Trading from Phils?

[hk blues]

16 hours ago, northtoalaska said:

Absolutely. Connecting from any public (hotel, etc.) Wifi has a degree of risk. One example is something called a “Man in the Middle” attack/scam. There are others. 

Using a VPN greatly decreases that risk. 

So, when I’m on the road and away from my home network I always use a VPN. 

I think Wells Fargo meant well, but they realized that not allowing routing through VPN servers defeats the entire purpose of VPNs — ie, greater security. 

Thank you for the confirmation.

And here was me thinking people used VPNs mainly to allow them to access websites that wouldn't normally be accessible in the location! 

[northtoalaska]

13 hours ago, JJReyes said:

I use my bank debit card to withdraw money from overseas ATMs and do other online transactions using a laptop.  My bank informed me the $50 liability limit established by the US Congress applies in the event there is some fraudulent activities. The same is not true for online trading like buying or selling stocks, bonds, mutual funds, etc.

One precaution I have, assuming my desire to do transactions in the future, is my laptop address is registered with the financial institution.  I can't use another laptop unless the replacement laptop is first registered.  The account is "locked" in the meantime.  

You laptop “address” is called it’s MAC address. (Not related to Apple compute.) Everything that connects to the web has a unique MAC address. 

Now, here’s the fun part. It’s easy to spoof a MAC address. A semi-sophisticated theif can use a Man in the Middle attack to grab your userid and your pw and your MAC address. Tada! He’s now you as far as your bank is concerned. Buh-bye money!

Now, if your bank is sophisticated they can “address” your computer by using more than just your MAC address. I have no idea if any or all banks do so. 

Depending on how you are connecting to your bank or broker (to return to the topic 🙃) it’s a good idea to use a VPN (dirt cheap  to buy) and if the bank/broker offers it, two-factor authentication. 

I have an account with Fidelity and I can’t login from my computer until I get an authentication code sent to my phone. 

If you are using your phone, tablet, phablet (😁) to connect besides a VPN and if applicable two-factor always use the app for the bank/broker rather than a web browser. Again, another layer of security  

I’m aware of the supposed limits of liability. But! One, has anyone every read every single line of that legalize? And, two, even if you qualify for reimbursement, how long will that take? 🙃 

[JJReyes]

2 hours ago, northtoalaska said:

You laptop “address” is called it’s MAC address. (Not related to Apple compute.) Everything that connects to the web has a unique MAC address. 

Now, here’s the fun part. It’s easy to spoof a MAC address. A semi-sophisticated theif can use a Man in the Middle attack to grab your userid and your pw and your MAC address. Tada! He’s now you as far as your bank is concerned. Buh-bye money!

Now, if your bank is sophisticated they can “address” your computer by using more than just your MAC address. I have no idea if any or all banks do so. 

Depending on how you are connecting to your bank or broker (to return to the topic 🙃) it’s a good idea to use a VPN (dirt cheap  to buy) and if the bank/broker offers it, two-factor authentication. 

I have an account with Fidelity and I can’t login from my computer until I get an authentication code sent to my phone. 

If you are using your phone, tablet, phablet (😁) to connect besides a VPN and if applicable two-factor always use the app for the bank/broker rather than a web browser. Again, another layer of security  

I’m aware of the supposed limits of liability. But! One, has anyone every read every single line of that legalize? And, two, even if you qualify for reimbursement, how long will that take? 🙃 

Thanks for the valuable information.   

For overseas ATM withdrawals, we have two online checking accounts.  The debit card taken for our travels has a limited amount.  There is enough money in the account based on our anticipated trip expenses plus a small reserve.  The larger amount is in the main checking account.  If there is a problem, it may take time to settle, but there is cash available on the other account.

For telephone calls, the bank also has voice authentication technology.  We previously recorded several phrases and their computer will ask that I repeat one of them.  There is also a Q&A to establish your identity.

Our trading accounts require, from time to time, an authentication code sent to our phones.  The example is when we have no login for over a month.  While overseas, we don't trade.  I am not a Buy/Sell type of guy.  We like Widows & Orphans stocks that consistently pay good dividends.

Not familiar with VPN, but I will look into it.  

[earthdome]

This may have been mentioned before, but using a text message to your phone for 2FA (two factor authentication) has its own risks. Criminals are getting good at contacting cell phone companies and convincing them they are the legit customer, lost their phone or some such excuse, then get the phone company to port the phone number to a new SIMM under the control of the criminal. Then the criminal can use the Forgot Password method to get control of accounts, or even your main email account, by now having the 2FA text message for your phone number arrive on their phone. Now they have a legit login to your email or other accounts.

If your email account or other services you use offer better methods for 2FA than a text message,  like Google Authenticator, Authy or Yubikey (USB device) use those,  they are much more secure.

[northtoalaska]

Good points Earthdome. As with all security it’s a matter of layers. The more you have the more difficult it is to get inside. 

In my case to get calls redirected to another SIM requires physically going to my provider’s store (only locations are in Alaska) and presenting ID. Can a crook do that too? Sure. But then they risk being caught on CCTV recordings.

But, it’s a matter of volume and low hanging fruit. Ultimately my objective isn’t to stop all possible ways to steal my ID and money. My objective is to convince them to steal someone else’s ID and money. 😁

[hk blues]

3 hours ago, northtoalaska said:

But, it’s a matter of volume and low hanging fruit. Ultimately my objective isn’t to stop all possible ways to steal my ID and money. My objective is to convince them to steal someone else’s ID and money. 😁

Great comment!

I say the same to my wife - my security won't prevent a burglar but it's a lot better than my neighbour's so I the deck is stacked in my favour I reckon

[Reboot]

I may just set up a VPN server here at home again like other times...just in case.

[earthdome]

15 hours ago, Reboot said:

I may just set up a VPN server here at home again like other times...just in case.

You know, that is a great idea. 15 -20 years ago I used to run a unix server at home for doing some hosting for myself and a few organizations I supported. That got to be a PITA so I switched to using a VPS for the last 10 years. Now I am leaning towards setting up a home server again with Terra Bytes of file storage and for use as a VPN for when I travel internationally and want access to Netflix, Amazon Prime, etc. My current VPS just doesn't have the bandwidth that I have at home in the US.