When I have to ring Commsec about a trade they ask for your account number and password so whats stopping the person your talking to keeping that information or passing it on and start changing you bank details and start selling your shares into a new bank account :confused:

cheers laurie

Ive wondered that exact same thing, seems a pretty crappy system to me, even if the person you talk to doesnt do anything himself he could pass your details to an associate!

Don't worry about it. I worked for JDV (this is was online stock broking firm, now owned by IWL) in support and I know that certain people in the IT department (Eg. DBAs) will have access to ALL your data. They are subject to the privacy considerations, of course.

I imagine ComSec would have audits on EVERYTHING that happens to the data and who does what. If someone is accessing your details they will be able to track it and find out who is responsible. I have seen this first hand where ASIC (I think it was) went after someone who logged in to someone else's account and sold all their shares and bought some other ones that he wanted to affect the price of.

You can't really stop people from handing out your details but if you notice that things aren't right there are things in place to repair the damage.

That could happen at any financial business, fact of life.

That is why banks etc have to cover depositors/ investors against fraud.

When I have to ring Commsec about a trade they ask for your account number and password so whats stopping the person your talking to keeping that information or passing it on and start changing you bank details and start selling your shares into a new bank account :confused:

cheers laurie

You realize that all the infomation you give is already on the screen in front of them? You are just confirming you are you.

Well, the NAB says never to give your password number to them. If you call them with a problem, (ie you know you are talking to NAB and not some scammer) they ask for your account number and straight away they say 'dont give me your password'. With your account id they can see everything on the account but they cant do anything with it.

Yah instead of giving a password that logs into your online accounts you should get asked a security question and DOB - Like what was your first pets name ? etc

If they are operating correctly, the bank staff don't even know your password and should have no way of finding it out. It should be in the computer system only.

That's why when you forget a password or PIN number, they have to issue you with a new one.

GP

Be carefull when using computers other than your own especially when overseas as hackers these days leave keystroke programs on them which as the name suggests monitors every key typed. There was a program this morning where a guy lost 60,000 american dollars from his trading account while he was watching the screen, Imagine that SCARY:eek: , I Advise people out there to change your password frequently especially after using a foreign computer.

There was a program this morning where a guy lost 60,000 american dollars from his trading account while he was watching the screen, Imagine that SCARY:eek:

I had the opposite problem this morning. NAB are having internet issues, and when I logged in the second time I had $60,000 more than I should have! :jump: Should have spent it then and there, coz next time I logged in it had gone:(

Its happening again....I have an extra $9000 in my account but the share market has closed........

Quick transfer the funds my account number is 1800 need cash :D

That's why when you forget a password or PIN number, they have to issue you with a new one.

Exactly! passwords are encryted, not even IT departments know what they are, unless they have decrypting tools created by hackers to work them out.

I'd ask them why they need your password and that it is a serious violation of security agreements. Your name, birthday, postcode, etc should be sufficient for them to work out if it is really you. If they insist, ask for their manager. And then complaints department...last resort ACA or today tonight :-)

I had the opposite problem this morning. NAB are having internet issues, and when I logged in the second time I had $60,000 more than I should have! :jump: Should have spent it then and there, coz next time I logged in it had gone:(

LOL Prospector, maybe it's just one of your stop losses or buy orders finally went through? If not then say...



AAAAAAAAAAAAAAAAAAAAAARGH!!!!!



with me :D

...last resort ACA or today tonight :-)

LOL too much hassle; plus it defeats your privacy purposes IMO :eek:

Yeah a broker from comsec told me that a lot of people get lazy with their passwords and just use 12345 as their password... I use to have that until I accidentally logged into somebody elses account when I inserted the wrong account number... No bull... If you have that as a password I suggest you change it

And don't use public computers to do your business there are little programs that record every button clicked on the computer so all that the person needs to do is collect it later

Yeah a broker from comsec told me that a lot of people get lazy with their passwords and just use 12345 as their password... I use to have that until I accidentally logged into somebody elses account when I inserted the wrong account number... No bull... If you have that as a password I suggest you change it

Commsec better pray they don't get a security audit. They might jump up and down and say the onus is on the user but as the provider they should have a security system in place that forces the password to be changed asap and use something along the lines of upper and lower case letters and numbers - alphnumeric. minimum 6-7 characters. To be more proactive the password should be changed within a set time limit, even if you haven't logged in with the default one.

What's stopping someone in IT getting the password file and using a cracking tool to hack it. If commsec allow their IT staff to login as admin and there's no audit turned on...the skies the limit!!! And it's not external hackers companies are worried about these days, it's the internal ones - the staff :-(


And don't use public computers to do your business there are little programs that record every button clicked on the computer so all that the person needs to do is collect it later

Keyloggers...just spent the day upgrading my s/w firewall and all my adaware and spyware tools. But I still won't bank via the net! :-)


LOL too much hassle; plus it defeats your privacy purposes IMO

Don't see how, you're just exposing Commsec for security breaches to the wider community, thus having the potential of hurting their business and hopefully making them fix it asap!

Remember social engineering, 'can I have your password' is the easiest way to hack.

Don't see how, you're just exposing Commsec for security breaches to the wider community, thus having the potential of hurting their business and hopefully making them fix it asap!

Remember social engineering, 'can I have your password' is the easiest way to hack.

Don't see how? LOL disrupts my way of life, re social engineering I'd rather let it out on ASF and tell them I'd do exactly that if I were you, it's word of mouth "demarketing" of Commsec...

You should try telling reporters you've got a story and see how it goes; nothing's learned if nothing's tried after all...I personally didn't like it when I've to chase reporters...

Bringing it to the Banking and Financial Services Ombudsman is another way to go if you can't cut it with the complaints department; if after that you've still got a real serious issue and some deep pockets go see a lawyer for legal advise.

5 mins of fame (followed by money if you can negotiate a deal with em for the story, best of luck there though) just ain't worth my privacy. With the deal money it's a case of how much, but that's another story. Bottomline is when it comes to finances I'd prefer to keep things on the quiet side, but it's a case of "to each their own" here.

If you go exclusive don't forget to tell us to turn on the telly :)

Its happening again....I have an extra $9000 in my account but the share market has closed........

Same here.. last night I checked my portfolio holdings which looked about $10k too much but this morning its fixed :mad:

One of the best ways to out smart keystroke loggers from home, is to connect to Banking or Broking site from a shortcut. Sure they might get your account number and password, but they won't know which web site you have gone to unless their keylogging software does web site tracking as well.

Anywhere you access a computer that isn't yours you are potentially exposed to being hacked.

It's not hard for anyone in an IT department to watch everything someone is doing on their computer without them even knowing. I know this because I've done it for management that hasn't been happy with an employee and have wanted to watch what they are doing.

I’d think ‘emailing’ one of the current affairs programs would be a tad easier than say going off to see an Ombudsman or a lawyer!, afterall they're always 'begging' viewers to send in their stories :-) …or as you mentioned, the forums of ASF! :-)


Bottomline is when it comes to finances I'd prefer to keep things on the quiet side, but it's a case of "to each their own" here.

Glad this wasn't kept on the quiet as I was contemplating using Commsec, not so sure now…

ps: not so sure about the rest of your post - 5 mins of fame???, we're talking about privacy/computer security, not 15 British soldiers released from Iran trying to cash in...


One of the best ways to out smart keystroke loggers from home, is to connect to Banking or Broking site from a shortcut. Sure they might get your account number and password, but they won't know which web site you have gone to unless their keylogging software does web site tracking as well.

Exactly...so a free copy of a software f/w is the better option. Anything trying to access the net without your permission is flagged and you're prompted with a question if it can or can't. I can tell you from personal experience this has happened to me and upon 'googling' the software trying to access the net found out it was a keylogger.

Hi Guys,

Apart from this massive rally something else has really been bugging me lately especially after watching 4corners and web warriors just a few moments ago.

How safe is the internet ? as traders we're rooted without it but it seems like anyone can access our systems and personal details. The impression i get is the internet was never designed for commerce.:eek::eek:

Does anyone else share my concerns or am i freaking out over nothing ?

I'm condifent about my accounts - mainly because I don't associate my real identity with this online identity. I also understand a bit about various attack vectors.

1. Protect your identity. Visit some popular social networking sites and you'll see some people give up a lot of information about themselves. Identity theft allows you to be attacked from so many directions. This also goes for your physical garbage.

2. I take a risk of using Windows XP but I do update it. I update my security and use an outgoing firewall. I also run as a limited user.

3. I don't use any popular sites that have advertising. One of the popular social networking sites ran a tainted ad.

4. I don't use IE or FireFox for online financials. I also prefer plain text mail.

Education can help but that can also be confusing or even paralysing. Don't believe all the various ads on sites. Don't click links in emails to financial sites or email sites you have accounts with. There may be exceptions though.

How safe is the internet ? as traders we're rooted without it but it seems like anyone can access our systems and personal details. The impression i get is the internet was never designed for commerce.:eek::eek:

Does anyone else share my concerns or am i freaking out over nothing ?

The net wasn't designed for commerce and that's one of the reasons we have the issues we do....however net security is very very good now as long as u constantly obey the simple rules of net security.


Never click net/email/forum links that u don't trust 100%
Get a good (wired) modem with firewall and security features, that's easily configurable.
Do regular windows updates and spy/bot/virus sweeps.
Never disclose passwords...and never save/auto complete sensitive passwords.

The most secure site I've seen is the ATO's Business Portal.

Password must have numbers, letters and symbols and they use Digital Certificates.

Sure it's a bit of a hassle and I'll admit one downside is you can only logon from one computer. But all the banks talk up internet fraud yet they don't have the same security as the ATO.