Processing your funds has never been as easy as it is now. You can now instantly send money by using a an app and phone number, whereas before there wasn’t such thing as instant money transfer (only if that was about cash). And not only that. You can do a ton of other things, really fast and easy. You also have a lot of options for each of those like Revolut, MobilePay, ApplePay, Paypal and the list can go on forever.
Having it easy and having a lot of options for it usually ends up in a mess. You do not know which websites or devices have access to your payment details. You wake up having money withdrawn from your account without expecting it. You end up using 5 different apps to do the same thing and you do not know which one you should use and when.
In this article I’ll detail what are my needs for handling money and how do i do it in a fast and safe way.
Contents
My money handling needs
When it comes to my use cases around handling money virtually, they are the following :
- currency exchange – exchanging from one currency to another, without paying commissions or having to lose money just by doing it
- online payments – these are cases like online shopping where you use your financial details for an online transaction (like writing your debit/credit card details into the payment form)
- offline payments – these are cases like going to a regular physical shop and using your debit/credit card with a PoS (point of sale) system
- cash withdrawal – you sometimes need cash and you would like to withdraw it, without paying commissions or having to lose money just by doing it
- transfer to a bank account – you have a IBAN account to which you need to transfer funds, for example for investing purposes.
- instant money transfer – you need to quickly send money to your friend
- recurring payments – like rent, mortgage or utility bills are payed on a regular basis and you’d ideally want to have it done automatically and not bother doing it manually every single time
- handle cost splits – for cases where you went out with your friends and you want to quickly split the restaurant bill without fidgeting thru cash or calculating who needs to pay what
Being able to do all of the above fast and easy comes with a price. That price is the risk of losing your funds.
Loss of funds
Handling money virtually, using phones and online payment processors or even handling money physically, by using cash can result in a loss of funds.
How can this happen ?
Theft of card details
Websites get breached everyday. Personal data and debit/credit card details are stolen and used for fraudulent transactions or sold on the darkweb for others to do that. An average of 4,800 websites a month are compromised are compromised monthly, leading to whoever knows how many stolen credit card details.
Most banks nowadays have a banking app. And we all use various apps to process our funds, like Paypal , Apple Pay and so on. These apps reside on your smartphone, which can be stolen or hacked, allowing others access to your funds.
You debit/credit card details or even PIN number can be stolen by somebody who happens to see you type them in some where. Or even because you left your wallet unattended long enough for somebody to get your details or even steal your wallet altogether.
Most debit/credit cards nowadays come with a wireless capabilities, enabling you to simply touch your card to the PoS system and your transactions goes thru. As convenient it sounds, as easy can one steal your funds via the air. –
Your card can be stolen or the information on it can be used to clone your card, being then used for fraudulent transactions.
Transferring to the wrong destination
Yes, it does happen. Even with big amounts of money. Since the process of operating your funds is so easy, it can also be very easy to make a mistake. A common mistake is that of writing a different phone number for instant transfers. Or writing a wrong digit in your online banking app. Thus having your funds ending up in somebody elses account instead of the original destination.
Change of billing policy and automatic renewals
There are cases where you use a service for a while, but then you stop, forget about it and wake up that you have to pay for something that you had no idea you even had to.
It happened to me back in 2016, when I was using DigitalOcean to host my customers websites. I then switched from DigitalOcean to a different service but I still left all of my configuration intact. DigitalOcean announced that they will start billing for something they weren’t. Being out on vacation, I wasn’t checking my email to see that I was announced that this will be happening. When I got back from vacation, the payment was already processed. Luckily, it wasn’t a big amount.
There are other cases where you have subscribed for a service and the renewal fee is very infrequent – e.g. on a yearly basis. You stop using that service and forget entirely about the renewal, waking up that you’re paying for something that you didn’t wanted to.
How can you stop this from happening ?
There are multiple things that one can do to avoid unwanted loss of funds.
Many are simply common sense. Like not publicly displaying your credit card details on social media. Or not leaving your wallet around unattended. Or not leaving your smartphone unlocked unattended, ready for anybody to start using the quick
Others will depend on your risk tolerance, workflow when doing financial operations and on the technical capabilities of the financial apps that you use.
My financial setup
For each of the use cases enumerated above, I have a preferred method of doing it and usually stick only to that.
Salary- account – main bank account used to receive salary on. I have a max-funds-limit on the account to avoid losing more than I can accept. Everything over the max-funds-limit is transferred to my “Savings-account“. Both accounts are accessible by a web-interface and a “Banking App” using 2 Factor Authentication.
Authentication from the App can be made easier, by switching the login method to “Touch ID” or “Personal code”. I intentionally use the “harder” method, that of NemID (which uses 2 Factor Authentication). This is because I want to reduce the likelihood of anybody getting access to my bank account in case my phone gets hacked or gets stolen.
Revolut app – used to administer and secure my Revolut cards, perform currency-exchange with no commissions and at a very good rate , perform transfers to a bank account (international transfers included, as I managed to reduce the time to transfer from 3 days to a few hours or 1 day ). A cost-effective choice as well, as Revolut has a free offering with a free debit cards, which has pretty convenient limits for day-to-day use.
Similarly to my “salary-account” i have a max-funds-limit so that I will never keep more funds in the app than i am accepting to lose.
It can only be installed on your mobile device and will ask you for a verification code whenever you perform an operation. You can get rid of that by enabling “Trust this device” but I intentionally do not use it because the smartphone itself can be stolen or compromised.
Revolut virtual debit card – used for online payments only. This means that the details will be saved in various websites and apps. In case the card details are stolen or in case I will not use it for a while, I can simply “Freeze” the card with a touch to be sure that it cannot be used.
Revolut physical debit card – used only for offline payments, cash withdrawal. I once had this cards details stolen and after Revolut blocked a fraudulent transaction, I could have ordered another Revolut physical debit card for free.
Your-bank physical debit card – only used to transfer money to Revolut and sometimes for other use cases in case Revolut fails, like online payments, offline payments and cash withdrawal. Ideally, I would never use this card for anything but to fuel my Revolut account, as this can drastically reduce the likelihood of it being compromised. It’s the only card that can directly access my “Salary-account“
MobilePay – used for instant transfers. The Revolut App can be used as well, but MobilePay is a much more popular and widely accepted method in Denmark. WeShare is an app that works on top of MobilePay alowing you to handle cost splits
Here are some of the methods that I use to mitigate the risk of losing my funds in my setup.
1. Limit the funds accessible to an acceptable loss amount
That means you only keep as much money accessible as you are willing to lose.
“In case something happens, I accept the loss of these funds.”
Of course, you will never be ok with losing money, but you would rather have an acceptable loss rather than something that will make you starve for the following months.
I receive my salary in the “Salary-account” after which I transfer most of it in the “Savings-account”, leaving only the amount needed for a known, daily expenses.
2. Limit transactions and operations as much as possible
Limit usage based on geography. If you are physically located in Europe and there is an ATM transaction with your card details happening at the same time in the USA, it would be automatically rejected.
Switch off online transactions, in case you know you will not use that card for online transactions. You will end up having 2 preferred cards – 1 for online transactions only and 1 for offline transactions only.
Switch off ATM withdrawals, in case you know you will not use that card to withdraw cash. This applies to the card that you use only for online transactions.
Set a spending limit to be sure that no more than the accepted amount of funds will be withdrawn at a single time. Point 1. will narrow down how much money is accessible. A spending limit will stop the access to those funds at an acceptable threshold.
These settings will heavily depend on the technical capabilities of your banking/Fintech app. Here are some examples from the ones that I use.
Secure access to your phone / PC and online accounts
3. Verify transactions regularly
Going thru your bank statements or app activity will reveal any fraudulent or unexpected (but legit) transactions.
Be ready to block your debit/credit card in case fraudulent activity is noticed. This is the “Freeze” option mentioned above in the Revolut Security settings.
Keep an inventory of all online accounts where you have saved your payment details. This will make your life easier when your debit/credit card expires and you have to update these online accounts. And will help you avoid getting billed for something you had no idea of – because keeping an inventory of these online accounts will also force you to consider whether you are still using this service or not.
4. Consider PC and smartphone usage
Access your financial apps / online banking portal only from trusted devices. I do it from my devices only.
Configure your devices to be secure-enough. This includes the basics, like being up to date with operating system patches and blocking access by using an access code. There are many other things needed here but that’s for a separate article.
You could also opt to Use a separate device only for financial transactions. Having a separate smartphone used only for financial operations will greatly reduce the likelihood of the device being compromised. It can be inconvenient carrying 2 smartphones with you all over the place, but it depends on your context. This is what I usually recommend for investors in my free assessments.
Conclusion
Spending money nowadays is easy. Maybe too easy. If it’s (too) easy for you to transfer your funds wherever, it’s most likely easy for an attacker to transfer your funds to his pockets.
We always want to look for a balance between usability and security.
The most important take-away here is that you should understand your needs and risk tolerance in terms of financial operations and build your setup based on that.
The key methods that I use to secure my setup and the most effective to start with :
1) max-funds-limit to make sure that lost funds aren’t more than what’s accepted.
2) easy-to-block-and-restrict physical and virtual debit cards, each used for different purposes.
Revolut is central to my setup and I recommend it because it’s cost effective and has usable security features. There are many other competitors though. Looking forward to seeing other examples of such apps or setups similar to mine.