Until about a year ago, I had no idea what multi-factor authentication was. That was until a total stranger went on a cruise around the Caribbean in my name and with $5,500.00 stolen from my credit card. I then had good reason to investigate how to better protect myself.
It was the second time in a six-month time span that my identity had been stolen, and my credit card hacked. And I can confirm that cutting up credit cards, advising periodic billers, and then waiting for a new card to arrive in the mail so I could call all my billers back with the new card details, is not much fun. And when it happens twice in a short period of time, well you can double how little fun it was.
I actually have no idea how it happened. It appeared that someone has stolen information that has enabled them to gather enough of my data that they could access my account details. This may have been the theft of my physical mail or simply by buying things online via a service that was not secured… I don’t know but I certainly care!! My bank was unable to shed light on how this had occurred.
I was angry, and my anger was not directed to whoever had stolen my money, but at my bank,as I felt they had allowed this to happen again. The necessary paperwork and lengthy phone calls to my financial institution made me irate. Regardless of the fact that I eventually had the money returned by my bank (after 60 days), I had wasted my time and energy, and endured stress and disruption. How is this fair? I am being inconvenienced and the crooks are cruising the Caribbean..
I don’t consider myself to be particularly careless with passwords. I don’t write them down, but they are instead committed to memory. And I never let my card leave my sight. Yet somehow having my bank account protected with a simple 4-digit pin has not been adequate. And all the while I live in a country where using a PIN with my card is mandatory, yet this can still happen.
My husband and I are now looking at moving banks – shifting our home loans, our business accounts and credit cards, to an institution that offers more protection. Yes, I have mentioned this issue to my friends on social media, a few times in fact. On Twitter, Facebook, in Telegram rooms, and even on Reddit. And yes, everyone wanted to know the name of the financial institution, which I happily divulged.
I do believe that changing to a bank with MFA will make me a less likely target when there are so many other suckers out there that hackers can easily access, who don’t have MFA. It will at least make me feel much more secure and if it means I won’t have to go through that frustrating and time consuming process again, I will be delighted.
Funnily enough, our bank is now advertising that they will soon be introducing a multi-factor authentication system, which is great. But for us it may be too little too late.
Some thoughts about this article from Steve Medcalf, Mi-Token President:
Some high tech attacks start with the simplest of intrusions – such as stealing your conventional mail from your post box. They may just run a password cracker on your account number or skim your credit card. The criminals stealing your identity slowly build up your profile to the point where they can call your bank, go to the bank, or simply change your email/contact address details. The goal is to then change your password. Once they do this, they have the keys to the kingdom and they can help themselves to your money and eventually your identity.
Remember the banks are a business so they’re generally going to go through a set process to refund your lost money, rather than spend the time and effort going after the thieves. Therefore there really isn’t a down side for the thief. They get to go on the holiday in the Caribbean (or keep your money) and you get back your money (eventually) – even though you have to endure the painful exercise of renewing all your cards and licenses. So yes maybe the banks should be doing more, but until it really affects their bottom line, or law enforcement become more vigilant, or the courts become better educated regarding prosecuting this type of crime, not much is going to change. So:
1. LOCK YOUR MAIL BOX and shred your docs before they go in the rubbish.
2. Utilise MFA on your bank account.
3. Don’t use public WiFi (unless it’s at a reputable place, eg. Qantas Club or McDonalds).
4. When paying by card, cover the key pad when inputting your PIN