Don’t Give Away Security For Perceived Convenience — Briant Communications
You may have seen from the ads on TV that some banks are offering a PIN reminder service. Most of us probably look at them and think, ‘oh, that’s handy, if you’re the kind who forgets their PIN a lot.’ But it’s a terrible idea which makes a nonsense of your mobile security! Here’s why. It simply doesn’t reflect how most people use their cards. Use Chip and Pin when you’re buying something and you’ll get funny looks from the shop assistant (if it’s less than £30) as most people now will Contactless that purchase. If it’s more than £30 you get to have a couple of goes at inputting your PIN anyway, and if you’re REALLY worried that you won’t remember the number you can still swipe and sign. That technology hasn’t been completely abandoned yet.
Another problem with a PIN reminder is that so many people have bought Smart Phone cases which have a space for your cards and cash. Another terrible idea.
If you’re out late at night and your phone gets lost or stolen there’s nothing stopping you from getting some cash out of the machine, using your card to pay for a hotel, train ticket, make a phone call from a payphone, whatever. And if you lose your cards you can phone to have them cancelled, order a cab, or phone home to ask someone to come and collect you. So why would any sane, rational person put their cash, cards and phone all in the same case? And THEN enable a PIN reminder which would let whoever pinched your phone, the phone with the cookies downloaded, and ID to just open the app and find out your PIN?
In order to use the PIN reminder service you need log into your online banking, choose ‘Manage Accounts’ and choose ‘view my debit card PIN from the Card Service menu. Then input the three digit security code from the back of the card, and they will send you (or whoever’s stolen your phone) an authorisation which lets you see the PIN code.
What Could Possibly Go Wrong?
The problem with many banking security protocols is that they are simply too secure from a customer’s point of view. That doesn’t make much sense until you look into it a little deeper. When you’re registering and using your details you’ll be asked to enter a user name and password, and a number code and/or a memorable name (depending on your bank). Your bank will tell you that the numeric code should be both memorable, and something nobody else could guess. And there’s the problem, a six digit code, not including birthdays, anniversaries, or any other number which could be guessed by anyone who knows you. So what do you do? Memorise a number which is memorable to you and nobody else, which you’ll remember on the odd occasion when you forget your four digit PIN which you use all the time? Of course not.
And so you write it down. And pop it in your wallet where you keep your cards and phone, where it will be most useful. Meaning that whoever pinched your cards not only gets a free phone, but also has the opportunity to take cash out until you get a chance to cancel them, they have access to all of your account details instead. Which is easy to do if the phone also has something like Mobile PINsentry enabled.
So What Should You Do To Keep Your Cash And Cards Safe?
First of all, never write anything down. Not your PIN, memorable number, password or anything else. Unfortunately a birthday or anniversary may be guessable to others, but that’s if they know you. The alternative, trying to remember a number which absolutely nobody can guess, but you’ll remember when you’ve forgotten your PIN is ridiculous.
Be very shy of mobile online banking apps. While they are secure, time out quickly (sometimes too quickly) and don’t often allow forward and back, which could cause security issues, the fact that it’s on your phone puts the temptation to note down the access details in your way. “Oh, but it’ll never happen to me!” is not how to handle online security issues. Nearly £2bn was fraudulently taken from UK banking customers in 2018, and if you were found to be in any way at fault you may not get your money back.
When you’re using online banking from your computer at home, never note down your log-in details in any documents and don’t bookmark your bank on your internet browser. You already know who you bank with, but if there’s a break in and your laptop is stolen you don’t need to make it any easier for the thieves to find your banking details.
Use two factor security authorisation software to keep your ‘memorable number’ safe. Whenever you log into a programme online, try to change the security settings on your Smart Home Network, or get access to your online banking you can log into a password manager, entering your known password. You will then be sent an SMS with an additional code which is only good for a limited time. Enter this code and only now can you get access to your passwords which are many many characters long, and completely random letters, numerals and special characters.
While thinking of computer security, even if you live alone or have exclusive access to your computer, always log on as a ‘User’ instead of ‘Admin’ unless you’re actually doing admin, and log out properly when you’re done. Giving a User account as little permission as possible and always using it when you’re doing day to day tasks such as browsing the internet means that you protect yourself from unintentionally installing dangerous software, doing anything stupid like deleting an important piece of software and, if your computer gets stolen and you were logged in, the chances of the thief getting into Admin and making your computer their own are much reduced.
If you use a PC you’ll naturally have antivirus software installed which will keep you safe from viruses, but whether you use a Mac or PC it’s always good to install an adblocker. These not only make viewing many pages far quicker, eliminating annoying unwanted adverts on social media, news sites and YouTube, they also keep you safe from pop-ups which could be simple, but annoying adverts, but can also be used to trick you into allowing Push notifications, viruses and malware. Ad blockers can be installed on any browser and once you try one, you’ll never want to go back!
Originally published at https://www.briantcomms.com on May 31, 2019.