Online banking has steadily become a convenient and popular option for many people to manage their finances, and it's easy to see why.
Oftentimes, the interest rates on loans and other products from online-exclusive banks are lower compared to those from traditional, brick-and-mortar banks.
What's more, savings products tend to earn higher interest rates as well.
Since online-only banks don't have to deal with the high cost of building and maintaining local presences throughout communities, they can pass the savings onto their customers.
But with these new opportunities come new risks as well.
Hackers and scams and data breaches, oh my! All of these things can drain your online account of your hard-earned savings if you're not careful.
The repercussions of this alone are huge—imagine your savings for college or your entire retirement fund gone in an instant!
And as more and more devices are able to connect to and access your bank account, the risk of exposing your accounts and your funds to unscrupulous attacks increases exponentially.
The good news is you can do a great deal to protect yourself and safeguard your account from these threats which truly aren't all that different from the digital threats that traditional banks face.
Both types of banks are insured by the Federal Deposit Insurance Corporation (FDIC).
Should you suffer the misfortune of losing your savings through an online bank, you'll still be covered up to $250,000, just like you would be if you were at a physical bank.
The difference between the two types of banks is that you can go to a physical location for services, whereas with an online bank, you have to do everything, well, online.
Since you'll be doing all your banking exclusively online, this means you need to beef up your online security habits.
These habits are great to develop regardless of the type of bank you use.
You see, I've made helping people with their finances my personal agenda—and that includes protecting you against security threats.
That's why I wrote this guide to run you through the most serious risks of banking online. So you can avoid the pitfalls that some online banking customers have fallen into.
And I'm proud to say that CreditLoan has also been on a similar mission to provide consumers helpful financial advice as well as real tangible help in the form of fast and secure personal loans since 1998.
Now as you go through these risks and smart steps to protect yourself, keep in mind that in terms of risk, there is very little difference between online and physical banks when it comes to banking online.
The big difference you'll find is that online-only banks offer better rates, lower fees, and often, better phone-based customer service than physical banks.
By strengthening how you use passwords and surf the web (on your desktop and smartphone), not only would you be able to confidently enjoy the perks that online banks offer, but you'll also improve your overall online security.
Let's get started.
The Types of Online Banking Risks
The threats to online banking grow every day as hackers and scammers devise even more sinister ways to separate you from your savings.
One of the best steps you can take is to learn about the most common types of attacks—both to the bank's digital presence itself as well as the various channels customers use to access it.
Security measures guard against DDOS attacks
A DDOS (Distributed Denial of Service) attack is where servers are bombarded with junk traffic in an attempt to clog them up and prevent users from accessing them.
DDOS attacks are common and target not just banks but other websites as well.
Because they are relatively easy to execute and are often done by amateur hackers, they're also easy to safeguard against.
Many bank website platforms have server monitoring protocols in place to help track, bolster, and re-route traffic to their pages in the event of a DDOS attack.
They also routinely conduct risk assessment reviews to help anticipate and solve such issues.
But even this isn't a complete solution.
If an online bank is the victim of a DDOS attack, be patient
The bank's server and network administrators are likely working tirelessly to remedy the problem.
It's all part of the risk management protocols that banks put in place to protect consumers.
After the threat has passed or has been resolved, the banking website and related activities should return to normal.
It's safe to say that for the most part, banks have anticipated and have prepared contingency measures to deal with this kind of threat to minimize interruptions in service.
Banking apps can be reverse-engineered, but you can take steps to stay protected
Security professionals have demonstrated that it's possible to reverse engineer mobile apps.
This process involves stripping down the app to its bare source code, then changing that code and re-uploading the app back to the distribution server.
This means that although you are downloading the legitimate app for your bank, there's no telling if it has been tampered with.
Follow basic smartphone safety and security practices
This means only downloading official banking apps from the official app store of your mobile phone manufacturer.
It also means not logging into your mobile banking account from "jailbroken" phones.
A jailbroken phone is a phone that has had some of its security protocols deactivated so that the user can download apps that wouldn't ordinarily be available.
While this is normally done under the guise of giving users the freedom to use any provider for their mobile phone, it can also remove many precautions that keep your login credentials and other personal information protected.
Even though it costs a little more, I have never purchased a phone from anywhere other than my service provider, and I patiently wait for upgrade offers.
Your identity can be stolen
Identity theft isn't exclusive to online banking.
Anyone can become a victim of identity theft at any time—even if you routinely take steps to safeguard your personal information.
Avoid clicking on any links in an email or website that claims to be from your bank
One of the more common tactics of hackers and scammers is to send you a legitimate-looking email that claims to be from your bank and needs you to verify your identity or input your account information.
The idea is to get you to panic and let down your guard.
These people are known as phishers, dubbed that because they often cast a wide net across many different email addresses in an attempt to get someone to reply.
Your bank will never ask for your credentials via email. This same tactic is also used over the phone under the guise of a security breach or supposed identity theft.
Here again, if you are truly concerned, don't give out information over the phone and call your bank directly instead.
Don't simply throw away any correspondence from your bank
Use a cross-cut paper shredder to destroy it entirely.
This prevents dumpster-diving identity thieves from getting your account information from your garbage.
Keep debit cards safe by only using them on accounts with limited funds
Unlike credit cards, which are protected by legal safeguards to prevent the consumer from being wholly responsible for unauthorized transactions, debit cards have no such protections in place.
Because of this potential for rapid fraud, more and more debit cards are implementing security chips to safeguard funds.
But this process won't happen overnight.
And if someone gets a hold of your debit card details, they'll have instant access to all of your bank account funds.
The scary part is, scammers have been known to install small pieces of hardware in machines (like at gas pumps or ATMs) that capture your card details.
This is known as a skimmer because it essentially "skims" your account details from the magnetic strip on your card.
Ideally, you'll want to use cash, check, or a credit card instead of a debit card to pay for goods or services.
But if you're adamant about using a debit card, create a separate account, deposit a limited amount of funds, and then tie the card to that account.
This way, if thieves do make off with your account details, you won't have lost everything.
If nothing else, this should alert you to the vulnerabilities that still exist with using debit cards.
Use them with caution.
Your account details could become the victim of ransomware
Ransomware is a particularly devious type of computer malware that holds your files and other data hostage.
It works by encrypting your information using a cipher key that only the hacker has access to.
This means all your files, logins, and other crucial details can become totally inaccessible unless you pay the "ransom"—usually in the form of some kind of untraceable cryptocurrency like Bitcoin.
Ransomware, like other computer viruses, often comes under the guise of legitimate-looking operating system dialog screens.
It may even hijack your computer with a warning that your machine has been locked by a purported "law enforcement agency" because of unauthorized files or usage.
How to Safely Bank Online
Knowing these risks shouldn't cause you to abandon the idea of online banking completely.
If anything, it should arm you with the knowledge you need to take action and keep your finances safe.
The sooner you act to safeguard your information, the sooner you'll feel confident that you've done everything you can to keep your money well-guarded.
Even if you've followed some basic steps, like changing your password regularly, or using the official mobile banking app from your bank, there's still a great deal more you can do to protect your online banking accounts.
Follow the recommendations below to give your account ironclad protection without reducing the convenience or ease of online banking access.
Use unique usernames and passwords
This means choosing a username and password that's easy for you to remember, but hard for others to guess.
Avoid using things like your name or the names of your children, birthdays or pet names as these can all be easily found with a little search sleuthing—particularly with the rise of social networks.
Whatever password you choose, use additional characters like @amp;# and mix upper and lowercase letters and numbers so that a hacker can't just randomly guess or brute force their way in.
Generally—and as a family rule—my wife and I never use the same passwords either.
Use anti-malware and antivirus software on your home network and mobile devices
Oftentimes, we don't realize that the mobile phones we have in our pockets can be hacked or infected the way that regular computers can, but the very same threats that exist for your PC also exist for mobile devices.
Banking trojans, a particularly nasty form of virus that sits patiently on your computer or device and then springs to life at a preset time (much like the Trojan Horse of Greek mythology fame) are becoming increasingly smart.
Some have managed to duplicate the speed and frequency with which users type or move their mouse cursor.
These advances are done to help the Trojan bypass behavioral biometrics that banks put in place to help thwart would-be hackers.
Others redirect the user to web pages that look like their bank website or create popups which look like legitimate Windows or security update screens.
Antivirus software and anti-malware programs are always being updated to detect these threats head-on, but one of the best steps you can take to not click on any prompts or pop-up windows that you didn't initiate.
Although there is no antivirus program that can track and remove all types of ransomware, it's best to keep yours up-to-date and never click on any popup, warning or dialog box that you didn't initiate.
In addition, ensure that you keep all of your device operating systems updated, as new patches and fixes are often released to help secure newly-discovered vulnerabilities that ransomware can take advantage of.
Don't forget your smartphone. You probably have an antivirus and anti-malware software on your computer, but many of us never think about implementing such security measures on our mobile devices.
Here are some highly recommended antivirus and anti-malware software programs for your PC, Mac, and smartphone to consider.
If you have to choose, go with an antivirus program, first. They often contain basic malware removal.
- McAfee AntiVirus Plus Review
- Symantec Norton AntiVirus Basic Review
- Kaspersky Internet Security (for Mac)
- McAfee LiveSafe Review (malware)
- Kaspersky Internet Security Review (malware)
- Avast Mobile Security (for Android)
Check to ensure you're on the correct website and that it's secured
One of the more nefarious tactics hackers use to pilfer your account details is to redirect you to a website that—on the surface—looks exactly like the website from your banking institution.
Oftentimes, the hackers will even use the name of the bank in the address bar—so you'll see something like "yourlocalbankname.bank" rather than "yourlocalbankname.com."
You'll also want to look for the -s at the end of the http:// for your banking website address. The https:// tells the browser that this is a secure website.
It's not surprising that hackers often make fake bank sites secure as well, so check for both the name and the security -s in the address before you log in.
Use two-factor authentication
Two-factor authentication, also known as 2FA or TFA is a type of login that requires not only a username and password, but another login credential that only the user has on them.
The log-in credential can be in the form of a randomly-generated string of numbers or other code, usually available in the form of an electronic key fob or another piece of hardware.
Two-factor authentication is also often used on mobile phones.
You simply enter your username and password as normal and then have an automated PIN code from your bank texted to your mobile device.
The PIN expires after a set period of time, so it's harder for hackers to try and sneak in.
As you might imagine, carrying around key fobs or other small pieces of hardware can mean an extra layer of inconvenience when you're logging in, but it may be worth it since it provides an extra layer of security as well.
Just be sure to have a spare or two since hardware fobs can easily get lost.
Access your accounts from a secure network
It may be tempting to take a quick glance at your account details before you board your flight at the airport, or check your account activity while researching other stuff at your local library.
Don't do it.
These public networks are often unsecured and any information transmitted over them can easily be picked up by anyone else in the vicinity.
The bottom line is: don't access anything personal or financial on a public network.
Even if you're on your own secured network from home, log out when you're done.
There's no telling who's watching.
Turn off Bluetooth functionality
Bluetooth functionality is designed to make it easier for devices to communicate with each other.
But with this ease of connectivity comes the potential for hacking and phishing as well.
Before you bank online, turn off Bluetooth functionality from the settings menu of your mobile device.
Just like with accessing your banking website over a secure network, your Bluetooth connection can be monitored and information stolen without you ever knowing about it.
This process is known as "bluesnarfing" and the only way to prevent it is to turn off Bluetooth functionality on your device while you're working on your banking institution's website.
Monitor your accounts for suspicious activity
In an attempt to help prevent malicious attacks, banks are continuously stepping up security on their side, as well as making it easier and safer for customers to access and monitor their bank accounts online.
Check your account from a secured location periodically, and if you notice any suspicious activity, notify your bank immediately.
You have up to 60 days to dispute any anomalous charges with your bank.
The bank may also do a risk assessment to determine what actions to take if an account is compromised.
From that point on, they will likely launch an internal investigation to determine the source and nature of the suspicious activity.
If you become a victim of a cyber attack, the bank—not you—will be liable for the stolen funds.
This puts even more of the onus on them to provide multiple layers of protection both online and offline.
Sign up for email and text alerts
Many banks offer you the ability to get notified by text and/or e-mail if there's activity on your account.
If you'd like to stay informed about account activity, it can be worth signing up for these alerts, even if you're doing the activity yourself.
You can never be too careful, and a few extra emails or text notifications may be well worth it for the peace of mind you'll enjoy.
Just keep in mind that scammers often try to send emails that look like they're legitimately from your bank, so rather than clicking those links, open up a new window and log in to your bank from there.
Don't enable automatic logins from your browser
Today's internet browsers offer a wealth of conveniences—one of which is the automatic login.
Never having to remember passwords for different sites sounds like a great idea in theory—but you'll want to turn this feature off for online banking websites.
The reason is that, oftentimes, these saved passwords are stored in an unsecured, unencrypted file that can be easily accessed and read by a hacker.
Some browser passwords are stored in a simple text file.
Storing sensitive log-in details like these in your browser is like giving a thief the keys to your home.
In this case, automatic login is one convenience you're better off without.
Protect your mobile device with a PIN or fingerprint ID
In addition to installing antivirus and anti-malware software on your smartphone or tablet, you can add an extra layer of security through the use of a PIN or a fingerprint ID.
This not only protects your data in the event that your device is lost or stolen but puts up another barrier that's difficult for would-be hackers to crack.
Keep your computer or device up to date with the latest patches
Hackers and scammers often try to glean your personal information by creating pop-ups that look like authentic Windows or device prompts.
By clicking "OK" or "Update" on these prompts, you're actively giving the hacker "permission" to rifle through your accounts and help themselves to your internet banking details, along with other sensitive personal information.
You can always check if updates are available by going to Settings > Check for Updates on your mobile device, or by using the appropriate operating system update feature on your computer.
Updating your computer or device in this way, and not clicking on any prompts that you didn't initiate (no matter how real they look) can help further safeguard your account against newer threats and breaches.
Following these security precautions will help protect your account and security credentials
Online banking offers both lucrative interest rates on your savings and affordable banking products at lower rates than traditional brick and mortar banks.
But online-only banks are not without their risks.
Fortunately, proper risk management both on the part of the bank and the consumer can go a long way towards thwarting the most common issues.
With the rapid adoption of mobile devices and banking apps, it's clear to see how our finances are becoming increasingly intertwined with our everyday lives.
When you can pay for a coffee just by tapping an app, pay bills online with a click, or take a photo to deposit a check, you're enjoying some of the many conveniences that online banking has to offer.
By taking steps to protect your account details, you'll also be adding more layers of security across your devices against other threats as well, including viruses, malware, and identity theft.
Get started today by implementing most, if not all, of these security tips to help keep your information safe and minimize your chances of becoming the next victim of online intrusion or theft.
Do you bank online regularly?
Are there any other tips we missed that you'd like to recommend?
Let us know in the comments!