On line bill paying?

maddawg46 wrote:
Plan on traveling a lot. Signed up for electronic bill paying with my bank. I have an I pad that I use now to access my account. Ran into some folks that use a " hot spot " with Verizon for security. I have AT&T. Do I need to worry about this? If I use my ATT 4 g data plan and login to my banks secure system, then why do I need some additional security device.
I'm new to this, so inputs are greatly appreciated.

The HOT spot lets them do it from their laptop instad of the Pad you have.. The security level is slightly higher the way you are doing it.

Here are the security issues:
Most RV parks, McDonalds, and such the Wi-Fi can be hacked, or a Psuedo node can be set up so when you pay your bills. the hacker gets all your info.. however with "Secured" connection this is much harder to do since the data flowing between your computer and the Wi-Fi Router (The Hot Spot is a Wi-Fi Router) is encrypted... Then the data flow between the cellular device (A hot-Spot is a cellular device) is also harder to snag due to the way Cell devices work.

In your case you are skipping Wi-Fi entierly.. So that's a whole level of security higher than what your friend's "hot spot" provides.

Park here just upgraded to both open and secured Wi-Fi.. I often use my cell phone though for bill paying, Right off the phone. Same as your Pad. Different carrier is all.

I use Quicken to manage my accounts. I do not worry about transmitting transactions even over open public networks. Quicken encrypts the data before it goes on the network. They claim it is bank level encryption. Have been doing this for cash flow management since 2003 when the only access was to carry the computer to the cg office and plug into the modem line (I watched people pack a desktop machine and monitor to the office!). I have not been hacked YET! When I access my bank directly I make sure to verify that the https: shows in the address bar. 128 bit encryption will take just a bit of computer power and a year or two to break. No worries!

Most my bills are set up with autopay. Generally no reason to log on. Email says how much and when.

I avoid Chase at any cost.

Also I would recommend having a plan in place if your mobile device is stolen, lost, misplaced. Treat it like a lost wallet, call your bank and get them to disable access, force a password reset or the like. Same for any other services you routinely access on the device (web mail, etc).

braindead0 wrote:
HTTPS is mostly secure. However running over a public wifi hotspot is risky, and if your device is configured to allow auto proxy discovery then you are at risk for a couple of fairly new key discovery techniques that can expose your login information and traffic. A lot depends on how good your bank security folks are and how trustworthy the WIFI operators is.

Password protected WIFI does nothing to protect user data, it's strictly a means of access control.

There are several options that can help assure your security, SSH tunnel to a known safe server, good VPN service, TOR. However all of these require proper configuration and good security practices on your end.

I would recommend paying bills on AT&T and only using public WIFI for browsing, email, things that IF someone was able to access it wouldn't mean an empty bank account. AT&T should have their 'stuff' together, and the risk of rogue proxy or MITM attacks should be minimal.

+if your bank offers it, opt in for 2 factor authentication; if they don't, switch banks! i have that with Chase. every time i use a different computer or something about the computer changes, i get a txt message with an additional code to enter before accessing the bank accounts. just another layer of security.

braindead0 wrote:
HTTPS is mostly secure. However running over a public wifi hotspot is risky, and if your device is configured to allow auto proxy discovery then you are at risk for a couple of fairly new key discovery techniques that can expose your login information and traffic. A lot depends on how good your bank security folks are and how trustworthy the WIFI operators is.
Password protected WIFI does nothing to protect user data, it's strictly a means of access control.

There are several options that can help assure your security, SSH tunnel to a known safe server, good VPN service, TOR. However all of these require proper configuration and good security practices on your end.

I would recommend paying bills on AT&T and only using public WIFI for browsing, email, things that IF someone was able to access it wouldn't mean an empty bank account. AT&T should have their 'stuff' together, and the risk of rogue proxy or MITM attacks should be minimal.

I concur. Public Wifi should be assumed to be monitored by those with malicious intent. If you are forced to use public wifi for banking or the like on a regular basis, you may want to look into a VPN service. It won't eliminate the potential to be hacked, but it will reduce it to the risk level of a cell connection/hotspot or your home internet.

(IT security guy here, btw..)

maddawg46 wrote:
So looks like I'm good to go. I'll just always pay with my AT&T data plan, and not use wifi on the road.

You are good with that plan. The only time I ever use a public WiFi network is if my Verizon 4G isn't available. And then if I were on WiFi I wouldn't be using my bank accounts or any other confidential type stuff.

2oldman wrote:

maddawg46 wrote:
then why do I need some additional security device.

You don't, you're fine. Using a hot spot is no different from what you're doing. Been doing this for years.

X2. no worries.

So looks like I'm good to go. I'll just always pay with my AT&T data plan, and not use wifi on the road.

We have been paying everything on line for over 5 years. The bank provides the security. Many people do have hotspots that look to be unprotected, but just click on them to try to connect and you will find you do need a password.