An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
chase.com security advisories
#30151 05/25/14 05:21 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Two security advisories regarding chase.com:

1. Chase has finally gotten its act together and (silently) updated its user password policy to bring it more into line with the real world:

Your new Password:
  • Must be 7-32 characters long
  • Must include at least one letter and one number
  • May include some special characters or punctuation
  • Must not match your User ID or your previous five Passwords
So, if, as I have, you've been living with a password that's not as strong as you'd like, you can now strengthen it.

2. I was appalled to learn that the options to receive security alerts when
  • "My password has changed"
  • "My user ID has changed"
  • "My device has been approved"
are not set in stone, but are user option prefs located at Customer Center > Manage Account Alerts > Alerts available for (Dropdown) > Online Security.

Further, the first time I navigated to that location I found that all three prefs were turned off...that I had been at risk for quite some time.

Now, it's possible that I reeeally spaced out and turned those prefs off on my own, but it's also possible that Chase has them turned off by default; I therefore suggest that all chase.com users check theirs. (I'll appreciate feedback about their default state.)

I can't imagine why Chase thinks *anybody* would want to run without those prefs and has left them as user options?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30168 05/27/14 04:15 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
So I checked my Chase.com alert settings, and the three security alerts you mentioned above were by default set to e-mail me if there were changes. Additionally I could choose to receive the notifications by text or by push through the Chase mobile app.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: chase.com security advisories
Ira L #30170 05/28/14 06:14 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Thanks for that info, Ira.

I can't imagine having turned those prefs off - I haven't even got the slightest recollection of having ever visited their location - but...


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30172 05/28/14 12:19 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Clearly, I'm looking in the wrong place...

I too have a Chase account, but am unable to find the settings mentioned. Where might those critters reside? confused


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
Pendragon #30175 05/28/14 04:06 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Log in, then Customer Center>Manage Alerts. The resulting page has a pop-up menu that follows the phrase "Manage Alerts for…". The fact that you can change that menu to "Credit Cards" is not too terribly obvious, but once you do, you will see the alerts being discussed here.

The alerts under discussion seem to be available only if you have a credit card. Other alerts apply to bank accounts.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: chase.com security advisories
Ira L #30178 05/28/14 07:04 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Thanks, Ira. As you suspected, I was looking on the wrong place. Though I fail to understand why the default setting was as it was, and why the option to "fix" the issue is not readily apparent.

<Sigh>


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
Pendragon #30180 05/28/14 07:08 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
What was the default setting that you don't understand, Harv?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30182 05/28/14 07:12 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: artie505
What was the default setting that you don't understand, Harv?


I would have expected the default to automatically notify the customer when any of the following are changed; much as Apple does (I think).

"My password has changed"
"My user ID has changed"
"My device has been approved"



Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
Pendragon #30183 05/28/14 07:56 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
So your prefs were turned off! (Thanks for the clarification.)

I'm not certain what Chase's default is, because the first time (that I'm aware of, anyhow) I saw those prefs, mine were turned off, but Ira has reported that his were turned on, so I guess we're still up in the air.

But we're now at 2 to 1 on the turned off by default side. Booo!!!

Aside: I went through minor hell with Chase over this issue and the fact that user p/w's could not include non-standard characters; we exchanged a bunch of e-mails in which they repeatedly assured me how much Chase cared about customer security but never even acknowledged my points, that I had made them, or that they were being kicked upstairs for further consideration, and they finally told me that any further e-mails would be ignored.

I guess that I, although probably not alone, did make my points...points that should *never* have had to be made in the first place.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30185 05/28/14 08:13 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Sounds as if you should consider changing banks.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: chase.com security advisories
joemikeb #30186 05/28/14 08:45 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
Sounds as if you should consider changing banks.

Me, and a significant portion of the rest of America, but why? Despite its protestations, Chase has cleaned up its act in the areas I complained about...even gone beyond what I suggested!

My solution has been to "sandbox" Chase; I keep next to no money in my accounts there, and there are no connections (from inside chase.com) between them and my accounts with other institutions.

You sound smug; is it because you've explored every security option at every financial Website with which you deal and satisfied yourself that you're not at risk from weaknesses in any of them, or, more particularly, that you're totally happy with the security with which they provide you?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30194 05/29/14 03:09 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: artie505
You sound smug; is it because you've explored every security option at every financial Website with which you deal and satisfied yourself that you're not at risk from weaknesses in any of them, or, more particularly, that you're totally happy with the security with which they provide you?

I don't think it is possible to be totally happy with security in today's internet environment, but I am satisfied my financial institution (bank, broker, insurance) is doing their dead level best to stay on the cutting edge of security. They have been on the forefront of new security measures often months or even years ahead of the big nationals. The fact my major financial institution is run entirely by retired military, who are by training and nature very security conscious, probably helps. It also helps that as a mutual benefit association, they are answerable only to their customers and not beholding to Wallstreet or stockholders for costs or profits.

But any financial institution is potentially vulnerable, and the bigger they are the more tempting a target for exploitation they present. So it behooves the individual to be vigilant. In fact my financial institution stays on the member's case about security options they should be using not only with them but in general on the internet.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: chase.com security advisories
joemikeb #30203 05/31/14 06:08 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
> ...I am satisfied my financial institution (bank, broker, insurance) is doing their dead level best to stay on the cutting edge of security.

Just like Chase, that couldn't be bothered to alert its customers that they could upgrade to safer passwords...even thinks they might not care to be notified if their user name, password, or registered computer has been changed. tongue

Sounds like you're in a more secure situation than most, though. cool

> So it behooves the individual to be vigilant.

Only to have that vigilance subverted by institutional negligence! frown

The Internet sure makes life easy, but in the balance, it makes us vulnerable to so many avenues of attack that I sometimes think it would have been nice if Al Gore hadn't invented it.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30205 05/31/14 09:39 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
> So it behooves the individual to be vigilant.

Only to have that vigilance subverted by institutional negligence! frown

Yes, and sometimes you are exposed when, "shakey" from the point of their ability to be secure, vendors retain information without your knowledge.

The example I always think about was a few years back when I shopped at a local store that sold small appliance parts and paid with VISA. A couple of years later I returned to buy a refrigerator part and they had my VISA number on file.

Given the ability of hackers to get into major "secure" sites, I figured it wouldn't take too much to steal information from a local parts shop. I demanded they immediately remove the number.

Last edited by ryck; 05/31/14 09:39 AM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: chase.com security advisories
ryck #30206 05/31/14 05:32 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
I've never run into a situation like that, but any time I enter my card number on-line I visit the site after my transaction has been completed and either determine that my number has been deleted or delete it myself. (Amazon is a major offender in that area.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30207 05/31/14 10:44 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
….any time I enter my card number on-line I visit the site after my transaction has been completed and either determine that my number has been deleted or delete it myself.

That's a great idea. Is it easy to do?


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: chase.com security advisories
ryck #30208 05/31/14 11:11 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
You can generally manage your payment options through your account; that's how it works with Amazon (the only site from which I purchase that retains my number).

Many (most?) sites, Apple included, delete your card number immediately after your transaction has been completed.

And Amazon must know that their policy is offensive, because when you go to delete your card number they tell you straight-out that the deletion won't affect transactions, even uncompleted ones, for which it's already been used.

I very much prefer to buy from sites that accept PayPal, and I'm seeing more and more sites biting the bullet and doing that. (Edit: Small Dog and Jet Blue come to mind.)

Man, what a database that must be!

Edit: On occasion, I've actually paid a coupl'a bucks more for items purchased with PayPal rather than give up my card number.

Last edited by artie505; 05/31/14 11:18 PM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: chase.com security advisories
artie505 #30209 06/01/14 03:25 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
You can generally manage your payment options through your account; that's how it works with Amazon

Thanks. I'll be going to the site today to do that.

Originally Posted By: artie505
Many (most?) sites, Apple included, delete your card number immediately after your transaction has been completed.

I don't think that's the case with iTunes or the App Store. I've had cases where I made a purchase, but there were insufficient funds remaining in the account, and the difference showed up as a small extra charge on my VISA. Maybe that also needs to be dealt with in the account.

Originally Posted By: artie505
I very much prefer to buy from sites that accept PayPal...

I'm with you on that one. PayPal is always my first choice.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: chase.com security advisories
ryck #30211 06/02/14 12:05 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
I think you're correct about the iTunes and App Stores retaining card numbers, and I don't know if you can delete them. (I've never dealt with either and just plain forgot they exist.)

The Apple Store does not retain card numbers.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.050s Queries: 52 (0.041s) Memory: 0.6716 MB (Peak: 0.8096 MB) Data Comp: Zlib Server Time: 2024-03-29 15:08:37 UTC
Valid HTML 5 and Valid CSS