ABA APP Security - Strengths and Weaknesses - a Users Guide
- hanno
- Expatriate
- Posts: 6812
- Joined: Fri May 16, 2014 12:37 pm
- Reputation: 3184
- Location: Phnom Penh
- Contact:
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
phuketrichard wrote: ↑Thu Jan 18, 2024 2:18 pmwhen i go out i have 2,3,4,000 baht in my pocket, so i can ONLY spend that amount<reggie perrin's dad wrote: ↑Thu Jan 18, 2024 10:30 amNo, no. Life is not easier if you always use cash. It is much easier to whip out your phone, scan the code, pay the exact amount and not wait while the seller disappears for 15 minutes to break your monster 50,000 Riel note or points at imaginary microscopic tears if you're fool enough to try and pay with a dollar bill which is not still warm from printing.phuketrichard wrote: ↑Wed Jan 17, 2024 2:07 pm life is so much easier if you
1. dont carry a phone or if u do have 2. one with bank apps etc on it leave at home, the other only for messages, calls
a cheap nokia
2. always use cash
than use your atm once/week and only carry what u need when u go out
Safer / more secure to always use cash? Maybe. But easier, nah
with an app you spend more...
Friend of mine does merchandising for all rock shows inn SE Asia> since started ONLY app purchases allowed, his sales have gone up 30-40%!!!
PLUS, i hate getting behind people using their phones, as they always seem to take longer an fuck up
Nope
for me
Cash is King
-
- Expatriate
- Posts: 646
- Joined: Thu Jun 16, 2016 2:28 pm
- Reputation: 374
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
I feel the opposite. I hate getting stuck behind someone paying with cash. Especially if a tourist, trying to pay for. 10,000 riel purchase with two 500 riel notes…hanno wrote: ↑Thu Jan 18, 2024 2:22 pmphuketrichard wrote: ↑Thu Jan 18, 2024 2:18 pmwhen i go out i have 2,3,4,000 baht in my pocket, so i can ONLY spend that amount<reggie perrin's dad wrote: ↑Thu Jan 18, 2024 10:30 amNo, no. Life is not easier if you always use cash. It is much easier to whip out your phone, scan the code, pay the exact amount and not wait while the seller disappears for 15 minutes to break your monster 50,000 Riel note or points at imaginary microscopic tears if you're fool enough to try and pay with a dollar bill which is not still warm from printing.phuketrichard wrote: ↑Wed Jan 17, 2024 2:07 pm life is so much easier if you
1. dont carry a phone or if u do have 2. one with bank apps etc on it leave at home, the other only for messages, calls
a cheap nokia
2. always use cash
than use your atm once/week and only carry what u need when u go out
Safer / more secure to always use cash? Maybe. But easier, nah
with an app you spend more...
Friend of mine does merchandising for all rock shows inn SE Asia> since started ONLY app purchases allowed, his sales have gone up 30-40%!!!
PLUS, i hate getting behind people using their phones, as they always seem to take longer an fuck up
Nope
for me
Cash is King
The faff of getting the bill, finding the calculator, working out the change - twice, counting out the change, checking the change - twice…
The majority of electronic purchases are dead quick - you are remembering the frustrating exceptions and thinking they are the norm.
- hanno
- Expatriate
- Posts: 6812
- Joined: Fri May 16, 2014 12:37 pm
- Reputation: 3184
- Location: Phnom Penh
- Contact:
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
Had someone pay with a $100 bill for a bottle of water in front of me yesterday. What a shit show. Cashier turns the bill over bill 17 times, then calls a supervisor. Same show all over again. In the end, they refused to take the bill and, lo and behold, the customer comes up with a 5,000 Riel note.
- Jerry Atrick
- Expatriate
- Posts: 5453
- Joined: Sat May 17, 2014 4:19 pm
- Reputation: 3065
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
NEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbagDoc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.
I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.
It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.
If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.
The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?
It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...
- Jerry Atrick
- Expatriate
- Posts: 5453
- Joined: Sat May 17, 2014 4:19 pm
- Reputation: 3065
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
You can set your own max transfer limits in the app or at the bank
100k is simply the default
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
Yes of course, but it could be argued that those defaults are unreasonably high amounts (for the vast majority of their customers). That's about my only criticism of their system.Jerry Atrick wrote: ↑Fri Jan 19, 2024 8:01 amYou can set your own max transfer limits in the app or at the bank
100k is simply the default
From a security perspective, it would be better if those customers who need higher limits were forced to explicitly increase them. So that those who never bother to change them have some meaningful protection by default.
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
Why? The less input of a PIN that can be overlooked, the better, surely?Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 amNEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbagDoc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.
I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.
It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.
If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.
The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?
It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...
What is the big problem with fingerprint authorisation, especially when your transfer limits are set very low ($200 in my case) and all my cards are set to sod-all and I never even take them out with me.
I have learned a lot from this thread and have beefed up my security a great deal, but the Fingerprint v PIN dichotomy is still unsettled for me. I am erring for the fingerprint but keen to learn why so many rage against it.
- Jerry Atrick
- Expatriate
- Posts: 5453
- Joined: Sat May 17, 2014 4:19 pm
- Reputation: 3065
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
In general using biometrics to gatekeep your phone or any device is a bad idea. Too vulnerable in every direction.Doc67 wrote: ↑Fri Jan 19, 2024 8:27 amWhy? The less input of a PIN that can be overlooked, the better, surely?Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 amNEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbagDoc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.
I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.
It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.
If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.
The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?
It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...
What is the big problem with fingerprint authorisation, especially when your transfer limits are set very low ($200 in my case) and all my cards are set to sod-all and I never even take them out with me.
I have learned a lot from this thread and have beefed up my security a great deal, but the Fingerprint v PIN dichotomy is still unsettled for me. I am erring for the fingerprint but keen to learn why so many rage against it.
Pin is great, optimal would be pin, secret word and 2-fa
Fingerprint locks are easily hacked from the file that stores it, or from scanning your phones scanner itself
If a password is suspected to be compromised it's easy to change. You can't change your prints - that data is mined and sold you can forget about it
UK police don't need your perm to unlock a biometric locked phone, they do with pin and password
The scanners are easily bypassed and on cheaper phones can be opened using third parties fingers
If you are killed, knocked out or asleep your print can be used to drain your shizz
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
Thanks for the info.Jerry Atrick wrote: ↑Fri Jan 19, 2024 8:53 amIn general using biometrics to gatekeep your phone or any device is a bad idea. Too vulnerable in every direction.Doc67 wrote: ↑Fri Jan 19, 2024 8:27 amWhy? The less input of a PIN that can be overlooked, the better, surely?Jerry Atrick wrote: ↑Fri Jan 19, 2024 7:55 amNEVER allow a mobile device to unlock things based upon biometrics - retina, fingerprint etc - this is a more serious security flaw than Oun Ka from Slappers bar and her Viet cat faced friend with the GHB drops in her handbagDoc67 wrote: ↑Wed Jan 17, 2024 8:59 am This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.
I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.
It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.
If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.
The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?
It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...
What is the big problem with fingerprint authorisation, especially when your transfer limits are set very low ($200 in my case) and all my cards are set to sod-all and I never even take them out with me.
I have learned a lot from this thread and have beefed up my security a great deal, but the Fingerprint v PIN dichotomy is still unsettled for me. I am erring for the fingerprint but keen to learn why so many rage against it.
Pin is great, optimal would be pin, secret word and 2-fa
Fingerprint locks are easily hacked from the file that stores it, or from scanning your phones scanner itself
If a password is suspected to be compromised it's easy to change. You can't change your prints - that data is mined and sold you can forget about it
UK police don't need your perm to unlock a biometric locked phone, they do with pin and password
The scanners are easily bypassed and on cheaper phones can be opened using third parties fingers
If you are killed, knocked out or asleep your print can be used to drain your shizz
I met a guy in Phnom Penh whose company developed the ABA app (originally for a Thai bank according to him). He was an interesting person and seemed plausible. One of the things he said which I was surprised by was his prediction that in a few years the little plastic cards + PIN would not be used for ATM transactions and it will all be biometric, most likely fingerprint/facial recognition.
I have read the scanners can be hacked to make a record of your print and then make a copy that can be used anywhere that has a fingerprint scanner, such as future ATM machine. Perhaps they will use a combination of biometrics. I foresee the early technology causing big problems with it just saying "No", to the frustration of the poor sod trying to get £50 out of the machine
A team at Kraken Security Labs memorably demonstrated this for under $5 – using only Photoshop, acetate paper, a laser printer, and wood glue to create a synthetic fingerprint based on a photo of an individual’s actual fingerprint. Others have shown that fingerprints can be spoofed using a 3D printer and high-resolution photo, albeit at a greater cost.
https://seon.io/resources/biometrics-hacking/
Every airport in this region collects fingerprints!
This is making Bitcoin in a cold storage wallet look foolproof.
Re: ABA APP Security - Strengths and Weaknesses - a Users Guide
I have another question @Jerry Atrick
I have Google wallet on my phone with a Wise card loaded. I have a feeling this is a very bad idea.
The wallet app doesn't have any restrictions on it - you press the app and it opens. If you can get into my phone you can get into the wallet and use the card for large transactions. Wise will just pay them, they don't even seek confirmation through the phone app. If I buy an item via my laptop they seek approval. With the phone, they just pay it. All they do is send you a message that a transaction has taken place. But if someone steals my phone I won't even know about it until I get home.
I have Google wallet on my phone with a Wise card loaded. I have a feeling this is a very bad idea.
The wallet app doesn't have any restrictions on it - you press the app and it opens. If you can get into my phone you can get into the wallet and use the card for large transactions. Wise will just pay them, they don't even seek confirmation through the phone app. If I buy an item via my laptop they seek approval. With the phone, they just pay it. All they do is send you a message that a transaction has taken place. But if someone steals my phone I won't even know about it until I get home.
-
- Similar Topics
- Replies
- Views
- Last post
-
- 4 Replies
- 1741 Views
-
Last post by Khmu Nation
-
- 20 Replies
- 4925 Views
-
Last post by Freightdog
-
- 60 Replies
- 13130 Views
-
Last post by pissontheroof
-
- 0 Replies
- 3137 Views
-
Last post by CEOCambodiaNews
Who is online
Users browsing this forum: No registered users and 342 guests