Security you can bank on
Everyone wants financial security, but it seems we're pretty lax with the security of our finances.
Last year, cyber-crime cost New Zealanders an estimated $625 million.
It may have escaped your notice, but the country has just completed its first cyber security awareness week.
Ironically, it came immediately after hackers stole and published the passwords of more than 6 million LinkedIn users online.
With new technologies emerging and entering the mainstream, there's an array of new opportunities to keep fraudsters' fingers twitching.
What better time then to brush up on our cyber skills and stem the flow of dollars rolling into scammers pockets.
Here's a checklist of 10 things you should be doing to keep your money safe and sound:
1. Set a strong password
"We know that passwords are the weak point in most security equations," says NetSafe executive director Martin Cocker.
On the banned list: Your pet bunny's name MrFloppyEars, 123456, qwerty, and all variations of the perennial favourite, Password1.
According to the NetSafe guide, passwords should have a mixture of letters, numbers and symbols, and mustn't relate to personal details.
That makes them harder to guess for people who know you, and harder to crack for hackers spamming random common words.
2. Use multiple passwords
Your password could be the completely impenetrable jumble H3^sI)/26aS. But as recent events have shown, that makes no difference if it gets stolen.
"If you use that same LinkedIn password for other sites, then you can bet the people who have downloaded that website are using those passwords and testing other sites to see if it gets them in", Cocker says.
Creating unique passwords for dozens of websites and accounts is going to be too hard for those of us with brains like colanders.
But Cocker says you must distinguish between high-value accounts – payments, banking, trading and email – and others.
Using a common password across less important sites is not such a big risk, and keeps you from going insane.
3. Choose a strong pin
Amazingly, some people still use their birthday, gate code or phone number as pin numbers.
Here's a cautionary tale from a Banking Ombudsman case file.
After noticing unauthorised payments of $11,000, Mrs F realised her wallet had been stolen, with her credit cards and driver's licence inside.
Her pin number? The year she was born.
If you choose an inappropriate pin, you've breached the terms and conditions, and the bank is not liable for your loss.
In this case, the bank offered to cover $7700 of the fraud, leaving Mrs F out of pocket on the balance.
4. Keep it close
Don't let your wallet stray too far from your pocket, because as above, your negligence becomes your loss.
The Banking Ombudsman's guide says "failing to take reasonable care of your card" means you could be liable for any fraud.
If you dally around before reporting the theft, you can also lose your right to be compensated.
This applies equally to smartphones fitted out with mobile banking or tap-and-go payments.
The top tip in the mobile banking guide is to tell your bank immediately if you lose your phone, or if you notice any unusual activity.
5. Track and trace
Banks can cancel your cards if they are lost or stolen, but the Ombudsman's guide also suggests downloading tracing software for mobile devices.
The advantage of smartphones is that you can wipe them remotely by contacting your telco.
But if you want to unleash your detective skills, you can use the GPS to track down exactly where it is, or even activate the camera to catch the thief in the act.
All you need is the right software, and it's often free. Try Find My Phone, Find My iPhone, Prey or Laptop Cop.
6. Always use protection
Keep your anti-virus software and firewall software up to date, says New Zealand Bankers' Association chief executive Kirk Hope.
If it's available, use it on your smartphone too.
7. Lock it up
"Most smartphones have password access, in addition to the password or pin required by their banking app, which doubles the security," says Hope.
It's a pain to enter the password each time, but all our experts recommend it.
8. Secure connection
The public library or McDonald's is not the right place for doing your weekly banking.
"The data is in a very open format and can be intercepted," Cocker says.
Stick to your roaming connection with your telco and your home network, which are secured.
9. Look for the lock
Any time you are about to make a payment for goods you want to buy online or enter confidential information, pause for a second.
Make sure the website address starts with https://, with the "s" standing for secure, says Cocker. It should be accompanied by a little padlock symbol somewhere on the page.
If flashing red bars pop up or warning klaxons blare, don't just ignore them. "The browser manufacturers build in quite a lot of tools to identify if there is risk on site," he says.
10. Tidy up
You don't want to leave your log-in details spread all over the web.
When your hilarious friend/flatmate/colleague changed your Facebook status to "I love Justin Bieber lol", you probably thought you'd die of shame.
The consequences are much scarier if you leave financial data lying around. For example, Cocker says having your credit card saved on a range of servers increases the chances of it being hacked.
"If you get the option not to save your credit card details, don't."
Time to count up your ticks. How many did you miss?
0-2: Safe as houses.
3-5: Time to step up your defences.
6-9: More insecurities than a 14-year-old girl.
10: You're a Nigerian scammer's wet dream.
Now for some good news. Our experts reckon security isn't getting worse, and if anything it will probably continue to improve.
That's because as long as you follow the T&Cs, it's the banks and credit card companies who have to bear the cost of fraud, so they're doing their darnedest to stamp it out.
In some ways, new technological developments are also forcing security to beef up. Here's a quick look at the top three innovations:Contactless cards: Most banks now automatically issue cards which have tap-and-go technology built in.
Just like the chip improved upon the magnetic stripe, Mastercard's Paypass or Visa's Paywave have some advantages.
"The first point is that the Paypass card never actually leaves the consumers' hand," says Mastercard's Australasian head of market development and innovation Matt Barr.
"If you're at a restaurant and pass the card to the waiter to take away and process, you've actually lost control of your card."
Barr also dispels concerns that people might accidentally make payments – you need to be within 4cm of a contactless terminal. "The act of tapping creates the act of intent – it's very hard to accidentally tap."
Smartphones: Many mobiles will soon be equipped with the same contactless technology, and so the same factors above apply. There's an upside of mobile banking too: "It enables you to keep a good handle on what's coming in and out of your account at any time," says Banking Ombudsman Deborah Battell.
Finally there's the capacity to make person-to-person "bump" payments.
It won't happen while you're walking down the street, the Ombudsman's mobile banking guide says.
"Both parties need the same banking app to use the bump service ... and they need to confirm the transaction."
E-wallets: Right now, all a fraudster needs is the details printed on a credit card to make payments. The added layer of protection with e-wallets like Paypass is that you have a username and password. Then to confirm you're logged in to the real system, your pre-arranged safe phrase (Barr's example: "I am a rockstar!") pops up.
All these new technologies are designed to be user-friendly and accessible.
"We've certainly had a period where there's been a drive for convenience," Cocker says.
That's been great, but now he says we're starting to see a swing towards security.
But that doesn't mean we can sit back and let financial service providers handle everything.
"In every case, it hinges on consumers also doing their bit," Cocker says.
For more tips and tutorials on security, check out security central.org.nz.
- © Fairfax NZ News