Banking Online: Essential Security Tips
Banking online is a part of everyday modern life. Compared to having to venture into your local branch being able to monitor, budget and transfer funds is incredibly convenient. Like anything online it’s not without its risks however, what are those risks and how can you avoid them?
Banking online is incredibly commonplace and more often than not the banks themselves offer much more complex login systems than your average online account, and for good reason.
Online banking is a double edged sword: it makes moving money around very simple but if your account is compromised it is very easy to move money out of it.
It’s in the banks best interest to keep your account nice and secure and in your best interest to make use of the security systems they have in place.
Make use of every feature you can and make each one as strong as possible.
The first port of call is obviously your password and no doubt you’ve heard before that you should be using a unique and complex password for every account, this is essential for a banking account.
With more minor online accounts you might be able to get away with having a consistent base password that you add to per site: maybe adding the first and last letter of a website to a standard password or mixing up the symbols, numbers or capitals you use.
This is inadvisable but at the end of the day unless you are using a password manager you still have to remember all those complex passwords.
With banking password, and other essential accounts that hold cash (PayPal, Skrill, etc.) or some private or sensitive information, you really do need to have a complex and unique password.
You can see a full guide here but use this as a starting point:
- Start with a sentence that is roughly 10 words long. You can have it relate to the website in some way but nothing too specific: Safer Internet dot com helps you make a secure password.
- Then take the first letter of each word and create a string of characters: sidchymasp
- Make it more complicated by capitalising every word with more than four letters: SIdcHymaSP.
- Next add some numbers to increase complexity and length: SIdcHy59maSP
- Last but not least add even more complexity with symbols: ?SIdcHy59maSP_
Other basics include keeping your computer, or any other internet connected device for that matter, up-to-date, as well as your browser of choice.
If you’re doing your banking on a broken or vulnerable machine or browser you are just asking for trouble; that trouble being potential zero-day vulnerabilities which the vendor hasn’t been able to patch yet.
Apple and Microsoft will both routinely patch their respective OS’s and many browsers will update automatically but it’s always in your best interest to ensure that you are receiving those updates: fixing problems is the vendors job, installing them is yours.
Two-factor authentication is becoming increasingly common as more and more people and companies realise that the common password just doesn’t cut it anymore.
Most banks also offer some form of 2FA, ranging from hardware tokens which produce a code to input, a secret answer which you might need to input select characters from.
It might not even be long before we see banks incorporating biometrics (fingerprints, voice prints or iris scans) into their authentication process, anything is possible.
No matter how many factors or level of security your bank, or any other site for that matter, offers you should absolutely use it to its fullest, there’s no excuse not to and multi-layered security is the best way to stay secure.
If you’ve got an email account then you’ve most likely received a phishing email.
Some are extremely easy to spot with terrible grammar, nonsensical sentences and syntax as well as being addressed to ‘valued customer’ or just ‘dear sir’ rather than your actually name.
Other can be much more deceptive, taking advantage of social engineering techniques. Perhaps they’ll use your actually name and address, the correct bank sort code, or even the last 4 digits of your credit/debit card.
These are the truly dangerous ones and many many people are caught out by them: either by submitting more personal information or clicking on a link that might lead to a phishing site or could initiate a download.
If you do get an email that genuinely worries you, is from a bank you use, contains some of your personal information and you want to make sure everything is fine, then either call your bank directly or open a new window and manually type the bank’s URL. DO NOT follow the links provided in the email and for the truly security conscience perhaps don’t trust your bookmarks.
We’ll go into more detail and look at how authentic a phishing email and website can be in the near future on another page, stay tuned!
Out of your hands
It is of course entirely possible that your account information could be stolen in a different way which is mostly out of your control.
For example a website which you’ve entered your payment details onto could be compromised and perhaps they didn’t store that information in a safe enough fashion.
Of course you should be careful which websites hold your details, but if you’re buying things online then your details will be stored somewhere. Payment services like PayPal and Skrill can act as a middle man and using a credit card exclusively for online payments can limit the impact of information theft.
What should you be on the lookout for?
The key is to look for small ‘under the radar’ style payments; these might be pennies but if you don’t recognize them then call your bank ASAP.
Cybercriminals use these small payments to ensure that the card is working before they go on a veritable spending spree. They won’t waste any time because they know you’ll notice sooner or later and shut them down.