Australian (ASX) Stock Market Forum

Trading account security

Joined
10 November 2005
Posts
902
Reactions
1
When I have to ring Commsec about a trade they ask for your account number and password so whats stopping the person your talking to keeping that information or passing it on and start changing you bank details and start selling your shares into a new bank account :confused:

cheers laurie
 
Re: Security

Ive wondered that exact same thing, seems a pretty crappy system to me, even if the person you talk to doesnt do anything himself he could pass your details to an associate!
 
Re: Security

Don't worry about it. I worked for JDV (this is was online stock broking firm, now owned by IWL) in support and I know that certain people in the IT department (Eg. DBAs) will have access to ALL your data. They are subject to the privacy considerations, of course.

I imagine ComSec would have audits on EVERYTHING that happens to the data and who does what. If someone is accessing your details they will be able to track it and find out who is responsible. I have seen this first hand where ASIC (I think it was) went after someone who logged in to someone else's account and sold all their shares and bought some other ones that he wanted to affect the price of.

You can't really stop people from handing out your details but if you notice that things aren't right there are things in place to repair the damage.
 
Re: Security

That could happen at any financial business, fact of life.

That is why banks etc have to cover depositors/ investors against fraud.
 
When I have to ring Commsec about a trade they ask for your account number and password so whats stopping the person your talking to keeping that information or passing it on and start changing you bank details and start selling your shares into a new bank account :confused:

cheers laurie

You realize that all the infomation you give is already on the screen in front of them? You are just confirming you are you.
 
Well, the NAB says never to give your password number to them. If you call them with a problem, (ie you know you are talking to NAB and not some scammer) they ask for your account number and straight away they say 'dont give me your password'. With your account id they can see everything on the account but they cant do anything with it.
 
Yah instead of giving a password that logs into your online accounts you should get asked a security question and DOB - Like what was your first pets name ? etc
 
If they are operating correctly, the bank staff don't even know your password and should have no way of finding it out. It should be in the computer system only.

That's why when you forget a password or PIN number, they have to issue you with a new one.

GP
 
Be carefull when using computers other than your own especially when overseas as hackers these days leave keystroke programs on them which as the name suggests monitors every key typed. There was a program this morning where a guy lost 60,000 american dollars from his trading account while he was watching the screen, Imagine that SCARY:eek: , I Advise people out there to change your password frequently especially after using a foreign computer.
 
There was a program this morning where a guy lost 60,000 american dollars from his trading account while he was watching the screen, Imagine that SCARY:eek:

I had the opposite problem this morning. NAB are having internet issues, and when I logged in the second time I had $60,000 more than I should have! :jump: Should have spent it then and there, coz next time I logged in it had gone:(
 
Its happening again....I have an extra $9000 in my account but the share market has closed........
 
That's why when you forget a password or PIN number, they have to issue you with a new one.

Exactly! passwords are encryted, not even IT departments know what they are, unless they have decrypting tools created by hackers to work them out.

I'd ask them why they need your password and that it is a serious violation of security agreements. Your name, birthday, postcode, etc should be sufficient for them to work out if it is really you. If they insist, ask for their manager. And then complaints department...last resort ACA or today tonight :)
 
I had the opposite problem this morning. NAB are having internet issues, and when I logged in the second time I had $60,000 more than I should have! :jump: Should have spent it then and there, coz next time I logged in it had gone:(

LOL Prospector, maybe it's just one of your stop losses or buy orders finally went through? If not then say...



AAAAAAAAAAAAAAAAAAAAAARGH!!!!!



with me :D
 
Yeah a broker from comsec told me that a lot of people get lazy with their passwords and just use 12345 as their password... I use to have that until I accidentally logged into somebody elses account when I inserted the wrong account number... No bull... If you have that as a password I suggest you change it
 
And don't use public computers to do your business there are little programs that record every button clicked on the computer so all that the person needs to do is collect it later
 
insider said:
Yeah a broker from comsec told me that a lot of people get lazy with their passwords and just use 12345 as their password... I use to have that until I accidentally logged into somebody elses account when I inserted the wrong account number... No bull... If you have that as a password I suggest you change it

Commsec better pray they don't get a security audit. They might jump up and down and say the onus is on the user but as the provider they should have a security system in place that forces the password to be changed asap and use something along the lines of upper and lower case letters and numbers - alphnumeric. minimum 6-7 characters. To be more proactive the password should be changed within a set time limit, even if you haven't logged in with the default one.

What's stopping someone in IT getting the password file and using a cracking tool to hack it. If commsec allow their IT staff to login as admin and there's no audit turned on...the skies the limit!!! And it's not external hackers companies are worried about these days, it's the internal ones - the staff :-(

insider said:
And don't use public computers to do your business there are little programs that record every button clicked on the computer so all that the person needs to do is collect it later

Keyloggers...just spent the day upgrading my s/w firewall and all my adaware and spyware tools. But I still won't bank via the net! :)

Mousie said:
LOL too much hassle; plus it defeats your privacy purposes IMO

Don't see how, you're just exposing Commsec for security breaches to the wider community, thus having the potential of hurting their business and hopefully making them fix it asap!

Remember social engineering, 'can I have your password' is the easiest way to hack.
 
Don't see how, you're just exposing Commsec for security breaches to the wider community, thus having the potential of hurting their business and hopefully making them fix it asap!

Remember social engineering, 'can I have your password' is the easiest way to hack.

Don't see how? LOL disrupts my way of life, re social engineering I'd rather let it out on ASF and tell them I'd do exactly that if I were you, it's word of mouth "demarketing" of Commsec...

You should try telling reporters you've got a story and see how it goes; nothing's learned if nothing's tried after all...I personally didn't like it when I've to chase reporters...

Bringing it to the Banking and Financial Services Ombudsman is another way to go if you can't cut it with the complaints department; if after that you've still got a real serious issue and some deep pockets go see a lawyer for legal advise.

5 mins of fame (followed by money if you can negotiate a deal with em for the story, best of luck there though) just ain't worth my privacy. With the deal money it's a case of how much, but that's another story. Bottomline is when it comes to finances I'd prefer to keep things on the quiet side, but it's a case of "to each their own" here.

If you go exclusive don't forget to tell us to turn on the telly :)
 
Top