Online banking is uniquely susceptible to cybercrime. Other than our homes and cars, our bank accounts tend to contain our biggest monetary assets. And even if your own account balance regularly starts with a minus, today’s bank accounts often come with generous overdraft facilities. The same is true of credit cards, where five-figure credit limits aren’t unusual.
Financial reserves like these attract hordes of scammers and criminals who use social engineering techniques like phishing and extortion to acquire bank details and login credentials. We’ve all received emails inviting us to check our accounts for suspicious activity, yet even professional-looking phishing emails are easily identified as fraudulent by moving your mouse over any hyperlinks. Would an American bank really ask its customers to log into a page located at firstname.lastname@example.org?
Don’t be a fraud
Last year, one million Americans became victims of fraud. Their median loss was $429, enough to damage the finances of many individuals and families. In direct response to these ongoing losses, banks and credit firms are pioneering innovations in online identification. Logging into an online banking page now involves entering a customer ID, usually followed by a separate screen requiring a passcode and a registration number. This two-stage process is known as two-factor authentication (or 2FA), and it’s one of the leading techniques for preventing cybercrime. Pioneered by the financial services sector, it’s since been adopted by social media platforms and ecommerce sites.
To demonstrate the authenticity of an online banking portal, the provider might display a pre-selected graphics and character string on the second 2FA page. This unique identifier proves the site hasn’t been hacked or fraudulently redirected. (Criminals are occasionally able to divert traffic from a legitimate site to a bogus one, replicating user interfaces to acquire login credentials which can then be used malevolently.) Even if a fake website fooled customers into entering their customer ID, there’d be no way to correctly guess which graphic or character string to display.
Taking back control
Alongside laudable security measures from financial institutions, a healthy dose of common sense should ensure you won’t end up joining 2018’s fraud statistics:
#1. Switch to banks and credit firms offering 2FA.
In fairness, this is commonplace nowadays. Some portals only authorize logons or new payment orders when the account holder enters a one-time passcode texted to their cell phone number, or when a mobile app is accessed using biometric data like a fingerprint. As explained above, 2FA hugely reduces the scope for criminal activity if the database of user passwords is kept separate to the database of PIN codes, the database of customer IDs, etc. As a general rule, websites tend to be more secure than mobile apps.
#2. Only log into online banking from secure private networks.
You might feel safe checking your balance via a mobile app in your local Starbucks, but public Wi-Fi networks tend to be insecure. This makes them easy to log into (and supervise), but also child’s play to hack. That guy on his laptop in the corner could be intercepting data transfers from nearby devices, or harvesting login data by monitoring keystrokes. If you must access public Wi-Fi, use a virtual private network to encrypt your activities. And before using any financial website, check it displays an HTTPS address prefix.
#3. Create unique passwords, and store them offline.
It’s increasingly difficult to remember all the passcodes and PINs needed for online activities. Even so, never share passwords between accounts – one compromised database might let criminals run amok. Choose a complex alphanumeric string, and write it down in a notebook or diary. Without sitting in your chair at your computer, it would be difficult to crack a password containing a dozen upper and lowercase characters, numbers and symbols. Periodic password changes also protect you against bank-side data loss or fraud.
#4. Use antivirus software.
There are common misconceptions that Macs are impervious to malware, or that it’s easy to identify the presence of a keystroke logger on a computer. In fact, malware is constantly evolving into more devious and discrete forms. The best way to repel it involves installing antivirus software. and enabling it. Disabling your antivirus package exposes you to newly-launched (zero day) attacks, hidden Trojans and malicious email attachments.
#5. Remain vigilant.
Banks increasingly encourage paperless billing but take a few minutes every month to skim through recent transactions. If you have an easy-to-access biometric mobile app, use it regularly. Report any suspicious activity as soon as you see it since quick responses help to minimize (and even undo) criminal activity. Old-fashioned fraud methods like card cloning still occur, so don’t assume the internet is the only front where your online security is being threatened.