Protecting Your Financials Online

By @mewrei in on
Tags : #finances, #online, #security,

“He that is faithful in that which is least is faithful also in much: and he that is unjust in the least is unjust also in much.” -Luke 16:10 KJV

I'm a strong believer that my money, well, isn't really mine. Even from a purely secular standpoint, I must be a good steward of the family finances because it's not just me who's dependent on it. With a wife and two little boys, their wellbeing is also determined by how well I manage my family's finances. From a spiritual standpoint, it becomes even more important as that money is God's money. Granted, He does give us all things richly to enjoy (1 Timothy 6:17), that doesn't mean I can go crazy and blow my paycheck every week.

With that said, one of the most challenging tasks in managing your finances these days is just protecting your financial information from people who would go blow it all every week (the illicit people, not the government). Unfortunately in our era, you have to give out a bunch of your financial information just to exist. Indeed, lest we forget the Equifax breach from a few years ago, a company I never gave explicit permission to store and track my personal information (they just opened a file on me) was so inept in its own dealings, a vast majority of the country became compromised. And yet the CISO and other C-levels walked away scott-free! I'm not a huge government interventionalist, but we have rules for handling, and penalties for mishandling, other types of data (healthcare information, educational information, etc), why can we not impose severe penalties for grossly mishandling financial data?

I digress. Handling your financial information online is a definitive challenge. Fortunately, more tools exist nowadays than ever before. Some of these are fairly obvious, some less so. So let me dive into some methods for protecting your finances online.

1. Do the minimum

Your bank, your broker, your employer, some magazine you subscribed to 10 years ago, heck the random dude on the street probably email you all the time about tips for protecting yourself online. These things can be "don't fall for these simple tricks" (and do take those seriously, I just read a report this morning that billions of the Federal COVID stimulus went to scammers, so clearly people are still falling for these scams!), "change your password regularly", "enable 2 factor authentication", and similar. These are all great first steps. Lets be clear about something, from someone who works in cyber-security, YOU YOURSELF ARE THE WEAKEST LINK IN THE SECURITY CHAIN. This is true of basically everyone. All of us can fall for tricks (I have, and I know what to look for), all of us become complacent, and live in denial that it'll never happen to us. You need to believe the opposite, that everyone is out to get you. From that default state of mistrust toward people online, then you'll be better suited when time comes to enter your personal and financial info into a web form on some random site.

Further, things like changing your password regularly and enabling 2 factor auth are very effective. On the first item, make your life easy and use a password manager like LastPass to manage and maintain your passwords. I switched years ago and it makes life so much easier once you're used to it. And on that note, secure the heck out of it! Use a password for your password manager that's only used for your password manager, and then enable 2FA. Authy is a fantastic TOTP app that works everywhere it says "Google Authenticator" and it can sync across multiple devices (giving you a backup in case your phone breaks). I also really like YubiKeys. LastPass Premium can utilize YubiKeys and they make life really easy for using 2FA (and secure).

2. Use Virtual Cards Online

I have a phrase for my methodology in how I handle cyber-security at work, it's "confuse, frustrate, compartmentalize." Basically what it means is that when I'm designing security systems, my goal is to confuse and frustrate the attacker while compartmentalizing them off from other systems.

A wonderful technology that helps an individual accomplish this is a system called Privacy. It links against your bank account and then acts like a debit card. Only you generate debit cards that are either merchant locked (i.e. if you generate a card for Amazon, it only works at Amazon, if you try it elsewhere, it won't work), or burner (i.e. they only work once then are closed).

If there's a single thing you can do to help with your online presence (beyond the minimum), it's this. You have to be dedicated and only use Privacy cards online, but this step pays off huge dividends in online security. Plus if you purchase the $10/mo Pro package, you'll even get 1% cash back (not great, but it beats nothing).

Previously, there was also a credit card that worked like this, called Final, and I loved that system. It was the best credit card I'd ever had. However, the company had some poor financial practices (from what I understand) and ended up selling to Goldman Sachs, who subsequently used the technology to help create the Apple Card, which, while I don't like it as much as Final, I still do like quite a lot. The Apple Card does have a virtual card capability, and while it's not merchant locked, still allows you to generate new card numbers on the fly in case you're compromised. Plus the physical card and the virtual card embedded into your iPhone are different so you can continue to use the card even if you have to regenerate one or more of the card numbers (plus the physical card is made out of titanium and doesn't have anything listed on it other than your name, very snazzy). If you have an iPhone and can handle credit cards (don't get a credit card if you're bad with debt), the Apple Card is a very nice card indeed.

3. Freeze Your Credit

This used to cost money but has since become free since the Equifax compromise. Therefore, there's little reason to not do it these days. You can place a freeze on your account and it makes it so no one can inquire or update your credit without your permission (note: if you already have credit open, such as a loan or credit card, they can continue to update your credit). When you want to use your credit, you can temporarily lift the freeze (time based, and even get a code that you can give to the lender for even more security), and then continue on as normal. Plus it's rather easy. Equifax and TransUnion allow you to create an account that you log into to manage your freeze. Experian does the old-fashioned method of using all your personal info plus a PIN you create when initially freezing your credit, but its still not a terrible process (especially if you have a password manager to store your PIN in).

Just search for "Equifax Credit Freeze", "TransUnion Credit Freeze", and "Experian Credit Freeze". As mentioned, these are free services now, so don't get duped into paying for one of those company's monitoring services (credit monitoring in general is of dubious value in my opinion, my info was still completely compromised even when I had a high end credit monitoring plan). Just remember your credit is frozen whenever you want to apply for new credit. It can also help you resist the urge to get credit if you're someone who has trouble with debt (making it a little more difficult to access and a little less convenient).

Don't forget, you can also freeze the credit for your little ones. Once you have their SSN, you can send a letter and some identification to the three aforementioned credit agencies asking that they open a file for your little one, then freeze it until they're sixteen-and-a-half, at which point, you can turn their credit over to them (and they can subsequently refreeze it). In a world where kids' identities are being stolen as well, it behooves the prudent parent to look out for their kids and assure they don't have to work through the nightmare that is stolen credit.

4. Keep Track Of Your Transactions

There's a time limit on when you can file transactions as fradulent and get some or all of your money back. And if you're not keeping track of your finances, how are you going to be able to see those?

Fortunately, if you're being prudent with your money and maintaining a budget, you should see those very quickly. I've utilized the budgeting software YNAB (You Need a Budget) for years now, and it's fantastic. I've checked out other methods including Excel spreadsheets, paper journals (such as the Kakeibo), Dave Ramsey's envelope method (both real and online), and many others and none are as good as YNAB. Plus it's inexpensive at like $84/year. And I do recommend paying yearly, not only to save money, but also to incentivize you to continue budgeting for a year (as you've already sank the money into it, you might as well use it). Watch a few of the tutorials, do some of the workshops, and then get into it. It's a very simple process that adds some structure to your week. I'll talk more about budgeting later on in its own article for more info, but with this method where every single transaction has its own budget line item, you'll notice fradulent charges very quickly.

5. Separate Your Banks

Having everything at one bank sure is convenient, but it is also a risk. You run the risk of your entire bank account being drained if someone finds your ACH info or debit card info, but also the bank can freeze all of your assets. I had an incident earlier this year where someone bounced a check to me, and my bank at the time froze all of my bank accounts, including my savings and emergency accounts. After spending hours on the phone with them, I was told I was out of luck, and they had no answer when I asked "How am I supposed to feed my child and pregnant wife?" #NeverAgain. Plus if you use the same debit card for everything, what are you going to do if your debit card is compromised and its going to take a week to get your new one?

Since then I've broken my finances into multiple banks, with my emergency savings at a separate bank from my main accounts. My main savings account also exists at a bank with very high security (including biometric voice identifcation for when I call them). This makes it very challenging for anyone to get into it. Plus most things at this bank are done the old fashioned way of paper-and-mail. Kind of a pain, but if its painful for me, it's DEFINITELY painful for someone else who's not me. Confuse, frustrate, compartmentalize.

Also if you can make some of your money somewhat inaccessible for a period of time (CDs, stocks, ETFs, etc, the latter two of which have a SEC mandated "two day cooldown" time before they can be withdrawn), then that just adds to the frustration of an attacker, and allows you time to catch the transactions.

6. Insure Your Assets

Remember how I said credit monitoring was of dubious value? Well, it is, in my opinion. However, the one nice thing that's offered alongside credit monitoring usually is insurance for if your money is somehow stolen (or the compromise caused material financial issues for you). I ended up getting a policy with Zander Insurance, yeah that one company that Dave Ramsey brings up all the time. Your personal feelings of Ramsey aside, the policy seems solid. There is some credit monitoring in there, but the insurance is the part I was interested in. Plus it's available at a fraction of what some of the other guys charge.

This is just another way to sleep well at night knowing that if someone did somehow manage to get into my IRA or 401k and drain it, I'm still backed up and don't have to go back to square 1.

7. Audit Your Online Presence

One of the last things I'll recommend is periodically running to a few different search engines (Google, Bing, DuckDuckGo, etc) and typing in your name. See what information is out on the interwebs about you. How much of it can easily be found by someone online. See what personal information is out there. If your birthday is out there, realize that your birthdate is frequently used as an identifier to get healthcare information. How about your employer? I had someone try to file an unemployment claim in my name with one of my employers and I'm convinced that my profile on a social media network is how they figured out where to get that info from (they also had other VERY specific information, such as contract amounts, so I'm convinced that particular employer was also compromised).

Always be looking for what information is out there about you, and take some strides to minimize it. There's a reason I post as an orange fluffy thing online and that's so I don't have to put my real information out there as much (the big data firms still do a scarily good job correlating stuff though).