Choose wisely. If you want your money to remain yours, you need to make sure your PIN can’t be guessed. It shouldn’t be a combination of your date of birth, street or phone number. Tech company DataGenetics analysed numerical passwords a few years back and found that the most common PIN worldwide was 1234, with 10 per cent of users choosing that followed by 1111, 0000, 1212, and 7777.
Beware of reusing passwords.
If you’re using your banking password and PINs for various purposes such as Trade Me, Facebook, AliExpress, Spotify and other sites then you put your money at risk. If one site gets hacked the criminals can sometimes access all your accounts and spend or withdraw at their leisure. Around 150m Adobe user accounts were hacked in 2012 giving the hackers to email addresses and passwords of all of those users. Many of those people had used the passwords for multiple sites, giving the hackers access to bank accounts and more.
Use antivirus and firewall software.
Make sure your phone, computer and other devices are protected. Hackers send phishing emails. If your device isn’t protected and the email lands in your inbox you might click on a link that loads software which records your keystrokes as you log into your bank account. That then gives the hackers access to your account. Be cautious of public computers that may be loaded with this same key logger software.
Watch what you post online.
Criminals often need more than your PIN to get access to your money. They may need personal information such as mother’s maiden name first pet’s name and so on. With these a hacker can put a jigsaw together and crack your bank account or your Trade Me, Amazon and even online gambling accounts.
Don’t trust anyone.
Sadly family, friends and caregivers can be as dishonourable as a Nigerian scammer. Never give your passwords and PINs to anyone – even as a one off to buy something for you when you’re ill. Age Concern deals with many cases where older people in particular have lost their life savings thanks to this.
Be aware of your bank’s rules.
We assume that we’ll be refunded by our banks if we’re defrauded. That doesn’t always happen. Breach your account’s terms and conditions and the bank is within its rights not to reimburse. Banks argue that they are not liable for losses by customers who have given their PINs away “negligently”. In one case in the past year the Banking Ombudsman sided with a bank over a $6,500 theft from a customer’s account. The fact that the thief had all four of the customer’s PINs suggested she had not kept her PINs secure and her bank was not obliged to fully reimburse her. Likewise a customer who was mugged and forced to reveal his PIN failed in his attempt to have his losses reimbursed.
Password protect your phone.
Beware. If your mobile phone has been stolen you must let your bank know immediately. Woe betide if your phone doesn’t have a password or pattern protected lock on it.
Look over your shoulder.
It’s a really good idea to be vigilant around ATMs and EFTPOS machines. Make sure that no-one is watching as you enter your PIN and that there are no unusual devices attached. Criminals have even been known to install fake ATMs to steal people’s PINs.
Use a password protector app or generator.
If you want a really hard-to-crack password, try using apps such as 1Password or Norton Identify Safe to generate one for you. Password managers store all of your passwords and allow you to log into them automatically. Your password database is encrypted with a master password.
- Log into your bank accounts daily to identify any suspicious activity.
- Shred all bank and other documents that contain personal information such as your address, account numbers, and IRD number.
- Beware of emailing storing online scans of your birth certificate, passport, driver’s licence, credit cards and other documents that can be used as identification.
- Avoid giving personal information to cold callers doing “surveys”.
- Always log off from your bank account and lock or shut down your computer when leaving your desk.
- Don’t open spam emails or click on links in them. They could lead you to a fake website that looks like the one you bank operates, but which records and steals your login details.