If you’ve used the Internet for banking or shopping in the last fifteen years, you’ve probably received numerous notifications, warnings, and bits of advice regarding ways to keep your information safe online. Security is fundamental to us at BankSimple, and below we’ve compiled six important tips that can help you independently safeguard your personal and financial data.
Use Trusted Computers
Always use trusted computers to access online banking. If you’re using a public computer, there’s no way to know that it’s free of malware, spyware, or keystroke loggers. You can control and monitor your own computer’s security by keeping your operating system, browsers, and antivirus software up to date, but you can’t be sure if another machine is safe to use. One of the leading Trojan horse viruses, a program known as Zeus, can only function on certain un-patched Windows versions with Internet Explorer or Firefox. Regular updates to the system and browser may prevent current permutations of this and other viruses from stealing your login information. Once criminals have your user name and password, they may be able to transfer money out of your bank account.
Use Strong Passwords
Another way criminals gain access to your bank account information is via dictionary attack. By simply trying numerous password combinations, criminals are able to sign into any account secured with a simple password. You can protect yourself against dictionary attacks by using complex passwords with numbers, punctuation, and upper- and lower-case characters. For example, write a memorable sentence using proper names and select the first letter of each word to include in your password. Add a number and a symbol and you’ll have a pretty strong password:
My friend Jerry wants a bank that doesn’t Suck → MfJwabtdS23$$
Many banks and other online services require you to use a complex password, so you may already be less susceptible to these types of attacks. It’s also a good idea to use different passwords for online banking services — in case one account is compromised, your other accounts may still be safe.
Multi-Factor Authentication is Your Friend
Even if you’ve got a strong password and feel somewhat confident that your computer is free of viruses, there’s still more you can do. Some sites now offer multi-factor authentication (PDF), meaning that you’ll need to provide more than just one password in order to log in. When you forget a password, most sites will simply email you a password reset link. Anyone with access to your email would then be able to reset your bank login and lock you out of your own account. Multi-factor authentication means that you provide a second way to verify your identity. If you try to reset your password or, in some cases, even log in to your account, some sites will require you to provide an additional code that has been sent to your phone by SMS or push notification.
Use Secure Wireless Networks
Of course, it’s possible for your personal information to be compromised no matter how you manage your passwords. You may already know that accessing sensitive information on a public wireless connection is a bad idea, but how do criminals use your online activity to break into your accounts? A competent network administrator can take over an unsecured router and redirect your browser to different web pages without your knowledge. So, instead of visiting your bank’s website, you’re really visiting an internal page and submitting information directly to the criminal.
Don’t Get Phished
You don’t have to be on an unsecured network to accidentally wind up on a fake site designed to collect your information. Phishing scams are fairly well understood, but they still work and they’re only getting better. Once a criminal obtains a list of customer email addresses, they’ll send a flood of emails that appear to be from a bank or other service. These emails contain links asking customers to log in, but the links direct to a fake site that collects user names and passwords. Phishing scams can also use phone calls asking customers to call a number belonging to a criminal third party, or SMS containing the same false links.
Check for Encryption
One way to make sure that you’re really on the right website—and not on a criminal’s fake site—is to check for encryption (PDF). Most browsers display a lock icon somewhere in the window when you connect to a site using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption, and you’ll always see “https” in the URL. Encrypted communication protects the identifying information sent between you and a remote server to help prevent it from getting into the wrong hands.
Most banks and services do everything they can to protect you from online fraud, but maintaining security on your own computer and network is critical. Staying informed and keeping your systems up-to-date is the electronic equivalent of walking on well-lit streets and not displaying valuables in dangerous places. If you ever think you’ve been a victim of online fraud, you can file a complaint with the FBI’s Internet Crime Complaint Center. Tracking each instance of Internet crime helps law enforcement find patterns and stop elusive criminals before their techniques become widely adopted.
Mae Saslaw is a writer and critic who lives and works in Brooklyn, NY. The illustration by Melanie Colosimo for Simple
Finance Technology Corp. is available through Creative Commons license (by-nc-nd 3.0).