Making It More Difficult, For The Better

A little while ago, I saw a post online that was like a little PSA on financial security, which, of course, I am rather big on.  It was warning that PayPal and Venmo were not to be trusted because they were not held to the same security standards as banks.  Both of these sites claim to have “bank-grade” security, but what does that actually mean?

To be honest, I really do trust PayPal.  I haven’t ever had a problem with them or their security.  Then again, I do the maximum I can, enabling 2-factor authentication and having a strong, unique password.  Venmo, I don’t have any history with them, but they are owned by PayPal and from what I can see, they do a lot of the same things.  They also have 2FA, and are very happy to send you email notifications when things happen on their site.

I read this PSA post about distrusting online payment processors with a grain of salt.  The one thing that did strike a nerve with me is the advice: “never link your primary checking account”.  I agree with that.  I follow that pretty religiously with my online bills.  If a payee wants to do an autopay, I’ll allow it only if they allow payment on a credit card.  If they only allow payment by checking account, I use my bank’s bill pay.  Simply defined, I’ll push cash out of my checking account, but no one has the ability to pull cash from the account. 

It sounds convenient to set up my mortgage company to just withdraw my mortgage payment from my checking account monthly, but what if, just what if, they got a bug up their ass, or something went weird, or all hell breaks loose and they decide, we’re going to make your loan payable in full immediately.  And to satisfy this loan, we’re going to make a payment for as much of your balance as possible.  Now, I don’t have $90k sitting in my checking account, but, if they pulled everything they could, it would put a damper on my liquidity.  It’s just not a situation I would like to have happen.  So instead, I schedule a payment from my bank to them once a month.  It ends up working exactly the same.

Of course with online processors, the big fear is getting hacked.  And if your primary account is linked, the hackers can pull all your money just as easily as my mortgage company could.  Even if you have fraud protection, you’re still talking about a big hassle and lost money for a period of time.

The PSA had a poor suggestion to not link your bank account at all, but also had a good suggestion to link a secondary bank account instead.  So that’s what I did.  In PayPal, I had three banking accounts linked, so I removed two.  In Venmo’s website, I began the link to the same account I left active in PayPal.

This is a good thing.  That secondary account only has $15 dollars in it, which becomes my maximum monetary risk in case of being hacked.  But what are the limitations of this?  Well, right now, I couldn’t pay anymore more than $15 unless I transfer more money into the account.  Fortunately for me, like a lot of online banks provide, I have multiple accounts with that bank and I can instantly transfer money between them.  So, there’s no significant time delay on when I can make funds available for payment.  There’s only the delay in having to log in to the bank and transfer the needed money from my main account to my designated “PayPal/Venmo account”.

Still, though, security is always at odds with convenience.  I’m a little more secure now (even more), but I have to do a little more work now.  And note that this inconvenience is only for cash transactions.  Credit card stuff is always protected, so I’ll use that whenever I don’t have to pay the transaction fee.  The PSA also had the questionable advice that paying the 3% fee was worth it for the fraud protection.  Maybe.  But if you can save that fee and still be secure, that’s the best way.

Maybe it’s time to audit all your account links and make sure you don’t have any weak entry points.

Comments are closed.