Setting Up Buffer / Firewall Bank Accounts

Unless you’ve been under a rock for the last few years, you’ve gotten 124 PayPal phishing e-mails telling you that your account has been suspended, yada yada, gimme your login and password. New variations come out every day. I bet that more people are being fooled than we know of, mostly due to the shame of admitting it.

I was just reminded me of one way to fight this problem by keeping a “firewall” checking or savings account. Basically, if you do a lot of online transactions with payment processors like PayPal or Neteller, or are simply paranoid about identity theft in general, you can set up an separate, empty bank account to act as a buffer. Let me illustrate:

Best Illustration Evar

(Best diagram ever, I know.)

Whenever you need to give out your account information to a questionable entity, use the Firewall account numbers. This way, the money in your main account is always protected. Even if your Firewall account gets compromised and your account and routing numbers are being spread around the internet and sold to the highest bidder, there would be nothing to take!

This comes with some inconvenience, as there is the added step that whenever you need to send out money, you first must transfer money from your main checking to your Firewall checking, and then withdraw from there. You may also get a NSF (non-sufficient funds) charge if somebody does try a fraudulent withdrawal, but that’d probably be better than losing your $1,000 or whatever you keep in your main checking account.

You’ll need a no-minimum balance bank account to do this. My WaMu review sparked my memory, because their checking account is perfect for this. No minimums or fees to worry about, instance transfers from an existing WaMu account, and you get one free forgiven NSF charge per year. You can also do this with a no-minimum balance savings account if they allow external transfers – it takes a bit longer for transfer, but you might earn more interest. I’ve used Virtualbank in the past.

Comments

  1. Excellent tip! Thank you.

  2. Why bother with this when all credit cards have provisions for online purchases (limiting or even nullifying damages and payments for the consumer)?

  3. I don’t think I said anything about credit cards? 🙂 This isn’t to protect your credit cards, it’s to protect your bank account balances. Bank accounts also have some fraud provisions, but this simply stops an unauthorized transfer from occurring in the first place.

  4. I’ve done this exact thing with my PayPal account. There have also been stories of PayPal automatically withdrawing money from linked accounts without notifying people (not related to phishing but usually chargebacks), so this has that added benefit.

  5. Savvy Samurai says:

    This is very good advice. Unfortunately there are poor safeguards for Ebay sellers using Paypal. It is a scary thing that Paypal allows automatic ?charge-backs? without notifying the seller. These days I don?t sell stuff on Ebay that often, but for those who do I would definitely recommend this strategy to protect your money. Others tips found here: link

  6. Based on what I have heard about Paypal and checking accounts I don’t think I would ever give my checking account info to PayPal. Of course, I am only a buyer on Ebay never a seller. For every buy using PayPal, Ebay or not, I create a new Virtual Account number via one of Citi Mastercard credit cards. I set the dollar amount to the amount of the transaction and also limit the expiration date. Essentially, a one time use number. Citi, only allows one merchant to bang against a given virtual account number. I found this out the hard way. How much this protects me I don’t really know but I feel relatively safe using this approach.

  7. Could you explain a little more why the firewall is useful? You say it would be good whenever “you have to give your account information to a questionable entity.” When would you do this? Do you mean your PayPal or your checking account? I unexpectedly got a debit card from a brokerage where I have stocks and a money market account… basically the bulk of my net worth. Would it be better for me to use a debit card for a linked account, for similar reasons?

  8. By questionable party I mean whatever third-party you are giving access to your bank account, such as PayPal or Neteller (like PayPal, but for online poker sites). These guys are not banks and thus higher on my questionable meter 🙂

    As for your debit card, you just have to know what kind of rights with it. Most banks give you fraud prorection if you lose the card or something. But if a crook uses PayPal to suck money out of your account, you may have to take things up with PayPal, not your bank. And PayPal isn’t always easy to deal with.

  9. that’s how my paypal acct is set up …lol…Didn’t draw a diagram…though… 🙁

  10. Jonathan: I know you didn’t bring up credit cards; I did because you’re talking about unauthorized transactions online. The easiest way is not to pay by checking or even allowing your ABA routing and account # to be associated with your personal info. The few instances where this might be necessary is bank to bank transfers or brokerage to bank transfers.

    Otherwise why would you want to pay anything by EFT and linking bank accounts? Very few transactions need to deal with a direct link to bank accounts. Even paying PayPal by credit card is possible (rather than even linking to a bank account).

  11. I do this exact thing. My main bank has no branches where I live so I do everything online or though the mail. I have a local, completely free checking account that I use to deposit cash and link to PayPal/Prosper/eBay or anyone else that wants my bank account numbers.

  12. To BL,

    When you like to sell something on eBay via PayPal, you want to get the payment transferred back to your bank account. If you do not give them your bank account number, the money you received from buyer will just stay in your PayPal account.

    And that’s one of the reason / example you sometimes just have no choice to disclose your account number to the one we don’t really trust (eg. PayPal).

    It has nothing to do with buying something using credit card.

    Also To Heather,

    To use a debit card is alomost the same risky as to use your bank account number. Your debit card is linked directly to your bank / credit union / brokerage / lending firm…whatever account. Yes, some financial institutions offer Zero Liability on debit card transactions, but they have no motivation to fight for you, because they won’t lose anything anyway. When something happens, your money is gone, and you have to fight for yourself. However, if you were using credit card for purchase and something wrong happens, you can simply file a dispute with your credit card company and you don’t have to pay that part of the fraud amout. Credit card company has to do the research for you, otherwise they can’t get the money from you.

    In addition, same as mc, I also use virtual credit card number from Citi and MBNA on any transactions that I can’t fully trust.

  13. You also need to link a bank account to become “Verified”. Some people are unwilling to accept or send payments to people who are unverified, and so it can potentially hurt your sales.

  14. Great idea. i guess i will use the wamu account (free checking to get my 5% savings) i just opened as my safe checking account and continue using my old checking as the firewall. since everything is set with that acct # already.

  15. I never xfer from PayPal to my checking account. In fact, nobody can auto-withdraw from my checking account. All payments are one-way, *from* my checking to somewhere else. Problem solved?

  16. As long as someone has your routing number + account number, they can try to take money out of your account. You can even pay directly at many places like Amazon.com using just those two numbers.

  17. Don’t most banks guarantee against unauthorized withdrawals? BofA has an add they run that has a guy who had $5k taken out of his account without his knowing. He needed that money for “his vacation” and so BofA told him the money would be credited back to his account in 24 hours. Am I wrong that major banks like Citibank, Wells and BofA guarantee to give you your money back as long as you report it timely.

  18. My 12 year old stepson opened a PayPal account and used my savings account number. He called the bank and asked for the verification deposits and they gave him the information! Over the next few weeks he spent $724. When I got my statement I went to the bank and they said anyone can transfer money out if they have the routing and account number. “How are we to know it is not you” they said. PayPal was no help.
    If someone gets your account number they can clean you out! The bank said they cannot stop electronic transfers.

Trackbacks

  1. Firewall Your Bank Account at the Money & Investing Dogberry Patch says:

    […] MyMoneyBlog has a very good idea about setting up a “firewall” checking account to protect your regular account from getting drained if somehow the bank account you use for things like PayPal gets compromised. […]

  2. kirkwalsh.com says:

    Firewall Checking Accounts…

    If you have an account with PayPal or Neteller, this is a fantastic idea. Set up a no minimum balance checking account (if your financial instutitution allows it) and have that be the checking account hooked to your PayPal account. That way, if your Pa…

  3. Morocco Time » Banking Firewall says:

    […] Being an IT geek, I love when people explain things in IT terms. One of the money management blogs that I read on a regular basis had a post on Setting Up Buffer / Firewall Bank Accounts. This has a practical application for many of us who live overseas, not to mention just doing business on a daily basis. The idea is that you have a “firewall” bank account set up between your actual bank account and any bill payment/online purchases, like so: […]

Speak Your Mind

*