Protect your online banking

5 min read
Lexie

Hi, I'm Lexie! I write about information security, Bitcoin, and privacy.

Laptop with a green padlock with a dollar sign on it.

It should require no further explanation why our online banking details are important. We keep our money there, and if our accounts were to become unavailable for a short time, or we lose access to them, it would potentially be quite harmful.

In addition to losing our hard earned money, a lost bank account could mean an inability to pay taxes, insurance, or school fees, which may seriously negatively affect our lives.

Here are some steps you can take to shore up your account so that your bank does not lock you out, and to stop somebody accessing your account fraudulently.

1. Don’t reuse passwords

When using the same password on multiple sites, it only takes one of them to be run by someone malicious or incompetent and your password could become publicly available. Criminals will use leaked passwords from less secure websites and try them with various financial institutions.

It might not even be necessary for your password to be exactly the same for your bank. If your tactic is to use slight variations of it on different sites, you will likely remain vulnerable.

It’s best to use a password manager to generate strong, unique, and random passwords. That way you will also have no problem complying with your bank’s often lengthy password requirements (such as a maximum and minimum number of characters and the use of special characters).

2. Make use of two-factor authentication being offered

Even if your financial institution does not require it, make use of any two-factor-authentication methods available. The exact arrangements of when to use your second factor to authenticate may differ, be it every time you log in, every 30 days, or every time you log in from a new location or device.

Ideally you will use an app-based or hardware-based second factor. If you have to use a mobile phone number, make sure it is appropriately secured, as described in the next step.

3. Secure your email and phone number

It’s very important to secure your mobile phone number and email address associated with your bank account. In many instances, somebody in control of your phone number or email address may possess enough information to impersonate you, for example, by using personal information stored in your email account. They will also be able to receive confirmation codes, updates, and calls on your behalf.

To secure your email account:

To secure your phone number:

  • Request a lock on your account with your phone provider
  • Set a PIN requirement before a number can be ported or cloned
  • Use a separate prepaid number to receive 2FA messages that you don’t communicate to others

4. Be aware of phishing

Even when using a strong password and two-factor authentication, there is still a risk that you may inadvertently give your password away to a fraudulent site. In such instances, two-factor authentication may not protect you, unless you are using a hardware solution.

The reason is that any phishing site might in real time try your password on the site they are impersonating, then forward their request for a second-factor code to you. When you enter your code to the fake website, they will enter it into the real one and gain access.

  • Use bookmarks to navigate to your financial services, rather than following links or using google
  • Be suspicious of any emails you receive. Even if the email you receive is likely legitimate, don’t follow links or reply to it. Always log onto the service through bookmarks and look out for communications there
  • Use password managers to auto-fill passwords on the site, rather than entering them yourself. Even if this might not be a 100% guarantee, the password manager might catch that you are on a phishing site before you do
  • Use hardware based second-factor tokens (such as the U2F standard) when available. The token will verify that the connection is made to the right website

5. Use a VPN when abroad

Many financial institutions will shut down your accounts if they fear somebody other than you is accessing them. An indication of fraudulent activity might be a login from an unusual location. Other reasons might be that you are accessing the service from an embargoed nation, of which there are plenty.

While using a VPN itself might also be seen by your financial service as suspicious, it is likely preferable over logging in from a new or embargoed country. Choose a VPN location near your usual home, or ideally always log in from the same VPN location.

6. Don’t be afraid to lock your account down

If you are worried of others illegally accessing your account, don’t hesitate to contact your financial institution and request that additional restrictions be put on your account. Phone banking, for example, is a little-used feature that many people don’t know they have, and it may make it possible for people to access and empty your account. But you can request for phone banking to be disabled.

Similarly, you can ask your mobile phone carrier to make it harder for anybody to port your number or produce a separate PIN when communicating with their customer support. Restrictions may include only allowing a number to be ported in a physical store after showing a valid ID, rather than over the phone or internet.

Protection is best

It’s true that financial services are insured and may be liable if they are found to have given fraudsters access to your account. But in many cases it might be up to you to prove you were hacked, or risk losing access to your account for a long time.

With relatively little effort it is possible to hugely increase the cost necessary to attack your financial accounts. Just a few steps will greatly improve your security and put your mind at ease.

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.