Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there? Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received.


I can confirm the Public Trust closed down their call cash accounts some years ago (I used to be with them), so your option there is definitely gone.

Internet banking isn't compulsory. Personally I don't do internet banking. So there is no risk of any of my banking passwords being surreptitiously obtained because I don't have any. The bank doesn't have my e-mail address. I know that any information purportedly coming from my bank via e-mail is therefore a scam and it gets deleted.

However, I do live within easy walking distance of branches of all the big banks, which makes my decision workable.

SNOOPY

I am 100% comfortable using online banking and do all my banking this way. I do pretty much everything via the phone apps though, and rarely have to log in to internet banking. Most banks have excellent security features these days - on my iPhone I now choose to log into those apps via Face ID. It is as safe as anything can be. Personally I think you have more chance of having someone steal your data while you're getting cash from an ATM, than you do using online banking.

As far as I am aware, as long as you are taking all recommended security measures such as never giving anyone your log in details, always running a firewall and Antivirus on your computer, and avoiding using public hotspots for banking purposes - you are meeting the requirements of your bank. In the event of someone accessing your account/card or whatever, the banks will generally reimburse you provided you have taken all possible precautions.

But check with your bank(s) if you are concerned.

PS. some banks also have fingerprint ID features for their apps. Others, such as ASB and Rabobank also have digital devices if you choose to use them, to add an extra layer of protection when logging into internet banking.


Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

Good post JAK. Personally I keep all my financial access off my phone as it’s so easy to drop, leave or have stolen.

sgt pepper..you can use things like 2 factor security and other alerts so no transaction can take place without your approval
you can read herehttps://www.cert.govt.nz/individuals/guides/two-factor-authentication/?gclid=EAIaIQobChMI0_LfgK_Q_AIVBZJmAh0zpg7REAAYAyA AEgK4HvD_BwE

Which is why I have enabled Face ID as the default log in method. Face ID is very secure. I also have my screen set to lock after X amou t of time, so if I did lose my phone nobody would be able to unlock it anyway. There is literally no banking info stored on my phone - any transactions I do via the app are cloud based transactions - nothing is stored locally.

As Perky said, 2 factor verification is available (as per the digital devices I mentioned) or in some cases you can elect to have a code sent via email or txt. You can generally also set withdrawal limits on accounts - eg: set a maximum amount that can be withdrawn each day. That way if someone does get hold of your card or internet banking details, they can only access whatever amount you have set as the limit. This can be good idea for savings accounts or other accounts you are not accessing frequently yourself.


Good post JAK. Personally I keep all my financial access off my phone as it’s so easy to drop, leave or have stolen.

sgt pepper..you can use things like 2 factor security and other alerts so no transaction can take place without your approval
you can read herehttps://www.cert.govt.nz/individuals/guides/two-factor-authentication/?gclid=EAIaIQobChMI0_LfgK_Q_AIVBZJmAh0zpg7REAAYAyA AEgK4HvD_BwE

Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

Wife and I are retired.
Wife has a Westpac savings account which is not accessible online,which has a very healthy balance.
We have a joint account with Westpac All online.Everyday for paying bills.And two Savings accounts.
Also my Bankcard.
Wife has a separate Bankcard .Payments for both Bankcards are from our everyday account.
To spread our risk we both have cash management accounts with Craigs.Usually have healthy balances.Craigs use ANZ.
My only worry is online merchants when using my Credit card and giving them the number on the back of my card.
I do a lot of shopping on line and never had any issues.
I have rates,and insurances direct debited,and pay other accounts online.Again never any issues.
I give share registers my bank details but I am the only person who knows my online bank account number and password.
The only issue I could have is cancelling a direct debit,such as The Press.You have to get them to stop it../
I do not have a cell phone so have never done phone banking.

You should be okay Percy. I have stopped a few direct debits lately (I'm with ANZ). All I've had to do is ask ANZ to stop the dd and advise the affected company that I have cancelled the dd. Job done.

Make sure 2factor is enabled for both logging into internet banking, and for sending money/making online payments over x amount of dollars e.g. for substantial amounts
Make sure to treat any email sent to you purporting to be from a bank as a scam. Always call the bank on their number listed on their official website, don't call any numbers provided in emails
Make sure to treat any phone call purporting to be a bank as suspicious. Ask for the person's name, department, tell them you will call back on the official bank number listed on their website and then ask for to speak to that person

You should be okay Percy. I have stopped a few direct debits lately (I'm with ANZ). All I've had to do is ask ANZ to stop the dd and advise the affected company that I have cancelled the dd. Job done.
Thanks for the heads up.

Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

One of your main protections against theft of your bank balance(s) is to have a low transfer threshold for online transactions. For transfers of amounts larger than your limit, you need to contact the bank and go through their security questions. To change the limit you need to go through the same process.

Two factor authentication is most commonly via SMS/text to a mobile phone. Good general security, especially compared with just a username and password which can be phished (https://phishing.org/what-is-phishing) and then your online accounts compromised.

For substantial cash amounts, consider splitting these funds between deposit-taking entities. For example a couple of banks and a broker. Better interest with Jarden currently too.

Call the Hawk old school, but all banking & email stuff doesn't hit the mobile phone ..

Yes, I like the 2 Factor approach,
My primary bank is BNZ. While I can and do have two factor switched on on web based (PC) access,
on iPad and iPhone it is not available.

Or am I not correct ?

I don't bank with BNZ so can't answer that, but you can set up biometric login on your iPhone (and presumably your iPad);

Setting up Touch ID or Face ID on compatible devices

Log in to the BNZ app.
From the main screen, tap the Menu icon (three horizontal lines) in the top-left corner.
Tap Settings then under Security, select either Touch ID or Face ID.
Tap the (Touch ID or Face ID) button to turn on or off.

There really is nothing that provides greater security than biometric log in.


Yes, I like the 2 Factor approach,
My primary bank is BNZ. While I can and do have two factor switched on on web based (PC) access,
on iPad and iPhone it is not available.

Or am I not correct ?

Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

Yeah, you are correct. Not sure if this will make you feel any better, but I found this info on the BNZ site;

Secure tokensA secure token is created on your device when you first set up the BNZ app. This lets us know that it’s you using it and not someone else.


Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

Update
Yes…when logging in cancelling the biometric allows either Password or a PIN to be used.
So…not as secure as one would hope.
Didn’t see anywhere to turn that off…but may have missed it.
I recall I emailed BNZ about this a while ago. Got a response confirming I was correct….doesn’t seem anything has changed.

Again….more than happy to be corrected if there is a setting I have missed.


——————
Thanks…and yes…I have those set up already.
But my impression is that this would still allow normal username /password access as well.
Will check.

As an aside…it’s a bit worrying when one wakens in the morning and the iPhone won’t recognise you,
Oh dear !

I think you are right that the mobile app doesn't support 2fa - the assumption being, if somebody has your phone and opens the BNZ app, if it sends you a text message they will have that anyway as they have your phone

I think you are right that the mobile app doesn't support 2fa - the assumption being, if somebody has your phone and opens the BNZ app, if it sends you a text message they will have that anyway as they have your phone

Just back from Matauri Bay...awesome body boarding.

Yes...I agree. But they might have dreamed up other ways to give an element of 2FA.
Or allow you to turn off the normal password or Pin access and just use the Biometric.
This would be my preferred option.

Just back from Matauri Bay...awesome body boarding.

Yes...I agree. But they might have dreamed up other ways to give an element of 2FA.
Or allow you to turn off the normal password or Pin access and just use the Biometric.
This would be my preferred option.


It would be more secure to turn off the pin option, and use a very good password. Better to use something long, and made of multiple words, at least 16 characters. Instead of a word followed by a couple of numbers and a special character

Approaching retirement I am concerned about recent media coverage of increasingly sophisticated scamming depriving people of their savings. Is online banking becoming too risky for large amounts of cash . If so what alternatives are there?Public Trust used to have on call and term deposit accounts which were government guaranteed and not able to be accessed online. However this facility was closed several years ago. Any ideas advice would be gratefully received

The hog hastens to add, never, ever click on a link in an email from anyone who represents themselves as a bank, broker, etc. Always navigate to the website yourself.

When I drew it to the attention of the security team of one of NZ's big banks that they regularly send emails to customers with links, thereby training their own customers to break their own suggestions about not clicking on links in email, they said "We've raised this with the marketing people at the bank but they are a law unto themselves, don't care, and have support from above…"

Wife and I are retired.
My only worry is online merchants when using my Credit card and giving them the number on the back of my card.
I do a lot of shopping on line and never had any issues.
I have rates,and insurances direct debited,and pay other accounts online.Again never any issues..

I use WISE a lot for currency conversion, but another helpful feature I've started to use are their "Digital Credit Cards".
From within their application you can generate a new credit card, make your payment, then destroy the card.
Makes me much more comfortable when buying things online especially on international sites.

It would be great if NZ banks took note of this feature.

Just had a cold call on my mobile from someone saying they are from NZ Assist

They stated they call on behalf of staircase NZ

https://www.staircase.co.nz/?utm_source=GBP&utm_medium=GBP&utm_campaign=GBP_Auckland&utm_id=GBP_Auckland

Any one else had a call or am I the lucky one???

Just had a cold call on my mobile from someone saying they are from NZ Assist

They stated they call on behalf of staircase NZ

https://www.staircase.co.nz/?utm_source=GBP&utm_medium=GBP&utm_campaign=GBP_Auckland&utm_id=GBP_Auckland



Any one else had a call or am I the lucky one???
Staircase are legitimate check out the FSPR register if in doubt about anyone ...( prob trying to sell you an investment property)

https://fsp-app.companiesoffice.govt.nz/orp-fsp-register/viewInstance/view.html?id=757b371f1b6eec44bad4008937136b8f6919c 7ecd937061e82440164c45b5b13&_timestamp=4033111710446516

What I don't get about these bank scams, is how the money is usually unrecoverable. Everyone with a bank account, globally, should have KYC done, so what's the issue? Especially with large amounts, it makes sense to chase it...

At least with blockchain, the finality of a transaction is by design. With banks, if you make a mistake or are scammed, there is no protection.

I’ve always wondered why the bank holds all the security codes and security questions which they use to identify a legitimate customer but the customer has nothing to identify the bank?

With all the phone and internet scams I wonder if a solution is that a customer has a unique code or security question attached to their accounts.

When the bank wants to contacts a customer…the first thing the customer asks the person on the phone for is the code or security question. If they can’t answer it’s obviously a scam.

Probably not perfect but you’d think this would nip a lot of the scams in the Bud?

Just an idea flopping around in my head.

Knowing human nature the scammers would then probably still phone and say something along the lines of 'We think your account has been compromised. To verify your identity so we can unlock your account, please provide the answer to the security question identifying us as your bank, and your password". I bet they'd still get people divulging the answers.......

I’ve always wondered why the bank holds all the security codes and security questions which they use to identify a legitimate customer but the customer has nothing to identify the bank?

Because banks are inherently self-trusting i.e. internally trust is assumed to almost be 100% but the world outside is 0%.

Another reflection of this is banks, weary of their customers having their phone number (imagine that! Your customer being able to contact you! Crazy idea, right?), they almost always call from a withheld number.


With all the phone and internet scams I wonder if a solution is that a customer has a unique code or security question attached to their accounts.

When the bank wants to contacts a customer…the first thing the customer asks the person on the phone for is the code or security question. If they can’t answer it’s obviously a scam.

Some security-minded businesses do this. Those who do not either do not care, are incompetent, or don't want to deal with the customer issues that can arise (or some combination).


Probably not perfect but you’d think this would nip a lot of the scams in the Bud?

Broadly, the hog agrees. Simple security is good security, but this is contingent on smart security people and a business that cares about actual results as opposed to just enough to cover their collective arses.

Knowing human nature the scammers would then probably still phone and say something along the lines of 'We think your account has been compromised. To verify your identity so we can unlock your account, please provide the answer to the security question identifying us as your bank, and your password". I bet they'd still get people divulging the answers.......

Yes but this isn't how to look at security in the hog's view. You can't dismiss a layer of security that would add to overall security simply by saying it could potentially fail in the same way as the current situation.

What I don't get about these bank scams, is how the money is usually unrecoverable. Everyone with a bank account, globally, should have KYC done, so what's the issue? Especially with large amounts, it makes sense to chase it...

At least with blockchain, the finality of a transaction is by design. With banks, if you make a mistake or are scammed, there is no protection.

It is unrecoverable in many cases because the destinations are compromised accounts with cards associated with them. USD100k hits a compromised account that has two associated cards and immediately those cards are used to withdraw cash and spend all over town, as well as transfer lots of USD10-20k to yet more compromised accounts, which are of course burned once the money is gone.

Blockchain is essentially a data structure. It has no inherent security, finality or any other quality other than its structure.

Yes but this isn't how to look at security in the hog's view. You can't dismiss a layer of security that would add to overall security simply by saying it could potentially fail in the same way as the current situation.

I agree. The more measures in place the better-I wasn't dismissing the idea-just saying a lot of people would probably still hand over the information without thinking......
I like Rabobank's digipass that generates a second random number that you input after first getting into your account with a password as the 2 factor authentication. Takes a few extra seconds, but pretty secure I would have thought and that's just to get into your account, you then have to use it again for another code for any withdrawal. If people get scammed through that procedure then they probably shouldn't be allowed to handle their own finances....

Most banks have something similar to Rabobank, whether it is a token, a text to the phone etc.
The scammers just ask something along the lines of we will need the code being sent to your phone to unlock your account.
Trouble is, I believe, most of the people scammed don't know what the code is for, they only know they have to enter it all the time and of course it is the "bank" ringing me trying to protect my money, catch a staff an errant member etc!

I agree. The more measures in place the better-I wasn't dismissing the idea-just saying a lot of people would probably still hand over the information without thinking......
I like Rabobank's digipass that generates a second random number that you input after first getting into your account with a password as the 2 factor authentication. Takes a few extra seconds, but pretty secure I would have thought and that's just to get into your account, you then have to use it again for another code for any withdrawal. If people get scammed through that procedure then they probably shouldn't be allowed to handle their own finances....

The hog agrees. Some people are just destined to be scammed.

We have a $2000 limit on our Mastercard. My wife went to Auckland for a one-day appointment, booked into a motel with our credit card, and for the next week dozens of pizzas from an Auckland pizza shop were being ordered and delivered to local addresses, then a car repair, all on our card account details, away past our $2000 stop-limit. Our bank refunded all the stolen money. I guess the bank and Mastercard make a million dollars from motels for every thousand taken by a crooked motel receptionists.

If we make an unusually large payment on our EFTPOS/online bank account, or one to an unusual place, I get a text message from the bank with a six-digit number on it. I have to type in the number before the money is transferred out.

My biggest problem now is when a legitimate email comes from a financial institution, and I am too suspicious to click its link.

My biggest problem now is when a legitimate email comes from a financial institution, and I am too suspicious to click its link.

The hog suggests you type in the name of the institution into your browser, and try to find what was referred to in the email by navigating the website (search facility is often helpful). If you do this, your risk of being phished is very close to zero, as long as you get the institution's domain name correct…

We have a $2000 limit on our Mastercard. My wife went to Auckland for a one-day appointment, booked into a motel with our credit card, and for the next week dozens of pizzas from an Auckland pizza shop were being ordered and delivered to local addresses, then a car repair, all on our card account details, away past our $2000 stop-limit. Our bank refunded all the stolen money. I guess the bank and Mastercard make a million dollars from motels for every thousand taken by a crooked motel receptionists.


Are you sure it was a 'crooked motel receptionist' that stole your credit card details? If your wife handed those credit card details over the telephone (most credit card transactions are electronic and through secure sites there days), and the receptionist had done this before, then the bank would be looking at such 'manual transactions' as a front line security risk first. You would have to be a fairly dumb receptionist to think you could get away with such a crime.

Modern credit cards with paywave can be skimmed (capturing account numbers and security codes) by a passing pedestrian if they have the right scanning device. My cousin's card got skimmed from his back pocket in London by someone just walking by him at a railway station.

SNOOPY

My cousin's card got skimmed from his back pocket in London by someone just walking by him at a railway station.


How was this ascertained? Was the person who did this identified on CCTV or similar?

How was this ascertained? Was the person who did this identified on CCTV or similar?


Good question, which I had not thought about before. So while chatting to my cousin tonight, I asked him....

My cousin and his wife were at Paddington Station in London, sorting out their travel. Unusually my cousin had his VISA card in his back pocket as a stand alone card, to save him diving into his travel bags to get it. The opportunity this presented for electronic theft, and the timing of subsequent 'stolen transactions' was the reason my cousin decided this was where the card skimming happened. A railway station is also the perfect cover for an opportunistic thief, as all sorts of legitimate people are 'loitering about' with good reason. If his card had been in his wallet with other cards, in that case the electronic signal as read by a scanner would have been corrupted. So my cousin decided Paddington Station was the best opportunity for such electronic theft, given it was the only time his VISA card was in his back pocket and not in his wallet as per normal.

SNOOPY

Are you sure it was a 'crooked motel receptionist' that stole your credit card details? If your wife handed those credit card details over the telephone (most credit card transactions are electronic and through secure sites there days), and the receptionist had done this before, then the bank would be looking at such 'manual transactions' as a front line security risk first. You would have to be a fairly dumb receptionist to think you could get away with such a crime.

Modern credit cards with paywave can be skimmed (capturing account numbers and security codes) by a passing pedestrian if they have the right scanning device. My cousin's card got skimmed from his back pocket in London by someone just walking by him at a railway station.

SNOOPY
I guess payWave via phone is more secure in that respect. The card details are loaded onto the iPhone and the card can be put somewhere more discreet. Paywave on the phone needs to be activated by the owner.

I guess payWave via phone is more secure in that respect. The card details are loaded onto the iPhone and the card can be put somewhere more discreet. Paywave on the phone needs to be activated by the owner.


Can you explain a bit more how Paywave on an iPhone might work? Are you saying that the phone owner must activate it for each transaction by putting in a password or something?

SNOOPY

Can you explain a bit more how Paywave on an iPhone might work? Are you saying that the phone owner must activate it for each transaction by putting in a password or something?

SNOOPY Yes on my phone with apple pay - a double press of a button and then either my face or 6-digit pin does the trick for the card to be debited, when the phone is near the reader terminal.You do not need the physical card.

https://www.visa.co.nz/pay-with-visa/featured-technologies/visa-mobile-payments.html

Yes on my phone with apple pay - a double press of a button and then either my face or 6-digit pin does the trick for the card to be debited, when the phone is near the reader terminal.You do not need the physical card.

https://www.visa.co.nz/pay-with-visa/featured-technologies/visa-mobile-payments.html

I don't use anything else these days and feel it is safer than a physical card. Not to mention not having to carry a wallet wherever I go. Got so used to it when in Europe on an extensive visit last year, where everyone uses it, that I moved my credit card from Kiwibank when I got home as they oddly don't offer Apple Pay.

Another advantage of using Apple pay or Google pay when travelling is they work on lot of public transport in Europe and parts of USA. eg use your phone for tap and go on the Tube in London it will only bill you up to the daily (or weekly) price cap, additional trips are not charged so better than purchasing Oyster card or a daily pass. Also a better option is to use a Wise card (Visa Based) which operate in local currency and offer very good exchange rates. So not paying expensive visa currency exchange rates and the added advantages of having a local bank account in up to 50 countries. Also works well for online purchases in foreign currency

I don't use anything else these days and feel it is safer than a physical card. Not to mention not having to carry a wallet wherever I go. Got so used to it when in Europe on an extensive visit last year, where everyone uses it, that I moved my credit card from Kiwibank when I got home as they oddly don't offer Apple Pay.
I wonder what proportion of their clients have apple products. A significant proportion I imagine are not being serviced well.

Until the end of 2022, Paywave fees were high in NZ. Maybe since the Retail Payment Ace came into effect, payWave will be more widely available in NZ.
https://www.rnz.co.nz/news/business/478538/reduction-of-consumer-transaction-fees-on-cards-expected-to-boost-contactless-payment-availablity

Good question, which I had not thought about before. So while chatting to my cousin tonight, I asked him....

My cousin and his wife were at Paddington Station in London, sorting out their travel. Unusually my cousin had his VISA card in his back pocket as a stand alone card, to save him diving into his travel bags to get it. The opportunity this presented for electronic theft, and the timing of subsequent 'stolen transactions' was the reason my cousin decided this was where the card skimming happened. A railway station is also the perfect cover for an opportunistic thief, as all sorts of legitimate people are 'loitering about' with good reason. If his card had been in his wallet with other cards, in that case the electronic signal as read by a scanner would have been corrupted. So my cousin decided Paddington Station was the best opportunity for such electronic theft, given it was the only time his VISA card was in his back pocket and not in his wallet as per normal.

SNOOPY

Thanks for the reply Snoopy.

The hog thinks this is one of those cases where somebody is damn sure it was that dodgy kebab that gave them the runs when in fact it was the door handle at their favourite café.

I wonder what proportion of their clients have apple products. A significant proportion I imagine are not being serviced well.

Until the end of 2022, Paywave fees were high in NZ. Maybe since the Retail Payment Ace came into effect, payWave will be more widely available in NZ.
https://www.rnz.co.nz/news/business/478538/reduction-of-consumer-transaction-fees-on-cards-expected-to-boost-contactless-payment-availablity

I had a call from a Kiwibank Customer Service guy from Dunedin asking me what the reason was for me closing the account. I told him I was happy with my credit card account in general but the only reason was their stated policy of not accepting Apple Pay in the foreseeable future. His response indicated that he wasn't surprised and I clearly was not the first person he had dealt with quitting for that reason. I think Kiwibank is making a huge mistake and is being left behind. The bank that was going to take on the "Big Aussie banks" with much bravado. The customers won't come back, especially given the increasing difficulties and interrogations involved with starting new accounts.

Can you explain a bit more how Paywave on an iPhone might work? Are you saying that the phone owner must activate it for each transaction by putting in a password or something?
SNOOPY

When a card is associated with a physical device cryptographic tokens govern this relationship or capability. Due to secure elements on devices, they are considered at least as secure as cards, if not more (certainly more than just tapping a card to pay). So whatever security method is employed to secure the device is also used to authorise transactions.

In practice, you present the phone to the card-reader and authorise the transaction with your face, fingerprint or PIN. There are attacks for each of these, but remember, security in practice is not about eliminating risk but raising the level of security to a high enough level that in combination with other factors such as support costs, represents an acceptable overall balance.

I had a call from a Kiwibank Customer Service guy from Dunedin asking me what the reason was for me closing the account. I told him I was happy with my credit card account in general but the only reason was their stated policy of not accepting Apple Pay in the foreseeable future. His response indicated that he wasn't surprised and I clearly was not the first person he had dealt with quitting for that reason. I think Kiwibank is making a huge mistake and is being left behind. The bank that was going to take on the "Big Aussie banks" with much bravado. The customers won't come back, especially given the increasing difficulties and interrogations involved with starting new accounts.

Kiwibank's attitude is consistent with that of the owner of that business: they know best.

Thanks for the reply Snoopy.

The hog thinks this is one of those cases where somebody is damn sure it was that dodgy kebab that gave them the runs when in fact it was the door handle at their favourite café.


Possibly. But there are devices around using bluetoothh for hacking RFID (Radio Frequency ID) Technology, which includes PayWave. Take a look at this video by David Bombal

https://www.youtube.com/watch?v=VF3xlAm_tdo

That is the reason my VISA card, with Paywave, stays in the bottom drawer at home and never leaves the house.

SNOOPY

I don't use anything else these days and feel it is safer than a physical card. Not to mention not having to carry a wallet wherever I go.


Yes but an iPhone is a lot more bulky that a card wallet, or even a full money card wallet.

SNOOPY

Yes on my phone with apple pay - a double press of a button and then either my face or 6-digit pin does the trick for the card to be debited, when the phone is near the reader terminal.You do not need the physical card.


So instead of entering a 4 digit number into the eftpos machine, you get to enter a 6 digit number into your phone. Doesn't sound like much of an advantage to me!

SNOOPY

Yes but an iPhone is a lot more bulky that a card wallet, or even a full money card wallet.

SNOOPY

It may well be but if you leave home without your mobile phone, I suggest you belong to a small minority of people. If you don't carry a mobile phone on you when you're out, you are clearly not in the target market for the Apple Pay technology !!
Why would I want to carry my wallet with me when I've got everything I need in the phone ?

And you're also wrong about the 6 figure code. As Bjauck said, EITHER a face recognition that most people have, or a 6 digit code.

"Why would I want to carry my wallet with me when I've got everything I need in the phone ?"

Because I don't want a single point of failure - I want redundancy-based resilience.

It may well be but if you leave home without your mobile phone, I suggest you belong to a small minority of people. If you don't carry a mobile phone on you when you're out, you are clearly not in the target market for the Apple Pay technology !!


Well that depends. If I am trying to meet someone at a variable time and place, then yes, I take my mobile phone. But if I am at a concert or a sports event or doing the shopping where I don't want to be interrupted then no, my mobile phone stays at home. I have my mobile phone set up so that it automatically records any incoming calls I have missed, without the incoming caller leaving a message. I find there are few calls that I get where I need to reply urgently, and there are merits in replying 'not that quickly'.

https://coub.com/view/wuwqv


https://coub.com/view/wuwqv



Why would I want to carry my wallet with me when I've got everything I need in the phone ?

And you're also wrong about the 6 figure code. As Bjauck said, EITHER a face recognition that most people have, or a 6 digit code.


There are a few issues with facial recognition software.

https://senstar.com/senstarpedia/facial-recognition-problems/


"Why would I want to carry my wallet with me when I've got everything I need in the phone ?"

Because I don't want a single point of failure - I want redundancy-based resilience.

Spot on

SNOOPY

Well that depends. If I am trying to meet someone at a variable time and place, then yes, I take my mobile phone. But if I am at a concert or a sports event or doing the shopping where I don't want to be interrupted then no, my mobile phone stays at home. I have my mobile phone set up so that it automatically records any incoming calls I have missed, without the incoming caller leaving a message. I find there are few calls that I get where I need to reply urgently, and there are merits in replying 'not that quickly'.

https://coub.com/view/wuwqv



There are a few issues with facial recognition software.

https://senstar.com/senstarpedia/facial-recognition-problems/



Spot on

SNOOPY

You are definitely not their target market with this widely used technology Snoopy, nor is GTM by the looks of it ;)

Good question, which I had not thought about before. So while chatting to my cousin tonight, I asked him....

My cousin and his wife were at Paddington Station in London, sorting out their travel. Unusually my cousin had his VISA card in his back pocket as a stand alone card, to save him diving into his travel bags to get it. The opportunity this presented for electronic theft, and the timing of subsequent 'stolen transactions' was the reason my cousin decided this was where the card skimming happened. A railway station is also the perfect cover for an opportunistic thief, as all sorts of legitimate people are 'loitering about' with good reason. If his card had been in his wallet with other cards, in that case the electronic signal as read by a scanner would have been corrupted. So my cousin decided Paddington Station was the best opportunity for such electronic theft, given it was the only time his VISA card was in his back pocket and not in his wallet as per normal.

SNOOPY

Understanding the types of transactions that appeared on the card can be helpful to determine the most likely way in which the data was stolen. Were the fraudulent transactions card-not-present (e.g. online store) or were they card-present (e.g. in-store retail) transactions? If the transactions occurred in-store, did the issuer reveal whether they were PayWave transactions, chip & pin, or mag-stripe transactions?

Successfully committing fraudulent card-present transactions using PayWave or Chip & Pin transactions is very difficult. The most common method used to commit credit-card fraud is to harvest the credit card number & CCV to commit card-not-present transactions using online retailers. These card details can be harvested from compromised websites or client devices (e.g. a copy of the card number is relayed when typed into the secure form), installing malware on a POS terminal itself, skimming the magstripe data, or simply installing cameras to record views of the upper and lower side of the card.

You are definitely not their target market with this widely used technology Snoopy, nor is GTM by the looks of it ;)

Who knows whether or not I'm "their" target demographic.

Now, once upon a time, about five years ago I think, I was in a shop wanting to spend some money on some small something.

Sadly, there was a power cut, so they couldn't use their EFTPOS card reader to read either my card or my phone.

Happily, I had cash.

Sadly, they couldn't use the till without power.

Happily I am a resilient bloke (and fond of systemic redundancy) and said "Take these three five dollar notes and do all your paperwork when the power comes back on. Have a great day, goodbye", and pushed the door open.

It might have been different if I'd only had a hundred buck note though. . .

"Why would I want to carry my wallet with me when I've got everything I need in the phone ?"

Because I don't want a single point of failure - I want redundancy-based resilience.

As long as we recognise with increased resilience comes increased risk.

Who knows whether or not I'm "their" target demographic.

Now, once upon a time, about five years ago I think, I was in a shop wanting to spend some money on some small something.

Sadly, there was a power cut, so they couldn't use their EFTPOS card reader to read either my card or my phone.

Happily, I had cash.

Sadly, they couldn't use the till without power.

Happily I am a resilient bloke (and fond of systemic redundancy) and said "Take these three five dollar notes and do all your paperwork when the power comes back on. Have a great day, goodbye", and pushed the door open.

It might have been different if I'd only had a hundred buck note though. . .

I'm like you. Always carry plenty of cash with me in my wallet. Normally 4-5 $50's a couple of $20's and some smaller stuff. You never know when it comes in handy.

As long as we recognise with increased resilience comes increased risk.

And increased utility.

It's a perpetual trade-off - risks have to be managed but cannot be eliminated.

G*d bless the twenty-first century and all who sail in it!

So instead of entering a 4 digit number into the eftpos machine, you get to enter a 6 digit number into your phone. Doesn't sound like much of an advantage to me!

SNOOPY I just smile at my phone and I have transferred a few bob 😃. It does not take any time and it is more secure than using a card.

Yes but an iPhone is a lot more bulky that a card wallet, or even a full money card wallet.

SNOOPY
I would feel naked without my phone! I use it for so much - maps, emails, torch, music, sky tv, TVNZ and other entertainment, news, aide-memoire, schedule, presentations, calendar, watch, personal trainer, shorter Oxford dictionary etc. All of which I use several times a day. And it is a credit card, eftpos and phone too! Sure there is jeopardy if it gets lost or stolen, but it us backed up to the iCloud.

I'm like you. Always carry plenty of cash with me in my wallet. Normally 4-5 $50's a couple of $20's and some smaller stuff. You never know when it comes in handy.
I have a folio case for my phone and I carry about $150 cash in that.

Possibly. But there are devices around using bluetoothh for hacking RFID (Radio Frequency ID) Technology, which includes PayWave. Take a look at this video by David Bombal

https://www.youtube.com/watch?v=VF3xlAm_tdo

That is the reason my VISA card, with Paywave, stays in the bottom drawer at home and never leaves the house.

SNOOPY

The hog's point is given the potential to read and emulate a passive RFID device like a credit-card, it's very difficult to know where a specific event occurred. That is all.

"NZ scam victims gain access to international fraud recovery service"
https://businessdesk.co.nz/article/money/nz-scam-victims-gain-access-to-international-fraud-recovery-service?utm_source=7am+Headlines+from+BusinessDesk&utm_campaign=dbd2ea1272-7am+Headlines&utm_medium=email&utm_term=0_617c2ef34a-dbd2ea1272-446239310