Many years ago, if you wanted to send money to someone online, you used PayPal. It was the only game in town.
So, many years ago, if you wanted to hack a system to steal money online, you tried to hack into someone’s PayPal account.
Today, you have a lot of ways to send money between friends. There are PayPal-like competitors, like Venmo and Cash App, but bank-based transfer methods too, like Zelle.
I’m pretty savvy when it comes to phishing emails, which are those emails that trick you into logging into a fake site with your real credentials, but I try to set up systems as a backup to my vigilance (for example, I use a secret email address just for sensitive accounts). But no one is 100%.
Today, I want to share a straightforward concept you can use to protect myself – it’s called a Firewall Bank Account.
Table of Contents
What is a Firewall Bank Account?
In IT, a firewall is a system that monitors incoming network traffic for nefarious activity. In construction, a firewall is a wall that inhibits or prevents the spread of a fire. Without one, bad actors get free reign once they break in.
In our case, a firewall prevents the spread of a financial breach.
A Firewall Bank Account is an account that sits between your primary bank account and any potentially insecure accounts.
Take a look at my financial map:
PayPal is connected to a Capital One 360 account, which is connected to my Ally account. My Ally Bank account is my main checking account while the Capital One 360 account is my firewall bank account.
(the arrows indicate who can initiate a transfer, so my Ally account can transfer to and from Capital One 360 but my Capital One 360 can’t initiate anything with my Ally account)
Specifically, it goes to a checking account at Capital One and that checking account is routinely swept so it contains just $1.
My Capital One 360 account is my firewall.
If someone gets access to my PayPal account, they can only transfer funds from a Capital One 360 account. Nowhere else. Since that account only has a dollar in it, any request above $1 will fail.
Why Capital One? You can use any bank account but I use them because they made it easy to create sub-accounts. It takes only a few minutes to open (and close) sub-accounts with their own separate account number. At the time I opened the account (back when it was ING Direct), they were the only ones to offer this but now many banks do. You can use any account as a firewall.
It Protects Against Accidents Too
Just like how a firewall in your house protects against accidental fires, financial firewalls protect against accidental transfers too.
Let me share this Reddit thread that started on April 16th, 2020:
The gist is that u/thaipedo had $7,000 withdrawn from his account by the IRS, except he didn’t owe the IRS anything. He was due a refund!
It’s not clear what happened but it looks like there was an error and he can’t get someone on the phone because the IRS has a massive backlog! He will get his money back eventually but who can stand losing $7,000 and still be OK?
People make mistakes all the time and a firewall would’ve prevented this too.
Keep Your “Spoke” Accounts Ignorant
If my Ally Bank account is the hub, the other bank accounts (like Capital One) are spokes.
My Ally Bank account can initiate transfers to and from my spoke accounts, but my spoke accounts can’t do the reverse. They don’t even know about the Ally account.
For example, if you were to get login access to our Bank of America account, you would not be able to transfer money from to or from another account. It has no idea we have accounts anywhere else and that’s by design.
Ignorance is bliss!
🤔 This does make things a little cumbersome when we have to transfer funds because everything has to be initiated in one account (Ally). It also means spokes can’t transfer funds to each other, but this is unnecessary so it’s never a problem for us.
How to Set This Up Yourself
You can do this as part of drawing your financial map. As you log into each of your accounts, keep track of who can initiate activity and in which direction. Then start deleting the things you don’t want and adding the things you do.
You will want:
- Primary Bank Account, hub: This holds most of your free cash, it should have connections to all other accounts.
- Secondary Bank Account(s), spokes: This holds a minimum of what you need for whatever purpose it is, it should have no connections to other accounts.
- Firewall Bank Account: This should be a secondary bank account with the minimum and links to non-bank institutions.
While you’re at it, spoke accounts need a reason to exist. If they don’t, close them. Oh, and set up a secure email address for the account.
Simplifying your financial life is very liberating.
Miguel (The Rich Miser) says
Very smart. What do you think of identity theft monitoring and insurance services? I currently subscribe to one of them, but with insurance you never really know until you actually make a claim; hopefully I never have to!
Hopefully you never have to – I do a bit of the same stuff but DIY style rather than through a service.
https://wallethacks.com/do-it-yourself-identity-theft-protection/
Brent says
You have lost me on this one.
If all income and all bills are being paid from the Ally bank, where does the Cap One acct come into play?
It’s my firewall between Paypal and everything else.
Ms99to1percent says
Yes, we use about the same strategy for our bank accounts and also credit cards.
These hackers are not joking these days so we gotta protect ourselves as much as we can.
Mrs. Adventure Rich says
I never thought of a “firewall” account as a buffer, but that is a great idea. Are you concerned about the security systems of other banks, or just the PayPal account?
Any money transfer account (Dwolla, Venmo, Paypal, etc.) falls under the same category as “not as secure as a bank” so they get the same treatment.
George says
I understand your concept, but if the firewall account (Capital One) doesn’t connect to your hub account (Ally) , how does money get into and out of the firewall account?
It connects to another account at Capital One (ING), I have two accounts there, and that one is attached to Ally.
Josh says
Why not just have multiple checking accounts open at Ally instead of involving a second bank? If the goal is to add a second banking institution to provide an extra level of security, I’d think it would make more sense to have the Capital One account in your diagram be the account that pays your credit cards and funds your investment accounts. In other words, Ally –> Capital One –> Everything.
The account I use as a firewall predates my Ally Bank account, this was bank when I was opening new accounts to write reviews on an older personal finance blog.
Greg says
Where does the Bank of AmerIca account that you mention fit in to this? Itβs not shown in your diagram.
Oh, it’s a legacy account that I used to use as my hub before I relied on Ally. The image I share isn’t my complete financial map, just the part that matters and would be useful to see. π
Josh says
If I understand this right, the Capital One 360 in your map is actually 2 accounts (an account with a sub-account). The Capital One 360 sub-account is the firewall. The Capital One 360 main account is the link between the firewall account and your main hub at Ally. Is that correct?
Does the sub-account have the ability to draw from the Capital One main account or does the main account initiate transfers? I have an old ING/now Capital One account but have never used the sub-account feature. I like the idea of a firewall account for everything. Did you (or would you) consider a second sub-account for paying bills, further isolating your hub account? I’m not sure if it would be worth the hassle of money transfers .
Yep, you got it!
The subaccount and the main account are managed by the same login. I didn’t think about adding one for paying bills, but in theory it could help if a biller might accidentally overbill you – thus creating an overdraft situation. Generally, I think it’s more hassle than its worth though.
Jack says
Useful. I don’t currently connect PayPal or any online payment service to my bank account, but if I did, I would definitely use this approach.
Always a good idea to isolate online activity from primary bank accounts. We use a similar approach in our credit cards, keeping a separate card for online transactions from the one we use for recurring monthly charges.
How do you get money out of Paypal?
Raghu says
Even my Paypal isnt connected to my bank account but one of my credit cards (CC) is.If i am using paypal for an online shopping transaction my CC is charged. However i use Zelle to transfer money to folks and that is tied to one of my main bank account (BK1). in this case do you suggest i need to get rid of the BK1 and instead link another bank account (BK2) that would act as a firewall account. If so, would BK2 will have $1 and do I need to fund BK2 from BK1 every time I need to use Zelle? Fyi, BK1 is my hub account just like the Ally in your map. Last question, am I good with the current paypal setup or does it need changes?
Lily @ TFG says
This is brilliant! I had to read it over twice because I didn’t want to ask any stupid question haha but I think I got it. My husband is a big security freak and I think he would enjoy setting this up for fun (because this is fun for him oddly enough) so I’ll forward this. Thanks Jim!!!
LK says
After reading the comments and staring at the map, I am still confused. The arrow directions make it look like you only use Paypal to receive money. Do you not use it to spend (ebay, online purchases, etc)?
If you do use it to spend, then I’m confused as to where it pulls the money from. It seems like it should pull money from the Cap 1 sub-account, correct? But does that mean that for every transaction, you need to transfer money from Ally into the Cap1 primary account, and then transfer from Cap1 primary to the sub-account? That would be necessary to maintain its $1 level. That seems like the opposite of simplification, so I think I’m missing something here…
Sorry, the arrows indicate how the money can be pulled. So Ally can pull from Capital One 360 but Capital One 360 can’t pull it from Ally. The link can send money either way, it’s just a matter of which account can do the transfer.
David says
So when you want to transfer money that you receive from Paypal to your Ally account, it goes to your Capital One 360 main account, which you transfer to the sub account, which you then transfer to the Ally account?
And is the reverse true if you need to send money from Ally to Paypal? Thanks!
It goes from Paypal to my CapitalOne360 sub-account, then to my CapitalOne360 main, then to Ally. Realistically, it usually just sits in my CapitalOne360 main (similar interest rates) and I transfer to Ally in bigger chunks or back to the sub-account when I need to pay a friend via Paypal.
David says
Also, does this scenario work because Ally has better online security compared to Capital One? If not, what if Ally gets hacked? Wouldn’t you regret leaving the majority of your money with them? Thanks!
They all have good security, the one that worries me would be Paypal. The Capital One is the firewall.
The White Coat Investor says
I’m lost. Where does the BOA account fit in?
I get the firewall account.
I’m not sure exactly what you’re saying about keeping other accounts ignorant. Are you saying that Vanguard doesn’t pull money from Ally, Ally pushes it to Vanguard? If so, what’s the point of a firewall account between Paypal and Ally when you don’t have one between Ally and your bills or Ally and Vanguard etc.
BOA isn’t on that map, the map isn’t 100% complete (just an example based on a subset of my own accounts). If it were put on there, it’s a spoke with an arrow to Ally in the hub.
The firewall is there to protect against potentially less secure accounts, I don’t see Vanguard as a less secure account. Nor do I consider bills or other banks as less secure. Paypal, Dwolla, Venmo, and other payment systems are the ones I like to have firewalled. In fact, my Vanguard has way more money in it than my bank. π
Leo says
If I’m reading some of your other articles correctly, the BoA account is former hub checking account that you’ve kept around in case you need access to services at a physical branch (e.g. depositing cash, notary, medallion), correct?
I did have a similar question regarding your arrows on the diagram. You mentioned that you keep your spoke accounts ignorant of the hub. That would make Vanguard a spoke, but the arrows indicate it can pull money from your Ally account. That means it couldn’t be ignorant of the hub, correct? (I get why you don’t need a firewall there.)
I had a similar question with the bills. Are they pulling straight from your checking account? I’ve always been a little gun shy about that for the very reason indicated by your poor stimulus “recipient.” If my bank’s bill payment system screws up, then hopefully they’ll be faster to fix the glitch than dealing with, say, Big Cable.
I’ve really enjoyed reading through your articles. I’m on a similar simplification-and-organization kick lately after dealing with the multitude of accounts and assets my parents left behind.
Yes, it used to be my hub before moving to Ally Bank.
You are correct about Vanguard knowing about Ally, yes that arrow should’ve gone both ways.
Almost every bill is paid by credit card and those are paid from my bank account. The only exception is utilities.
I’m glad you’re enjoying the articles, if you ever have any questions or just want to say hi, I love getting email! π
Jennifer says
Great article! Instead of allowing Paypal (or others mentioned here) to have my bank log in, I take the delay in getting money (3-5 days). Your method is definitely more efficient. If I used Paypal more, I would definitely consider setting it up with way you did.
Mighty Investor says
I just found your site today. Great stuff!
One question. The supposition behind this article is that funds you have deposited at PayPal are less secure than at other banks. Can you explain how you came to that conclusion?
Thanks,
Tom (aka Mighty Investor)
My history with PayPal spans over a decade, even before they were acquired by eBay in the early 2000s, and back then they weren’t as secure as they are now. Today, I have no concerns with PayPal itself but there are plenty of payment platforms out there and they all have some risk associated with them (they could be compromised, I could be phished, things of that nature) and so the firewall strategy has persisted.
And it’s not that the funds are PayPal are insecure, it’s that my account could be compromised and I don’t want thieves to be able to transfer funds out of my regular checking account.
As a business owner, I’ve heard of horror stories of other business owners had their accounts frozen for one reason or another. I’m not worried about that either because I don’t sell anything (and thus do not collect payments), but that would be a huge cashflow headache for a small business.
Mighty Investor says
Thanks for the additional perspective, Jim. Much appreciated.
Brian Hart says
My wife and I just made a similar setup with small difference. We just opened both Ally checking and savings accounts and have our income going there and only Ally can initiate any transfers. We had been using Capital One 360 as our main account. Since it’s already linked to Paypal and the account info is already everywhere from our online purchases, in-store card purchases and added to our utilities and other bills sites. For any bills and other purchases we’ll transfer the money ahead of time into our 360 account. Since our Ally account is new and the info isn’t spread everywhere, should our 360 account be a part of any breaches or hacks our incoming money and savings are safe. We wont be without access to our money while things are fixed. We also just setup an account with Chime that we could switch with our 360 if needed to keep our Ally info safe. Just like 360 it’s linked to Paypal but only Ally can initiate any transfers.
Chris says
What happens if your Ally account gets breached and because you can only initiate transfers from Ally, aren’t you screwed out of your main money account and out of your secondaries because they are tied to it?
Be careful with that account. π
Christian says
I plan to use this system of firewall. Also plan to put most of my money on Ally. Why should i be-careful with Ally, where should i put it instead?
Nothing specific to Ally, I meant to be careful with your main money account.
Herman says
I assume this strategy does not protect you from carelessness such as disclosing your online banking passwords to a stranger or accessing online banking over unsecure wifi network in public area.
If you do that with Paypal and it’s only linked to a firewalled bank account, then you would be safe. But if you disclose your online banking password, it doesn’t much matter about the firewall if they get right into your accounts!
TomballBob says
Thanks, this is good stuff for someone who used PayPal etc., as I used to. If I ever started to sell on E Bay (or similar) again, I would use something like PayPal and this will be an awesome strategy.
Currently, my method (partly since I don’t have much need for PayPal and similar) is to used dedicate debit cards that never have much money in them. I load them up with $100 to $200 and then use them for online or in-person payments when I don’t want to trust them with my regular credit cards. I can add $ to them quickly from my bank and then spend those $ within minutes.
If you don’t use PayPal a lot, your way is great because then they don’t even get any banking credentials and your credit cards are safe. This is arguably a very small probability event but it never hurts to be proactive.
Kathleen Stringfield says
All very interesting. Especially since I’ve been through the same ING-CapitalOne-Ally journey. Loving Ally. About to check out their new Investment service.
I keep most of my working funds in an Ally Savings account with one or two monthly transfers to cover bill payment out of the Ally Checking. Though as I write that, I realize that I have overdraft feature so if I encountered the IRS issue noted above, there would be a transfer to cover it. Need to fix that.
1. So how do mobile banking apps on your phone fit into your banking security picture?
2. You noted that almost all bills are paid with a credit card. Isn’t there extra fee for that?
3. Do you really need the two accounts at Capital360 or is that just a legacy? Can’t the firewall be just one account at a separate bank?
1. I use them normally.
2. Nope, some bills are paid with billpay though (like our utility bills).
3. It’s legacy, I’ve always used the Capital One account as a firewall and never felt a desire to change things.