Helping people with computers... one answer at a time.

With all the reports of sniffing and malware and hacks ... is it even possible to bank online securely? Yes. If you're careful.

I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?


Avoid getting infected.

That sounds trite and flippant, and I don't mean it to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes so that you don't get infected, and you'll be safe.

I regularly bank online. In fact, I much prefer it over the alternatives.

It really boils down to remembering and religiously following the basics:

Strong Password - the majority of the account theft I see is typically due to poor passwords. You really, really want a strong password on your banking accounts. Yes, keyloggers can get 'em, but I'll say it again: the majority of account hacks that I see are simply due to poor password choices.

"... all banking, online or off, is dangerous."

Don't Share Passwords - the number two reason I see for account theft? Telling your password to someone you "trust" who turns out either to be not so trustworthy, or simply not as cautious as you need them to be.

Email attachments - don't open 'em. At least not until or unless you're absolutely positive that they're expected and safe. Not positive? Don't open it. Just don't.

E-cards - as far as I'm concerned these are as bad as attachments. Don't send them, and don't open them unless you're positive it's expected and safe. (Hint: if it says it from "a friend", it's bogus). Not sure? Don't open it.

Phishing - never click on links in email messages from your bank or other official places. Instead, visit your bank as you would without email: type the link into the browser address bar and go there. Whatever it is they're supposedly emailing you about should be there. If not, they're either not a very savvy bank, or you just avoided being phished.

Secure your Wifi or shared connection - make sure that your Wifi connection at home has WPA encryption on it, and make sure that you take all steps necessary to use a public Wifi connection safely. If you don't it's often trivial for a hacker to sniff your login credentials. In fact, whenever you share an internet connection, you may need to take the same precautions depending on your level of trust of your fellow users.

Never ever use a shared or public computer for sensitive work. You have no idea what's on them, what key loggers may be present, or what happens after you use them. Just don't.

One tool I suggest adding to your toolbox is the NoScript extension in FireFox. It disables Javascript (and flash, and more) and protects against cross-site scripting attacks for all sites until you say "this site is OK" - which is easy to do. It's a tad annoying at first, since you have to build up the list of trusted sites, but it's absolutely worth the additional protection.

My bottom line is that all banking, online or off, is dangerous. In my opinion, you're actually more likely to be affected by bad behavior you have no control over in the bank's back room than you are to have your keystrokes logged as long as you follow the simple security stuff you're already doing.

Article C3690 - March 26, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

March 27, 2009 2:57 AM

I have a follow-up question: Is it safe to go to a secure site like your banks (indicated by the "https") from your own laptop on an open public WiFi network? As a precaution I don't. But I need some reassurance on this from a tech-guru.

As long as the connection is https and always https, then I would feel safe doing so.
- Leo

March 27, 2009 2:00 PM

Turn the question around: Is non-online banking safe?

Assuming that the appropriate precautions are taken, I'd argue that online banking is safer than the alternatives.

As an example, a few years ago my credit card number was used for a series of unauthorized payments to a PayPal account. Because I bank online, I was alerted to the transactions with 24 hours and was able to deactivated the card.

Another example: I was assessed a "foreign transaction fee" on a recent credit card purchase. I'm located in the US, the purchase was for a product made in the US and sold by a US based retailer. Again, because I bank online I was notified immediately of the fee and was able to have the bank remove it, all done online.

My bank has even taken the step at their web site to allow checks to be scanned and deposited electronically by the customer, releasing the funds for immediate use.

As a result, I haven't seen the inside of a bank for a decade and a half and never personally been in the bank I use, which is located in another state.

March 27, 2009 4:26 PM

I have always been skeptical on on-line banking and have a suggestion for those of you that feel the same but want to do it and avoid some risk. I signed up for a "free" on line banking account with a local bank. It was a bank where I do not have my main checking account or savings account or any IRA accounts or SEP accounts. So I use it for checking on line banking and I only have a #2,000 deposit in it. When it gets low I drop by the bank and put in a check for a thousand or so and replenish the on line banking account. If someone hacks into their system all they can find is my one on-line checking account and the most it will have is $2000 and since I don't have other accounts there they cannot link or hack into other accounts of mine once they hack into the online banking. The general banking practice is to guarantee 100% against online banking fraud so I think this way I limit my exposure to my main assets and the most I could possible loose is $2,000 or less if the bank turns out to not honor their hacking protection pledge. On line banking is much easier but I do not care who the bank is I suspect somebody out there can hack into it ultimately so you need to limit you exposure somehow and this is how I do it.

Richard FDisk
March 27, 2009 9:47 PM

One other thing I suggest to add to the security measures for those who still use wired & not wireless connections is never, never connect your computer directly to the internet, always go through a Secured, Fire-Walled, NAT Router, they're not as expensive as they used to be,
I just bought a 4 Port for less than $150.00.

Lyle Walker
March 31, 2009 8:35 AM

I might add one other security measure I use for on-line banking. My username is also a combination of upper and lower case letters and numbers. It only has to make sense to me.

March 31, 2009 8:58 AM

For my particular bank, I can set up e-mailalerts that let me know if a large deposit or withdrawal was made, or if my balance has gone below a certain amount. I wouldn't have that type of bulletin if I simply waited for a paper statement to arrive. Besides that, having organized many people's paperwork and files through the years, it's not uncommon to find that statements can remain upon for weeks, months, sometimes even years. So as long as you take the precautions Leo prescribes, you are probably safer overall against fraud by banking online than by the old methods.

Lou L
March 31, 2009 12:01 PM

What do you use to generate a "safe" password for online banking?

This article has some guidelines: What's a good password?
- Leo

March 31, 2009 1:51 PM

How do I set up WPA encription on my laptop when I go wireless? I have a Compaq EVO N600C with the wirless card. I was concerned when I go to hotels that are wireless and want to know how to protect my passwords. I have a current antivirus which is Panda. Thank you for your time in answering my question.

WPA is something that's chosen not by you and yoru laptop, but by the connection provider - the cafe or the hotel - or when you set up your wireless access point at home. When you then attempt to connect to a wireless network that uses WPA you'll be prompted for a passphrase. If you can connect without a passphrase, then it's probably open. Cafe's and Hotels rarely use encryption of any sort. You can read about your alternatives here: How do I stay safe in an internet cafe?
- Leo

March 31, 2009 7:42 PM

2 things i use when online banking.
Firefox browser.
And an Add-ON program called key scrambler.
It encrypts while you type.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.