Nonline financial services

[jacob]

Anyone here who's successfully and [almost] completely avoided having to use phones or computers/dealing only in brick and mortar for financial services and who's willing to admit to it? Seems to me that the half-life of any one typical financial institution being hacked is about 4 years. Also, I keep hearing about these legendary old rich folks who never do anything online when it comes to money (and I'm not talking about your "Uncle Vic" or the "Serbian Mafia in Kentucky").

Banking?
Brokering?
Insurance?
Lending?

[BRUTE]

no experience, but internet == cheap communication == scale == affordable for customers who won't make the service provider much money.

personal brick building attention == very pricey == no scale == only worth it for very profitable customers

so unless jacob is interested in making that service provider lots of money, brute thinks it unlikely.

[The Old Man]

My mother has no smart phone nor computer. She does things the old school way.

I have moved completely in the opposite direction where everything I do is online.

[George the original one]

My banking is still done bricks & mortar, in-person. I find having tellers who know you is useful when fraud & identity theft hits you.

Brokerages are online. In general, I demand a local brick & mortar office so I have a door to knock on when something goes awry. However, I let that attitude lapse when I set up the margin account with Interactive Brokers (but I didn't tie my banking accounts to them).

Insurance (home & auto), up until last year, was handled with a phone call to my agent and occasionally visiting his office. He retired and I switched to an agent in Seaside who also retired 3 months later, LOL! New guy in Seaside is now our agent, but I haven't met him yet since I haven't had a reason to do so. Health insurance (Obamacare) was initiated online, but subsequent paperwork has been snailmail & wife has actually visited the local hospital/clinics without using online services.

Lending... only have mortgages and those have been handled via the Internet. Mortgages will be dismissed in the next month or two. Unless you count wife's credit card, which is always paid off via snailmail.

[wood]

The tax office in Norway now requires everyone to file their tax returns digitally. Its not possible to be old school about it.

[vexed87]

I suppose the old rich folks have special privileges with their financial institutions due to the size of their portfolios/checking accounts, at least that's how it works here. I could bank locally, but... meh.

That said, I will be meeting my bank manager to discuss mortgages soon.

[GandK]

Well, G physically goes in to all the places you've listed because (a) he's a Luddite and (b) he loves to socialize. But I'm pretty sure the employees of said places then type our information into the computer even though G doesn't. Impossible to avoid hacking if using these services? I think our only real refuges are cash for purchases and DIY efforts.

[henrik]

But I'm pretty sure the employees of said places then type our information into the computer even though G doesn't.

This. Even if you can find a paper interface for your dealings (which tends to be the more expensive way?), it does not mean that your information will be stored or processed offline.

[eudaimonia]

Regarding brokerages its possible to have a full service broker who you only call (no getting online for you). However, the reality is that even if you only ever place trades to the pits (where that's even possible) these days at some point your order becomes electronic and is subject to all the online risks you outline above. On top of that you have counter-party risks all the way from your broker to the exchange. Physical stock certificates are becoming more and more rare these days but if you can get your hands on these (usually via a hefty fee), obtaining your physical stock and storing it in a safe or lock-box may be one way to largely reduce hacking risks although your personal information will still likely be held with the financial institution electronically.

[Ego]

A handful of the seniors at Soylent Towers were terrified of anything digital. They wanted nothing to do with the magic screens. On woman would often forget to pay rent so I encouraged her to sign up for auto-debit but she insisted on handing me a physical check each month. When I showed her that I simply scan her check into the same system and create a digital picture of it, she nearly cried with fear.

Adding a person between you and the digital interface encourages mistakes and presents opportunities for up-selling (like WF) or outright fraud.

I use yubikey for two factor authentication.

[George the original one]

I think it's not so much "you can/will get hacked" so much as "who possesses the bits". With a brokerage, even a discount brokerage, you can get physical possession of the stock certificates and the dividend checks can come directly to your mailbox.

[ether]

Your main risk of getting "hacked" is identity theft.
If you don't use online identity theft protection services, then you'll never know if someone opens a credit line in your name.
At the end of the day it's pretty damn easy to open a credit card in someone else's name. All you need is a SSN, DOB, name, and basic historical information.
Your SSN is pretty much public info (debt collectors have access to a national database and leak it all the time for a price), your DOB, current and previous addresses, car type, and family members is essentially public information and this public information is the basis of credit card security questions during applications.

Also it's pretty easy to hack your money even if you don't use an online bank if someone gets access to one of your checks. From that they get your name, address, and bank routing number. Then they can buy your SSN from a crook, and purchase a background check on you a $1 to answer any potential bank security questions. From there they make a fake ID, go to a bank near them and open an account using your identity, and then execute a wire from your bank the phony bank they own. There will be no ACH check since the accounts are both owned by the same SSN. There is literally nothing you can do to stop this. From just a check a pro thief can pretty easily empty your entire bank account. It's a nightmare to reverse and chances are funds are sent overseas or converted to bitcoin by the time the two banks can communicate with each other.

No one is safe, bank fraud is as old as banks and honestly the internet is slowly making it a little bit more secure since you can now get real time updates when credit lines are opened in your name. /rant

[bryan]

car type, and family members is essentially public information and this public information is the basis of credit card security questions

My answers to security questions are different per account. For instance my mother's maiden name for Chase may be "0iB8Lv7K3pM9Rv9" but for Fidelity it would be "o8u7J83uggYffF1"

The holy grail solution has always been public key crypto (unique private key) embedded into your social security card, passport, driver's license, whatever. The government can maintain, publish the public keys or hash of public keys. Much better attestation, assurance of identity and so much cool shit could be built with this groundwork laid by the government.

[Ego]

car type, and family members is essentially public information and this public information is the basis of credit card security questions

My answers to security questions are different per account. For instance my mother's maiden name for Chase may be "0iB8Lv7K3pM9Rv9" but for Fidelity it would be "o8u7J83uggYffF1"

How do you store those so you can access them when needed? Password manager?

[ether]

My answers to security questions are different per account. For instance my mother's maiden name for Chase may be "0iB8Lv7K3pM9Rv9" but for Fidelity it would be "o8u7J83uggYffF1"

While that protects your current accounts from getting hijacked, that doesn't protect you from someone using your personally identifiable information to open an account or credit card at a financial institution you are currently not apart of and pretending to be you. Even if never use online financial services, once someone builds an identity profile on you (name, address, DOB, SSN, family), they can pretend to be you at almost any financial institution and wreck your credit and create a legal nightmare for discharging the debts the thief created in your name.

[jacob]

@Ego - I do something similar. I store mine on cardstock index cards.

[henrik]

The holy grail solution has always been public key crypto (unique private key) embedded into your social security card, passport, driver's license, whatever. The government can maintain, publish the public keys or hash of public keys. Much better attestation, assurance of identity and so much cool shit could be built with this groundwork laid by the government.

There is an ongoing experiment (~15 years). So far so good.

[bryan]

The holy grail solution has always been public key crypto (unique private key) embedded into your social security card, passport, driver's license, whatever. The government can maintain, publish the public keys or hash of public keys. Much better attestation, assurance of identity and so much cool shit could be built with this groundwork laid by the government.

There is an ongoing experiment (~15 years). So far so good.

Jealous. Though I think there are still some hairy situations to be encountered once it catches on. For instance, currently ToS of SW or websites are maybe just adequate enough legally speaking. But what happens when you can now have an easy, ubiquitous way to demand customers actually legally sign a digital contract? Common law has a bright future I guess.. but what happens when judgements can't be enforced?

@Ego - I do something similar. I store mine on cardstock index cards.

An underrated solution. Bonus points if you use a substitution cipher to keep some honest people honest

My answers to security questions are different per account. For instance my mother's maiden name for Chase may be "0iB8Lv7K3pM9Rv9" but for Fidelity it would be "o8u7J83uggYffF1"

While that protects your current accounts from getting hijacked, that doesn't protect you from someone using your personally identifiable information to open an account or credit card at a financial institution you are currently not apart of and pretending to be you. Even if never use online financial services, once someone builds an identity profile on you (name, address, DOB, SSN, family), they can pretend to be you at almost any financial institution and wreck your credit and create a legal nightmare for discharging the debts the thief created in your name.

Is that type (family, street names, pets) of information really required for opening accounts? How is it verified? I know I've been locked out of credit reporting sites at times because they ask me security questions they generated on their own from my financial past which is only perhaps 50% correct Maybe there are similar situations elsewhere.. in fact a recent financial account I opened also threw up a flag but it got resolved with a representative calling me.

One of the perks of #vanlife I have five different addresses which get used across various accounts. Of course I have only one "permanent address" which is my legal address, but many institutions don't agree on it or with me.

Regardless, I agree that it's a risk and financial institutions (even the IRS!) are ill-equipped to handle it.

[ether]

in fact a recent financial account I opened also threw up a flag but it got resolved with a representative calling me.

Which is exactly what criminals exploit. Customer service reps are there to resolve issues preventing users from opening financial accounts. They know credit bureau data can be wrong and will waive security questions to insure the account is processed. Just play dumb & desperate and the bank will process your application with incomplete and even wrong personal information.