6 Tips for Safer Online Banking
Savvy ways to make sure your digital financial info stays secure
Not long ago, the idea of using the Internet to do your banking seemed futuristic. But today, more than half of us are banking online without a second thought, and more than a third of Americans do their banking with cellular phones, according to a Pew Research Center study.
Even the last remnant of non-digital banking — paper checks — are often handled online. For instance, you can deposit checks at many banks by taking a photo of the check with your smartphone. You might need to download an app from your bank to do this, so check with your bank.
But are these practices secure? We hear all the time about massive security breaches at retail stores. What do banks do differently to protect us, and how can we make sure our money is safe?
The short answer, at least from the bank side, is encryption. When you log onto a financial web site, the session is secured automatically using code that scrambles the data as it moves between your computer and the bank.
Most banks and financial institutions use a standard known as 128-bit encryption. It’s very secure, so much so that the U.S. government regulates the exports of software that offer that level of encryption in the name of national security. By one calculation, it would take longer than the age of the universe to crack this level of security.
You’ll know your browser is up to the standard encryption level because a small lock icon will appear in the URL bar at the beginning of the Internet address. In addition, the “http” part of the URL changes to “https.” The added “s” stands for secure.
With all that protection, what could go wrong? Well, you could still get hacked, but there are some basic steps to consider that will greatly reduce that possibility.
Stick to banking at home
Generally, it’s best to avoid banking on public computers, such as in hotel business centers and libraries. Your home network is more secure, or at least it should be if properly set up. Publicly accessible computers can be rife with malware, and it can be difficult to make sure your data is not stored in the machine after you leave.
Make sure to cover your tracks
Most banks will sign you out after a few minutes of inactivity, but that might be all the time a thief needs to damage your financial life. If you’re using a computer other than your home one, never walk away from a logged-in banking screen. Make sure to clear the browser’s cache, which is like short-term memory that might include your recently entered banking username and password. Typically, you clear the cache by pressing the control, shift and delete keys simultaneously while your browser is open. If you aren’t sure, search the browser’s help files for “clear cache.” If you slip up and forget, change your banking password as soon as you are able by calling the bank directly and asking for security help.
Keep an eye on your accounts
It can be easy to ignore bank statements. Yet you’re on the hook for any unreported fraud. A thief might simply empty your account, but he also could take small amounts over time in hopes that you don’t notice or notify your bank. If you don’t point out the fraud on your account in a timely fashion, it’s less likely that you will get restitution from the bank. (If the theft is reported within two business days, your maximum loss is $50. If you wait more than 60 days, the max loss could be all the money taken.) Your bank will update your transactions daily as they come in. If you see a charge from a merchant you don’t recognize or remember, contact the merchant and the bank.
Avoid public WiFi connections
Public WiFi connections are notoriously insecure. It’s easy for a bad guy to intercept your traffic at a corner cafe, airport or hotel, and thieves have been known to set up “free Wi-Fi” honey traps to snare unsuspecting users. If you do use free public WiFi, consider using VPN software to secure the link or stick to your cellular provider’s connection. It might be slower, but it will be more secure.
Beware of “phishing” scams
Chances are you’d take an email from your bank or credit card company seriously. The trouble is “phishing,” the practice of creating fake, official-looking emails from well-known institutions. The links in these emails don’t go to the bank named in the email. Instead, they go to websites crammed with dangerous and malicious software. If you have doubts, flip over the card in your wallet and call the number listed there — don’t call a number listed in the suspicious email. A legitimate employee at your real bank can settle any doubts you might have.
Keep software up to date
People often avoid updating software on their home computers, fearful that the latest and greatest updates will slow their computing experience. Go ahead and update everything — the operating system and all Internet-connected software, such as your browser. If your computer slows dramatically, well, that’s a sign it’s time to buy a newer one. Using outdated software, especially anti-virus software, means your financial data could be at risk. One of the increasingly prevalent risks is “keylogging” software that spies on which keys you press. It logs usernames and passwords — everything you type while online.