|
how minimize hacking risk with bank/checking Autopay?If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account?
(And is Billpay really any safer, since presumably most payments still include routing/account numbers as well as names?)
And if it's a potential problem, what should I do to reduce my risk? |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2015-Apr-10 10:11 pm
said by ckollars:If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account? Welcome to the site! If your bank has a breach I don't see an existing Autopay relationship creating any additional risk. said by ckollars:(And is Billpay really any safer, since presumably most payments still include routing/account numbers as well as names?) Billpay, Autopay, I'm not understanding the difference in terms. Where you mention routing/account numbers maybe the difference is Billpay being a one time payment vs Autopay being a recurring payment routine?? If that's what you referred to, I'd say the level of risk is more determined by how much you vet who you are paying than it is by the payment method. said by ckollars:And if it's a potential problem, what should I do to reduce my risk? Being sure of who it is you're paying is paramount to security. Being aware that once put in place cancelling an Autopay is not an automatic process. |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
to ckollars
I use paypal with a rotating code. |
|
|
to ckollars
said by ckollars:If I've set up an Autopay, but then their information (my name, account number, SSN, BDay, etc?) is hacked, could the thief suck money out of my account? If you gave a company your cc info or bank info, and it's compromised, then yeah the intruder can pull money out just like you allow the company to. I don't think the average intruder would bother with bank account transfers as they are too easy to trace, but cc numbers are valuable. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2015-Apr-11 2:03 am
said by lawsoncl:I don't think the average intruder would bother with bank account transfers as they are too easy to trace, but cc numbers are valuable. True, but it's not the average bad guy that needs to be understood. For sure the bad guys abuse CC data more frequently than abuse account transfers but they do happen frequently & they can be next to impossible to trace. e.g., the accounts that have the funds transferred to are going to be hijacked accounts that have been compromised to the extent that funds can be transferred out to a hijacked PayPal account, a fraudulent PayPal account, re-loadable debit cards, Western Union wire transfers to name a few popular methods. |
|
|
to Snowy
Autopay vs. Billpay is essentially "pull" vs. "push". With Autopay, the biller pulls the right amount out of your checking account. As it happens it's generally recurring, although that doesn't seem to be very relevant to hacking issues. With Billpay you instruct your bank what you want (name of biller, address of biller, amount, etc.) and the bank pushes the transfer to the biller. (It's your job to tell your bank the right amount.) As I understand it, the transfer is done different ways depending on how close a relationship the biller has with your bank: it may be a transfer from one account to another, an electronic transaction, or even a paper check. It can be either one-time or recurring, but once again this doesn't seem to be very relevant to hacking issues.
The relevant difference here is that with Autopay, it's clear the biller has your routing/checking account number in their computers so they can request repeated pull transactions. With Billpay on the other hand theoretically the biller knows only your name, the date, and the amount (but as a practical matter if the transfer involves a paper check the routing/account number is generally printed on the check). |
|
ckollars |
to Snowy
Can you elaborate? said by Snowy:Being sure of who it is you're paying is paramount to security. ??? If I get service from Acme and set up to transfer money to them every month and it's transferred, everything seems correct. But if several months later Acme's computers are hacked by Badguy, and suddenly there's a transfer to Badguy, I had no chance to know what was happening until after the fact. If I'm oblivious, all I'll eventually notice is that my bank account balance is smaller than I thought it was. If on the other hand I monitor the payments all the time, I'll know right away I've been robbed by Badguy; but knowing isn't the same as getting my money back. ??? said by Snowy:Being aware that once put in place cancelling an Autopay is not an automatic process. Which are you saying: 1. I shouldn't bother to cancel an Autopay that's in place, or 2. Since it's such a pain, I should only cancel an Autopay that's in place if the risk is high, or 3. Even though there are problems and manual procedures, I should persist until I get the existing Autopay cancelled? 4. ...other |
|
your moderator at work
hidden : Friendly delete
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to ckollars
Re: how minimize hacking risk with bank/checking Autopay?said by ckollars:The relevant difference here is that with Autopay, it's clear the biller has your routing/checking account number in their computers so they can request repeated pull transactions. Yeah, that's the way it's designed to work. Again, knowing who you are paying is paramount to security. said by ckollars:With Billpay on the other hand theoretically the biller knows only your name, the date, and the amount (but as a practical matter if the transfer involves a paper check the routing/account number is generally printed on the check). Feeling more secure because the payee *may not* have your account info doesn't improve security. I'll say it again, knowing who you are paying is going to yield more security than the payment method. |
|
Snowy |
to ckollars
said by ckollars:??? If I get service from Acme and set up to transfer money to them every month and it's transferred, everything seems correct. But if several months later Acme's computers are hacked by Badguy, and suddenly there's a transfer to Badguy, I had no chance to know what was happening until after the fact. A dozen years ago that was a real problem. Today, fraudulently pinging an account for a transfer is likely to fail - the bad guys know this & look elsewhere for abuse. said by ckollars: If I'm oblivious, all I'll eventually notice is that my bank account balance is smaller than I thought it was. If on the other hand I monitor the payments all the time, I'll know right away I've been robbed by Badguy; but knowing isn't the same as getting my money back. ??? Staying aware of account activity is as close you can come to being proactive. Ask your bank what their policy is - some will offer to replace fraudulent withdrawals on the same day they are notified even if on a contingency basis. said by ckollars:said by Snowy:Being aware that once put in place cancelling an Autopay is not an automatic process. said by ckollars:Which are you saying: 1. I shouldn't bother to cancel an Autopay that's in place, or 2. Since it's such a pain, I should only cancel an Autopay that's in place if the risk is high, or 3. Even though there are problems and manual procedures, I should persist until I get the existing Autopay cancelled? 4. ...other 4. ...other, autopays are notorious for not cancelling on time on request. |
|
|
mackey Premium Member join:2007-08-20 |
mackey
Premium Member
2015-Apr-12 8:35 pm
said by Snowy:Staying aware of account activity is as close you can come to being proactive. My bank offers an alert system where they send you an email or text (whichever you want) whenever a transaction over $x (settable by you) is made. I know in real time whenever any transaction over $0.01 is made |
|