Is It Safe to Bank on Wi-Fi?
Public Wi-Fi is handy, but is it worth risking sensitive data?
Wi-Fi makes it easy to access information and do business online — whether you’re around the house, around town, or anywhere around the world. But just because it’s easy doesn’t mean it’s wise. The fact that Wi-Fi broadcasts data to anybody in range means that your information could be at risk. That’s especially risky if you use Wi-Fi for online banking.
Avoiding Wi-Fi altogether is not realistic. It’s probably not even practical to save banking sessions for when you’re at home or on a wired connection. But you should be aware of the risks you take when using free public Wi-Fi. Plus, there’s some risk when you bank with Wi-Fi at home or in a hotel room.
Tips for Safe Banking
At some point, you’ll probably need to conduct financial business on Wi-Fi, whether it’s checking your balance before a major purchase or depositing a check. So, what can you do to keep your information safe, whether you’re out and about or just banking from the couch?
- Stay up-to-date: Keep your operating system updated, whether you use a mobile device, laptop, or desktop. Using outdated software is like leaving your door unlocked — hackers know how to get in, and it’s easy to fix most vulnerabilities with an update. If you choose not to enable automatic updates, pay attention to notifications (especially if they reference critical security patches).
- Use cellular networks: If you have a data plan, use your mobile network instead of Wi-Fi for banking. It’s still possible for thieves to get into those networks, but it’s not nearly as easy as hacking Wi-Fi. If you can tether other devices or set up a mobile hotspot, do that — at least while you conduct banking business.
- Use credit cards for shopping: If you make purchases while using Wi-Fi, credit cards are typically safer than debit cards. A debit card draws directly from your checking account, so a thief with your card number can cause serious problems (interfering with your ability to pay bills and buy food, for example). With a credit card, you have a buffer protecting your checking account — plus you have better consumer protection and a grace period to get things cleaned up.
- Control your devices: Don’t set your laptop or mobile device to “connect automatically” when it finds available networks. Thieves can set up a fake Wi-Fi network very easily, and they often give those networks commonly used names (like Free Wi-Fi, Airport Wi-Fi, or Hotel Wi-Fi). Always ask which network to connect to.
- Use any security available: If your bank does not already require it, set up extra security to reduce the chances of unauthorized logins. For example, two-factor authentication makes it much harder for hackers to log in to your account. You can arrange things so that your bank requires you to enter a unique code (sent to you by text message or generated by an app) every time you log in. That code only works once, so thieves have a hard time taking over your account if they get your username and password (or even one of those expired codes).
- Use security software: Security software goes a long way toward keeping you out of trouble. Keep antivirus and firewall programs up to date, and use a virtual private network (VPN) to access sensitive information over public Wi-Fi. Avoid jailbreaking or rooting your mobile device, as doing so can make secure devices and apps much less secure.
- Trust your browser: Your web browser wants to help you stay safe. When visiting secure sites, make sure that “https:” appears in the address bar and look for the padlock icon. If you get any warnings (such as untrusted certificates or similar) — especially unexpected warnings while using Wi-Fi away from home — wait until you’re on a secure network to access bank accounts.
- Monitor your account: Whether or not your bank on public Wi-Fi, it’s critical to review your accounts regularly. Doing so helps you spot errors and signs of fraud. Plus, you’ll probably pay fewer overdraft fees. A quick scan through transactions is a good start, but you can also balance your account monthly for a more thorough review. Federal law protects you from errors and fraud in your account, but you need to act fast to get those benefits.
Secure Websites and Apps
For the most part, financial websites and apps protect your information by encrypting it before sending it over a network. As a result, your information is quite secure, even if thieves are listening. Your browser should notify you when you’re on a secure site by displaying a padlock icon and showing “https” (the “s” is the important part) in the address bar.
However, the appearance of a secure site is no guarantee. If you connect to a compromised network (where somebody installed malicious software on the Wi-Fi equipment, for example), hackers can hijack traffic so that you go to a fake “secure” site instead of a legitimate website. Even if you use a bookmark or type in the web address correctly (www.bankofwhatever.com), you can end up on an impostor page that looks just like a legitimate site.
You might believe that mobile apps are safer than websites (they’re probably harder to attack than a web page accessed by browser), but that may be a false sense of security. In 2014, PCWorld reported serious weaknesses in mobile banking apps. Still, it’s harder to end up at an impostor site if you use an app.
Connecting Is Risky
You don’t need to access financial accounts to expose yourself to risk.
Simply connecting to a wireless network to find the nearest bakery can cause problems, although the risk may be small. When your device connects to the internet, numerous applications running in the background might take the opportunity to go online (to check for updates or new messages, for example).
What’s the risk of letting those applications run wild? Some of the information they send might not be encrypted. It might not be sensitive personal information, but it could be useful information for thieves. Potential leaks include your email address, locations you frequent, usernames that you’re fond of, and more. With those details, thieves can piece together enough information to do some kind of damage (whether that’s getting into your bank accounts or stealing your identity). Alternatively, they can leverage that information to mount a social engineering attack.
When you use Wi-Fi, your device broadcasts everything you send over the airwaves. Any computer within range can “listen” to that communication, although ideally, the transmission is encrypted so that only authorized devices understand it.