Is It Safe to Bank on Wi-Fi?
Public Wi-Fi is handy, but be careful sending passwords over it
Wi-Fi makes it easy to access information and do business online — whether you’re around the house, around town, or anywhere around the world. But just because it’s easy doesn’t mean it’s a great idea. The fact that data is broadcast to anybody in range means that your information could be at risk, and that’s especially risky when you use Wi-Fi for online banking.
Avoiding Wi-Fi altogether is not realistic, and it’s probably not even practical to save banking sessions for when you’re at home on a wired connection. But you should be aware of the risks you take when using free public Wi-Fi — and there’s even some risk when you bank with Wi-Fi at home or in a hotel room.
Connecting is Risky
You don’t even need access financial accounts to expose yourself to risk. Simply connecting to a wireless network to find the nearest bakery can cause problems, although the risk might be small. When your device connects to the internet, any number of applications running in the background might take the opportunity to go online (to check for updates or new messages, for example).
What’s the risk of letting those applications run wild? Some of the information they send might not be encrypted. It might not be sensitive personal information, but it could be useful information for thieves. Potential leaks include your email address, usernames that you’re fond of, and the name of your bank. With those details, thieves can piece together enough information to do some kind of damage (whether that’s getting into your bank accounts or stealing your identity) or mount a social engineering attack.
How does this happen? When you use Wi-Fi, your device broadcasts everything you send over the airwaves. Any computer within range can “listen” to that communication, although ideally, the information is encrypted so that only authorized devices understand it.
Tips for Safe Banking
At some point, you’re going to find the need to conduct financial business on Wi-Fi, whether it’s checking your balance before a major purchase or depositing a check. So what can you do to keep your information safe, whether you’re out and about or just banking from the couch?
Stay up-to-date: Keep your operating system updated, whether you use a mobile device, laptop, or desktop. Using outdated software is like leaving your door unlocked — hackers know how to get it, and it’s easy to fix most vulnerabilities with an update. If you don’t enable automatic updates, pay attention to notifications (especially if they reference important security patches).
Use cellular networks: If you have a data plan, use your cellular network instead of Wi-Fi for banking. It’s still possible for thieves to get into those networks, but it’s not nearly as easy as hacking Wi-Fi. If you can also tether other devices or set up a mobile hotspot, do that — at least while you conduct banking business.
Use credit cards for shopping: If you make purchases while using Wi-Fi, credit cards are typically safer than debit cards. A debit card draws directly from your checking account, so a thief with your card number can cause serious problems (interfering with your ability to pay bills and buy food, for example). With a credit card, you have a buffer protecting your checking account — plus you have better consumer protection and a grace period to get things cleaned up.
Control your devices: Don’t set your laptop or mobile device to “connect automatically” when it finds available networks. Thieves can set up a fake Wi-Fi network very easily, and they often give those networks commonly used names (like Free Wi-Fi, Airport Wi-Fi, or Hotel Wi-Fi). Always ask which network to connect to.
Use any security available: If your bank does not already require it, set up extra security that helps prevent unauthorized logins. For example, two-factor authentication makes it much harder for hackers to log in to your account. You can arrange things so that your bank requires you to enter a unique code (sent to you by text message or generated by an app) every time you log in. That code will only work once, so thieves will have a harder time taking over your account if they get your username and password (or even one of those codes).
Use security software: Security software goes a long way towards keeping you out of trouble. Keep antivirus and firewall programs up to date, and use a virtual private network (VPN) to access sensitive information over public Wi-Fi. Avoid jailbreaking or rooting your mobile device, as doing so can make secure devices and apps much less secure.
Trust your browser: Your web browser wants to help you stay safe. When visiting secure sites, make sure that “https:” appears in the address bar, and look for the padlock icon. If you get any warnings (such as untrusted certificates or similar) — especially unexpected warnings while using Wi-Fi away from home — wait until you’re on a secure network access bank accounts.
Monitor your account: Whether or not your bank on public Wi-Fi, it’s wise to review your accounts regularly. Doing so helps you spot errors and signs of fraud — plus you’ll probably pay fewer overdraft fees. A quick scan through transactions is a good start, but you can also balance your account monthly for a more thorough review. Federal law protects you from errors and fraud in your account, but you need to act fast to get those benefits.
Secure Websites and Apps
For the most part, financial websites and apps protect your information by encrypting it before sending it over a network. As a result, your information is secure, even if thieves are listening. Your browser should show you when you’re on a secure site by displaying a padlock icon and showing “https” (the “s” is the important part) in the address bar.
However, the appearance of a secure site is no guarantee. If you connect to a compromised network (meaning somebody installed malicious software on the Wi-Fi equipment), hackers can hijack traffic so that you go to a fake “secure” site instead of a legitimate website. Even if you use a bookmark or type in the web address correctly (www.bankofwhatever.com), you’ll end up on an impostor page that looks just like the real deal.
You might think that mobile apps are a little bit safer (they’re probably harder to attack than a web page on a browser), but that may be a false sense of security. In 2014, PCWorld reported serious weaknesses in mobile banking apps. Still, it’s harder to end up at an impostor site if you use an app.