' you mention if it's based on the same method the
    numbered code used is useless to anyone 20 seconds after use, it's a onecer
    as you say, so I can't quite get why you require more, regardless of where you have been earlier.
     
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, in a way that´s true regarding making payments, but there is still the issue of unauthorized access to my account, even if SUPPOSEDLY it were impossible to make a payment.

    I´d prefer not to allow others access to my account, even if they can´t make a payment. And that ´third token´ may have its own vulnerabilities, even if they are currently unknow.

    I just like the idea of a bootable cd-r, but then there is the issue of needing to make a wireless connection using the vendors software.
     
    Last edited: Nov 5, 2008
Loading...
Thread Status:
Not open for further replies.