G’day All,

Most are aware of the risks of fraud via the internet. Too big a topic to fully address here. One important aspect though is protection of critical processes such as internet banking. Despite the care one may take to guard against this silent predators exist in the form of key-loggers. These are small programs that monitor your key strokes and report them to another party. By this means someone can be watching you enter your bank account number and password as you type it in on your home poota. It is not difficult to import a key-logger as a Trojan program when downloading stuff from the net or via a seemingly innocent but malicious email containing links or embedded programs.

This threat is not new and many warnings have been issued. A few people endeavour to beat the key-logger by using copy and paste i.e have your password in a file, copy then paste it into the password entry field on your bank website. No keyboard action. This was once a fairly safe process once. The 2 risks here are having your password on a file plus still being vulnerable to the smartest key-loggers where copy/paste functions can also be monitored.

I believe the better and safer way is to drag and drop. This is the technique that I developed and have been using for very many years…..]

I have a wordpad (simple text) file containing the following pseudo-random stuff. To prevent accidental corruption of this file I set its attributes to read only.

j18l452dd073694f16hm990bc54819p57201rs9766300odz2q17431gh3072gh11ab19uj585g714938ol6121180w80379johnz
z117ron93721douglasdutygeorgefredtrades663021weatherwaynekevinhelenroberts8tedbobstephenkyliejason27thomaspeter
bobbydi73694rodney180w8lasd1731gh3072terry973022xcjj71zmore86035498024361673ryan839tomroger711alphagirl94771

Buried in the above rubbish is my bank account number and password. Only I know where they are from memory. Let’s say they are as follows… but you would NEVER highlight it this way. These are only mental highlights for demonstration purposes.

j18l452dd073694f16hm990bc54819p57201rs9766300odz2q17431gh3072gh11ab19uj585g714938ol6121180w80379johnz
z117ron93721douglasdutygeorgefredtrades663021weatherwaynekevinhelenroberts8tedbobstephenkyliejason27thomaspeter
bobbydi73694rodney180w8lasd1731gh3072terry973022xcjj71zmore86035498024361673ryan839tomroger711alphagirl94771

Firstly I log onto my bank website. When presented with my logon I open my wordpad file. I have both of these things as Icons for instant access. Using the mouse left button highlight the account number and drag 03549802436167 it to the bottom of the screen and onto your bank logon page tab then back up to the logon account field and release. Click back on your wordpad file and repeat with the password. I provide further protection with the password by breaking it in two. Firstly grab 663021 and drag it over to the left of rodney then select the combined word rodney663021 and drag it down to the banking page and into the password input field. Job done. When finished you will be left with an open but modified wordpad file. You have dragged bits out of it. When closing it you will be given the ‘save’ option. By having the file set as ‘read only’ will prevent you from accidental saving the now corrupted file.

This may seem a complex process but it quickly becomes second nature. It takes me less than 10 seconds to log into the bank. The other advantage of this method is no senior memory fails or typos that may shut you out of your account by you entering dud stuff.

EDIT: to correct highlighting errors introduced by the Forum new platform.

Old Techo,
Your method is simple to your good self and others, but I am at the stage now I even dread changing my mobile phone/DVD player/Set top box/LCD TV/Sat TV Receiver/SWMBO’s new labour saving device in the kitchen, ie reading the instructions and applying them etc.


Along similar lines do not use Internet Banking cannot rely on my anti virus/Firewall or the banks set up for that matter and do not use the token that changes my password every 6 seconds in line with the bank.

Its Telephone banking for frunds transfer and if have to buy something over the net its Paypal or I fax them my credit card details. Using the credit card if I do not recieve the goods, Credit card company will reimburse me with the cost. Hoever have never tested this out.

Peter

Peter, phone banking is fine but fiddly punching in big numbers. When it first appeared I used it and had some of these big numbers stored as speed-dial numbers to eliminate manual entry tedium and mistakes. Now I live/breathe internet banking but appreciate the risks. Most issues stem from lack of user vigilance so everyone needs to be on their game. With net banking, or any other financial transaction, I copy/paste the details in case of future issue. I love having hardcopy records and you can’t do this with phone banking.

Yes, credit card insurance is a nice feature. I’ve never tested it either. For net purchases or bookings I got a very low-limit credit card for this specific purpose (minimise losses). Faxing cards details is secure but then you have hard-copy at the other end and may go in the rubbish bin for someone to find. I prefer to email orders/bookings and give half of my card details and then send a text message with the remainder to their mobile or landline phone. Data diversification.

On the same security theme, I do have several PINs relating to several cards, rarely used, and no hope of remembering all the PINs. I carry a small card with all these PINs, spiced with a few dummies, all encrypted in such a complex way that it takes me 3 minutes to decode. But as I said, rarely needed.

I also check all credit card transactions on-line every 2 or 3 days looking for bogus entries. Yes, it’s all a bit of a pain but I’d never go back to the steam age era of having to go into a limited hours bank for everything. Now I go in once a year max.

Regards

Besides the copy & paste and drag & drop, there is also the (on screen key board) thats a handy thing, I often use that and move it around the screen every couple of charaters to futher confuse.

This is in accessories and accessibility in XP

OT,

Yeah I am a convert to internet banking.

I check emails and bank statements etc first thing in the morning, any fiddles are picked up quickly as a result.

Last year I had a couple of air fares with Tiger Airlines charged to my Visa. Contacted the bank and it was sorted almost immediately. It was as though they knew what was on the go. I suspect they may have been watching someone.

I do not give Visa card numbers out over the phone, use direct transfer where possible and still use cheques under some circumstances.

Like you I have reduced my Visa down to a fairly low limit for security purposes.

It would be hard to go back to the banking of yesteryear.

SD

Sooner or later one learns everything from this forum. Thanks OT, great idea, will give it a go.

Kevin

PS spotted my name in the middle of the gobbeldeygook.

Kev, did you find your password too or did I get that bit wrong?

Shags, went looking for your post and found the sun has already set in the west.

Hi OT,
my question is . My bank logon doesnt use the keyboard at all. you go to the logon page and use the mouse to highlight the numbers letters ON THEIR website then click enter.

am i safe ? This is the banks idea but after reading you post im not using the keyboard or screen [desktop] whatsover.

Cheers Rod

SORRY,
Half right…….

I use the keyboard to put in the numbers BUT the mouse for the online letters

HTH

Rod