How To Safely Use Online Banking

How can you be safe online?

online banking security
Alberto Ruggieri / Getty Images

Every time you log into your account or use your bank's app, you might feel uneasy and wonder if online banking is safe. In a world of constant data breaches, how can it possibly be a good idea to send secure information over the Internet?

Remember that there are things you can control and things you can't control. We'll cover both of those areas here.

Security of Online Banking and Apps

For the most part, banking online is quite safe – your behavior (and the actions of other people who have access to your data) is probably more important than how you access your account.

Most financial institutions use world-class security and encryption to keep your data as safe as possible, and they employ experts to continually improve security. In many ways, banking electronically is safer than old-fashioned practices. For example, if you pay bills online, nobody can steal your personal checks and get your checking account information.

Unfortunately, banks can get hacked, and your information can get stolen. But that risk exists whether or not you bank online. So it's probably safest to set up an account yourself (and use a strong password) before thieves get to it using easy-to-find information.

Unless your bank is still in the dark ages, the ability to access accounts online is the least of your worries. The bigger problem is what people do with your information. Bank employees are trained to verify the identity of anybody who tries to use your account, but they occasionally make mistakes, and con artists can be very effective.

Thieves can get enough information to access your account from numerous places. Consider your doctor’s office: does the receptionist ever leave the desk unattended, and do they always shred (or secure) sensitive documents?

What you can Control

How can you be safe online and enjoy the convenience of 21st-century technology?

Stay up to date: the security of your device is important. Unsupported (or abandoned) operating systems, jailbroken phones, and computers without antivirus protection are a recipe for disaster. If hackers can take control of your device, they can easily steal information – including your usernames, passwords, and personal details. If you have an old, unprotected device, don't use it to access financial accounts.

No public wi-fi: it's convenient to bank from anywhere, but that doesn't mean it's a good idea. Avoid using public wi-fi (including networks at coffee shops and hotels), which can be compromised by hackers. Do your banking on home or work networks, or use your cellular data instead.

Monitor accounts: make sure you know what's going on in your accounts. If you see something you didn't expect, find out what happened immediately. Alerts (by text or e-mail) can inform you when important transactions – such as large withdrawals, address changes, or password changes – hit your account.

Use what's available: use the strongest security protection that's available. If your bank or email provider gives you the option of using two-factor authentication (where you need to know or have something in addition to your password), opt-in – you'll make it significantly harder for hackers.

Enable biometric authentication (fingerprints, veins, and iris mapping) if and when possible. 

Don't take the bait: you're probably familiar with phishing scams, but they're still an effective tool for thieves. A bigger risk might be links in your social media feeds: clicking those links can take you to pages that install nasty software and steal information. In some cases, you'll make it easy and hand information over yourself – be cautious about "signing a petition" or adding your name to a list based on a stranger's Facebook post (especially if they want additional details, like your mailing address, date of birth, and email address).

Share wisely: some apps require that you link your bank account (for sending payments online, for example). Every time you put that information out there, you create one more opportunity for hackers to steal the information.

Pick one or two apps that do what you need, and pass on the rest.

Get to the right place: your bank's app or website is probably secure. However, it's easy to end up on impostor websites, and some apps are designed to look legitimate but steal your information. Verify that you're on the right website (or you’ve got the right app) before you do anything. It's usually safe to Google your bank and follow the first link, but you'll want to verify the website address just to be safe. Once you're on the right site, bookmark the page so that you don't have to type in the address every time – some impostor websites take advantage of common typos and misspellings. If your browser or other software warns you that something might be unsafe, stop and contact your bank with a method that you know is secure (using the phone number on the back of your card, for example).

Act Fast

If your account is compromised, notify your bank as quickly as possible. In many cases, federal law limits your losses – but maximum protection is available only if you act fast. Whether or not the bank will reimburse you, it's in your best interests to put an end to any fraud before things get worse. Most banks have fraud departments that work 24 hours a day, seven days per week.

Business Accounts

Consumer accounts (your personal accounts, whether you own them individually or jointly) get the most protection under federal law. With business accounts, online banking security is especially important – you might be responsible for losses due to fraud. Speak with your bank or credit union to understand their policies regarding fraud, and keep a close eye on your accounts.

Again, choosing to not bank online does not necessarily protect you. Your account is available for access whether or not you use it. Setting a strong password and monitoring your account can help reduce your risks, and safe internet banking on an updated device can also prevent some forms of “old-school” identity theft.