Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this11:16 am
November 5, 2022
Offline
Also most people's IP address stays static for a long time these days. But people use their phone and wifi too.
Anyway, the banks don't seem too worried about it.
Simplii said they cannot and will not turn off or limit Global Money transfer, even when you don't want it. So that is a potential 150K backdoor in your Simplii account if you get hacked. And once that Global transfer is sent, It's gone.
It's your fault if you get hacked by a keylogger trojan, according to them.
11:23 am
November 5, 2022
Offline
davidgeorge said
Claim of etransfer theft prompts class-action suit against BMO
https://www.newmarkettoday.ca/local-news/claim-of-etransfer-theft-prompts-class-action-suit-against-bmo-8454964
This one looks like a keylogger got their bank and email passwords. Then the criminal logs in, gets the codes, and then deletes the emails.
What was the IP address of the person who did the e-transfer and received the email code? If it was their home or local IP address, could be a family member stole the money. Or a family member could also use a proxy to conceal that.
E-transfer goes to a Canadian bank, so who's account?
But if it was something else, then a hack. But the banks won't cover getting hacked.
11:32 am
November 5, 2022
Offline
Ah it says it was from her IP address. And the police know which bank account it went into.
This is different, either a family member or someone in her house could have done it. Doubt a criminal would do IP spoofing for 3K.
But who knows.
11:38 am
March 30, 2017
Offline
The Rock said
Banks almost always blame the client. Their favorite thing to do is to accuse the client of sharing their login credentials with someone else. They tend to only take responsibility if the client goes public with the fraud and shames the bank in the media.
It's also true the client always 'claim' they have done nothing wrong and blame the bank. Of course one can't admit guilt and wants compensation at the same time....
12:25 pm
October 27, 2013
Offline
InterestThis said
Its your fault if you get hacked by a keylogger trojan, according to them.
Of course it is you fault if you get hacked by a keylogger trojan! Who else could possibly be at fault? One is supposed to not click on links one does not know/trust and one is supposed to have robust anti-malware software on their device. People generally know not to leave their front doors unlocked. This is no different.
2:12 pm
November 5, 2022
Offline
Except it's not that hard to get hacked, even for someone with a decent amount of computer skills. Thus we have the situation where people are getting robbed by professional criminals from their computer.
2:23 pm
March 30, 2017
Offline
InterestThis said
Except its not that hard to get hacked, even for someone with a decent amount of computer skills. Thus we have the situation where people are getting robbed by professional criminals from their computer.
Even if that is the case, it still can not possibly be the bank's fault...
2:54 pm
November 5, 2022
Offline
I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.
Apparently BMO does not even have 2-factor verification with your cell phone for bank accounts. If that is the case, it is the banks fault, email verification is useless if you are hacked.
Looks like BMO Investors have some protection, according to their criteria.
https://www.bmo.com/self-directed/popups/online-security-guarantee
Most people do not realize that your bank account and debit card can be wide open for professional criminals, and you can get jacked. And its increasing.
Which is why I have locked down the relevant accounts to the max, and hopefully there will be more locked down accounts to protect your money.
Brinks trucks are armed tanks for a reason, to stop criminals.
All these people are finding out their bank account is basically wide open for theft.
And it is the banks fault there is not much higher security, but they know people will complain of the "hassle". People even complain when there is a weeks hold on 100K, when its for own their protection. Banks are negligent for sure, and so are many people.
3:02 pm
November 5, 2022
Offline
https://www.bmo.com/self-directed/popups/online-security-guarantee
Security Guarantee:
Subject to Sections 2 and 3 below, BMO InvestorLine will indemnify you for monetary losses resulting directly from any unauthorized transactions in your BMO InvestorLine account. This does not include any monetary losses resulting directly from any unauthorized transactions in your BMO Bank of Montreal bank account
Limitations:
BMO InvestorLine will not indemnify you and will refuse all requests for compensation pursuant to this security guarantee if we have reason to believe that:
...
you shared your BMO InvestorLine account number or password with any other person including, without limitation, an online account aggregation service provider, or were otherwise negligent or careless in keeping your BMO InvestorLine account number or password confidential;
3:49 pm
October 27, 2013
Offline
InterestThis said
I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.
No, they do not. They cover fraud and skimming at Point of Sale. They do not cover personal stupidity giving out a PIN to someone else or handing over a contactless RFID card to someone else. Take responsibility for things within your control.
4:56 pm
March 30, 2017
Offline
InterestThis said
I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.
Apparently BMO does not even have 2-factor verification with your cell phone for bank accounts. If that is the case, it is the banks fault, email verification is useless if you are hacked.
Looks like BMO Investors have some protection, according to their criteria.
https://www.bmo.com/self-directed/popups/online-security-guaranteeMost people do not realize that your bank account and debit card can be wide open for professional criminals, and you can get jacked. And its increasing.
Which is why I have locked down the relevant accounts to the max, and hopefully there will be more locked down accounts to protect your money.
Brinks trucks are armed tanks for a reason, to stop criminals.
All these people are finding out their bank account is basically wide open for theft.
And it is the banks fault there is not much higher security, but they know people will complain of the "hassle". People even complain when there is a weeks hold on 100K, when its for own their protection. Banks are negligent for sure, and so are many people.
Are you sure BMO do not have MFA for bank accounts that can be either email or text msg ? I find that quite impossible to believe. But I never bank with them so don’t know.
5:00 pm
October 27, 2013
Offline
Added: AFAIK, the 2FA authentication is not engaged for if one's device is the 'trusted device' and used from home IP address. That is common among many FIs. I suspect it also assumes one isn't deleting cookies on browser exit.
5:28 pm
March 30, 2017
Offline
AltaRed said
Point #6 https://www.bmo.com/en-ca/main/personal/security-centre/security-tips/?icid=tl-bmo-ca-english-popup-en-linkAdded: AFAIK, the 2FA authentication is not engaged for if one's device is the 'trusted device' and used from home IP address. That is common among many FIs. I suspect it also assumes one isn't deleting cookies on browser exit.
CIBC is similar. From my home IP, it rarely ask for 2FA even if I dont specific as trusted device. I never designate any device as trusted, whether its my home PC or ipad. On the phone, its a little meaningless, cuz 2FA gets sent to the phone anyway. So if the crooks have access to my phone, 2FA or not is irrelevant.
5:30 pm
October 27, 2013
Offline
I never access FI logins from my phone. It feels like an oxymoron.
5:36 pm
March 30, 2017
Offline
AltaRed said
I never access FI logins from my phone. It feels like an oxymoron.
well if ur home, use ur wifi is fine, no different than ur desktop.
If outside, just make sure u r using ur own data via carrier (LTE, 5G etc) and not some free wifi like Starbucks or McD. Also be careful at shopping malls, a lot of them ur phone will just autoconnect if you have used the mall wifi in the past.
7:32 pm
November 5, 2022
Offline
AltaRed said
No, they do not. They cover fraud and skimming at Point of Sale. They do not cover personal stupidity giving out a PIN to someone else or handing over a contactless RFID card to someone else. Take responsibility for things within your control.
Who are you talking to? You apparently don't read and then just spout off something random? Credit cards cover fraud much more than a bank account.
9:40 pm
January 10, 2017
Offline
InterestThis said
Simplii said they cannot and will not turn off or limit Global Money transfer, even when you don't want it. So that is a potential 150K backdoor in your Simplii account if you get hacked. And once that Global transfer is sent, It's gone.
It's your fault if you get hacked by a keylogger trojan, according to them.
It is illegal for a bank to increase your credit card limit. A lower limit decreases your potential loss which protects the customer. Why is it not illegal for banks to allow Global Access on your account without the customer's approval?
9:48 pm
January 10, 2017
Offline
savemoresaveoften said
well if ur home, use ur wifi is fine, no different than ur desktop.
If outside, just make sure u r using ur own data via carrier (LTE, 5G etc) and not some free wifi like Starbucks or McD. Also be careful at shopping malls, a lot of them ur phone will just autoconnect if you have used the mall wifi in the past.
Your connection to your bank is end-to-end encrypted at McD, Starbucks or from the comfort of your home. The risk is a man in the middle attack which allows your login credentials to be stolen. Sorry to say, this type of attack can happen at your home as well by your hacker neighbors, someone outside close to your home sitting in a car. That is why 2FA is second level of defence....never give it out if someone calls you! Oh, and to avoid most man in the middle attacks, hard wire your computer to your router ...no wifi.
1:29 am
November 18, 2017
Offline
Norman1: Most cable home internet uses a dedicated IP address, as many users want to run a local web server, especially small businesses. I use an ADSL service with dynamically allocated IP address - allowing me to renew myself for some sites with usage limits, and be less identifiable to snoopers. It also messes up geolocation by web sites, as they only see your ISP's IP block. (They usually think I live about75 km east of here.)
I can't name all the services offering a choice, as it may often differ depending on which local area of their network you are on.
Lodown:
It is illegal for a bank to increase your credit card limit. A lower limit decreases your potential loss which protects the customer. Why is it not illegal for banks to allow Global Access on your account without the customer's approval?
Is this a cross-Canada rule now? Back when I lived in Quebec, it was illegal to raise a client's credit limit without a request. When I moved to BC, my card kept increasing my limit (as high as $10K!) without my request or permission. I kept calling and asking for it to be reduced to where it was, and after about six years they honored my request to stop doing that. We're talking mid-'90s here.
A side effect was that it got really hard to increase my limit when I wanted to! I could easily obtain another card product from them, but increasing the limit on my main card was hell - in the end I sent them a redacted photocopy of a statement showing a large GIC and they relented.
I prevent use of contactless payment with my card (if stolen) by disabling the contactless on cards whose issuers permit that. Note that one usually has to check that it's still disabled when a card is replaced!
If they won't disable it or reduce its contactless limit to or $1, one can easily find and cut the antenna wire on the card. The chip contacts will still work. Either a very bright backlight or careful location of the wire at the card's right edge will allow you to use either a hole punch, razor blade or drill to sever it. Been doing this since the first contactless cards; never a problem. Private Message me if you need more info on how to do this.
RetirEd
3:53 am
December 16, 2012
Offline
InterestThis said
Who are you talking to? You apparently don't read and then just spout off something random? Credit cards cover fraud much more than a bank account.
This is an excerpt from a brochure (Credit Cards: Understanding Your Rights and Your Responsibilities) found on FCAC website:
Visa, MasterCard and American Express have zero-liability policies, so that if your credit card is lost or
stolen, or if someone uses your credit card number to make transactions you didn’t authorize, you
can usually be reimbursed. FCAC monitors these commitments, so if you’re having difficulty, contact
FCAC and we will review the complaint.
The zero-liability policy applies to transactions made on the Internet, by phone or at retailers. However,
it may exclude transactions made using a PIN (personal identification number) – for example, a cash
advance made with your card at an automated banking machine. It may also exclude transactions made
with convenience cheques, or transactions made on corporate credit cards.
Contact your credit card issuer to find out its policy on unauthorized transactions and how you can
be protected. This type of policy is not usually listed in a credit card agreement, since it is a public
commitment and not a legal requirement."
In my 40 years of owing and using various credit cards, I have been fortunate to have never had to use the cash advance option and therefore don't want the potential exposure. Over the past week, I have spent countless hours calling each of my credit card companies asking for the "Cash Advance Limit" to be reduced to zero (0) or alternatively, turn off the cash advance option on the card. Every company understood my concern for reducing risk and exposure but only 1 company was willing to reduce it within minutes. It's been a fight with the remaining companies. My calls have been transferred to supervisors with no resolution and ultimately, formal complaints have been lodged with the Financial Institution's (FI's).
I feel compelled to include the information and my experience in this thread after reading about the inability for FI's to further secure Global Money Transfers for their customers.
If anyone has questions about my experience or would like to know more about the what I've learned about the potential fraudulent exposure to cash advance limits on your credit cards kindly reach out via a PM.
Please write your comments in the forum.