Online Banking: Navigating a Vulnerable Environment

Online banking has surged in popularity the last few years, due mainly to the allure of easy online bill payments. According to a consumer survey conducted by Fiserv Inc., in 2008 over 2 million homes adopted online banking. This brought the total number of households banking from home to just under 70 million, or four out of every five with internet access.

While financial institutions continue to assure their customers of the safety of online banking, none can guarantee an account won’t fall victim to fraud. Cutting-edge technologies offer convenience, but also attract a cutting-edge class of criminals.

Early last year hundreds of HSBC online bank customers suddenly discovered their checking accounts had been drained of $2,000 each. According to an account on, one customer was told by the HSBC Fraud investigator that the department was so overwhelmed they weren’t even sure how to handle it. When pressed with how many other customers had suffered the same fate, the investigator replied, “We don’t even know.” The size of the fraud was so severe, the bank was ill-equipped to tackle, much less identify, the problem and it took up to 10 days before the affected customers had the stolen funds credited back to their accounts.

Though anecdotal, the above story is just a recent example of a problem that has plagued the banking and credit card industries from the time online services were first introduced. Fortunately, there are certain measures which can be taken to protect both your money and identity while banking electronically. Many of these tools also apply to using your credit card online. Most fall under common sense, but in this age of quick-and-easy access, it doesn’t hurt to go over the sometimes overlooked basics.

1.Bank with the Big Boys – There are many online banks, mostly chartered overseas, that are not FDIC insured. Bank with these companies at your own risk. When choosing an online bank, the safest bet is to go with one of the larger financial institutions with a recognizable name. The large banks are moving towards more online and customer-direct banking in an effort to lower costs and improve their bottom line. They often provide the best in online security, but if it fails you want the safety-net of FDIC insurance.

2.Don’t fall for Phishing – Phishing is the online security firm for a malevolent entity attempting to acquire your user name, passwords, credit cards or any other personal data by masquerading as a trusted entity. This can be undertaken by various means but most commonly comes in the form of an email claiming to be from your financial institution. You’ve probably encountered these before and hopefully sent them straight to junk mail. The emails often look convincing with legitimate logos, but will ask you to connect via a provided link to a fake site where you will be asked to enter your username and password for verification purposes. Once you’ve entered this information, the criminals can attempt to access your account. These emails are normally pretty easy to recognize. They won’t address you correctly or by name at all, and often they contain grammatical errors. Legitimate emails from your bank will typically address you by your proper name and will never ask a customer to divulge their pin number, account numbers, or passwords. If you aren’t sure about an email you have received, call your bank and ask.

3.Phishing from the other side – Unfortunately, this attempt to appropriate your personal information and access your account can strike when you least expect it, after you have logged into your online banking site. Though rare, tech-savvy criminals have the ability to hack into a bank’s online system and re-direct the customer to a fake page where they are asked to once again enter their user name and password. If during an online banking session you are rerouted in such a manner, the wisest course of action is to terminate the session without entering any further information and then re-accesses your account through the bank’s home page. It would also be prudent to let your institution know such an attempt was made via their site. Better yet, ensure your bank is using the standard “secure socket layer” (SSL) protocol on pages that require secure information. Most banks use this technology on a few pages, but not on every page. (SSL-secured pages start https as opposed to http.)

4.User names and passwords – If you are going to be banking online, always choose unique user names and passwords. Avoid using your email address as a long in name and never use important dates, such as birthdays or anniversaries, for a password. If a criminal is trying to access your account these are often the first guesses that he will attempt to use. Always try to include both alpha and numerical characters in your login information, as use of both generates user names and passwords that are inherently tougher to crack.

5.Bank from home – If you are going to be banking online, try to avoid public domain computers. This includes both work computers and those you would use at an internet café, public library or any retail business. You have limited control over the safety measures taken at these locations and are putting your personal information at risk every time you share it here. If you are banking online and have no choice but to use a public access computer, be sure the username and password are not saved on the computer if prompted to do so. Once your session ends click on the Tools option of the browser and clear all saved forms, passwords, cookies, and history. For the two most used web browsers this feature is located under Tools/Internet options (MS Explorer) or Tools/Clear Private Data (Mozilla Firefox).

6.Stay protected – It is vital to keep your home computer protected with up-to-date anti-virus software and firewall protection. This is particularly true when you are banking from home online. There malicious software, or malware, that can unknowingly be downloaded on your computer while the user surfs the internet. These harmful programs can attack your computer in a variety of ways, but the most dangerous are capable of stealing your personal information by logging the keystrokes used when entering user names and passwords. This information is then transmitted back to the programs creator. This is why it is so important to keep your computer protected and update that protection regularly.

7.Keep alert – If you have an online bank account or use your credit cards for online purchases, check your balances regularly. If you notice any suspicious activity, notify the bank immediately. The longer it takes to report fraudulent activity the more difficult it will be to have those stolen funds restored.

Online banking can be a convenient and easy way to manage your personal accounts, but it will never be 100% safe. Still, there are ways online banking customers can increase the odds in their favor by using common sense and taking preemptive steps to protect themselves. Most importantly, communicate with your bank. Know their security measures and check the safety recommendations they make. If you ever have any questions or concerns about the security of your account, call the bank and get the answers you need. Its your right as a customer, so don’t hesitate to use it.

Helpful links:

FDIC: Safe Internet Banking

Online Banking Safety – LoveToKnow Online

Speak Your Mind