Go Ahead, Bank Online – And Hey, Let’s Be Careful Out There

“I am not the only person who uses his computer mainly for the purpose of diddling with his computer.” – Dave Barry

During my law enforcement days, seemingly a life time ago, I was classified as a Computer Crime Specialist and a Certified Internet Safety Instructor and part of my duties involved speaking with school students of all ages and their parents.  I’m far removed from that aspect of my life now, but web safety remains a passion of mine.

These days, my speaking engagements consist of community groups, civic organizations and most importantly, my customers in general.  I often ask attendees to raise their hands if they do their banking online, and thus far, the response is usually 50%. (Disclaimer: This is not a scientific study.  I understand that some people would be reluctant to share their banking habits with someone who spent many years dealing with criminals. It’s that whole “it takes one to know one” mentality. Also the numbers seem to increase exponentially when customers bring their machines in for repair and state that they “must have”  their computer back tomorrow because they “have to pay bills”.) 

Invariably, those who say they do not use online banking cite “lack of trust” as their main reason. Well, I’m here to tell you that banking online not only provides convenience, but if done correctly, may actually be safer than conventional banking. Yes, I said safer.

Let me give you a hypothetical situation.  Let’s say you’re out with friends, trying that new restaurant, enjoying dinner and a cocktail (or two).  You’re feeling rather generous this evening, and you decide to pick up the tab.  Your waitstaff brings the check in that standard black folder, you place your bank card inside, and off they go.  This, my friends, is one of the most common ways that people become victims of financial fraud.  You have no idea what is occurring with your card while it’s out of sight, and while we hope and believe that the vast majority of service staff are honest, it only takes one to wreck havoc.  So, for the sake of this exercise, we’ll assume that your card has been compromised.  Want more bad news? It’s only the second day of your bank’s billing cycle and unless the bad guys or gals set off alarms by trying to use your card to buy a Rolex in Moscow, you won’t have any idea of what went down until you get that mailed statement in 30 days, and next time, you may be inclined to walk that folder and your card to the cashier yourself.

The biggest advantages of online banking are actually security related features. You can check your account 24/7, you can set up account notifications, and since banks tend to take their security much more seriously than the average Joe, you’ll occasionally be asked to change passwords and verify unknown computers.  (Important Note Here):~~~~>  Banks will NEVER ask for personal info, password changes, or verification via emails or unsolicited phone calls.  If you experience this, it’s most likely a fraudulent phishing attempt, something we’ll cover in a future blog post.

Lee Munson, a blogger for Sophos Naked Security, recently did a piece on 8 tips for safer online banking. His advice is spot-on:

1. Choose an account with two factor authentication

Try to get a bank account that offers some form of two factor authentication for online banking.

These days many, but not all, banks offer a small device that can be used to generate a unique code each time you log in. This code is only valid for a very short period of time and is required in addition to your login credentials in order to gain access to your online account.

2. Create a strong password

If your bank requires a user-generated password in order to access online accounts make sure you choose one that is strong. The best way to achieve this is by making it long and a mix of upper and lower case letters, numbers, and special characters.

Always avoid using any common words or phrases and never create a password that contain your name, initials, or your date of birth. If your bank allows it, change your password every few months.

When setting up online banking, if your bank asks you to provide answers to some standard security questions remember that the answer you give doesn’t have to be the real one.

So you don’t have to answer “Thumper” to the name of your first pet – make it something else, as if it was a password. Use a password manager if you are concerned about how to remember everything!

3. Secure your computer and keep it up-to-date

Security software is essential these days, regardless of what you use your computer for.

As a minimum, make sure you have a firewall turned on and are running antivirus software. This will ensure you are protected from Trojans, keyloggers and other forms of malware that could be used to gain access to your financial data.

You’ll also want to keep your operating system and other software up-to-date to ensure that there are no security holes present.

4. Avoid clicking through emails

No financial institution worth their salt will send you an email asking you to provide any of your login details.

If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may well be a phishing attempt to trick you into handing your credentials over.

Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to ‘your account’ they will steal your username and password and, ultimately, your cash.

It is always safer to access your online bank account by typing the address into your browser directly.

Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PIN numbers (they may ask for certain letters or numbers from them, but never the whole thing).

If in doubt, do not be afraid to hang up and then call your bank back via a telephone number that you have independently confirmed as being valid.

5. Access your accounts from a secure location

It’s always best practice to connect to your bank using computers and networks you know and trust.

But if you need to access your bank online from remote locations you might want to set up a VPN (Virtual Private Network) so that you can establish an encrypted connection to your home or work network and access your bank from there.

Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with ‘https’. Both act as confirmation that you are accessing your account over an encrypted connection.

6. Always log out when you are done

It is good practice to always log out of your online banking session when you have finished your business. This will lessen the chances of falling prey to session hijacking and cross-site scripting exploits.

You may also want to set up the extra precaution of private browsing on your computer or smart phone, and set your browser to clear its cache at the end of each session.

7. Set up account notifications (if available)

Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent.

Such alerts could give quick notice of suspicious activity on your account.

8. Monitor your accounts regularly

It should go without saying that monitoring the your bank statement each month is good practice as any unauthorized transactions will be sure to appear there.

But why wait a whole month to discover a discrepancy? With online banking you have access 24/7 so take advantage of that and check your account on a regular basis. Look at every transaction since you last logged in and, if you spot any anomalies, contact your bank immediately.

Additionally, when making online purchases, you should only use your credit/debit cards on secure (https:) sites of reputable vendors.  Never provide your card information to someone making a personal transaction on or through a website such as Craigslist.  If you’re like me, and the majority of your purchases are done online, consider a third party site such as PayPal. While not 100% foolproof, they do offer yet another layer of security.

Crimes such as theft and financial fraud have existed for a very long time.  Electronic banking has not necessarily made those crimes easier, it’s just made them different.

Oh, and to the customer, who shall forever remain anonymous, who advised us that they bought a much more expensive PC because it would be safer for their online banking, um…..no.  <smh>

2 thoughts on “Go Ahead, Bank Online – And Hey, Let’s Be Careful Out There

  1. I would love to go back in time & sit through a few of your roll calls. Were you a regular Sergeant Phil Esterhuas?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.