Safe Banking Online

Many of us enjoy the convenience of on-line banking but how can we keep it secure?  Although most bank accounts are available online, we often hear tales of identity theft and on-line fraud so there are some risks, but some sensible precautions can help keep our accounts secure.

If your password gets into the wrong hands the account is no longer secure so you need to take steps to keep it secret.  But how can it be discovered?

Passwords can be obtained by asking the gullible account holder via an email, often phrased as some form of account verification.  If someone asks you for your account details via email, you should not reply but report the attempt to obtain the data.  Banks do not ask for password details by email.  The same applies to phone calls from someone claiming to represent your bank.  They just don’t ask for passwords over the phone.

It is possible that you can be directed to a site which looks like the real thing but in fact is a spoof, a website made of similar page content and graphics, but whose purpose is to collect account data which will then used to steal money.  So if you are accessing your on-line site, check the URL in the address bar so signs that it is not the real site.  If there is any doubt, do not enter any details.

Almost all banking on-line now requires an additional layer of security by entering specific codes provided by the bank, typically a user number and a PIN number of selecting characters from a special word or phrase.  These should be kept secret and not stored on your machine.

A third way for the password to be obtained is by intelligent guesswork or password cracking.  Many people use passwords which are easily guessed such as the name of their spouse, their pet name, their middle name, the town of birth, etc.  For someone with a little data about the person, these are easily discovered and therefore they are very weak passwords.

The strongest passwords are those greater than eight characters which consist of a mixture of letter, numbers and symbols and have no recognisable pattern.  Of course, these passwords are difficult to remember but also impossible to guess.

A fourth way to obtain passwords is by using software to search through words from a dictionary, the so-called dictionary attack.  Words that are in the dictionary will be discovered by such an attack and it is also possible to detect words with letters substituted.

It is a common approach to substitute letters in a word for similar numbers.  For example the word “wellington” could instead be written as “we111ngt0n”, with both the “l” and the “i” replaced by the number “1”, and the letter “o” replaced with a zero.  These too are susceptible to sophisticated dictionary attacks.

The fifth way of password discovery is using malware, or keystroke loggers.  These are programs stealthily installed on the computer without user knowledge, which gather details from the hard drive.  They may record the keystrokes so that when you enter your password details into the genuine banking site, those details are recorded and sent back to fraudsters.

Browsers will offer the option of remembering your password for when you log onto specific sites which can be very convenient.  But in the case of bank sites, it is not a good idea.  Even if the password data is encrypted, it is still stored.  It’s an unnecessary risk so it is good advice not to let the browser remember the banking password.

It is essential to run a virus checker regularly and to check for malware.  Some programs simply try to pick up details from the files on the hard drive.  If you have a convenient file listing all of your sites with usernames and passwords, then someone obtaining a copy of that file has access to all of your accounts.  If you need to keep such a file, you should consider either keeping it off the computer, for example on a pen drive, or else keeping it encrypted so that only you can access it.

So the advice is clear.  Use a complex password, stored in a secure location preferably off your computer.  Change the password regularly so that if it has been compromised, it will be changed.

Check your accounts
Clever fraudsters will make only small changes to your account because large withdrawals will be obvious.  So it is important to check the details of your statements.  Is there any strange activity on the account, perhaps amounts that don’t look familiar, or transactions you don’t remember?  Is so, immediately change the password and report the anomaly.

Don’t reuse passwords
Some people prefer to reuse passwords rather than have to keep inventing, and remembering, new ones.  Where the sites are of little consequence and the password is relatively strong (letters, numbers and symbols), there is little harm in this as the damage will be limited.  But if you also use the same password for your email and banking accounts, the breach will be serious.

So keep the serious passwords in a different category and treat them with care.

Always log off
If your computer has been compromised by a type of virus called a trojan, it is possible that someone else can get access to your machine while you are logged on without you realising it.  In that case, they can monitor what you are accessing.  If you access your bank account, and then simply close the browser without logging off the site, you are still logged in because the bank won’t know you have closed your browser.

Good sites will poll to check the browser is still active and default to closing the connection, but it is possible for a hacker to continue using your open connection to the bank while you have moved on to doing something else.  As far as the bank is concerned, you are still connected.

So the important lesson is to always log off and close the connection yourself.

Be wary of open wireless networks
There are many open wireless networks available to the public and it can be very convenient to access accounts on the move.  However, these networks are not as secure as personal home networks.  It is possible to monitor the traffic through these open networks and unless all traffic is encrypted, usernames and passwords in plain text can sometimes be obtained.

Unless you know for sure that the network has a good level of security, it is a possible risk.  Hackers who are looking for accounts and passwords will be attracted to those networks with the least security, so it is advisable not to use open public networks for financial operations unless you know about the security level.

The bottom line
Online banking can be very secure and safe providing we are aware of the risks and take sensible precautions to avoid them.  Being aware of the threats to our privacy and the likely attempts to access our account details helps us keep one step ahead. There is no guarantee of course, but getting used to a secure routine will help keep our accounts safe.