Financial fraud prevention

{{whyLabel}}: You cannot protect what you haven't accounted for; forgotten accounts are prime targets for undetected fraud.

{{howLabel}}:

• Create a secure list of every checking, savings, and credit account you own.
• Note the primary contact method (email/phone) associated with each.
• Identify accounts that haven't been used in over 6 months.

{{doneWhenLabel}}: A complete list of all financial institutions and account types is documented.

{{whyLabel}}: Weak or reused passwords are the leading cause of account takeovers.

{{howLabel}}:

• Check if you use the same password for multiple banks.
• Verify if Multi-Factor Authentication (MFA) is currently active on each account.
• Note which accounts still rely on insecure SMS-based 2FA versus more secure App-based TOTP.

{{doneWhenLabel}}: You have a clear overview of which accounts need immediate security upgrades.

{{whyLabel}}: Human-generated passwords are predictable; a manager allows for complex, unique keys for every institution.

{{howLabel}}:

• Choose an open-source or highly-vetted tool like Bitwarden or KeePassXC.
• Create one 'Master Password' that is a long passphrase (e.g., 4-5 random words).
• Import or manually add your banking URLs to the manager.

{{doneWhenLabel}}: The password manager is installed and secured with a strong master passphrase.

{{whyLabel}}: SMS codes can be intercepted via SIM-swapping; Time-based One-Time Passwords (TOTP) generated locally on your device are significantly more secure.

{{howLabel}}:

• Download a privacy-focused app like 2FAS, Aegis (Android), or Raivo (iOS).
• Ensure the app itself is locked with biometrics or a PIN.
• Prepare to migrate away from SMS-based codes where the bank allows it.

{{doneWhenLabel}}: An authenticator app is ready on your smartphone to receive security tokens.

{{whyLabel}}: In the event of a lost card or breach, every minute counts; having numbers ready prevents panic.

{{howLabel}}:

• Find the international 'Lost/Stolen' hotline for each of your card issuers.
• Note the specific steps required by your bank to freeze an account via their app.
• Keep a physical copy in a secure place at home and a digital copy in your encrypted manager.

{{doneWhenLabel}}: A single document exists with all emergency numbers and 'kill-switch' instructions.

{{whyLabel}}: Unique passwords ensure that a breach at one service does not compromise your entire financial life.

{{howLabel}}:

• Use your password manager to generate random strings of letters, numbers, and symbols.
• Change the password for every bank identified in your inventory.
• Ensure no 'security questions' (like mother's maiden name) use real, easily researched data.

{{doneWhenLabel}}: Every financial account has a unique, complex password stored in your manager.

{{whyLabel}}: This adds a second layer of defense that requires physical access to your device.

{{howLabel}}:

• Log into each bank's security settings.
• Select 'Authenticator App' or 'Security Key' as the primary 2FA method.
• Scan the QR code provided by the bank using your TOTP app.
• Save the 'Backup Codes' provided by the bank in your password manager.

{{doneWhenLabel}}: All major accounts require a code from your authenticator app to log in.

{{whyLabel}}: Immediate notification allows you to spot and report unauthorized charges within seconds of them occurring.

{{howLabel}}:

• Enable 'Push Notifications' in your banking apps for all transactions.
• Set the threshold to $0.01 (or local equivalent) so every single cent spent triggers an alert.
• Enable alerts for 'Profile Changes' or 'New Device Logins'.

{{doneWhenLabel}}: You receive a notification on your phone for every transaction made on your accounts.

{{whyLabel}}: Limits act as a 'circuit breaker' to prevent a fraudster from emptying your account in one go.

{{howLabel}}:

• Lower your daily ATM withdrawal limit to the minimum you realistically need.
• Set a daily 'Card Not Present' (online shopping) limit.
• Disable 'International Transactions' if you are not currently traveling.

{{doneWhenLabel}}: Account limits are adjusted to reflect your actual daily usage patterns.

{{whyLabel}}: 'Skimming' or 'Shimming' can occur wirelessly in crowded places via RFID readers.

{{howLabel}}:

• Purchase generic RFID-blocking sleeves or an RFID-shielded wallet.
• Place all contactless-enabled credit and debit cards inside the shielding.
• Test the shield by trying to 'tap-to-pay' while the card is inside the sleeve.

{{doneWhenLabel}}: All physical cards are stored in RFID-blocking containers.

{{whyLabel}}: Small 'test charges' (often under $1) are used by fraudsters to see if an account is active before making large purchases.

{{howLabel}}:

• Schedule a recurring calendar event for the 1st of every month.
• Cross-reference every line item on your statement with your receipts or memory.
• Report any unrecognized merchant immediately, regardless of the amount.

{{doneWhenLabel}}: A monthly habit is established and the first review is completed.

{{whyLabel}}: Outdated operating systems have known vulnerabilities that malware can exploit to steal banking credentials.

{{howLabel}}:

• Enable 'Automatic Updates' on your smartphone and computer.
• Ensure your mobile banking app is always the latest version from the official store.
• Restart your devices at least once a week to ensure patches are applied.

{{doneWhenLabel}}: All devices used for banking are running the latest, most secure software versions.

{{whyLabel}}: Phishing, Smishing (SMS), and Vishing (Voice) are the most common ways fraudsters bypass technical security.

{{howLabel}}:

• Never click links in SMS or emails claiming to be from your bank.
• If you receive a 'security alert' call, hang up and call the number on the back of your physical card.
• Be aware that banks will never ask for your PIN or MFA code over the phone.

{{doneWhenLabel}}: You have successfully identified and ignored/reported at least one suspicious communication.