Are you confident when you use mobile and online banking to access or conduct transactions, or does the thought of going online to do these transactions make you nervous? In today’s rapidly developing world of technology, where depositing a check is as easy as taking a picture with your smartphone and you can log on to your account from your tablet anywhere you can carry it, protecting your information and devices has become more important than ever.
While reports about online risks are fairly regular, performing financial transactions online can be as safe as conducting them in person. All it takes is some fairly simple steps to help reduce your exposure to these risks. Below, you’ll be introduced to some of the most effective strategies for protecting yourself online. “The strongest defense is educated consumers who know what they can do to keep themselves secure,” says Alexander Popowycz, vice president of information security at Fidelity.
Major risks to be aware of: phishing, malware, and identity theft
There are many ways that information can be compromised, and techniques used by online criminals are constantly evolving. The majority of risks that online consumers face fall into a few categories. Here’s a look at a few of the most common, along with some steps you can take along the way to help protect yourself.
When cyber criminals go “phishing,” consumers are the prey and fake Web sites and emails are the bait. Phishing typically works like this: A consumer receives an urgent email, allegedly from a trusted party such as a retailer, email provider, or bank. Such emails generally include a link that leads to a Web site where the individual is asked to enter information such as a password, Social Security number, or other sensitive information. Once entered, this information can be captured by online criminals who designed both the email address and the Web site to mimic the trusted third party’s actual online presence. “Criminals are sophisticated at using phishing to trick consumers and elicit information from them,” notes Popowycz.
How to protect yourself
Be smart when conducting online transactions. To avoid being conned by a phishing scam, always verify the legitimacy of any Web site that asks you for personal information. “One way to make sure you’re not being sent to a fraudulent Web site is to type the address of the Web site you’re being asked to visit into your browser’s address bar or use a bookmark that you personally have created instead of clicking on a link in the email,” says Popowycz. You can also hover your mouse cursor over links (or long-press links on touch screen devices) to see where the link is actually taking you. If it doesn’t look familiar, you should not proceed.
Urgent-sounding communications should raise a red flag. “Criminals create these scams to prey on consumers’ emotions,” warns Popowycz. Use caution any time you receive a text message or email telling you to immediately update your personal information, activate an account, or even check on an unexpected delivery. Rather than clicking on a link or calling the number provided in the email to verify the request, go to the institution’s Web site as you normally would, or call the company’s general customer service number to check the validity of the message. And be sure to delete emails coming from addresses that are unknown to you.
Computer programs intended to gather information or disrupt a computer’s normal functions are known as malicious software or malware. Your computer or device can be infected with malware by visiting unsecured Web sites or by opening attachments to emails sent by cybercriminals. “Some people have their personal data, including passwords, taken by malware like viruses and Trojan horses,” says Popowycz.
How to protect yourself
Keep your computer and the rest of your digital devices up to date with the latest security updates, fixes, or “patches.” A computer with antivirus software and an operating system that is regularly updated, combined with a personal firewall, provide a strong foundation of protection from malware and other online threats. But it’s not enough to install an Internet security software package when you first get your computer. You also need to regularly download updates such as virus definitions for the software so it is equipped to respond to the latest malware. Many applications let you set up automatic updates as well, but you should check to make sure your security subscription is up to date.
Install a firewall. At home you should only connect to your Internet Service Provider (ISP) through a network firewall. These firewalls are often integrated with other network gear like Wi-Fi routers, sometimes even provided by your Internet service provider ISP. This helps protect not only your PC but other devices on your home network, including printers and DVRs. For laptops and other mobile devices, consider using a software firewall installed on these devices, as they won’t always be used on your home network. Security software generally includes a firewall as part of a suite, along with antivirus. Check with your ISP to see whether it offers security software, possibly at reduced prices, or even for free.
Once criminals gain access to a person’s personal information—whether it’s by phishing, malware, or simply by finding a lost wallet or looking over a shoulder—they can use the information to set up new financial accounts. Identity theft is sometimes the result of criminals gaining access to information that’s not directly related to a person’s financial accounts. “Social media like Facebook and Twitter make things easier than ever for criminals, because there is so much personal information online,” observes Popowycz. “Keeping financial information safe requires more than just secure online banking—it’s important to carefully check your privacy settings on social media that you use and avoid spreading any personal information unnecessarily.”
How to protect yourself
Don’t trust public computers. There’s usually no good way to know whether public computers, such as those in libraries and schools, are infected with malware or are lacking adequate protection. Avoid accessing financial accounts or making online purchases on such computers. “It’s always best to use a computer that you trust,” says Popowycz.
Public wireless networks are less problematic. They’re probably less secure than your home connection, but Popowycz says the risk is typically minimal. “Use discretion,” he advises. “Generally, connections to financial institutions are encrypted, so it’s not essential for the wireless network you use to also be encrypted, but you should try to stick to using Wi-Fi that is known to you, rather than connecting to the nearest signal.”
Protect passwords and other information that could be used to access your accounts. Everyone knows password protection is crucial. Still, it can be tempting to share passwords with loved ones or choose passwords that are easy to remember but not particularly secure. Popowycz cautions that the risk isn’t worth it. “Knowing a password makes it much easier for criminals to access an account, even if they have no other information,” he says. “And too often people use the same password for multiple accounts.”
Popowycz says that one of the best ways consumers can secure their accounts is to create a complex password and keep it to themselves. “Pick a creative password that’s easy for you to remember but difficult for anyone to guess,” he suggests. “And don’t use easy-to-guess digits like your date of birth, street address, or phone number.” One method he offers: “Think of a sentence that you can remember and use the first letter of each word in that sentence as your password while also adding numbers and special characters such as asterisks to make it more secure.” It’s also a good practice to change your passwords occasionally. For instance, you might want to create a new password every year on a date that is memorable to you.
Review financial transactions regularly. The most common way criminals use stolen information is to make purchases online or by phone. Such transactions usually show up immediately in your account history. Consumers might also consider checking their balances from other computers as well. Sophisticated malware can sometimes cover its tracks by hiding fraudulent transactions, but only from the computer it has infected. You can greatly minimize the damage from any incident of identity theft if you review your account regularly for unknown or unauthorized transactions, and then contact your financial institution immediately if you spot something suspicious.
A word about using mobile devices securely
While the steps described above will help secure any form of online banking, it’s also important to consider your use of mobile devices. It might seem that smaller devices with less computing power would be more vulnerable to phishing, malware, and identity theft. But Popowycz says that’s not necessarily the case.
“Mobile devices can be more secure than laptops using Windows or Macintosh operating systems,” he says. “The systems on many mobile devices isolate applications from one another, reducing the exposure to malware.” He explains that computers with traditional operating systems allow applications to interact, presenting opportunities for malware and other threats to infiltrate the machine, often embedding themselves into applications we use every day.
Still, consumers using their mobile devices for banking should consider the devices’ potential vulnerabilities. For example, their small size can make it easy to leave personal information unsecured. “It’s easy to simply lose these devices, and theft of mobile devices has continued to rise over the years,” notes Popowycz. "While many mobile applications offer protection against unauthorized transactions, including passwords and timeouts, if a criminal finds your device, he or she might be able to use personal information on it to try to access your accounts from another device,” he adds.
One simple solution to reduce your risk: Engage your mobile device’s keypad lock function when you’re not using it and have it time out to a locked screen after a period of inactivity. Additionally, consumers should strongly consider using tools that allow them to erase their devices remotely should they be lost or stolen. Apple’s “Find My iPhone” or Google’s “Device Manager” allow you to locate your lost devices and wipe them of any sensitive data.
Consumers should also be mindful where they obtain their mobile applications, or “apps,” for their phones. Most will get them from the operating system manufacturer's stores, such as Apple’s App StoreSM within iTunes for iPhones and iPads, or the Google Play store for Android-based devices. But Android devices also provide the flexibility to load apps from other locations using a method referred to as “sideloading.” Consumers should stay primarily with the app stores mentioned above, where listed apps go through various levels of review, although other stores. including Amazon, perform security tests as well.
The bottom line: caution and vigilance are the best protection
Beyond the specific safeguards and steps you should take when accessing personal information online, caution and vigilance may be your most effective form of protection. “If you are informed about the risks and you keep an eye out for unexpected messages and Web sites that appear suspicious, you’ll be much less likely to have your information compromised,” says Popowycz. Remember, you are not alone in facing these risks. Financial institutions keep up with the ever-changing threat landscape and undertake a lot of measures behind the scenes to protect your accounts and to make sure your online experience is safe and secure.