Years ago, if you wanted to send money to someone online, you used Paypal.
Years ago, if you wanted to hack a system to steal money online, you tried to hack Paypal.
Nowadays, you have a lot of payment processors, a lot of money transfer systems, but the attacks and the phishing never stops.
I'm pretty savvy when it comes to phishing emails, those emails that trick you into logging into a fake site, but I try to set up systems as a backup to my vigilance. No one is 100%.
So today, I want to share a straightforward concept you can use today – it's called a firewall bank account.
What is a Firewall Bank Account?
In IT, a firewall is a system that monitors incoming network traffic for nefarious activity. A firewall in construction is a wall that inhibits or prevents the spread of a fire.
In our case, a firewall prevents the spread of a financial breach.
A firewall bank account is an account that sits between your primary bank account and any potentially insecure accounts.
Take a look at my financial map:
(the arrows indicate who can initiate a transfer, so my Ally account can transfer to and from Capital One 360 but my Capital One 360 can't initiate anything with my Ally account)
Specifically, it goes to a checking account at Capital One 360, a checking account with just $1.
My Capital One 360 account is my firewall.
If someone gets access to my Paypal account, it can only transfer funds from a Capital One 360 account. That account only has a dollar in it so if someone tries to transfer more, it'll fail.
It Protects Against Accidents Too
Let me share this Reddit thread that started on April 16th, 2020:
The gist is that u/thaipedo had $7,000 withdrawn from his account by the IRS, except he didn't owe the IRS anything. He was due a refund!
It's not clear what happened but it looks like there was an error and he can't get someone on the phone because the IRS is currently processing all the stimulus check payments! He will get his money back eventually but who can stand losing $7,000, especially at a time like this, and still be solvent?
People make mistakes all the time and a firewall would prevent this too.
I Keep My Spoke Accounts Ignorant
If my Ally Bank account is the hub, the other bank accounts (like Capital One 360) are spokes.
My Ally Bank account can initiate transfers to and from my spoke accounts, but my spoke accounts can't. They don't even know about the Ally account.
For example, if you were to get login access to our Bank of America account, you would not be able to transfer money from to or from another account. It has no idea we have accounts anywhere else and that's by design.
Ignorance is bliss!
How to Set This Up Yourself
You can do this as part of drawing your financial map. As you log into each of your accounts, keep track of who can initiate activity and in which direction. Then start deleting the things you don't want and adding the things you do.
You will want:
- Primary Bank Account: This holds most of your free cash, it should have connections to all other accounts.
- Secondary Bank Account(s): This holds a minimum of what you need for whatever purpose it is, it should have no conenctions to other accounts.
- Firewall Bank Account: This should be a secondary bank account with the minimum and links to non-bank institutions.
While you're at it, close any secondary bank account that doesn't serve a purpose and set up a secure email address for the account.
(by the way, this works with any account you want outside of your “firewall,” including these great alternatives to PayPal)
Simplifying your financial life is very liberating.