Helping people with computers... one answer at a time.
With all the reports of sniffing and malware and hacks ... is it even possible to bank online securely? Yes. If you're careful.
I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?
•
Sure.
Avoid getting infected.
That sounds trite and flippant, and I don't mean it to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes so that you don't get infected, and you'll be safe.
I regularly bank online. In fact, I much prefer it over the alternatives.
•
It really boils down to remembering and religiously following the basics:
Strong Password - the majority of the account theft I see is typically due to poor passwords. You really, really want a strong password on your banking accounts. Yes, keyloggers can get 'em, but I'll say it again: the majority of account hacks that I see are simply due to poor password choices.
Don't Share Passwords - the number two reason I see for account theft? Telling your password to someone you "trust" who turns out either to be not so trustworthy, or simply not as cautious as you need them to be.
Email attachments - don't open 'em. At least not until or unless you're absolutely positive that they're expected and safe. Not positive? Don't open it. Just don't.
E-cards - as far as I'm concerned these are as bad as attachments. Don't send them, and don't open them unless you're positive it's expected and safe. (Hint: if it says it from "a friend", it's bogus). Not sure? Don't open it.
Phishing - never click on links in email messages from your bank or other official places. Instead, visit your bank as you would without email: type the link into the browser address bar and go there. Whatever it is they're supposedly emailing you about should be there. If not, they're either not a very savvy bank, or you just avoided being phished.
Secure your Wifi or shared connection - make sure that your Wifi connection at home has WPA encryption on it, and make sure that you take all steps necessary to use a public Wifi connection safely. If you don't it's often trivial for a hacker to sniff your login credentials. In fact, whenever you share an internet connection, you may need to take the same precautions depending on your level of trust of your fellow users.
Never ever use a shared or public computer for sensitive work. You have no idea what's on them, what key loggers may be present, or what happens after you use them. Just don't.
One tool I suggest adding to your toolbox is the NoScript extension in FireFox. It disables Javascript (and flash, and more) and protects against cross-site scripting attacks for all sites until you say "this site is OK" - which is easy to do. It's a tad annoying at first, since you have to build up the list of trusted sites, but it's absolutely worth the additional protection.
My bottom line is that all banking, online or off, is dangerous. In my opinion, you're actually more likely to be affected by bad behavior you have no control over in the bank's back room than you are to have your keystrokes logged as long as you follow the simple security stuff you're already doing.
Article C3690 - March 26, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I might add one other security measure I use for on-line banking. My username is also a combination of upper and lower case letters and numbers. It only has to make sense to me.
Posted by: Lyle Walker at March 31, 2009 8:35 AMFor my particular bank, I can set up e-mailalerts that let me know if a large deposit or withdrawal was made, or if my balance has gone below a certain amount. I wouldn't have that type of bulletin if I simply waited for a paper statement to arrive. Besides that, having organized many people's paperwork and files through the years, it's not uncommon to find that statements can remain upon for weeks, months, sometimes even years. So as long as you take the precautions Leo prescribes, you are probably safer overall against fraud by banking online than by the old methods.
Posted by: bjth at March 31, 2009 8:58 AMWhat do you use to generate a "safe" password for online banking?
01-Apr-2009
How do I set up WPA encription on my laptop when I go wireless? I have a Compaq EVO N600C with the wirless card. I was concerned when I go to hotels that are wireless and want to know how to protect my passwords. I have a current antivirus which is Panda. Thank you for your time in answering my question.
01-Apr-2009
2 things i use when online banking.
Posted by: fastfreddie1959 at March 31, 2009 7:42 PMFirefox browser.
And an Add-ON program called key scrambler.
https://addons.mozilla.org/en-US/firefox/addon/3383
It encrypts while you type.