dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
967

ckollars
join:2015-04-10
USA

ckollars

Member

how minimize hacking risk with bank/checking Autopay?

If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account?

(And is Billpay really any safer, since presumably most payments still include routing/account numbers as well as names?)

And if it's a potential problem, what should I do to reduce my risk?

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by ckollars:

If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account?

Welcome to the site!
If your bank has a breach I don't see an existing Autopay relationship creating any additional risk.
said by ckollars:

(And is Billpay really any safer, since presumably most payments still include routing/account numbers as well as names?)

Billpay, Autopay, I'm not understanding the difference in terms.
Where you mention routing/account numbers maybe the difference is Billpay being a one time payment vs Autopay being a recurring payment routine??
If that's what you referred to, I'd say the level of risk is more determined by how much you vet who you are paying than it is by the payment method.
said by ckollars:

And if it's a potential problem, what should I do to reduce my risk?

Being sure of who it is you're paying is paramount to security.
Being aware that once put in place cancelling an Autopay is not an automatic process.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to ckollars

Premium Member

to ckollars
I use paypal with a rotating code.
lawsoncl
join:2008-10-28
Spirit Lake, ID

lawsoncl to ckollars

Member

to ckollars
said by ckollars:

If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account?

If you gave a company your cc info or bank info, and it's compromised, then yeah the intruder can pull money out just like you allow the company to. I don't think the average intruder would bother with bank account transfers as they are too easy to trace, but cc numbers are valuable.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by lawsoncl:

I don't think the average intruder would bother with bank account transfers as they are too easy to trace, but cc numbers are valuable.

True, but it's not the average bad guy that needs to be understood.
For sure the bad guys abuse CC data more frequently than abuse account transfers but they do happen frequently & they can be next to impossible to trace.

e.g., the accounts that have the funds transferred to are going to be hijacked accounts that have been compromised to the extent that funds can be transferred out to a hijacked PayPal account, a fraudulent PayPal account, re-loadable debit cards, Western Union wire transfers to name a few popular methods.

ckollars
join:2015-04-10
USA

ckollars to Snowy

Member

to Snowy
Autopay vs. Billpay is essentially "pull" vs. "push". With Autopay, the biller pulls the right amount out of your checking account. As it happens it's generally recurring, although that doesn't seem to be very relevant to hacking issues. With Billpay you instruct your bank what you want (name of biller, address of biller, amount, etc.) and the bank pushes the transfer to the biller. (It's your job to tell your bank the right amount.) As I understand it, the transfer is done different ways depending on how close a relationship the biller has with your bank: it may be a transfer from one account to another, an electronic transaction, or even a paper check. It can be either one-time or recurring, but once again this doesn't seem to be very relevant to hacking issues.

The relevant difference here is that with Autopay, it's clear the biller has your routing/checking account number in their computers so they can request repeated pull transactions. With Billpay on the other hand theoretically the biller knows only your name, the date, and the amount (but as a practical matter if the transfer involves a paper check the routing/account number is generally printed on the check).
ckollars

ckollars to Snowy

Member

to Snowy
Can you elaborate?
said by Snowy:

Being sure of who it is you're paying is paramount to security.

??? If I get service from Acme and set up to transfer money to them every month and it's transferred, everything seems correct. But if several months later Acme's computers are hacked by Badguy, and suddenly there's a transfer to Badguy, I had no chance to know what was happening until after the fact. If I'm oblivious, all I'll eventually notice is that my bank account balance is smaller than I thought it was. If on the other hand I monitor the payments all the time, I'll know right away I've been robbed by Badguy; but knowing isn't the same as getting my money back. ???
said by Snowy:

Being aware that once put in place cancelling an Autopay is not an automatic process.

Which are you saying:
1. I shouldn't bother to cancel an Autopay that's in place, or
2. Since it's such a pain, I should only cancel an Autopay that's in place if the risk is high, or
3. Even though there are problems and manual procedures, I should persist until I get the existing Autopay cancelled?
4. ...other
Expand your moderator at work

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to ckollars

Premium Member

to ckollars

Re: how minimize hacking risk with bank/checking Autopay?

said by ckollars:

The relevant difference here is that with Autopay, it's clear the biller has your routing/checking account number in their computers so they can request repeated pull transactions.

Yeah, that's the way it's designed to work.
Again, knowing who you are paying is paramount to security.
said by ckollars:

With Billpay on the other hand theoretically the biller knows only your name, the date, and the amount (but as a practical matter if the transfer involves a paper check the routing/account number is generally printed on the check).

Feeling more secure because the payee *may not* have your account info doesn't improve security.
I'll say it again, knowing who you are paying is going to yield more security than the payment method.
Snowy

Snowy to ckollars

Premium Member

to ckollars
said by ckollars:

??? If I get service from Acme and set up to transfer money to them every month and it's transferred, everything seems correct. But if several months later Acme's computers are hacked by Badguy, and suddenly there's a transfer to Badguy, I had no chance to know what was happening until after the fact.

A dozen years ago that was a real problem.
Today, fraudulently pinging an account for a transfer is likely to fail - the bad guys know this & look elsewhere for abuse.
said by ckollars:

If I'm oblivious, all I'll eventually notice is that my bank account balance is smaller than I thought it was. If on the other hand I monitor the payments all the time, I'll know right away I've been robbed by Badguy; but knowing isn't the same as getting my money back. ???

Staying aware of account activity is as close you can come to being proactive.
Ask your bank what their policy is - some will offer to replace fraudulent withdrawals on the same day they are notified even if on a contingency basis.
said by ckollars:

said by Snowy:

Being aware that once put in place cancelling an Autopay is not an automatic process.

said by ckollars:

Which are you saying:
1. I shouldn't bother to cancel an Autopay that's in place, or
2. Since it's such a pain, I should only cancel an Autopay that's in place if the risk is high, or
3. Even though there are problems and manual procedures, I should persist until I get the existing Autopay cancelled?
4. ...other

4. ...other, autopays are notorious for not cancelling on time on request.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

said by Snowy:

Staying aware of account activity is as close you can come to being proactive.

My bank offers an alert system where they send you an email or text (whichever you want) whenever a transaction over $x (settable by you) is made. I know in real time whenever any transaction over $0.01 is made