Data Security Fundamentals

Data Security of Your Financial Data

Why it Matters

Deepfake concept matching facial movements. Face swapping or impersonation.

Preventing theft of your money is a key aspect of looking after your money.

Data security is defined as the practice of protecting digital information from unauthorised access, corruption, or theft.

The reason data security is important, is to prevent someone from impersonating you for their financial gain. There is always financial gain behind it, otherwise no one would bother. This is how it works, the piece of crap fraudster impersonates you, so they gain the ability to move your money to them. It's really that simple but happens in a variety of different ways.

For example, to impersonate you at your bank's website, all that is required is your banking username and password. These two pieces of data will allow someone to log on to your bank's website, pretending to be you, and move your money from your account to another account. There is no reason to provide anyone access to your internet banking, ever.

Fortunately, although there are some really smart thieving scumbags there are also some incredibly smart people working against them. But you still have to do your bit. You need to think carefully about your where your data is stored. In our modern convenient world, data is used to provide credentials to authenticate people.

Data That Provides Direct Access to Your Funds

Here is a list of data that will allow someone to take your funds.

  • Your internet banking username and password
  • Your credit card details: credit card number, expiry date and ccv number.
  • Your credit/debit card number and pin number.

Before you hand over sensitive data like your credit card or bank account details, to any individual or company, there are two critical risks you should seriously consider.

  • The Risk of Unauthorised Transactions. If someone has access to your account and withdrew funds incorrectly, you would have to notice the money was taken. Sure, you can spot it easily with this website which make spotting suspicious activity easier, but the burden is still on you. Once you notice something wrong, you then face the hassle of proving the error, contacting support, and chasing down a refund. It’s not just about the money, it’s also your time, energy, and stress.
  • The Risk of Insecure Data Storage. How is your data stored, and who else might have access to it? These are essential questions that often go unanswered. If your details are kept in a poorly protected system, you're exposed to risks like data breaches, leaks, or internal misuse. Once your information is out, it’s impossible to get it back under your control. If they have you credit card details you basically need a new credit/debit  card.

Remember: if the bank that issued your credit card wanted someone else to have your information, they would have sent it to them directly. They don’t, and there’s a reason for that. So, before you share your financial details with any person or organisation, ask yourself a simple question: Would you hand them your physical credit card to use? Because in today’s digital world, giving someone access to your card data is essentially the same thing as handing them your card. If they have the information, they have the power to use it.

We use a company called Stripe to collect payments from our subscribers. A lot of companies also use Stripe because of their robust security practices, PCI DSS (Payment Card Industry Data Security Standard) compliance, and very advanced tools to secure your data. Stripe handles payment details securely and utilises encryption to protect sensitive information both in transit and at rest. They also offer built-in fraud detection tools and support compliance with industry standards. And they spend millions ensuring that their customers data is secure. We have to pay for the service but think it's worthwhile to protect our customers.

Nice to the Point of Dumbness

A woman sitting on sofa at home. Worriedly holding phone and credit card. Problem with the account, online payment, blocking, bankruptcy, fraud.

Last week I went to the doctors. A few days before my appointment I got a text to confirm my appointment and a request to put in my credit card details in to an app so that they would have these details on file. The pretext was to make it easier for me to pay them, as though pulling my credit card out of my phone is difficult, it's already tap and go.

So what is the advantage in a doctors surgery holding credit card details? I understand that they may have had issues with people not paying in the past, or had to spend time chasing debts, but that's an unfortunate part of business.

The disadvantage to me is that now there is somewhere else that has my credit card details and sufficient details to make fraudulent purchases on my card. So if a fraudulent purchases was made, who is liable? Unfortunately it's quite possibly me, as I was stupid enough to allow someone to have my credit card details to be "kept on file". I have unintentionally have contributed to the loss.

I am sure that there is no way that the doctor would in anyway deliberately defrauded me. However he was dumb enough to actively encourage another company to have my credit card details. This just makes it easier for someone to steal my information as there is yet another place it resides. If someone broke into their system would it be better for me if my card data was not stored there? Even clever people can be manipulated.

It's often the nicest people who are recruited to put themselves at risk for someone else's financial gain. At the point you need a doctor you are not concerned with data security, so you are an easy target.

I am all for my medical records being on-line and available to doctors, but I do not need to risk my credit card data there too. And that is a key aspect of data protection, making sure that the right people have access to the data they need and only the data they need.

Not an Advertisement for Apple Pay, but.....

Customer Making Contactless Payment Using Smart Watch At Mobile Coffee Van

This is not an advertisement for apple pay but, they do offer protection against one of the major causes of financial crime, which is when your credit/debit card data is captured and used fraudulently. When you use apple pay your credit/debit card data is never shared with anyone.

  • Tokenization. Apple Pay employs a technology called tokenisation, which replaces sensitive payment information with a unique identifier or token. This means that your actual credit or debit card numbers are never shared with merchants during transactions, reducing the risk of fraud.
  • Biometric Authentication. Apple Pay integrates biometric authentication methods such as Face ID and Touch ID. This ensures that only authorised users can access their payment information, adding an extra layer of security against unauthorized transactions.
  • Device-SpecificNumber. When you add a card to Apple Pay, a unique device account number is assigned to your device. This number is encrypted and stored securely, meaning that even if someone gains access to your device, they cannot use your payment information without the necessary biometric authentication.
  • Secure Enclave. Apple devices come equipped with a Secure Enclave, a dedicated security coprocessor that handles sensitive data. This hardware-based security feature ensures that your payment information is stored safely and is isolated from the rest of the device's operating system.
  • Privacy Protection. Apple Pay is designed with user privacy in mind. The service does not track your purchases or share your transaction history with third parties, ensuring that your financial information remains confidential.
  • Real-Time Notifications. Users receive real-time notifications for every transaction made with Apple Pay. This immediate feedback allows users to monitor their accounts closely and quickly identify any unauthorized transactions.

Protect Your Data: Think Before You Install Apps

File sharing. Exchange information and data.Digital system transferring documents.

Directly asking for your data isn’t the only way someone can steal it. There are more subtle and often more dangerous methods that attackers use, many of which involve malicious software.

For example, a common tactic is to trick you into installing software that silently records everything you type. This kind of malware, known as a keylogger, waits for you to visit a banking website, then captures your login details and sends them off to the attacker all without you ever knowing.

That’s why it’s so important to be cautious about the software you install on your computer or phone. Every app you download has the potential to access your files, monitor your activity, and, in the worst cases, send out your sensitive data without your consent.

It really comes down to trust: how much do you trust the apps you install not to abuse their access?

Reputable app stores like the Apple App Store and GooglePlay Store do a lot of work behind the scenes to protect users. They actively scan apps for suspicious behaviour and enforce strict guidelines to reduce the risk of malware. While not perfect, they offer a much safer experience compared to downloading apps directly from random websites.

Be especially wary of programs you find on the open internet. Hackers will often disguise harmful software as useful tools or free downloads to trick you into installing them. Once installed, these apps can steal your personal data, take control of your accounts, or even lock you out of your own devices.

Do Not Download Excel Spreadsheets From the Internet

Worried Man At Computer With System Failure Screen

From a security standpoint, downloading an Excel spreadsheet with macros (file extension .xslm) from the internet is a terrible idea. The same technology that allows you to write a simple excel macro to send an email when a specific number changes in a spreadsheet, is the same technology that allows a hacker to help themselves to your data from your computer, read more here.

There are plenty of people who want to share an amazing way to organise your finances by downloading their spreadsheet. Some may be legitimate and some not might be. The question you have to ask yourself, is it worth the risk?

Don’t Fall for Fake Virus Alerts in Your Browser

You’ve probably seen them before—those flashing pop-ups while browsing the web that scream:

“YOUR COMPUTER IS INFECTED!! CLICK HERE OR CALL US IMMEDIATELY TO REMOVE THE VIRUS!”

Let’s be clear: it’s complete rubbish.

A web browser cannot directly access files on your computer without your explicit permission. Modern browsers are built with strong security protections specifically to prevent websites from poking around in your file system. This is a core privacy and security feature there to keep you safe.

So, no, those pop-ups can’t tell if your machine has a virus. They’re just scare tactics. Think about it: do you ever see reputable antivirus companies like Norton or Symantec claiming they can magically scan your device through your browser? These scareware tactics are designed to trick you into panicking and handing over access to your money. Don't fall for it.

Phishing

Phishing is a type of cyberattack where scammers try to trick you into giving up personal information, usually to gain access to your money, by pretending to be someone you trust. To gain that trust, they may impersonate a legitimate business or authority, using bits of your own information against you.

It often starts small:they say your name, then maybe your date of birth, or your address. Where do they get this? Sometimes from data breaches, like when a utility company gets hacked because they didn’t take your privacy seriously. Why an electricity provider needs your date of birth in the first place is still a mystery.

These scams can come in many forms: phone calls asking you to "confirm" personal details, emails disguised as official notices, or text messages claiming urgency. The common tactic is pressure, they’ll try to create a false sense of urgency to rush you into acting without thinking, before you have time to question what’s really going on.

Don’t rush into something that could have negative consequences. The bank does not need your login details or pin number to do anything. If they do call explaining that you may have been the victim of fraudulent activity on your credit card, sure provide the authority to place a block on the card. They don’t need your pin number to do this. If in any doubt call them back on the internet listed number, not a number they have texted or emailed you.

Summary

Hopefully, this has helped you think more carefully about your financial data and how to protect yourself from potential threats.

Whenever someone asks for your financial information, take a moment to consider: do they genuinely need it? Is sharing it in your best interest, or theirs? How insistent are they? Are they trying to help you, or just gain access to your money?

If you receive an unsolicited call, be cautious as it could be a scam. Ask yourself who made the call. If they called you, why should you hand over your personal information just so they can verify you? If in doubt the decent companies and corporations have their numbers listed on their website, you can always call them back.

That Nigerian prince that wants you to pay for his flight out because all his cash is tied up, and the Russian supermodel asking for your credit card to book a hotel room for the two of you, they are both fake and someone is trying to scam you. Let’s not fall for that.

Lastly please, don’t download Excel spreadsheets from the internet. Instead, use a trusted web app that’s built with your safety in mind, like this one!