Summary: With all the reports of sniffing and malware and hacks ... is it even possible to bank online securely? Yes. If you're careful.
I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?
•
Sure.
Avoid getting infected.
That sounds trite and flippant, and I don't mean it to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes so that you don't get infected, and you'll be safe.
I regularly bank online. In fact, I much prefer it over the alternatives.
•
It really boils down to remembering and religiously following the basics:
Strong Password - the majority of the account theft I see is typically due to poor passwords. You really, really want a strong password on your banking accounts. Yes, keyloggers can get 'em, but I'll say it again: the majority of account hacks that I see are simply due to poor password choices.
Don't Share Passwords - the number two reason I see for account theft? Telling your password to someone you "trust" who turns out either to be not so trustworthy, or simply not as cautious as you need them to be.
Email attachments - don't open 'em. At least not until or unless you're absolutely positive that they're expected and safe. Not positive? Don't open it. Just don't.
E-cards - as far as I'm concerned these are as bad as attachments. Don't send them, and don't open them unless you're positive it's expected and safe. (Hint: if it says it from "a friend", it's bogus). Not sure? Don't open it.
Phishing - never click on links in email messages from your bank or other official places. Instead, visit your bank as you would without email: type the link into the browser address bar and go there. Whatever it is they're supposedly emailing you about should be there. If not, they're either not a very savvy bank, or you just avoided being phished.
Secure your Wifi or shared connection - make sure that your Wifi connection at home has WPA encryption on it, and make sure that you take all steps necessary to use a public Wifi connection safely. If you don't it's often trivial for a hacker to sniff your login credentials. In fact, whenever you share an internet connection, you may need to take the same precautions depending on your level of trust of your fellow users.
Never ever use a shared or public computer for sensitive work. You have no idea what's on them, what key loggers may be present, or what happens after you use them. Just don't.
One tool I suggest adding to your toolbox is the NoScript extension in FireFox. It disables Javascript (and flash, and more) and protects against cross-site scripting attacks for all sites until you say "this site is OK" - which is easy to do. It's a tad annoying at first, since you have to build up the list of trusted sites, but it's absolutely worth the additional protection.
My bottom line is that all banking, online or off, is dangerous. In my opinion, you're actually more likely to be affected by bad behavior you have no control over in the bank's back room than you are to have your keystrokes logged as long as you follow the simple security stuff you're already doing.
Related:
-
Online Shopping - Just how safe is it? It's the holiday season, and there's lots of shopping going on. Why are some afraid to shop online?
-
How do I stay safe in an internet cafe? When connecting to the internet in an internet cafe, hotspot or other public connection you could be opening yourself up to serious security issues.
-
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Article C3690 - March 26, 2009
I have a follow-up question: Is it safe to go to a secure site like your banks (indicated by the "https") from your own laptop on an open public WiFi network? As a precaution I don't. But I need some reassurance on this from a tech-guru.
27-Mar-2009
Turn the question around: Is non-online banking safe?
Assuming that the appropriate precautions are taken, I'd argue that online banking is safer than the alternatives.
As an example, a few years ago my credit card number was used for a series of unauthorized payments to a PayPal account. Because I bank online, I was alerted to the transactions with 24 hours and was able to deactivated the card.
Another example: I was assessed a "foreign transaction fee" on a recent credit card purchase. I'm located in the US, the purchase was for a product made in the US and sold by a US based retailer. Again, because I bank online I was notified immediately of the fee and was able to have the bank remove it, all done online.
My bank has even taken the step at their web site to allow checks to be scanned and deposited electronically by the customer, releasing the funds for immediate use.
As a result, I haven't seen the inside of a bank for a decade and a half and never personally been in the bank I use, which is located in another state.
Posted by: Ray at March 27, 2009 2:00 PMI have always been skeptical on on-line banking and have a suggestion for those of you that feel the same but want to do it and avoid some risk. I signed up for a "free" on line banking account with a local bank. It was a bank where I do not have my main checking account or savings account or any IRA accounts or SEP accounts. So I use it for checking on line banking and I only have a #2,000 deposit in it. When it gets low I drop by the bank and put in a check for a thousand or so and replenish the on line banking account. If someone hacks into their system all they can find is my one on-line checking account and the most it will have is $2000 and since I don't have other accounts there they cannot link or hack into other accounts of mine once they hack into the online banking. The general banking practice is to guarantee 100% against online banking fraud so I think this way I limit my exposure to my main assets and the most I could possible loose is $2,000 or less if the bank turns out to not honor their hacking protection pledge. On line banking is much easier but I do not care who the bank is I suspect somebody out there can hack into it ultimately so you need to limit you exposure somehow and this is how I do it.
Posted by: GPTDesign at March 27, 2009 4:26 PMGPTDesign
One other thing I suggest to add to the security measures for those who still use wired & not wireless connections is never, never connect your computer directly to the internet, always go through a Secured, Fire-Walled, NAT Router, they're not as expensive as they used to be,
Posted by: Richard FDisk at March 27, 2009 9:47 PMI just bought a 4 Port for less than $150.00.
I might add one other security measure I use for on-line banking. My username is also a combination of upper and lower case letters and numbers. It only has to make sense to me.
Posted by: Lyle Walker at March 31, 2009 8:35 AMFor my particular bank, I can set up e-mailalerts that let me know if a large deposit or withdrawal was made, or if my balance has gone below a certain amount. I wouldn't have that type of bulletin if I simply waited for a paper statement to arrive. Besides that, having organized many people's paperwork and files through the years, it's not uncommon to find that statements can remain upon for weeks, months, sometimes even years. So as long as you take the precautions Leo prescribes, you are probably safer overall against fraud by banking online than by the old methods.
Posted by: bjth at March 31, 2009 8:58 AMWhat do you use to generate a "safe" password for online banking?
01-Apr-2009
How do I set up WPA encription on my laptop when I go wireless? I have a Compaq EVO N600C with the wirless card. I was concerned when I go to hotels that are wireless and want to know how to protect my passwords. I have a current antivirus which is Panda. Thank you for your time in answering my question.
01-Apr-2009
2 things i use when online banking.
Posted by: fastfreddie1959 at March 31, 2009 7:42 PMFirefox browser.
And an Add-ON program called key scrambler.
https://addons.mozilla.org/en-US/firefox/addon/3383
It encrypts while you type.