E-transfer Security
13 minute read | Last updated 26-Sep-2019 | 
Security, Privacy
Mornings With Mark no. 0200
Watch the episode on YouTube
Join the discussion on LinkedIn
Share on Twitter
Bad Robot Transcript
Morning, everybody. How you doing today on this episode of the show. We’re going to talk about the security and privacy of electronic Bank transfers, you know when you email people money. So you can see a bit of a different look high temperature of 200 of mornings with Mark and I decided to film this one on my morning walk Under the Umbrella cuz it is raining here.
It’s lightning up a little bit which is nice. It’s also falls to all the leaves are turning or starting to turn which ends up being really beautiful. But we’re also testing out what your extra kicked butt down to the topic at hand. There was recently an article in CBC on the new site in Largo Public area, which is basically their consumer.
Advocacy answer their consumer. I know hey, we’re going to help you out of a jam with companies aren’t responding has been paying his contract or trying to pay his contractor at $3,000 a total of 3300, but it was $3,000 limit. So they sent him $3,000 and it was accepted the transfer but it never made it to the contractor.
Now you may be thinking all the contract. Was intercepted because somebody just the password now if you ever set up a transfer like this, they’re actually quite common for a community activities for sports and for paying friends putting check stuff. It’s not a crazy rare thing. But what happens if you log into your bank site securely you set up a transfer to an email address and then you have two choices depending on your recipient.
If your recipient is just a standard vast majority of people in each transfer Network. You were going to setup a password either a recurring one or a unique one time password. And so you’ll say I ask a question and then provide the answer and then whoever provides answer when they receive email will be able to deposit their funds.
Now what’s a super, here is either they’ll be one share password if it’s a big event or you’re going to set up something totally obvious. So what happens a lot of the time if you say you’re trying to pay for the kids hockey and you’re sending money to the Hockey Association, you know, your question will be what sport what’s for what’s an answer will be hockey not hard to guess.
Right. So in the case of you are paying for contractor went beyond, to say, you know, for what address and you’d give your home address, which obviously is public information, especially when it’s linked to you. So it’s something similar happened along these lines are there is another way to set this I want chocolate in a second.
But what was interesting about this go public article from CBC was that as this person in a protest that as he went to the bank there wasn’t much help. He’s started an investigation with the police, which is great. But we need the terms of service of the transfer Network.
There’s basically no protection for you. When you use a credit card, there’s a bunch of legal protections around what you’re liable for fraudulent transactions a lot of that fraud falls under the merchant and what doesn’t fall into the merchant is absorbed by the credit card issuer and when it comes to e-transfer I just like it’s not the case in a lot of people aren’t aware of that.
You’re actually liable. I’m so you’re out the money and if you read through the terms and services exactly what it says is that there’s a whole bunch of stuff if the system fails that’s on you. But if somebody guess is your password is it supposedly said and it turns into Somebody you know, if your password in somebody else’s it then you’re out the money.
It’s not on the network know you may have a case of criminal because someone’s stolen your money, but you’re not going to get any easy refund like you would your credit card was stolen and that’s a huge thing because it’s easy transfers to be in really really convenient. But if you don’t have those types of Productions, are they the best way to go and may be better off to pay the transaction fee for taking a credit card through something like square at Warren alternative easy payment provider something on your PayPal email PayPal has a ton of issues on its own but it was to get protections using these credit cards now back to the e-transfer Network.
There is actually a feature called Auto deposit and you was a receiver need to set up that auto deposit make it with that means is that if anyone sends you email to our an email with an amount and it lines up with your name, then that information is going to wear that money is going to be directly deposited into your account.
You don’t actually have to login now. That’s far more secure as long as the sender got the info. Play some correct to the challenge here is that if you send me any transfer and use of a question or password that needs to be unique and interesting and not I or not interested, but he needs to be unique and unguessable and then I need to click on the link that I received my email and then enter the matching password to deposit into my account after I’ve logged into secure to my bank.
Now, there’s way to handle that. We’ll talk without a second. But the other flow the auto deposit flow basically means that if you send it to my my email address with my name are going to go in then it’s going to be automatically deposited now, that’s great. But the risk now is if you get my name wrong, the transfer will fail or if you get my email address wrong, there’s potential that you can order deposit into somebody’s account erroneously know that’s a pretty low-risk now if you’re wondering how do you handle the passwords pack correctly? Because the auto deposit is up to the recipient to sign.
I’m so if the recipient hasn’t signed up for all deposit, there’s nothing you was a center can do for passwords what you need to use is what’s called a second channel. So either Person say hey Mark. I’m about to send you an e-transfer and here is the password and then send an e-transfer through with the question, you know, the password we discussed and then the password is something unique that we’ve already talked about in person or you can use something like a text message.
Don’t email it to them. You can use a direct message on a secure platform if you want, but the idea is you some other Avenue to communicate the password of people as opposed to make a new password ridiculously easy to guess because of postcard for all intensive purposes. If you can guess what happens think about it, let me know.
I’m just as a side note here based on the feedback that I’ve done from everybody and thank you very much for tuning in for 200 episodes for providing tons of feedback on the show is grown beyond what I ever could have imagined. We’re going to keep this going I was going to wind things down here in episode 200, but everybody wants to see this kind of continue on I have a lot of fun doing it.
We are going to reduce the volume once a week. I’ll figure it out once a week on this all those strings. Are we going half an hour? 45 minutes learning new AWS Services has been a ton of fun as well. So I always hit me up online. I hope you’re set up for a fantastic day and set up work even though it’s a crazy.
You don’t view wide-angle view of the umbrella and all that at talk to you soon. Will see you on the next episode of The Joe. Morning, everybody. How you doing today on this episode of the show. We’re going to talk about the security and privacy of electronic Bank transfers, you know when you email people money.
So you can see a bit of a different look high temperature of 200 of mornings with Mark and I decided to film this one on my morning walk Under the Umbrella cuz it is raining here. It’s lightning up a little bit which is nice. It’s also falls to all the leaves are turning or starting to turn which ends up being really beautiful.
But we’re also testing out what your extra kicked butt down to the topic at hand. There was recently an article in CBC on the new site in Largo Public area, which is basically their consumer. Advocacy answer their consumer. I know hey, we’re going to help you out of a jam with companies aren’t responding has been paying his contract or trying to pay his contractor at $3,000 a total of 3300, but it was $3,000 limit.
So they sent him $3,000 and it was accepted the transfer but it never made it to the contractor. Now you may be thinking all the contract. Was intercepted because somebody just the password now if you ever set up a transfer like this, they’re actually quite common for a community activities for sports and for paying friends putting check stuff.
It’s not a crazy rare thing. But what happens if you log into your bank site securely you set up a transfer to an email address and then you have two choices depending on your recipient. If your recipient is just a standard vast majority of people in each transfer Network.
You were going to setup a password either a recurring one or a unique one time password. And so you’ll say I ask a question and then provide the answer and then whoever provides answer when they receive email will be able to deposit their funds. Now what’s a super, here is either they’ll be one share password if it’s a big event or you’re going to set up something totally obvious.
So what happens a lot of the time if you say you’re trying to pay for the kids hockey and you’re sending money to the Hockey Association, you know, your question will be what sport what’s for what’s an answer will be hockey not hard to guess. Right. So in the case of you are paying for contractor went beyond, to say, you know, for what address and you’d give your home address, which obviously is public information, especially when it’s linked to you.
So it’s something similar happened along these lines are there is another way to set this I want chocolate in a second. But what was interesting about this go public article from CBC was that as this person in a protest that as he went to the bank there wasn’t much help.
He’s started an investigation with the police, which is great. But we need the terms of service of the transfer Network. There’s basically no protection for you. When you use a credit card, there’s a bunch of legal protections around what you’re liable for fraudulent transactions a lot of that fraud falls under the merchant and what doesn’t fall into the merchant is absorbed by the credit card issuer and when it comes to e-transfer I just like it’s not the case in a lot of people aren’t aware of that.
You’re actually liable. I’m so you’re out the money and if you read through the terms and services exactly what it says is that there’s a whole bunch of stuff if the system fails that’s on you. But if somebody guess is your password is it supposedly said and it turns into Somebody you know, if your password in somebody else’s it then you’re out the money.
It’s not on the network know you may have a case of criminal because someone’s stolen your money, but you’re not going to get any easy refund like you would your credit card was stolen and that’s a huge thing because it’s easy transfers to be in really really convenient. But if you don’t have those types of Productions, are they the best way to go and may be better off to pay the transaction fee for taking a credit card through something like square at Warren alternative easy payment provider something on your PayPal email PayPal has a ton of issues on its own but it was to get protections using these credit cards now back to the e-transfer Network.
There is actually a feature called Auto deposit and you was a receiver need to set up that auto deposit make it with that means is that if anyone sends you email to our an email with an amount and it lines up with your name, then that information is going to wear that money is going to be directly deposited into your account.
You don’t actually have to login now. That’s far more secure as long as the sender got the info. Play some correct to the challenge here is that if you send me any transfer and use of a question or password that needs to be unique and interesting and not I or not interested, but he needs to be unique and unguessable and then I need to click on the link that I received my email and then enter the matching password to deposit into my account after I’ve logged into secure to my bank.
Now, there’s way to handle that. We’ll talk without a second. But the other flow the auto deposit flow basically means that if you send it to my my email address with my name are going to go in then it’s going to be automatically deposited now, that’s great. But the risk now is if you get my name wrong, the transfer will fail or if you get my email address wrong, there’s potential that you can order deposit into somebody’s account erroneously know that’s a pretty low-risk now if you’re wondering how do you handle the passwords pack correctly? Because the auto deposit is up to the recipient to sign.
I’m so if the recipient hasn’t signed up for all deposit, there’s nothing you was a center can do for passwords what you need to use is what’s called a second channel. So either Person say hey Mark. I’m about to send you an e-transfer and here is the password and then send an e-transfer through with the question, you know, the password we discussed and then the password is something unique that we’ve already talked about in person or you can use something like a text message.
Don’t email it to them. You can use a direct message on a secure platform if you want, but the idea is you some other Avenue to communicate the password of people as opposed to make a new password ridiculously easy to guess because of postcard for all intensive purposes. If you can guess what happens think about it, let me know.
I’m just as a side note here based on the feedback that I’ve done from everybody and thank you very much for tuning in for 200 episodes for providing tons of feedback on the show is grown beyond what I ever could have imagined. We’re going to keep this going I was going to wind things down here in episode 200, but everybody wants to see this kind of continue on I have a lot of fun doing it.
We are going to reduce the volume once a week. I’ll figure it out once a week on this all those strings. Are we going half an hour? 45 minutes learning new AWS Services has been a ton of fun as well. So I always hit me up online. I hope you’re set up for a fantastic day and set up work even though it’s a crazy.
You don’t view wide-angle view of the umbrella and all that at talk to you soon. Will see you on the next episode of The Joe.
