Online banking has risks, but you can take simple steps to safeguard your money
I‘ve banked online for years. First my brick and mortar bank went online. Then I opened several accounts with online banks that don’t have branches. My guess is you bank online, too.
In fact, a 2012 comScore report revealed that close to 29% of all Internet users worldwide have accessed online banking sites. This represents roughly 423.5 million people. That number is higher in North America where more than 45% of Internet users accessed bank websites.
With its increased usage, however, online banking is becoming an increasingly attractive target for hackers. In fact, over the recent years, major banks have been the prime targets of hacking attacks. In 2011, Citigroup revealed that more than 360,000 accounts were compromised in a hacking attack that left 3,400 accounts suffering losses of up to $2.7 million.
In September 2012, Iranian hackers were reportedly targeting Citigroup, Bank of America and JP Morgan Chase. When the hacks were finally reported, we learned that the attacks had been going on for close to a year even though customers have been complaining about how difficult it was to access their accounts.
More recently, McAfee Labs reported that hackers are planning to take millions from customers of major banks starting in the spring of 2013. The plan has been called Project Blitzkrieg.
All of these highly publicized attacks raise a lot of concerns for me, not the least of which is the safety and security of our online banking transactions. Should you pay your bills online? Should you check your balance from your bank’s website? Should you transfer funds online?
For me, the answer is yes. Here’s why.
Online banking is safe for consumers
Banking Web sites are hit by hacking attacks every single day. While that may be unsettling to hear, there is a silver lining. As a result of these attacks, banks continually improve their systems to effectively deal with such attacks.
In addition, even if hackers are able to steal money from your account, you will still be protected, as banks are liable for these stolen funds. Take note that this does not apply to institutional depositors. So, if your bank account is under your business name, then you are not covered by this protection.
This does not mean, however, that you should just be complacent. Online banking is safe, but you should also exercise caution when banking online. There are best practices that you should observe when you use any online banking service.
First, though, you should understand the risks of online banking.
Online Banking Risks
There are four main types of attacks that are prevalent when you use online banking services. These are:
Having an online banking account, you might fall victim to phishing. This involves you clicking a fake link to a page that looks like it was set up by your bank. This page would have a bogus login area where you enter your account details and these details are sent to the scammers. With your login details (user name, password and PIN) in hand, they would be able to access your account and steal your money.
2. Identity Theft
Even if hackers do not steal from your account, you can still have your account details compromised in the case of an identity theft. This includes your personal information, such as your social security number and other identifying data. These data could be used to hack into your other accounts.
If you access your online banking site on public networks, such as Internet cafes or public Wi-Fi, there is a chance that you could fall prey to keylogging. Keylogging simply involves a software recording your keystrokes and using these logs to get your account details. Keylogging may also be carried out using video cameras that record your keystrokes.
This might be a little more difficult for hackers to carry out, but it does happen. Pharming occurs when hackers are able to hijack a bank’s URL so that when you try to access your bank’s Web page, you get redirected to a bogus site that looks like the real thing.
What to Do
So how do you deal with all these risks? The Federal Deposit Insurance Corporation sets forth the things that every online banking customer should do. These steps should ensure that you have adequate protection from falling victim to these hacking tactics.
1. Confirm your online bank’s legitimacy
You should be able to know if your online bank is legitimate by reading the information found on the site and whether or not it is insured with the FDIC. The FDIC has a tool that let’s you search for banks, which you can access here.
2. Be very careful with copycat Web sites
Be sure that you do not fall prey to sites that use a name that is very similar to your online bank. For example, BankofAnerica.com or Citigrop.com.
When you receive an e-mail purporting to be from your bank, don’t click any links in the email. Instead, type in the url of your bank and login. If your bank is really trying to contact you, you’ll likely find a message when you access your account. Alternatively, call the number on the bank of your debit card or latest bank statement.
3. Learn more about your bank’s security system
You should know how your bank encrypts your private information. When you are accessing the Web site, you should find a small “lock” or “key” icon to tell you that the site and your transactions are secure.
You should be able to use PINs and passwords when you access your account online. Lastly, do not send personal information over e-mail. Under no circumstances would your bank ask for personal data over e-mail.
4. Protect your computer
Hacking attacks are not always directed at banks. Because many such attacks are directed at customers, you will do well if you have the latest virus and malware scanning software installed on your computer. You should also ensure that all the software you use on your computer has been patched with the latest security updates.
In addition to this, you should not get lazy when it comes to online banking. Some banking Web sites have an option that offers to “remember your computer.” Choosing this option would allow you to bypass some security questions if the bank’s system recognizes your IP address. The problem is that hackers can spoof your IP address and make your bank think that the hacker’s computer is really yours.
In short, do not enable this feature. Yes, you will end up answering more security questions, but it is also more secure.
As in everything you do, take everything with a grain of salt. Do not click links on e-mails, do not talk to strangers, do not download anything from people you do not trust, and look both ways before crossing the street.
Let’s be careful out there.
Published or updated January 30, 2013.