Interestingly enough I got caught off guard by the new Canada Trust secrity mesaures. You have to answer 5 questions and I couldn’t remember the answers so I got locked out. As Doug said I had to get to a live person to reset my password. Of course in the interest of security I wrote down all the questions and answers :) so I don’t get locked out next time.

The other problem will always be that America is the largest country in the world and English the language of business and as such will always be prime territory for hackers and thieves. It also doesn’t help that Banking in America is run on security lite.

Bank of America immediately returned the amount, then did an investigation. But I must say that he was lucky in the sense that the people who used his check didn’t even signed in his name. It was a completely different name. I am sure the bank saw that and couldn’t argue.

Doug: I agree completely with this. Most people double-click on every attachment they get and also don’t turn on Windows Firewall (even at a minimum). It’s just amazing more people aren’t caught. My point is that brokerages are transacting things in this unsecure environment and they can take steps to make things more secure.

You 3 steps are good but they can be out witted by a good thief, especially if the victim is careless. Part of that non-internet accessible database must be safety phrases that only the account holder will know. This is necessary as there must be some mechanism in place that allows the account holder to update their information , specifically phone numbers and mailing addresses. At no time should email be used as an authentication mechanism (I’ve seen numerous times situations when a computer has been compromised and the thieves are monitoring the client’s email in real time and responding to verification emails then removing any trace of the from the system). If the victim is silly enough to keep that pass phrase on their computer then there is no level of security at the financial institution that will prevent their account from being ripped.

I know with my bank (TD Canada Trust) I can not make any inquiries about my account or any changes to my personal information without going through a live support person and answering several questions only I know the answer to. I am comforted by that.

I urge everyone with a computer to take the most basic precautions.

1. Use a good AV program and keep it updated (AVG is free and good)
2. Use a personal software firewall that looks atr outgoing connections as well as incoming (Zone Alarm makes an excellent free one)
3. Get a router (not a hub, not a plain switch) and put it between your computer and your ADSL or Cable modem (average lifespan of a windows computer on the net without protection is 20 minutes before it is thoroughly compromised). You can get a decent one for about $80.
4. If you get a wireless router make certain you use the 128bit encryption and set a very difficult password. Better and safer would be to go wireline not wireless.

Don’t think you’ll simply “know” when our computer is compromised. You won’t unless the hacker is careless. Take the above precautions at a minimum.