While paying my bills recently online through my bank, I had a sudden flash of concern. How safe was my transaction? Was I at risk of identity theft or, even worse, the pilfering of my accounts?
Although experts say online banking is safer than the traditional method of using paper statements, it turns out that my worry is not completely unfounded.
Although there are currently no reliable studies showing how much money is lost through online banking alone, there are a number of reports that have put this problem at the forefront.
Incredibly, about $3.2 billion was lost to phishing attacks in 2007, which affected 3.6 million people that year, according to a survey by Gartner, a technology research firm. Reports indicate that this is a growing problem.
The Sinowal Trojan, a virus that injects legitimate-looking pages on your browser, then steals your login credentials, compromised 300, 000 online bank accounts and 250, 000 credit and debit card accounts over three years, according to a study published in October by California’s RSA FraudAction Research Lab.
With the use of online banking on the rise, and the service heavily promoted by most financial institutions, this issue most likely will become even more widespread.
So how can those of us who use online banking safeguard ourselves?
Although there is no silver bullet, there are ways to bank smart online that can help minimize your risk of fraud.
Protecting your online banking info
The first rule of thumb is to confirm that the online banking site is legitimate. An easy way to do this is to log onto the site directly, not through a third party or unsolicited email. Otherwise, it’s easy to be duped by copycat websites that have been designed to capture your information.
When deciding on passwords and PINs, the more complex, the better. Never use the obvious, such as names or birth dates. The most secure passwords use a combination of letters and numbers (and special characters, if allowed). Change your passwords and PINs often, and vary your credentials from account to account.
Also, keep passwords and account information in a secure place, and don’t share them under any circumstances. This includes providing this information during unsolicited phone calls or in emails.
You should also familiarize yourself with your bank’s privacy policy, which will detail what information the bank has about you and what it shares with other companies. And be sure to confirm that your deposits are federally insured by the FDIC. The ‘About Us’ section on most bank websites will typically provide this information.
It’s best if your information is encrypted when being sent between your computer and your online bank (and back). Look for the lock or key icon in your web browser to be sure that your data is secure.
Don’t use a public computer, such as those located in hotels or cybercafés, to access your accounts, and be wary of using public or unsecured wifi networks. Otherwise, it will be relatively easy for fraudsters to steal your data.
Finally, any computer used for banking should have a virus protection program and firewall that are updated regularly, and be sure to perform virus scans daily. Warning signs that your computer has been compromised include slow or sluggish response times, frozen screens, and/or an inordinate number of unsolicited pop-ups.
Closing thoughts
Given that it’s nearly impossible to completely secure a computer, the more safeguards that you implement, the better off you will be.
By being proactive, keeping a close eye on account balances and transactions, and instituting safer online banking procedures, you will minimize your risk of theft.
It’s important never to let your guard down, especially when banking online.
Hey there, You have done an excellent job.
I’ll definitely digg it and personally recommend to my friends. I’m sure they’ll be benefited from this website.
All good things to take into account when online banking, but there is 1 thing even safer, that many banks, banking industry groups, and even the FBI, have now suggested.
Commenter Bologus sort of mentions it above; “separate drive w/OS for banking only”. I’m specifically talking about using a “Linux Live CD”. It requires no knowledge of Linux to setup or use, so don’t get scared by the name. You boot the computer from said CD, completely ignoring whatever operating system is on the harddrive along with any virus/trojans/malware/keyloggers. The computer doesn’t even need a harddrive in it, which is the suggested setup for small businesses to use: a dedicated computer.
Nothing else can be saved to it, such as virus/trojans/malware. If you do nothing but banking with this cd, visit no other websites, deal with no email, you pretty much completely eliminate any possiblity of any virus/trojans/malware/keylogging, or any other such problems. Visit your bank and only your bank while using the cd, and NEVER visit your bank unless you’re using the cd.
This can also be done using a usb flashdrive/thumbdrive instead of a cd.
Some more reading for you on the subject, along with a full how-to in the 3rd link:
http://lifehacker.com/5381466/use-a-linux-live-cdusb-for-online-banking
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html
I just recently started using 1password to keep track of all my information, including banking. So far I’m pleased with it. Both of my banks use multiple methods to assure me that I’m actually using the bank website instead of a fake, and both have made it clear that they will NEVER send a link in an email (not that I would click it anyway!).
I think the most important step is making people aware that phishing and other scams exist. My grandfather would type in any information requested if the website had his bank’s logo on it, because he simply doesn’t realize there are people trying to steal his info. Education (like the tips in this article) will go a long way in protecting our banking and other information from people looking to exploit it.
Multi-pronged security is best:
– virus scanner
– separate drive w/OS for banking only; turn on *only* this drive when banking
– web site blocker (e.g., Pro-con Latte), prevents accidentally visiting non-banking sites
– whole drive encryption (Truecrypt), so cache can’t be exploited
– keystroke encoder
– cut and paste ID/passwords
The biggest mistake people make, in my opinion is not having their computer safe and secure with virus protection. I pretty much do all my banking and business online, and I couldn’t live with out a firewall and virus screening. There are many free programs to use, that work decent for being free. I would recommend upgrading and buying the programs, because keeping those kinds of things safe should be a priority.
my solution is to use KeePass, which is a offline password manager. It’s stores all your logins and passwords in an encrypted file on your local hard drive or usb flash drive. I feel it’s more secure than using an online password manager.
Disicipling yourself? Hmm, might be a good idea, but the above should read disciplining.
Brad
Keyloggers will continue to be a concern even with good password protect habits. Certainly nothing is a 100% safe, but a good anti-virus program and disicipling yourself to visit only trusted sites is a very good way to dimish your online risks.
Brad
Ron: 1password uses strong encryption on the iPhone, so your data are pretty safe even if you lose your phone.
Another point: don’t do banking on your phone! Phones are easy to hack. Also, if you have every lost your phone, someone can hack into the phones memory and get your passwords. Had this happen to me. Phone was stolen and had to change all my passwords. Luckily, I didn’t do any banking on the phone so those passwords were okay.
STRONGside: I use 1password, which has Mac, Windows, and mobile versions, automatically syncs across platforms via Dropbox, and integrates with your browser for auto-fill. LastPass and KeePass are other options.
I have been researching various services around the web that help you manage all of your passwords. I also worry about the security of online banking, and I like to vary my passwords and make them complex, but then I run into the problem of never being able to remember them. Does anyone have a good recommendation for a service that does this?