The Risks Of Ebanking… And How To Reduce Them


The Internet has brought banks into every home. Smartphones have put them in everyone’s pockets. Previous institutions with guards and cameras now has millions of separate entrance points. It stores information on customers in servers protected by little more than passwords and firewalls. That’s a huge convenience for thieves. Nowadays criminals just have to figure out how to hack into a website or app and make a transfer. The same processes that has saved banks money has also made life easier for a new, smart kind of criminal. In this chapter, we’re going to look at the biggest risks of ebanking and explain how to reduce them.

Hacked Accounts

In 2014, Guardian Analytics, a security firm that specializes in identifying suspicious behavior in bank accounts, tracked a number of attacks made against its customers. The targets were “hundreds of retail clients and a smaller number of commercial accounts at fifty or more banks and credit unions of all sizes”. That wasn’t new. One estimate has put the value of online banking fraud at nearly $7 billion by 2020. What stood out in Guardian Analytics’ discovery, however, was how the attacks were launched.

The fraudster would enter a username then press the Forgotten Password button challenge. The bank’s website would ask a challenge question which the fraudster could answer before resetting the password. If the bank sent a confirmation email, the fraudster might hack the email account and attempt to intercept the message but usually they could change the password and access the account without receiving the confirmation.


Once the fraudsters were inside the account, they didn’t try to transfer funds or steal cash online. Instead, they looked for information such as the account summary, the bill pay history and check images. They then used that information to attempt offline fraud, asking for transfers through the call center, and check fraud.

What was remarkable about that attempt at online banking fraud was the vulnerability of the system. The fraudsters might have had some of the account holder’s personal information but they might just as easily have been able to guess the answers to security questions that gave them access to passwords.

Other fraudsters tend to be more sophisticated. Three men in the UK were sent to jail for up to eleven years for stealing £113m from 750+ victims. The gang would receive account details from corrupt bank employees but they would also cold call victims. They said they were  the bank’s fraud department, and would persuade victims to give away their banking details. Only £47m of the stolen funds have been recovered.

The act of hacking online bank accounts tends to be much simpler. Hackers might send out millions of phishing emails that appear to come from banks. When the user clicks a link to log in to their account, they’re sent to a page that looks official. However, it’s actually their own page that will capture their username and password. The success rate might be tiny, but the numbers of emails is high. Fraudsters don’t need high numbers of victims to make the efforts worth their while. Some viruses too, are capable of recording key strokes, including those used to log into a bank account.

Protecting Your Online Bank Account From Hackers

When the main way into an online account consists of nothing more than a username and password. The gateway will always show a certain amount of vulnerability.

While hacking into an online bank account is possible for a sophisticated fraudster, the protections are also relatively simple.

The easiest advice is never to click a link in an email to reach a banking site’s log in page.

Even if you believe the email does come from the bank, it’s worth opening your browser and accessing the website directly instead of through a link. Similarly, banks won’t call and ask for your access details; they already possess those details. If a bank calls you and asks for personal information, hang up and call back. If you’re accessing the bank, you can be confident that you’re talking to the bank and not an impostor.

Anti-Virus Software

You should also make sure that your anti-virus software is installed and up to date so that it squishes any viruses that make it through email filters before they can do any harm. Don’t access your online bank account details while using a public network such as a café’s wifi; apart from the ability of passers-by to look over your shoulder and see all of your personal financial details, open wifi transmissions can be intercepted and the data stolen. The chances of that happening might be small, but it is worth remembering that a public place is not the right location to look at information as confidential as your bank account.

You should also make sure that you log out of your ebank account as soon as you’ve finished using it. Although most ebanking websites will time users out automatically, those minutes may be all a fraudster needs to access your account—and it’s too easy to forget that closing a tab is not the same as logging out.

Finally, over the last few years, ebanks have tried to improve the accessibility of their websites, sometimes at the expense of security. Bank Of America, for example, used to demand three fields of confidential information as well as a passcode before granting access. Those demands have since been reduced. You may find that the password requirements at your online bank are now less onerous than those demanded to see your cellphone bill. Passwords might not require capital letters, have a minimum limit on character numbers or require non-alphanumeric characters. That makes it easy to use the kind of pet names or nicknames that are easy to remember… and very easy for a hacker to either guess or learn. A better solution is to use a unique password for your online bank account and keep it stored in an encrypted form.

Identity Theft

Some fraudsters pose as bank employees in order to obtain personal details but it’s often easier to pose as someone else. In March 2016, The Guardian newspaper wrote about a couple in the UK who had hired a contractor to build an extension to their home. In October the previous year, the contractor had sent the couple an invoice for £27,829. The invoice carried the company’s logo and listed its bank details.

A few days later, the couple received a second message from the same employee, informing them that the company had changed its bank and needed to update the payment details. That invoice too carried the company’s logo. The couple transferred £25,000, the most they could transfer in a single day… then received a third message from the contractor reminding them that the amount was still outstanding. The second email had been fake.

The most likely explanation, the newspaper said, was that either the building company or the couple’s email had been hacked, allowing the thief to intercept their messages and take over the conversation. When the couple looked again at the fraudulent email they noticed that the company’s name in the return email address included the word “developments” instead of “development.” One letter was the only difference between the attempt at fraud and the genuine message.

The money was immediately withdrawn, and as neither the couple’s bank nor the receiving bank were victims of fraud, neither bank was able to return the funds.

Protecting Your Online Bank Account From Identity Theft

Incidents like these are rare and are the result of weaknesses in email security rather than in banking security. Whenever you receive payment details on an invoice, confirm that those details are coming from a company that you expect to pay, and pay attention to any discrepancy in the documentation. A single letter might just be the difference between a genuine payment demand and a fraudulent request.

Lost Mobile Devices

What’s true of the link between convenience and vulnerability in online banking is even more true for mobile banking. Around 70 million smartphones are lost each year. With people accessing their bank accounts through dedicated apps on their phones, those lost and stolen devices give fraudsters an easy entryway to the owner’s finances. From the app alone they can see where the telephone owner banks. A quick trawl through the phone’s Facebook app will reveal the owner’s date of birth and perhaps the name of their pet or their children’s dates of birth, all of which make for likely passwords.

The browser might even use autocomplete to fill in the password fields on the bank’s mobile website. A mobile phone is such a treasury of personal information that to thieves, it’s like someone leaving the key to their front door on a café table.

We take the convenience of carrying a mobile phone for granted and we think too lightly of the possibility that a device worth nearly a thousand dollars could be stolen or left somewhere. We should remember just how much personal information it contains and make sure that that information is protected.

Protecting Your Mobile Account Details

Fortunately, even if the owners of 70 million mobile devices a year underestimate the chances that they might lose their phones, the manufacturers of those devices understand the risks. They provide plenty of tools to make it hard for their phones to be used once taken or found. The lock page passcode or thumb recognition reader might be an irritation when you just want to pick up your phone and sneak a quick look at Facebook but they’re worth using. If someone does take your phone, the only thing they should be doing is trying to get in touch with you to return it.

That passcode will provide a strong barrier against someone accessing your phone’s bank details. But you should also be sure only to access your bank account using the bank’s app, not the website. Don’t autocomplete passwords or store unencrypted passwords on a file that can be easily found and read. And as soon as you lose your phone, log on to your bank account and change the password.

The Vanishing Bank

Before the days of online banking, customers had few choices about where they banked. There might be just two or three different banks in their town. They chose the one where they opened an account to deposit their allowance when they were kids. eBanking hasn’t just opened up the choice of banks for customers no longer limited by geography. It’s opened the choice to any bank anywhere. Let’s say a bank in Sweden is offering higher interest rates and is willing to accept foreign funds. That means you can skip your local bank and stash you cash across the sea. You’ll still have to pay your taxes. However, you’ll be able to benefit from higher interest rates in economies around the world.

But with those extra choices come extra complications. In the run up to the financial crisis of 2008, interest rates in Iceland reached 15 percent. Savers looking at low rates in their own countries sent their savings to Icelandic ebanks they found online… only to see their savings vanish when the banks collapsed. Had they kept their funds in banks in their own countries, they would have benefitted from local laws. In Iceland they had far less protection. National governments stepped in to protect their citizens’ funds. However, the event showed one of the dangers of putting money in an ebank that might be in a foreign jurisdiction and about which customers know very little.

Protecting Your Savings From An Ebank Run

Having a wide choice of ebanks in which to store your funds is a benefit of the rise of ebanking. But with that benefit comes responsibility. When customers are considering a bank with which they’re not familiar, they have to do the research. They need to know which laws govern the bank and what sort of customer protections they can enjoy. Collapses are rare but you should know what would happen to your money if the bank disappears.

Every time you move money from one place to another, you’re always taking a financial risk. The rise of online banking has increased that risk by offering additional entry points to bank accounts and by moving the responsibility of guarding those entry points to customers.

While banks have always needed to rely on security guards and cameras to protect the money they hold, it’s now also up to customers to safeguard passwords and restrict access to their accounts. That’s a serious responsibility, but it’s not an onerous one. Some simple precautions are all it takes to keep an online bank account safe.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More