This being Computerworld, you'd expect a blog about defensive banking to be about online banking. Not this time.
Online banking, at this point, is old news. For those that need it, I have long advocated Linux as the best defensive technique. Using a Windows computer is, without question, a mistake. Given Apple's record on security (illustrated again with the DigiNotar mess), Linux is the safer choice for Mac users too.
I have an account with a major financial firm and typically do my two transactions a year over the phone (with a wired phone line). The rare times that I do a financial transaction online, I reboot a Windows PC and run Linux Mint off a USB flash drive. That copy of Mint is not used for any other purpose.
My bank accounts don't allow online access at all. Bad guys can't steal a password that doesn't exist. And I shred old paper statements before discarding them. So, I felt pretty safe.
Until a recent statement arrived in the mail.
Admittedly, I've gotten sloppy with bank statements. After 30 years of reviewing them without incident, I have, at times, let them sit, un-audited, for months on end. A mistake I won't repeat soon.
The last statement showed a withdrawal, that I didn't make, for $600.
It was not an ATM transaction, just a withdrawal. I'm an ATM guy; I haven't gotten cash from a bank teller this century. I don't even know the procedure. Are there still paper forms? How does a teller verify the identity of the person standing in front of them asking for cash?
I called the bank, but it was Labor Day weekend and all they could do was mark the transaction for later research. They couldn't (or wouldn't) tell me the branch where the transaction occurred. Clearly this required talking to a banker in person.
A few days later a banker was able to pull up a digital image of the withdrawal slip on his computer. My name wasn't on it. Neither was my account number. But, the account number was very similar to mine and written with miserable penmanship.
It was the bank's mistake and they fixed it.
But apparently there is a statute of limitations on these things. The transaction occurred in late July and I didn't spot it until early September. I don't know what the rule is (it may vary by bank) but a bank employee warned me not to let this sit too long, so there was a risk of my losing out.
Although it was an honest mistake, I'm still mad at my bank for not notifying me immediately of the withdrawal.
Their computers are able to make a heads-up phone call whenever a withdrawal over a certain amount takes place. But they won't do this for me because automated alerts require online banking. Bank employees can't set up alerts for you. Customers have to pump their own gas (so to speak) and set it up for themselves in the online banking system.
I may need a new bank. If you know of one that offers automated alerts of large withdrawals (where the customer gets to define what "large" is) without requiring online banking, let me know.