Online banking has become one of the most common ways to access your finances. Odds are you’ve logged into your account from your computer or an app on your phone, skipping the commute and long line at the bank. But how safe is this practice, and how can you make it even safer?
The Importance of Online Banking Security
Online banking is convenient and common. As of 2021, 21% of respondents across all ages used only digital banking, never setting foot in a brick-and-mortar bank when they needed to manage their funds.
Many people even open digital bank accounts using an online signature to complete the paperwork, meaning they can start banking without leaving home. However, the rise in digital finance management makes customers more vulnerable to hacking.
Cybersecurity breaches are particularly devastating when they involve your hard-earned money. In February 2023, for example, a man lost over $20,000 after a data breach at Medibank, and Optus leaked his personal information on the dark web. The money amounted to his entire life’s savings.
In addition to stealing your funds, hackers that access your bank account info can also:
- Open credit card accounts.
- Take out loans in your name.
- Apply for government benefits.
- Collect tax refunds.
Because the stakes are so high, it’s crucial to protect your bank account info by all possible means.
How to Bolster Your Online Security
Here are the cybersecurity practices you should follow when using online banking.
Create a Strong Password
Be sure to create a long, unique password that incorporates lowercase letters, uppercase letters, numbers, and symbols. Try using a passphrase to make it even harder for hackers to crack. A passphrase is a string of random words like “Gate shirt sugar taste 2” that you either memorize or store using a password manager.
Alternatively, use a meaningful phrase to help you create a password that looks nonsensical. For example, “I think my wife is number 1 in Texas” would become “Itmwi#1iT.”
When creating a password, don’t incorporate the names of your family members, friends, pets or places you live or have lived. Don’t include your birthday or other significant dates. Finally, avoid typical strings of characters like “12345” or “qwerty.”
Change Your Password Frequently
It’s crucial to update your password at least every few months. Change the password immediately if you’ve used the same password for multiple accounts. You should always use different passwords for every online account, especially when it comes to online banking.
The odds of a hacker breaking into one account are low. However, if you provide them with twenty different accounts with varying levels of security, all it takes is for them to break into one to access all the others.
Log out After Each Banking Session
First, always use an incognito tab if you check your account from your computer. To open an incognito page, press Control + Shift + N. That adds a marginal level of security by ensuring the browser doesn’t save anything you type.
When you’re done checking your account, always log out and close the tab. Some banks will log you out automatically. However, your account may still be accessible for a few minutes, and that’s long enough for someone to view it without you noticing.
Use a Secure Network
A coffee shop with public Wi-Fi is the worst place to do your banking. In addition to people being able to intercept your network connection, they can also simply peek at your screen while you aren’t looking. Always use a secure, private network to access your financial account. It’s best to manage your money in the safety of your home.
Enable Two-Factor Authentication
Two-factor authentication (2FA) — also called multi-factor authentication — is when an online account sends a temporary code to your phone or another device before you can log in. It adds an extra layer of security — hackers would have to steal your bank account login credentials and your phone to breach your account.
Not all banks offer 2FA, but if yours does, always enable it. The strong security outweighs the slight inconvenience of having to use a PIN to unlock your account.
Sign Up for Banking Alerts
Let your bank call, text, or email you when you do anything on your account. That way, you’ll get a notification if someone else logs into your account.
Most banks will automatically notify you if any suspicious activity occurs, regardless of whether you signed up for alerts. Making a substantial purchase or using your credit card in another state often prompts the bank to call you. But signing up for other bank alerts shores your online security slightly more. Even logging into your account should trigger an email or text message.
Check Your Account Often
Open your bank account regularly to see what’s going on. If you see an unusual payment, you don’t remember making; you can call the bank or investigate where your card was used.
Looking at your account also allows you to freeze your funds immediately if you realize someone robbed you. If you go weeks without checking on your funds, someone could be stealing small amounts here and there without you noticing or even drain your account overnight. Go over your bank statement at least once a week.
How to Recognize Phishing Scams
If you have a phone or email address, you’re almost guaranteed to encounter phishing scams from time to time. Phishing is the most common method for stealing people’s bank account information.
Even large companies fall prey to this form of cybercrime — in 2015, the tech company Ubiquiti lost almost $50 million thanks to a series of phishing emails. Your bank will need to email you at some point, so how do you spot a suspicious message?
Strange Email Addresses
A fake email address might have one letter changed, like welllsfargo or bankofamerIca. Or, it might end in the wrong domain, such as [email protected] or [email protected]. Look closely to see if you spot any inconsistencies in the address.
Conversely, hackers might spoof the email address, so it looks like it’s coming from the actual sender. You’ll need to use other clues to determine if the message is legitimate.
Your bank will never ask for your Social Security number, account number, home address, or account password in an email. A message that asks for these details is likely a phishing scam. Call the bank or go there in person if you need to change any of this info.
This goes without saying, but your bank will also never request money from you in an email. Any message saying you owe fees or deposits should immediately set off an alarm bell.
You might get a message saying someone has hacked your account — the message will likely urge you to change your username and password quickly on a fillable form. Or, the email might state the bank has frozen your account due to unusual activity, and you need to provide your personal information in order to use your credit card again.
The bank will call you if there is a real emergency with your account. They’ll send an email, too, but it will likely urge you to contact a bank representative or log into your account through the mobile app. Never click on email links unless you’re sure they came from your bank. When in doubt, call the bank first.
Professional emails won’t be riddled with spelling errors, misplaced commas, or language that sounds like a bot wrote. If you spot even a single typo in an email supposedly coming from your bank, your guard should go up.
Keep an eye out for weird phrasing or translation errors as well. Unless you’re living in the 19th century, your bank probably won’t start a message with “Dearest sir” or end with, “We do thank you kindly.”
Of course, even professional bankers make writing mistakes, but hackers phishing for data make them more often. A poorly worded email asking for your data is almost a cliche.
Anything too Good to Be True
Another red flag is a message purportedly coming from your bank that informs you someone made a large deposit in your account. A strange story about a charitable relative or member of royalty often accompanies the message. Other emails using this tactic might tell you that you got a refund from the IRS or a shipment that couldn’t go through.
Hackers try to make the amount sound more realistic by making it highly specific. You didn’t receive five million dollars, but $4,543,912. Of course, they will request that you provide your bank account details to claim the money.
Is someone actually trying to transfer $4,543,912 to you? Don’t worry — an actual deposit of that size will prompt a call from the bank. You’ll probably also have a relative calling to inform you a long-lost uncle left you in his will.
Protecting Your Online Bank Account
Don’t take risks when it comes to your financial security. Treat your online bank account info with even more care than if it was printed on paper because if it falls into the wrong hands, you have no idea where it could end up. By taking appropriate cybersecurity measures, you’ll help ensure your funds, personal information, and login credentials remain safe.