Personal Finance

E-Interac USE WITH CAUTION

  • Last Updated:
  • Jun 2nd, 2019 5:48 pm
Tags:
90 replies
Newbie
Apr 1, 2017
15 posts
21 upvotes
Seems like they need to:
a) use a more secure password for their email
b) come up with a more secure verification question / answer

I guess if you can't do a) then it follows that b) does not happen either.
Sr. Member
Oct 14, 2014
560 posts
456 upvotes
Southern Ontario
Also, enabling Autodeposit would have helped here. With the email address tied to a bank account, it would have been deposited before the recipient sees an email.
Deal Expert
Jan 7, 2002
16870 posts
9210 upvotes
Waterloo, ON
gravityfunk wrote:
May 13th, 2019 3:22 am
Seems like they need to:
a) use a more secure password for their email
b) come up with a more secure verification question / answer

I guess if you can't do a) then it follows that b) does not happen either.
Which is the point of the article. I don't understand why people are so eager to downvote what's essentially a PSA. While eTransfer could be made more secure, e.g. by requiring 2FA, in both cases cited by CBC the users failed to protect either their email accounts, their bank accounts or the transfer itself with strong passwords.

My reading of this cautionary article is that the two victims have no one to blame but themselves. They have no basis for blaming RBC or Interac for their own stupidity or expecting restitution from them. They do have cause to go to the police to investigate their situations for fraud.

From TFA:
Hoover's security question to her friend was: "Who is my favourite Beatle?" The fraudster would have had a one in four chance of getting it right... Hoover says she's learned the hard way that strong security questions and passwords are crucial...

In another, similar case, Dr. Sylvia Veith of Prince Albert, Sask., lost $7,000 when she used Interac to e-transfer money to her son's hockey league in June 2017. That money was intercepted and her bank — RBC — blamed a weak password to a security question...
Image
veni, vidi, Visa
Deal Addict
User avatar
Jan 4, 2009
3800 posts
1684 upvotes
on the links
"Who is my favourite Beatle?"

Stuart Sutcliffe
Sr. Member
User avatar
Jan 15, 2017
624 posts
287 upvotes
bylo wrote:
May 13th, 2019 7:53 am
Which is the point of the article. I don't understand why people are so eager to downvote what's essentially a PSA. While eTransfer could be made more secure, e.g. by requiring 2FA, in both cases cited by CBC the users failed to protect either their email accounts, their bank accounts or the transfer itself with strong passwords.

My reading of this cautionary article is that the two victims have no one to blame but themselves. They have no basis for blaming RBC or Interac for their own stupidity or expecting restitution from them. They do have cause to go to the police to investigate their situations for fraud.
I think you have to assume that anyone can see your e-mail. You could have an impossible-to-guess password on your e-mail account, but you have no idea who might have eavesdropped on that message along its way to your inbox.

Therefore, the security question associated with each transfer is the only real protection you have that the intended recipient can access the $$$.
Deal Expert
Aug 22, 2011
29531 posts
15375 upvotes
Ottawa
+1 for autodeposit!
Deal Expert
Jan 7, 2002
16870 posts
9210 upvotes
Waterloo, ON
Sauerkraut wrote:
May 13th, 2019 9:50 am
"Who is my favourite Beatle?"

Stuart Sutcliffe
Or Pete Best.

So 1 in 6. Still not very secure.
veni, vidi, Visa
Deal Addict
User avatar
Mar 9, 2012
2718 posts
1488 upvotes
Kitchener
taxrage wrote:
May 13th, 2019 10:15 am
I think you have to assume that anyone can see your e-mail. You could have an impossible-to-guess password on your e-mail account, but you have no idea who might have eavesdropped on that message along its way to your inbox.

Therefore, the security question associated with each transfer is the only real protection you have that the intended recipient can access the $$$.
My understanding was that the recipients email password wasn't too difficult to crack, that, or she was using the same password at different sites, one that may have been hacked. Other than that, though, I never have heard of a message being intercepted before reaching its target address. Even if it could have, though, a decent security question would have prevented this from happening.

For myself, I have different passwords for my e-mail and anything financial, then one of sites like this, so even if one is hack, it shouldn't have an effect on my other accounts.
How can we fly like eagles, when we're governed by Turkeys?
Deal Expert
Jan 7, 2002
16870 posts
9210 upvotes
Waterloo, ON
jeff1970 wrote:
May 13th, 2019 1:09 pm
I never have heard of a message being intercepted before reaching its target address.
Most email systems today, including the biggies like gmail, encrypt their transmissions.
Even if it could have, though, a decent security question would have prevented this from happening.
Bingo! In both cases cited in the CBC article the security question had a simple enough answer that anyone could guess.
For myself, I have different passwords for my e-mail and anything financial, then one of sites like this, so even if one is hack, it shouldn't have an effect on my other accounts.
That's a good start. Those passwords also need to be long, e.g. 12+ characters, so as to thwart brute force attacks. In addition, some form of 2FA adds an extra layer of protection--even if the 2FA implementation, like TD's, may not be 100% bulletproof.

The point of the article is that people continue to buy cheap locks, then blame anyone but themselves when they become victims of a break-and-enter.
veni, vidi, Visa
Deal Fanatic
User avatar
Feb 6, 2004
6468 posts
346 upvotes
GT'eh
Another tip, use pick passwords in another language or multiple, like Dothraki or Klingon, or if your feeling frisky (like me) a combo of Dothraki + Klingon + ?
Ne0's Bio:
➡Retired G@mer & t3<h [0nn0!ss3ur ??? Spitting t3<hy lingo since the early 90's ➡Member of Crazy Group Buys ??? ➡ Feedback: eBay|1000+ ??? rFD | 300+
Deal Addict
User avatar
Mar 9, 2012
2718 posts
1488 upvotes
Kitchener
My one bank (my main bank) and my one credit card use 2FA -- which really is a pain sometimes, but in this case, someone would need to know, not only my bank password, and my security question, they'd also need to know my e-mail password. I mean, that night actually be 3FA, since they'd have to be correct on three items.

And that's another thing I try to separate -- those security questions I try to have different questions for each site. To this point, not even my kids or the ex would know the answers, because these are things I never spoke to anyone about (favourite author, favourite childhood athlete) -- the athlete one is really tough, since the dude wasn't even a star.

As others mentioned, having auto-deposits is a great idea. Even if you have to have more than 1 email, it'll be valuable because there is no lag with deposits, and it'll be too late if someone knows your email.
How can we fly like eagles, when we're governed by Turkeys?
Deal Expert
Aug 22, 2011
29531 posts
15375 upvotes
Ottawa
jeff1970 wrote:
May 13th, 2019 1:42 pm
My one bank (my main bank) and my one credit card use 2FA -- which really is a pain sometimes, but in this case, someone would need to know, not only my bank password, and my security question, they'd also need to know my e-mail password. I mean, that night actually be 3FA, since they'd have to be correct on three items.

And that's another thing I try to separate -- those security questions I try to have different questions for each site. To this point, not even my kids or the ex would know the answers, because these are things I never spoke to anyone about (favourite author, favourite childhood athlete) -- the athlete one is really tough, since the dude wasn't even a star.

As others mentioned, having auto-deposits is a great idea. Even if you have to have more than 1 email, it'll be valuable because there is no lag with deposits, and it'll be too late if someone knows your email.
There's nothing to intercept with autodeposit, as the email is simply a notification.
Sr. Member
User avatar
Jan 15, 2017
624 posts
287 upvotes
jeff1970 wrote:
May 13th, 2019 1:09 pm
Other than that, though, I never have heard of a message being intercepted before reaching its target address. Even if it could have, though, a decent security question would have prevented this from happening.
The security question is key.

There are many potential sets of eyes on e-mail messages themselves, which can be anything from unencrypted peer-to-peer (between e-mail providers) transmission, password hacking, keyloggers or even potentially employees at the e-mail provider. You just don't know.
Deal Addict
User avatar
Mar 16, 2010
3058 posts
1546 upvotes
Burlington
Anytime I send an e-transfer the answers have nothing to do with the questions.

Top