Doc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.

I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.

It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.

If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.

The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?

It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...

mi1 wrote: ↑Wed Jan 17, 2024 1:48 pm The biggest issue for me with ABA is that they limit transfers to $100,000, which you can execute on mobile by just entering a PIN and a secret code. Transfers of $100k should not be allowed via mobile but only in person or through a more secure method.

Jerry Atrick wrote: ↑Fri Jan 19, 2024 8:01 am

mi1 wrote: ↑Wed Jan 17, 2024 1:48 pm The biggest issue for me with ABA is that they limit transfers to $100,000, which you can execute on mobile by just entering a PIN and a secret code. Transfers of $100k should not be allowed via mobile but only in person or through a more secure method.

You can set your own max transfer limits in the app or at the bank

100k is simply the default

Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 am

Doc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.

I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.

It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.

If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.

The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?

It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...

NEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbag

Doc67 wrote: ↑Fri Jan 19, 2024 8:27 am

Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 am

Doc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.

I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.

It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.

If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.

The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?

It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...

NEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbag

Why? The less input of a PIN that can be overlooked, the better, surely?

What is the big problem with fingerprint authorisation, especially when your transfer limits are set very low ($200 in my case) and all my cards are set to sod-all and I never even take them out with me.

I have learned a lot from this thread and have beefed up my security a great deal, but the Fingerprint v PIN dichotomy is still unsettled for me. I am erring for the fingerprint but keen to learn why so many rage against it.

Jerry Atrick wrote: ↑Fri Jan 19, 2024 8:53 am

Doc67 wrote: ↑Fri Jan 19, 2024 8:27 am

Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 am

Doc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.

I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.

It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.

If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.

The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?

It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...

NEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbag

Why? The less input of a PIN that can be overlooked, the better, surely?

What is the big problem with fingerprint authorisation, especially when your transfer limits are set very low ($200 in my case) and all my cards are set to sod-all and I never even take them out with me.

I have learned a lot from this thread and have beefed up my security a great deal, but the Fingerprint v PIN dichotomy is still unsettled for me. I am erring for the fingerprint but keen to learn why so many rage against it.

In general using biometrics to gatekeep your phone or any device is a bad idea. Too vulnerable in every direction.

Pin is great, optimal would be pin, secret word and 2-fa

Fingerprint locks are easily hacked from the file that stores it, or from scanning your phones scanner itself

If a password is suspected to be compromised it's easy to change. You can't change your prints - that data is mined and sold you can forget about it

UK police don't need your perm to unlock a biometric locked phone, they do with pin and password

The scanners are easily bypassed and on cheaper phones can be opened using third parties fingers

If you are killed, knocked out or asleep your print can be used to drain your shizz

A team at Kraken Security Labs memorably demonstrated this for under $5 – using only Photoshop, acetate paper, a laser printer, and wood glue to create a synthetic fingerprint based on a photo of an individual’s actual fingerprint. Others have shown that fingerprints can be spoofed using a 3D printer and high-resolution photo, albeit at a greater cost.