Banking Securely Online
Online banking continues to present challenges to your financial security and personal privacy. Millions of people have had their checking accounts compromised. If you are going to use online banking to conduct financial transactions, you should make yourself aware of the risks and take precautions to minimize them. The following practices, which are discussed further in this paper, can help you avoid common security problems associated with online banking:
- Review all privacy and policy information.
- Use unique and hard to guess login information.
- Protect your computer.
- Check your account balance regularly.
- Pay using credit cards.
- Do not access your account from public locations.
- Verify email correspondence from bank.
- If your account is compromised, take swift action.
Attacks that Target Online Banking
Several types of electronic fraud specifically target online banking. Some of the more popular types are described below:
Phishing attacks use fake email messages from an agency or individual pretending to represent your bank or financial institution. The email asks you to provide sensitive information (name, password, account number, and so forth) and provides links to a counterfeit web site. If you follow the link and provide the requested information, intruders can access your personal account information and finances.
In some cases, pop-up windows can appear in front of a copy of a genuine bank web site. The real web site address is displayed; however, any information you type directly into the pop-up will go to unauthorized users. In a similar scheme, called “Vishing,” a person calls you and pretends to be a bank representative seeking to verify account information.
Malware is the term for maliciously crafted software code. Special computer programs now exist that enable intruders to fool you into believing that traditional security is protecting you during online banking transactions. Attacks involving malware are a factor in online financial crime.
Pharming attacks involve the installation of malicious code on your computer; however, they can take place without any conscious action on your part. In one type of pharming attack, you open an email, or an email attachment, that installs malicious code on your computer. Later, you go to a fake web site that closely resembles your bank or financial institution. Any information you provide during a visit to the fake site is made available to malicious users.
All the attack types listed above share one characteristic; they are created using technology but, in order to succeed, they need you to provide information:
- In phishing attacks, you must provide the information or visit links.
- With malware, you must be tricked into performing actions you would not normally do. You would have to install the malware on your computer either by running a program, such as an email attachment, or by visiting a web site through email or instant message link. Then, you would have to submit your bank login information. Your financial information would be at risk only after you performed all these steps.
- With pharming attacks, you must open an email, or email attachment, to become vulnerable. You then visit a fake website and, without your knowledge, provide information that compromises your financial identity.
Tips for Safe Online Banking
When it comes to online banking, there is no way to absolutely guarantee your safety. However, good practices do exist that can reduce the risks posed to your online accounts. Here are some tips to remain safe while online banking:
- Review your bank’s information about its online privacy policies and practices.
- For security purposes, choose an online personal identification number (PIN) that is unique and hard to guess.
- Install anti-virus, firewall, and anti-spyware programs on your computer and keep them up to date.
- Regularly check your online account balance for unauthorized activity.
- Use a credit card to pay for online goods and services.
- Avoid situations where personal information can be intercepted, retrieved, or viewed by unauthorized individuals.
- If you receive email correspondence about a financial account, verify its authenticity by contacting your bank or financial institution. If you have disclosed financial information to a fraudulent web site, file reports with the following organizations: your bank, the local police, the Federal Trade Commission, the Internet Crime Complaint Center, and the three major credit bureaus – Equifax, Experian, and TransUnion.
Online banking involves certain risks. It is important to educate yourself about these risks, how unauthorized access to your financial information occurs, and the steps you can take to protect your financial information. Learning about your rights and responsibilities as an online banking consumer can make a difference to your financial well-being changing the age-old saying “A penny saved is a penny earned” to “A penny saved is a penny kept.”
Source: Department of Homeland Security, Banking Securely Online, Stop.Think.Connect. Campaign