8 tips for safer online banking

Filed Under: Data loss, Featured, Privacy, Security threats

Piggy bank. Image courtesy of Shutterstock.Online banking is nice and convenient. But it does come with certain risks. Just as you hear of people being robbed at ATMs, or having their cards cloned, so online accounts are also a point of vulnerability.

Follow these 8 tips and you can minimise the risks to your finances and bank safely online:

1. Choose an account with two factor authentication

Try to get a bank account that offers some form of two factor authentication for online banking.

These days many, but not all, banks offer a small device that can be used to generate a unique code each time you log in. This code is only valid for a very short period of time and is required in addition to your login credentials in order to gain access to your online account.

2. Create a strong password

If your bank requires a user-generated password in order to access online accounts make sure you choose one that is strong. The best way to achieve this is by making it long and a mix of upper and lower case letters, numbers, and special characters.

Always avoid using any common words or phrases and never create a password that contain your name, initials, or your date of birth. If your bank allows it, change your password every few months.

When setting up online banking, if your bank asks you to provide answers to some standard security questions remember that the answer you give doesn't have to be the real one.

So you don't have to answer "Thumper" to the name of your first pet - make it something else, as if it was a password. Use a password manager if you are concerned about how to remember everything!

3. Secure your computer and keep it up-to-date

Security software is essential these days, regardless of what you use your computer for.

As a minimum, make sure you have a firewall turned on and are running antivirus software. This will ensure you are protected from Trojans, keyloggers and other forms of malware that could be used to gain access to your financial data.

You'll also want to keep your operating system and other software up-to-date to ensure that there are no security holes present.

4. Avoid clicking through emails

No financial institution worth their salt will send you an email asking you to provide any of your login details.

If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may well be a phishing attempt to trick you into handing your credentials over.

Phishing. Image courtesy of Shutterstock.Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to 'your account' they will steal your username and password and, ultimately, your cash.

It is always safer to access your online bank account by typing the address into your browser directly.

Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PINs (they may ask for certain letters or numbers from them, but never the whole thing).

If in doubt, do not be afraid to hang up and then call your bank back via a telephone number that you have independently confirmed as being valid.

5. Access your accounts from a secure location

It's always best practice to connect to your bank using computers and networks you know and trust.

But if you need to access your bank online from remote locations you might want to set up a VPN (Virtual Private Network) so that you can establish an encrypted connection to your home or work network and access your bank from there.

Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with 'https'. Both act as confirmation that you are accessing your account over an encrypted connection.

6. Always log out when you are done

It is good practice to always log out of your online banking session when you have finished your business. This will lessen the chances of falling prey to session hijacking and cross-site scripting exploits.

You may also want to set up the extra precaution of private browsing on your computer or smart phone, and set your browser to clear its cache at the end of each session.

7. Set up account notifications (if available)

Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent.

Such alerts could give quick notice of suspicious activity on your account.

8. Monitor your accounts regularly

Gold coins. Image courtesy of Shutterstock.It should go without saying that monitoring the your bank statement each month is good practice as any unauthorised transactions will be sure to appear there.

But why wait a whole month to discover a discrepancy? With online banking you have access 24/7 so take advantage of that and check your account on a regular basis. Look at every transaction since you last logged in and, if you spot any anomalies, contact your bank immediately.

The above tips should go a long way to ensuring that you enjoy the advantages offered by online banking without experiencing any of the pitfalls.

If you have any more advice to add to this, please do so in the comments below.

Safe banking to you all!


Images of piggy bank, gold coins and phishing courtesy of Shutterstock.

, , , , ,

You might like

25 Responses to 8 tips for safer online banking

  1. Wund · 333 days ago

    Make sure you are logged out of anything else

  2. Patricia · 333 days ago

    Don't access your banking account when you are currently also online in your Facebook account, other social network or similar site, where phishing and hacking regularly visits. Typing in your password could be recorded while you are logged in elsewhere.

  3. Under 4. Avoid clicking through emails, you say

    "Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PIN numbers (they may ask for certain letters or numbers from them, but never the whole thing)."

    It is totally unacceptable for anyone to phone me, claiming to be from my bank, and ask me to answer a "security question". They phoned me. They know they have my phone number. There is a good chance that I am the right person. I have absolutely no idea who they are, and if the question really is a matter of security, the onus is on them to prove their identity first.

    There are only two plausible reasons why a bank would do such a thing. Either it is a deliberate policy so that if my answers to their "security questions" are ever compromised, they can prove that I have been careless in giving them to anyone who asks for them. Or they are stupid.

  4. Mr. Language · 333 days ago

    Never use your "PIN number" (personal identification number number) while directly connected to "AC current" (alternating current current).

    • so THEN you could chime in an ask "why must I turn off my Air Conditioning..."? Give up, it's correct. 😂

    • Lateral · 333 days ago

      Also, don't forget your tin foil hat.

      L.

    • Steve-O · 333 days ago

      Some are failing to see Mr. Languages teasing about "PIN numbers". You know, like the ones you use at the "ATM Machine"... They are not correct. =)

  5. rakso75 · 333 days ago

    Before logging into your bank account close the browser. Completely. Open it, clear the cache (or set the browser to clear the cache on shutdown, more convenient), go to your bank webpage (type it), log in, do your business, log out. Clear the cache. Close the browser.

    Once you get used to this you do automatically and honestly, it does not take so much time, you will not even notice any difference.

    • JJones · 333 days ago

      From a KISS perspective it may be easier to get buy-in to instead say "use a different browser for banking". Example: If you use Firefox for everyday surfing, use Chrome for banking.

      Since most folks tend to use the same browser for everything, by using an alternate browser for banking the cleaning up you're after wouldn't be necessary. Of course you could additionally advise to set the "banking browser" with minimal/no cache, purge history on exist, have add-ons/plugins disabled, etc.

  6. Roy Jones · 333 days ago

    I am one for forgetting my password often, so I've thought of a novel one and have changed it to the word "Incorrect" so whenever I make a mistake the site will come back and tell me "Your Password is Incorrect" LOL

  7. jls · 333 days ago

    Sadly, very very few banks have real two-factor authentication. Hint: Asking you to enter something else you "know" - e.g., favorite pet, birthplace, mom's maiden name, etc. - does NOT constitute two-factor authentication.

  8. JKohler · 333 days ago

    Make sure your bank stores passwords in an encrypted format. If you click on the "forgot password" and the bank sends your password in plain text, then they are storing it in plain text (or are using an encryption method that isn't worth a grain of salt)!

    • Steve-O · 333 days ago

      Really? This is great to know. I might have to test my forgotten password! Thanks for the tip

  9. JustMe · 333 days ago

    Why aren't we talking bout the US Government's ability to force companies into giving over their SSL Certificates?

  10. 3caster · 333 days ago

    My HSBC Business account squire the use of Trusteer Rapport security. And Norwich & Peterborough Building Society require that too. Having installed it I find that all banks including Paypal are making use of it. Has Sophos any opinion on Trusteer Rapport?

  11. LarryM · 333 days ago

    When accessing your bank account from a smart phone, always use an app provided by the bank rather than a browser.

  12. Hammish · 332 days ago

    Why should we be interested in German government concerns with Firefox, back in March 2010?

  13. Nic · 332 days ago

    I was advised to never use an administrative account on the computer when accessing my online banking.

    • markstockley · 332 days ago

      It's not just banking. I suggest you don't do _anything_ on your computer logged in to an administrative account unless you explicitly need the privileges that come with an admin account to accomplish a particular task.

      I'd recommend logging in as a user with the lowest possible level of privilege you need to get your normal activities done and then use sudo or runas if you need to accomplish something with admin privileges.

  14. Bob · 329 days ago

    Thanks for the article.
    The 9th thing we would all like to do is choose a bank that has a record of never losing any account data for it's customers. I.e., never being hacked into in a way that would give access to any personal and business account to someone other than the account holder or bank staff.

  15. Anonymous · 39 days ago

    Use linux live system from cd. Never use smartphone it is enough smart to outsmart you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.