Internet banking in cyber café

kohinoor

How's your opinion about using your bankaccount in a cyber cafe?
Do you pay your bills there?

Last time in India, I paid my bills in the net, cleared the history etc. whenever possible ( in I-way it wasn't possible - they said it clears out automatically ) and nothing harmful happened.
But I've read about spyprograms and such, and I guess the older computers there don't have so good firewalls and virusprotection, and this makes me worried.
Any solution?

__________________
- Om is where the Art is -

Merchant

Best not to use a public computer, for the reasons you describe. Use one in a private home. You'll make friends--someone will let you use a home computer.

john.sw

I agree totally! It's so easy to record your keystrokes, and anyone who got them could help themselves to all your cash!

__________________
www.nilgiris.asia your guide to the Nilgiris, Ooty, Coonoor, Kotagiri and Gudalur

kohinoor

But. My bank in its secured website asks first two different codes, which are in my memory and always the same, but with them you only get to see the saldo. If you want to do something, pay bills etc., it always asks you a new code, every time, before you can do anything. And you carry those codes in your hand.
Isn't it safe that way - what's the use of recording the keystrokes, when they won't apply the next time you log in?

john.sw

The number of "random" questions your bank's web site asks you are limited.

My bank only has 3 "random" questions so in theory the hacker has a 33.3% chance of being asked the same question on his first attempt to empty your account.

If he tries 3 times he has a near 100% chance!

Have you asked your bank's opinion on whether you should access your account from a cyber café?

Chandra

Check with your bank. Different banks have different security systems. I always use the net (with an electronic security card) for bank services in India.

C

kohinoor

Yes john, your bank seems different from mine, and very insecure.

I may have a similar card as you Chandra, but mine is not electronic, it's plastic.
And it seems pretty safe system...

I've asked my bank. Their reply was everything I knew already.
They didn't say not to do it, but nevertheless it's always in customer's own responsibility.

crvlvr

trust me, the banks are much more worried about this than you. If there was a huge risk, banks won't be offerring these internet services. In the US, as long as you sign an affidavit of forgery allowing the bank to proceed with criminal charges against their culprit, they will reimburse the customer for any losses within 30 days.

kohinoor

Another option is using your gsm and calling your bank's phoneservice to pay your bills. It should at least be safe. It's just more complicated, and probably more expensive.

Don't know about using your gsm with gprs-internet. I've only used it once, and it seemed very frustrating surfing - very slow and very small screen.

Do you know, if that gprs works with Indian SIMcards?
Can you send mms with Indian SIMcards?

GoanCanuck

Not a good idea to use a cybercafe to do internet banking. Many of the owners of the cybercafes do not even know about all the malware residing on their computers.

Digital Drifter

I think you're incorrect on this one. With the amount of phishing going it's apparent that you're MORE at risk than banks. As Bruce schneier says, make banks responsible, the problem goes away. Banks have no incentive to fix lousy security.

If you remember only California and Mass. have laws about informing CC holders of loss of card info; only they get notification of loss, rest of the states go emty.

BTW scheier is author of Secret and lies and is the designer of Blowfish crypto alogrithm. He also writes a monthly newsletter called cryptogram. recommended

BTW, he the CTO of counterpane a manged security service company

__________________
Click here for the Indiamike train guide in PDF

crvlvr

I know I am right on this. I live in the US, I bank in the US, I used to work for a Bank.

I am not arguing that you info won't/can't get stolen. (BRuce Schneier might be the expert on this). All I am saying that if fraud occurs does, sometimes laws make the financial instituition responsibile for doing the investigation and reimbursing the customer.

For example recently, somes hackers in Bangalore stole 1.5cr from a bank. Do you think the customers took a loss ? No Way. the banks reimburse the customers and proceed with the investigation. Fraud happens more often than you think. Banks hush it up for PR reasons. the last thing they need is for their customers to think that their money is not safe at the bank.
http://www.deccanherald.com/deccanhe...4422005410.asp

GoanCanuck

Crvlvr, what Digital Drifter is saying that as per the law the banks outside California and Massachusetts are not obliged to inform you about any breach of security that may have taken place. Here in Canada the credit card holder is liable for the first $50 of any fraudulent transcation but almost in every case this is waived by the bank. If a bank customer has lost money from his online bank account due to poor security on his home computer then the bank is not automatically obliged to pay for his losses. Of course the banks reimburse their customers to avoid bad publicity but from recent reports there may be a shift in this policy due to increasing losses.

nile1483

india are flying in new direction and its really very good internet banking

crvlvr

As I stated earlier, I as a customer don't care if the bank's security has been breached or not, as long as my money is safe. Hence as long as the bank is reponseble for the losses, one should not care whether the bank has to report their security breaches or not.

As to poor security on the home computer, most banks require that the customer use 128bit encryption on their browsers therby ensuring that the communication between the bank and the customer are secure. Now lets say someone hacked ito your home PC and stole banking info and then used it to withdraw money from your account. (This is similar to say a customer losing a checkbook, some finding it and then writing checks against the account) yes, the bank had no part in losing your info. But the fact that they gave away your money without absolutely verifying that that you, the customer, had authorized it, makes them responsible by Federal Laws in the US. All the customer is required to do is notify the bank in a "timely" manner after learning of the loss. As in Canada, the customer is responsible for the first $50 -- usually enforced only if the customer did something stupid

Ofcourse, banks don't tell you this explicitly (although it is included in the many disclosures that is provided when the account is opened) becuase they want you to be as careful as possible.