Is it Safe to Bank on Wi-Fi?

Using Public, Hotel, and even Home Wi-Fi for Banking

Wi-Fi at Cafe
Maskot/Getty Images

Whether you’re moving around the house, around town, or around the world, a wireless internet connection means you can take care of business online with ease. But just because it’s easy doesn’t mean it’s a great idea. The fact that data is broadcast to anybody in range means that your information could be at risk, and that’s especially risky when you use Wi-Fi for online banking.

Does that mean you need to avoid banking by Wi-Fi at all costs?

Not necessarily, and that’s probably not realistic. But you should be aware of the risks you take when using Wi-Fi in public places – and there’s even some risk when you bank with Wi-Fi at home or in a hotel room.

General Risks

In fact, you don’t even need conduct banking business to expose yourself. Simply connecting to a wireless network to find the nearest bakery brings risk, although the risk might be small. When your device connects to the internet, any number of applications running in the background might take the opportunity to go online (to check for updates, for example).

What’s the risk of letting those applications run wild? Some of the information they send might not be encrypted. It might not be sensitive information, but it could be useful information for thieves. Learning your email address, usernames that you’re fond of, and where you bank can help a thief piece together enough information to do some kind of damage (whether that’s getting into your bank accounts or stealing your identity) or mount a social engineering attack.

How does this happen? When you use Wi-Fi, everything you send and receive is broadcast over the airwaves. Any computer within range can “listen” to that communication, although ideally the information is encrypted so that only your device understands it.

Secure Websites

For the most part, financial websites and apps use encryption.

That means your information is secure, even if thieves are listening. Your browser probably shows you when you’re on a secure site by displaying a padlock icon and showing “https” (the “s” is the important part) in the address bar.

However, the appearance of a secure site is no guarantee. If the network you connect to is compromised (meaning somebody installed malicious software on the Wi-Fi equipment), hackers can hijack traffic so that you are sent to a fake “secure” site instead of a legitimate website. Even if you use a bookmark or type in the web address correctly (www.bankofwhatever.com), you’ll end up on an impostor page that looks just like the real deal.

You might think that mobile apps are a little bit safer (they’re probably harder to attack than a browser), but that may be a false sense of security. In 2014, PCWorld reported serious weaknesses in mobile banking apps.

Tips for Safe Banking

It’s probably not realistic to avoid banking over Wi-Fi. So what can you do to keep your information safe, whether you’re out and about or just banking from the couch?

Use security software: security software goes a long way towards keeping you out of trouble. Keep antivirus and firewall programs up to date, and use a virtual private network (VPN) to access sensitive information over public Wi-Fi.

Avoid jailbreaking or rooting your mobile device, as doing so can make secure devices and apps much less secure.

Trust your browser: your web browser wants to help you stay safe. When visiting secure sites, make sure that “https:” appears in the address bar, and look for the padlock icon. If you get any warnings (such as untrusted certificates or similar) – especially unexpected warnings while using Wi-Fi away from home – wait until you’re on a secure network access bank accounts.

Use cellular networks: if you have a data plan, use a cellular network instead of Wi-Fi for banking. It’s not impossible for thieves to get into those networks, but it’s not nearly as easy as hacking Wi-Fi. If you can also tether other devices or set up a mobile hotspot do that – at least while you conduct banking business.

Control your devices: don’t set your laptop or mobile device to “connect automatically” when it finds available networks. Thieves can set up a fake Wi-Fi network very easily, and they often give those networks commonly used names (like Free Wi-Fi, Airport Wi-Fi, or Hotel Wi-Fi). Always ask which network to connect to.

Use any security available: if it’s not already required by your bank, set up extra security that helps prevent unauthorized logins. For example, your bank might require you to enter a unique code (sent to you by text message) every time you log in. That code will only work once, so thieves will have a harder time taking over your account if they get your username and password (or even one of those codes).