invester
P2P Blogger
Posts: 612 
Likes: 618
|
Post by invester on Oct 9, 2018 8:28:54 GMT
Recently discovered that my details were exposed due to the British Airways data breach recently.
A little concerned that even though I can change my passwords (I have done so), enough personal information might exist out there that someone could access an account with money in.
For instance, let's say Lending Works - someone could call up and change the nominated bank account for withdrawals, seemingly bypassing any login.
Is there anything I can do to further tighten security at my end, for instance disallowing changes?
|
|
|
|
Post by wiseclerk on Oct 9, 2018 11:06:45 GMT
More on the platform's side than on your one (other than selecting platforms that meet these)
What you can do a) select platforms with a look to security features b) enable 2FA c) use different email addresses for different platforms (and of course different passwords)
What the platform can do 1) allow critical changes of details only by 2FA 2) allow withdrawal only to bank account which has been used for deposit 3) require new deposit (and check name) to change nominated bank account 4) email original email address about critical changes of details and allow freeze of account as reaction (and don't enact changes for like 24hours). 5) monitor IP addresses
I guess there is more if you think longer about it
|
|
james100
Member of DD Central
Posts: 1,086
Likes: 1,288
|
Post by james100 on Oct 9, 2018 16:32:29 GMT
|
|
aju
Member of DD Central
Posts: 3,500
Likes: 924
|
Post by aju on Oct 12, 2018 23:04:44 GMT
Very interesting read indeed, quite a worry for some platforms. Interestingly zopa has recently taken to using Auth as well.
|
|
|
|
Post by eascogo on Oct 13, 2018 0:39:05 GMT
Very interesting read indeed, quite a worry for some platforms. Interestingly zopa has recently taken to using Auth as well. A very interesting in-depth analyses of p2p platform security. Multiple security loopholes uncovered in all 39 platforms researched. Not surprised to find that most platforms are suspicious/reluctant/dismissive to engage a dialogue. In a reply to the researcher BM's Steve Findlay remarked that "It would be interesting to compare the results of this analysis to the same analysis repeated on more traditional financial services websites – e.g. banks and share dealing services." Talking of putting the cat amongst the pigeons! It is a wonder that I still manage to sleep.
|
|
zlb
Member of DD Central
Posts: 1,422
Likes: 333
|
Post by zlb on Oct 13, 2018 19:21:49 GMT
This bothered me after the Equifax leak 1-2 years back. These sites have a lot of ID info - aside from someone being able to access an account for financial reasons, I'd like to know whether platforms are unnecessarily storing ID evidence..you know the pics of documents that have to be uploaded for anti money laundering.
I wonder where there's a policy that once the document has been used for evidence, it must be deleted.
How far back from online servers, are other identity factors stored?
|
|
|
|
Post by lotus_eater on Oct 19, 2018 7:31:15 GMT
This bothered me after the Equifax leak 1-2 years back. These sites have a lot of ID info - aside from someone being able to access an account for financial reasons, I'd like to know whether platforms are unnecessarily storing ID evidence..you know the pics of documents that have to be uploaded for anti money laundering. I wonder where there's a policy that once the document has been used for evidence, it must be deleted. How far back from online servers, are other identity factors stored? I would agree with that part wholeheartedly (bold). However I bet some "government agency" makes these companies keep all of the info just in case they are found out to be money laundering or similar? Wouldn't surprise me at all if they have to upload it to some agency anyway.....
|
|
macq
Member of DD Central
Posts: 1,934
Likes: 1,199
|
Post by macq on Oct 19, 2018 8:45:41 GMT
i Think you could assume that any doc's & photo's are stored while you are with a company as they would be used as proof if you wish to make certain changes or if problems arise.Think as per the OP and bank details thae companies i have dealt with will not let you make a withdrawal to a new bank without you reproving your details such as bank statement(hopefully all companies do this)Even when you close an account i believe under the regs your details must be kept for 7 years (not sure if thats completely true and only if you invested or if you did KYC to have a look at the site)
|
|
zlb
Member of DD Central
Posts: 1,422
Likes: 333
|
Post by zlb on Oct 19, 2018 21:33:51 GMT
This will be covered by the GDPR. That said done a quick search, bizarrely tricky to find, there's an issue with showing someone your driving licence, in context of driving.
Having thought I'd lost my licence once (it had been tidied away by someone into their own pile of letters) I was shocked by the potential for ID theft printed all over it. Signature, dob, address, etc. I don't think there was anything left out.
|
|
|
|
Post by lotus_eater on Oct 20, 2018 13:43:35 GMT
This will be covered by the GDPR. That said done a quick search, bizarrely tricky to find, there's an issue with showing someone your driving licence, in context of driving. Having thought I'd lost my licence once (it had been tidied away by someone into their own pile of letters) I was shocked by the potential for ID theft printed all over it. Signature, dob, address, etc. I don't think there was anything left out. You can find pretty much all of that info on the internet if you really want to find it. But having all of that on your DL does seem a bit overkill, I agree. If a police officer stops you he has all of your info in front of him before his car even comes to a halt from his on-board. Why they still ask for your DL still confuses me.
|
|
