8 Tips for Safer Online Banking
by Lee Munson
Online banking is nice and convenient. But it does come with certain risks. Just as you hear of people being robbed at ATMs, or having their cards cloned, so online accounts are also a point of vulnerability.
Follow these 8 tips and you can minimise the risks to your finances and bank safely online:
1. Choose an account with two factor authentication
Try to get a bank account that offers some form of two factor authentication for online banking.
These days many, but not all, banks offer a small device that can be used to generate a unique code each time you log in. This code is only valid for a very short period of time and is required in addition to your login credentials in order to gain access to your online account.
2. Create a strong password
If your bank requires a user-generated password in order to access online accounts make sure you choose one that is strong. The best way to achieve this is by making it long and a mix of upper and lower case letters, numbers, and special characters.
Always avoid using any common words or phrases and never create a password that contain your name, initials, or your date of birth. If your bank allows it, change your password every few months.
When setting up online banking, if your bank asks you to provide answers to some standard security questions remember that the answer you give doesn’t have to be the real one.
So you don’t have to answer “Thumper” to the name of your first pet – make it something else, as if it was a password. Use a password manager if you are concerned about how to remember everything!
3. Secure your computer and keep it up-to-date
Security software is essential these days, regardless of what you use your computer for.
As a minimum, make sure you have a firewall turned on and are running antivirus software. This will ensure you are protected from Trojans, keyloggers and other forms of malware that could be used to gain access to your financial data.
You’ll also want to keep your operating system and other software up-to-date to ensure that there are no security holes present.
4. Avoid clicking through emails
No financial institution worth their salt will send you an email asking you to provide any of your login details.
If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may well be a phishing attempt to trick you into handing your credentials over.
Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to ‘your account’ they will steal your username and password and, ultimately, your cash.
It is always safer to access your online bank account by typing the address into your browser directly.
Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PIN numbers (they may ask for certain letters or numbers from them, but never the whole thing).
If in doubt, do not be afraid to hang up and then call your bank back via a telephone number that you have independently confirmed as being valid.
5. Access your accounts from a secure location
It’s always best practice to connect to your bank using computers and networks you know and trust.
But if you need to access your bank online from remote locations you might want to set up a VPN (Virtual Private Network) so that you can establish an encrypted connection to your home or work network and access your bank from there.
Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with ‘https’. Both act as confirmation that you are accessing your account over an encrypted connection.
6. Always log out when you are done
It is good practice to always log out of your online banking session when you have finished your business. This will lessen the chances of falling prey to session hijacking and cross-site scripting exploits.
You may also want to set up the extra precaution of private browsing on your computer or smart phone, and set your browser to clear its cache at the end of each session.
7. Set up account notifications (if available)
Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent.
Such alerts could give quick notice of suspicious activity on your account.
8. Monitor your accounts regularly
It should go without saying that monitoring the your bank statement each month is good practice as any unauthorised transactions will be sure to appear there.
But why wait a whole month to discover a discrepancy? With online banking you have access 24/7 so take advantage of that and check your account on a regular basis. Look at every transaction since you last logged in and, if you spot any anomalies, contact your bank immediately.
The above tips should go a long way to ensuring that you enjoy the advantages offered by online banking without experiencing any of the pitfalls.
If you have any more advice to add to this, please do so in the comments below.
Safe banking to you all!
Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security. He wrote this for the Sophos Naked Security blog: http://nakedsecurity.sophos.com/2013/10/03/8-tips-for-safer-online-banking/. Sophos is headquartered in Boston, US and Oxford, UK, www.sophos.com.