Financial fraud prevention

Why: You cannot protect what you haven't accounted for; forgotten accounts are prime targets for undetected fraud.

How:

• Create a secure list of every checking, savings, and credit account you own.
• Note the primary contact method (email/phone) associated with each.
• Identify accounts that haven't been used in over 6 months.

Done when: A complete list of all financial institutions and account types is documented.

Why: Weak or reused passwords are the leading cause of account takeovers.

How:

• Check if you use the same password for multiple banks.
• Verify if Multi-Factor Authentication (MFA) is currently active on each account.
• Note which accounts still rely on insecure SMS-based 2FA versus more secure App-based TOTP.

Done when: You have a clear overview of which accounts need immediate security upgrades.

Why: Human-generated passwords are predictable; a manager allows for complex, unique keys for every institution.

How:

• Choose an open-source or highly-vetted tool like Bitwarden or KeePassXC.
• Create one 'Master Password' that is a long passphrase (e.g., 4-5 random words).
• Import or manually add your banking URLs to the manager.

Done when: The password manager is installed and secured with a strong master passphrase.

Why: SMS codes can be intercepted via SIM-swapping; Time-based One-Time Passwords (TOTP) generated locally on your device are significantly more secure.

How:

• Download a privacy-focused app like 2FAS, Aegis (Android), or Raivo (iOS).
• Ensure the app itself is locked with biometrics or a PIN.
• Prepare to migrate away from SMS-based codes where the bank allows it.

Done when: An authenticator app is ready on your smartphone to receive security tokens.

Why: In the event of a lost card or breach, every minute counts; having numbers ready prevents panic.

How:

• Find the international 'Lost/Stolen' hotline for each of your card issuers.
• Note the specific steps required by your bank to freeze an account via their app.
• Keep a physical copy in a secure place at home and a digital copy in your encrypted manager.

Done when: A single document exists with all emergency numbers and 'kill-switch' instructions.

Why: Unique passwords ensure that a breach at one service does not compromise your entire financial life.

How:

• Use your password manager to generate random strings of letters, numbers, and symbols.
• Change the password for every bank identified in your inventory.
• Ensure no 'security questions' (like mother's maiden name) use real, easily researched data.

Done when: Every financial account has a unique, complex password stored in your manager.

Why: This adds a second layer of defense that requires physical access to your device.

How:

• Log into each bank's security settings.
• Select 'Authenticator App' or 'Security Key' as the primary 2FA method.
• Scan the QR code provided by the bank using your TOTP app.
• Save the 'Backup Codes' provided by the bank in your password manager.

Done when: All major accounts require a code from your authenticator app to log in.

Why: Immediate notification allows you to spot and report unauthorized charges within seconds of them occurring.

How:

• Enable 'Push Notifications' in your banking apps for all transactions.
• Set the threshold to $0.01 (or local equivalent) so every single cent spent triggers an alert.
• Enable alerts for 'Profile Changes' or 'New Device Logins'.

Done when: You receive a notification on your phone for every transaction made on your accounts.

Why: Limits act as a 'circuit breaker' to prevent a fraudster from emptying your account in one go.

How:

• Lower your daily ATM withdrawal limit to the minimum you realistically need.
• Set a daily 'Card Not Present' (online shopping) limit.
• Disable 'International Transactions' if you are not currently traveling.

Done when: Account limits are adjusted to reflect your actual daily usage patterns.

Why: 'Skimming' or 'Shimming' can occur wirelessly in crowded places via RFID readers.

How:

• Purchase generic RFID-blocking sleeves or an RFID-shielded wallet.
• Place all contactless-enabled credit and debit cards inside the shielding.
• Test the shield by trying to 'tap-to-pay' while the card is inside the sleeve.

Done when: All physical cards are stored in RFID-blocking containers.

Why: Small 'test charges' (often under $1) are used by fraudsters to see if an account is active before making large purchases.

How:

• Schedule a recurring calendar event for the 1st of every month.
• Cross-reference every line item on your statement with your receipts or memory.
• Report any unrecognized merchant immediately, regardless of the amount.

Done when: A monthly habit is established and the first review is completed.

Why: Outdated operating systems have known vulnerabilities that malware can exploit to steal banking credentials.

How:

• Enable 'Automatic Updates' on your smartphone and computer.
• Ensure your mobile banking app is always the latest version from the official store.
• Restart your devices at least once a week to ensure patches are applied.

Done when: All devices used for banking are running the latest, most secure software versions.

Why: Phishing, Smishing (SMS), and Vishing (Voice) are the most common ways fraudsters bypass technical security.

How:

• Never click links in SMS or emails claiming to be from your bank.
• If you receive a 'security alert' call, hang up and call the number on the back of your physical card.
• Be aware that banks will never ask for your PIN or MFA code over the phone.

Done when: You have successfully identified and ignored/reported at least one suspicious communication.