How to Boost Online Banking Security

Tips & tricks
26 mins

It should require no explanation why our online banking details are essential. We keep our money there, and if our accounts become unavailable for a short time or we lose access to them, it would be harmful.

In addition to losing our hard-earned money, a lost bank account could mean an inability to pay taxes, insurance, or school fees, which may negatively affect our lives.

Here are some steps you can take to shore up your account so that your bank does not lock you out and to stop somebody from accessing your account fraudulently.

Best Practice: 12 ways to protect yourself while online banking

  1. Don’t reuse passwords

When using the same password on multiple sites, it only takes one of them to be run by someone malicious or incompetent, and your password could become publicly available. Criminals will use leaked passwords from less secure websites and try them with various financial institutions.

It might not even be necessary for your password to be the same for your bank. If your tactic is to use slight variations of it on different sites, you will likely remain vulnerable, as it becomes much easier to guess.

Using a password generator that creates strong, unique, and random passwords is the best way of coming up with passwords. Password generators also help you comply with your bank’s password requirements, such as using special characters or a maximum or a minimum number of characters.

2. Make use of two-factor authentication being offered

Even if your financial institution does not require it, make use of any two-factor authentication methods available. This means you need an additional one-time code to access your account in addition to a password. The exact arrangements of when to use your second factor to authenticate may differ, be it every time you log in, every 30 days, or every time you log in from a new location or device.

Ideally, you will use a code generated by an app or a hardware key. If you have to use a mobile phone number, one of the less-secure methods, ensure it is appropriately secured, as described in the next step.

3. Secure your email and phone number

It’s essential to secure your mobile phone number and email address associated with your bank account. In many instances, somebody in control of your phone number or email address may have enough information to impersonate you, for example, by using personal information stored in your email account. They will also be able to receive confirmation codes, updates, and calls on your behalf.

To secure your email account:

To secure your phone number:

  • Request a lock on your account with your phone provider
  • Set a PIN requirement before a number can be ported or cloned
  • Use a separate prepaid number to receive 2FA messages that you don’t communicate to others

4. Be aware of phishing

Even when using a strong password and two-factor authentication, there is still a risk that you may inadvertently give your password away to a fraudulent site. In such instances, two-factor authentication may not protect you unless you use a hardware solution.

The reason is that any phishing site might try your password on the site they are impersonating in real time, then forward their request for a second-factor code. When you enter your code into the fake website, they will enter it into the real one and gain access.

  • Use bookmarks to navigate to your financial services rather than following links.
  • Be suspicious of any banking emails you receive. Even if the email you receive is likely legitimate, don’t follow links or reply to it. Always log onto the service through bookmarks and look out for communications there.
  • Use password managers to auto-fill passwords on the site rather than entering them yourself. Even if this might not be a 100% guarantee, the password manager might catch that you are on a phishing site before you do.

Use hardware-based second-factor tokens (such as the U2F standard) when available. The token will verify the connection to the right website.

5. Use a VPN when abroad

Many financial institutions will shut down your accounts if they fear somebody other than you is accessing them. An indication of fraudulent activity might be a login from an unusual location. Other reasons might be that you are accessing the service from an embargoed nation, of which plenty exist.

While using a VPN might also be seen by your financial service as suspicious, it is likely preferable over logging in from a new or embargoed country. Choose a VPN location near your usual home, or always log in from the exact VPN location.

6. Don’t be afraid to lock your account down

If you are worried about others illegally accessing your account, don’t hesitate to contact your financial institution and request that additional restrictions be put on your account. Phone banking, for example, is a little-used feature that many people don’t know they have, and it may make it possible for people to access and empty your account. But you can request for phone banking to be disabled.

Similarly, you can ask your mobile phone carrier to make it harder for anybody to port your number or produce a separate PIN when communicating with their customer support. Restrictions may include only allowing a number to be ported in a physical store after showing a valid ID, rather than over the phone or the internet.

7. Steer clear of public Wi-Fi 

Public Wi-Fi connections at hotels, airports, and cafes could put your privacy at risk. Hackers can use packet sniffing and man-in-the-middle attacks to access unauthorized information. You have very little information on how secure any public Wi-Fi network is.

Alternatively, cybercriminals could also set up rogue Wi-Fi signals that could masquerade as legitimate networks to steal user information. If you must use public Wi-Fi, it’s essential to be sure that the network you’re choosing is the real one—this might come down to confirming with the cafe or hotel staff, for example.

8. Sign up for banking alerts 

Many financial institutions allow users to enable transaction alerts so they’re aware of every single transaction made either in-store or through online transactions. These alerts can inform you of any suspicious activity with your account. Often, these alerts come in the form of a text message or an alert through the mobile banking app itself.

9. Keep your apps and operating systems up to date

By updating your operating system and apps, you’re ensuring the software has the latest bug patches—fixes of vulnerabilities recently identified by the developers. Software developers often roll out bug fixes quickly to protect users and prevent large-scale security issues. Most apps and operating systems alert you periodically to enable updates, but your best bet is setting all your apps to get updated automatically.

10. Visit sites only with Secure Socket Layer (SSL) encryption

Sites with an SSL Certification transmit data from their client to a server through encryption, making it unreadable by third parties. Most online banking platforms have SSL encryption on their sites. However, skilled malicious hackers could employ SSL stripping methods to trick a server into abandoning its encrypted connection. As its name suggests, SSL stripping involves removing the SSL layer of a secure website so that users end up on an unencrypted version.

Read more about SSL stripping methods here

11. Don’t leave devices unattended 

Perhaps the most basic thing you can do to protect yourself while online banking is to avoid leaving devices unlocked and unattended. Smartphones and laptops are commonly used for online banking, and they’re often used to store personal information, including passwords and account numbers. They’re also used for two-factor authentication (via your phone number or email, for example), so access to them would significantly decrease your account security.

12. Get identity theft protection

Some banks, credit card issuers, and even your employee benefits plan might include identity theft protection services for free or at a low cost. Third-party services also offer protections for a monthly fee. These include monitoring whether your sensitive information is showing up where it shouldn’t and keeping track of your credit score, with reimbursements if your identity is compromised. 

Common online banking risks

All web-based services, including online and mobile banking services and applications, are prone to security breaches and fraud. Here are some of the common risks:

  • Technical difficulties

As with any sort of internet-based service, online banks may experience technical difficulties. Some banks might also go offline during technical and maintenance work. While banks can alert customers of technical issues, it’s difficult to predict how long such issues will last, disrupting your banking activities. 

  • Hackers

Some scammers and hackers have been able to create fake online banking sites and apps that trick customers into entering their passwords and other personal details. Always ensure that you’ve downloaded legitimate apps from official app stores and ensure that you’re accessing SSL-encrypted sites of your banking partner while on a browser. 

  • Identity Theft

If a fraudster gains access to your account, they can impersonate you and rack up large amounts of debt or make unsolicited transactions under your name. Your identity could also be used to open accounts at other banks. According to the Federal Trade Commission (FTC)’s Consumer Sentinel Network report, the number of identity theft cases has more than doubled from 2019 to 2020. 

  • Phishing

Threat actors could attempt to phish important information like the passwords to your bank account by sending you an email with links in a bid to extract information from you. Phishing incidents have been increasing steadily since the pandemic started in 2020. The number of monthly attacks doubled in two years, from about 40,000 in May 2022 to over 100,000 in April 2022.

Protection is best

It’s true that financial services are insured and may be liable if they are found to have given fraudsters access to your account. But in many cases, it might be up to you to prove you were hacked or risk losing access to your account for a long time.

With relatively little effort, it is possible to hugely increase the cost necessary to attack your financial accounts, discouraging hackers enough to move on to an easier target. Just a few steps will greatly improve your security and put your mind at ease.

FAQ: About online banking security

How safe is online banking on a mobile phone?
Is online banking safe on Android?
What are reasons not to use online banking?
What are examples of online banks?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.