As featured in The Wall Street Journal, Money Magazine, and more!

Search: hacker

Updated: Hackers Steal Credit Card Numbers From 360,000 Citi Customers

This article was written by in Privacy and Security. 14 comments.


The latest big business security breach affected Citigroup and about 1% of the company’s credit card customers. Hackers were able to access the customer database, finding customers’ names, credit card numbers, and email addresses free for the taking. The hackers were not able to gain access to other personal information, like Social Security numbers, card verification numbers, or birth dates. The company has started contacting affected customers.

It’s unlikely that customers whose numbers and names are significantly more susceptible to identity theft as a result of this breach, because Citi kept the more sensitive information secure. It may still be a god idea to change your password if you have online access to a Citi credit card. In cases like these, there is little that customers can do to avoid being included in a data breach short of opting out of the finance industry overall. If you never sign up for a credit card, you prevent hackers from stealing your information. Once you’re in “the system,” you have to rely on banks to protect your information appropriately.

As a result of this breach and the continual development of technology, financial institutions may soon find new regulations that require even stricter security for online access. Some financial institutions now offer options for their customers to authenticate via a SecurID — technology that uses wireless networks to provide a unique code over the air that must be verified before you can access your account. In my role at my former job, I accessed banking institutions on behalf of the company, and every bank required a different wireless device. This could be where the consumer market is heading — and if it is, it’s going to make even more sense to simplify your finances.

Additional information: According to the Wall Street Journal, Citigroup waited up to three weeks after the incident before notifying customers. The delay was due to an investigation into the issue.

Update: Of the 360,000 accounts breached, only 3,400 accounts were subject to fraudulent charges by the hackers. Customers are not responsible for fraudulent charges, though the total loss on Citi’s side due to the fraud is $2.7 million.

Yahoo Finance / AP, CNN Money

{ 14 comments }

Are Online Banks Safe?

This article was written by in Banking. 16 comments.

Anyone who is accustomed to being able to walk into the local bank branch, access accounts through a teller, and discuss banking options with an account manager on-site might still have reservations about moving money to an online-only bank. The benefits are big. Usually, online-only banks offer higher interest rates on savings and certificate of deposit accounts, and that makes the change worthwhile for most customers.

It’s common to hesitate. A bank with no physical branches seems more ethereal, as if it’s not a thing, but an idea of a thing. Does a bank you can’t visit exist in the real world? Are the customers identified by hacker-like handles and does the bank operate in a fictional world like Second Life? Will the company just disappear one day, taking advantage of the fact that closing down wouldn’t entail shuttering storefronts? Many customers simply have serious doubts about the legitimacy of a company that can’t be found by driving any number of miles.

Today, Jesus T. wrote into Consumerism Commentary with his concern:

I would really like to transfer my savings from Chase Bank to Ally Bank. At Chase I am not earning any interest. I’m just very wary because Ally is an online bank only. I don’t want to lose the money I have worked so hard to save. I was thining of opening a CD account with Ally. Any suggestions to put my mind at ease about to Ally Bank?

Online banks, as long as you’re dealing with a reputable institution, are just as safe as traditional brick-and-mortar banks. Here are some points about Ally Bank and online banking in general that could help put your mind at ease.

  • Ally is currently one of the strongest online banks right now. The announcement may have been more of a marketing move than anything else, but Ally is a potential buyer for ING Direct. For more on this bank, see my Ally Bank review.
  • Your deposits at Ally Bank, just like deposits at any other legitimate bank in the United States, are protected by FDIC insurance. Even if the bank does have a problem in the future and is acquired or goes out of business, you will be able to access your money. The likelihood of this happening is low. If you’re ever unsure about whether a bank is covered by FDIC, search for them on Bank Find, the FDIC’s database interface.
  • Online banks without local branches have lower overhead costs, so they are able to pass the savings onto the customer in the form of higher interest rates.
  • Banks that sprung up operating online only were so successful with customers that brick-and-mortar banks copied the business plan. For example, Emigrant Bank, a tiny bank in New York, gathered a wider audience when the company created Emigrant Direct and was a head-to-head competitor with ING Direct for several years.
  • Banking online with a legitimate institution is secure. Your information is encrypted when it is sent to and from a bank.

Every time you get in your car and drive to the bank, in some respect, you are putting your life at risk. When banking online, all you have to worry about is lightning.

{ 16 comments }

Lie to Yourself for Better Security

This article was written by in Privacy and Security. Add a comment.

This week, TechCrunch made a big to-do by publishing internal Twitter business documents that they apparently received from an enterprising hacker. The access to multiple networks apparently began when the hacker accessed the GMail account of the wife of a co-founder.

If you, like Twitter employees, store any sensitive information in your Google Docs, or even have other people’s passwords hanging out in your GMail archive, then yes, it’s important to pick a unique password for different services, and make sure they’re all strong passwords. But that still leaves a hole in your security strategy: using the “forgot password?” feature in your Google Account.

1. Log into your Google Account settings (don’t worry, that link isn’t really for your account), and you’ll see an area for “Personal Settings”:

google personal settings

Click on “Change password recovery options”. This is the feature that lets you get your password back when you’ve forgotten it, or when someone who isn’t you wants to get at it.

2. Google will ask you to verify your password for added security.

3. On this screen, there’s an option for “Security Question”:

google security question

If someone that you don’t trust implicitly can guess the answer to the question you’ve chosen, you need to change this. Even if you’re not the spouse of the co-founder of the most popular and secretive company of the last few years. Sensitive personal data is retrieved through social engineering all the time, and if someone has access even just to your e-mail, you’re a prime candidate.

Better Than Your Old Phone Number

More people than I probably know about may have my old home phone number in an address book somewhere. I had that phone number for over 20 years. Anyone could have it. So, instead, I’m going to use the write my own question option:

google question

Here’s the novel part: come up with a fake answer. Even better: come up with an absurd answer to a reasonable question.

For example:

Question: What’s your husband’s mother’s name?

Answer: banana bread

This question/answer combination is memorable, provided that you love your mother-in-law’s banana bread. You know more than anybody about how your brain works, and how your brain will likely still be working in the future. Spend some time on it, and come up with something truly unique, but outwardly ridiculous at the same time.

For what it’s worth: no, I’m not a big fan of banana bread.

{ 0 comments }

Review: I Will Teach You to Be Rich by Ramit Sethi

This article was written by in Uncategorized. 17 comments.

I’ve been in touch with Ramit Sethi since not long after he began writing on his blog, I Will Teach You to Be Rich, almost five years ago. It is no surprise to me that Ramit, after enhancing his writing with years of practice on his rapidly-growing website, has published I Will Teach You to Be Rich, which is right now the number one book on Amazon.com under personal finance and number three on Amazon.com overall. This is not simply a republication of the blog like some books presented by other bloggers-turned-authors. I would consider the book, released yesterday, to be one of the best books about money management for twenty-somethings. I’ll explain why in this review.

I’m not praising this book because I’ve known Ramit (through the internet) for several years. In fact, when I first discovered his blog, I was skeptical of the kid right out of college promising to teach people how to be rich. He wasn’t rich as far as I could tell; how can someone with no real experience make such a claim? I found out quickly that Ramit is a great teacher who can connect with his audience, and in all honesty, personal finance isn’t difficult conceptually. The biggest problem is cutting through the noise and misinformation, and Ramit’s background with psychology provides some insight on the barriers between conceptual knowledge and behavior.

I Will Teach You to Be RichRamit’s book and his blog are not for everyone. The author’s style can be harsh; yet, on a scale of one to Suze Orman in abrasiveness he would only score a seven. He manages to mix insults with jokes, judging ever so slightly the stupid mistakes not of his readers, but of his readers’ friends. The book is built upon a framework of a six-week program — what self-help book would be complete without a reducible metaphor — designed to take a personal finance newcomer from freshman status to savvy long-term investor. Ramit claims readers will succeed even if pursuing only 85% of what is written in the book.

I Will Teach You to Be Rich contains actionable suggestions in the book, and 85% of the tips within would keep a money management novice busy. Many of these tips are refreshing. It is clear that Ramit is not a fan of obsessive frugality, a view that I share. Ramit also claims to be unsatisfied with the concept of budgeting, but offers a “Conscious Spending Plan:” essentially a budget with more syllables and a trademarkable name, recommends the envelope system of managing expenses, and offers two models for dividing income into buckets for planning expenses.

The elements of the six-week program illustrate the most important concepts in Ramit’s plan to helping readers work to attain the status of “rich:”

  • Optimizing credit cards: using credit cards as a tool for expense maintenance, protection, and building credit
  • Optimizing savings: finding high-interest savings accounts with no fees while not wasting time chasing rates
  • Opening investment accounts: taking advantage of tax-advantaged retirement accounts with brokers friendly to new investors
  • Managing expenses: using the aforementioned Conscious Spending Plan to decide where your money should be going
  • Automating the system: removing human intervention from the financial machine to allow more of your money to work for you
  • Investing to earn more: foregoing products designed to make money for the financial industry rather than for you

Many books we are accustomed to seeing in this genre are written by financial advisers, professional money managers, or those formerly or currently closely tied to that industry. Thankfully, Ramit breaks away from their traditional advice by advocating low-cost index funds and target retirement funds, stressing the lack of necessity of a professional financial planner for most individuals. Thankfully, Ramit shares the data to support his claims. Yes, it’s true that Ramit missed a calculation, but you’ll find that the concept of the benefit of compound interest is still sound.

Actionable tips are scattered throughout the book. In one section, Ramit includes a script for convincing a credit card customer service representative to drop a late fee. In another, he presents a detailed account of how he made twenty car dealerships compete for his business. In yet another, Ramit offered concrete advice for negotiating a pay raise with management. Many of the chapters include short essays provided by other bloggers, such as Nickel from Five Cent Nickel, JLP from All Financial Matters, J.D. from Get Rich Slowly, Jim from Bargaineering, Gina formerly from Lifehacker, Trent from The Simple Dollar, and myself.

While most readers of Consumerism Commentary may find the advice within the book to be simplistic and basic, I Will Teach You to Be Rich should be at the top of the list for most recent or soon-to-be college graduates. Ramit Sethi’s style of writing isn’t for everyone, but it doesn’t take long to get past the attitude. This book is a worthy competitor among other recent money management books for the age group like Suze Orman’s The Money Book for the Young, Fabulous and Broke, and Ramit’s immediate connection with the target audience makes his book more likely than others to be read, enjoyed, and followed.

I spoke with Ramit several days ago to record a conversation in which we answered several questions from Consumerism Commentary readers, sharing our thoughts and picking fights over our disagreements. I haven’t decided whether to publish the recording on Consumerism Commentary, but Ramit insists that I offer the MP3 of us answering your questions to anyone who buys the book from Amazon.com and forwards the receipt to me at flexo@iwillteachyoutoberich.com within the next 48 hours. You’ll receive an hour-long recording (if Ramit edits it down from about 90 minutes, but it’s all good stuff) of the two of us answering questions about the best accounts, saving, investing, and automating your money. It was a fun conversation, although as I’ve admitted to other people, Ramit outclassed me at every turn.

{ 17 comments }

8 Things Banks Can Do to Make Online Banking Safer

by Flexo

Banking online by visiting a bank’s website directly to perform typical transactions like checking your balance, reviewing and reconciling your recent transactions, paying bills, or transferring money, is generally safer than doing the same in person, whether at an ATM or a teller. Your information is encrypted and you can take care of your business ... Continue reading this article…

37 comments Read the full article →

Just Like Apple’s MobileMe, But Free

by Smithee

For the purposes of this article, the term “iPhone” includes “iPod Touch”, and I’m assuming that your operating systems are up to date. Along with new firmware for existing iPhone owners, and the new iPhone 3G itself, Apple is releasing this week a new service called “MobileMe”, succinctly described as “Exchange for the rest of ... Continue reading this article…

7 comments Read the full article →

Where Did You Come From, Where Did You Go (June 2008)

by Flexo

As June comes to a close, I’d like to thank visitors, readers, and commenters who enjoyed or contributed to Consumerism Commentary over the past month. I particularly like to mention the blogs and related websites that helped sustain Consumerism Commentary by linking here and providing paths for visitors to arrive. Here are the websites, not ... Continue reading this article…

0 comments Read the full article →

Where Did You Come From, Where Did You Go (May 2008)

by Flexo

At the end of each month, I recognize other websites for sending traffic to Consumerism Commentary during the last thirty days. This was another record month for Consumerism Commentary in terms of visitors, and I hope many of you were convinced to subscribe and return. Here is a list of websites, excluding search engines, RSS ... Continue reading this article…

0 comments Read the full article →
Page 1 of 212