Personal Financial Security Protocols

Note: The following is a work in progress. Comments are greatly appreciated.

There is an old saying, "The cobbler's children have no shoes", implying that experts in a field often neglect their own discipline in their daily lives. For me, as a security "expert", this is not the case. I have a rich and complex set of personal protocols for dealing with financial matters, including protecting my bank accounts, savings, and credit cards. I deliberately designed these protocols to balance security and convenience.

I began with a simple observation: I want to minimize my costs in a security breach. And costs to me can be reduced by either preventing security incidents or ensuring that some other party, not myself, is responsible for the lost. Thus my attitude towards my credit cards, my bank account, and brokerage account are all substantially different.

Credit Cards

I am generally rather cavalier about my credit card. I happily use online shopping, and will even email my credit card number when making a reservation at a small hotel. True, I'm not going to post the number on the Web, but I won't otherwise hesitate to use my credit card and don't take any extra care in safeguarding this information.

Why? Simply because it is not my money at stake!

Until I write the check to the credit card company, it is the credit card company's money. In case of fraud, I am able to dispute the fraudulent transaction before I have to write the check, leaving the credit card company on the hook for all but $50 (in theory) or $0 (in practice). I had this occur once, with a $5 fraudulent charge, and the process of disputing the charge was painless. Rather, it is the merchants who need to take care in accepting credit cards as the merchant ultimately carries the cost of fraud.

Bank Account and ATM Cards

My casual attitude towards my credit cards is sharply contrasted by my attitude towards my ATM card. My ATM card is ATM-only, without a Visa or MasterCard logo. With a "check" card, where the transaction goes through the credit card system, all an attacker needs are the numbers on the card. In contrast, the ATM network requires the PIN number as well as the card's information.

Additionally, I only use my ATM card at a bank branch's ATM (ideally my bank's branches). And even at these ATMs, I physically examine the slot where the ATM card enters to see if someone has attached a card skimmer (a device to read the card as it is inserted into the machine). I NEVER use my ATM card at grocery stores or other stores, as there have been several break-ins where attackers have managed to capture ATM cards as well as credit cards.

Why should I care? Although the fraud protections for ATM/check cards are as good as credit cards, until the dispute is resolved it is my money that is missing, not the banks. If someone fraudulently used my credit card, the worst case would be the card stops working (and I have two cards). If someone fraudulently accessed my bank account my rent check might bounce before I found out. Thus I need to minimize the chance of a breach.

I also do not use any automated or online bill pay or online banking, except for a couple which go to a credit card. My banking and bill payments are all done in person or through the mail. There are too many bots and key logger in this world for me to trust online banking and there is significant comfort in having a real paper-trail for any potentially disputed transaction.

Finally, when I do pay my bills by mail, I drop off the envelopes in a locked mailbox rather than leaving them for the postman to pick up. It is far too easy for someone to steal some checks and modify them if they are out in the open.

Brokerage Account

The one exception to the "No Online Banking" rule is my brokerage account, as the web site provides the only effective interface for managing the account. Fortunately I only need to access it once every few months, as I follow the general economic advice of "Buy index funds and/or CDs and just let them sit" as I know I'm incapable of reliably beating the market.

I use a bootable Linux "Live" CD (in my case, Knoppix, although I need to investigate alternatives as Konqueror doesn't render properly, forcing me to manually download Firefox). I reboot my computer using the live CD so I know that my system is free from viruses, bots, and keyloggers. I then access just my brokerage account, do my necessary changes, and restart my computer. Although significantly inconvenient, I view this as necessary.

Unlike bank accounts, the laws concerning fraudulent brokerage account access are not well-enough settled for my taste. Since I have no assurance that, in case of fraud, I would not lose money, I need to prevent fraud to as great a degree possible. Thus I must be able to trust the computer I'm using, and given the perilous state of end-host security (even Mac security), the only way I can trust the computer is by booting using trusted, read-only media and only connecting to the brokerage account.

Conclusions

Building these financial protocols took me considerable thought and effort. I had to consider what were the possible attacks on my financial data and what the consequences were. In the end, it was the consequences of possible attacks which dictates my policy: if it doesn't cost me much time and money, I don't care. But if its my money on the line, I'll be very careful.