Online Banking Security

Is Online Banking Safe ?

We ask the question whether online banking is safe?

After the recent debacle of Cahoot in the UK seemingly opening up their customers accounts for all to see, we at Whatprice have been asking: Is Online Banking Safe? We will examine why online banking should be safe and what can go wrong with online banking to let the hackers and fraudsters in. We will then tell you how best to avoid being caught out by online bankign fraud and summarise whether the online banking technology is safe or not.

Why Online Banking Should be Safe

1. Confidential information transmitted on the internet should be encrypted or turned into a code especially between you and an online banking site. There are many different ways to secure data on the internet but a common terminology used is 'bits'. Basically the bigger the number before the bit the harder the code is to crack. It is common for modern online banking security to have at 128bit encryption when handling your transactions. Without any insider help this is 'very hard' to break and certainly not as easy as portrayed in some movies and TV shows - at least not yet.

2.If the online banking site is using a secure site (and it should!) you should see a small closed padlock symbol in the bottom right hand corner of your Internet Explorer page. If you hold your mouse icon over it it should read something like 'SSL Secured (128 bit)'. Secure Socket Layer (SSL) protocol provides a high level of security for Internet communications. It provides an encrypted communications session between your web browser and a web server. SSL also helps to ensure that sensitive information (e.g. credit card numbers, account balances and other financial and personal data) sent over the Internet between your browser and a web server remains confidential during online transactions.

3. The site URL or web site address in the task bar should read https: instead of http: The extra s stands for secure and is important.

4. Your covered if things go wrong with online banking anyway. See here.

Why online banking sometimes isn't safe

1. Hackers. If the main computer system is broken into then nothing you can do at your end will help (other than not using the PC). A recent report in the US stated that 60% of all reported computer intrusions were helped by an insider. Other break-ins happen by the hacker going after softer targets. Common ones are when two companies have just merged and security procedures are still in some flux. For example it is possible for a company intranet to have a link accessible from the outside world - this happened at a previous company I worked for- and I only noticed it when checking my web mail one day and found I could read confidential information from home on our intranet.

2. Re-directs? Just because a link looks like its goes to your bank doesn't mean it will take you there. This isn't strictly a re-direct, but a quick lesson on how hyper-text links are constructed on a web page. Basically there are two fundamental things to do, first you say where the link goes and then what is displayed on the screen. Hence www.bank-of-jonpearson.com open up a second copy of this page. OK in this case its obvious, but a fraudster would be a little but subtler than this. So once your are at the site check the address carefully in the browser window.

3. Spyware: Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. These programs often arrive as hidden components of "free" programs. However, it should be noted that the majority of shareware and freeware applications do not come with spyware.

Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. It monitors web usage and reports back to bona-fide companies who may then sell the collective statistics. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

They are relatively benign but in their more extreme forms can include key-stroke logging and virtual snooping on all your PC activity.

Spyware uses memory and system resources and the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to do the following:

4. Employee theft: Not a lot you can do here, plus you are as likely to be at risk from this online as when you pay your bill at a restaurant or anywhere you trust people with your money.


Who is responsible if Online Banking is hacked?

1. You are. Well if you download lots of dodgy free software, open up attachments in emails from people you have never heard of then your bank will be less than sympathetic

2. They are. If you are just caught out. For example if there was a really professional scam going about that looked authentic and many people got caught out then they would probably reimburse you. Remember there is a huge amount of competition for online banking and being tight on these matters could hurt them wrt their competition. Besides the bank should have signed up to the UK banking code which says that if lose money as a result of fraud (and you weren't completely stupid) then you should have your money refunded.

3. What if they go broke? I guess its possible that a huge scam, could hit a bank hard in two ways. First lots of money gets stolen and then the bank collapses in the resulting publicity shambles. Most banks would be under written, sort of insured, but small prviate customers would be at the bottom of the queue for payouts behind other big banks and businesses. This is quite unlikely to happen though.

How to minimize any risk when Banking Online

1. Don't have an online account. Not easy in today's overwhelmingly fast, high tech world. Banks want you to access your account only online as it costs them less in administration costs (notably because they can have less branches and personnel about 1/20th of the staff per customer).

2. Do not, under any circumstances respond to an email from your bank asking you to either send or enter your account details at some web site. Mostly they are incredibly amateurish looking emails. The most effort usually goes in to getting a web site URL that looks like it might vaguely have something to do with a bank. We used to get loads of these to our webmaster address (an address that all web sites must have), the thing is I didn't even have a bank account with any of them - so I suspected they were fake! This is called 'phising' and a good site on the latest scams can be found here. Keep youself reasonably up to date with what people are trying on.

3. Check your computer for spyware and adware. These are little programs that can monitor your PC and internet use, doing things from as innocent as checking how often you visit a web site to watching your keyboard use for likely passwords and pin numbers! I use Spybot and Ad-Aware, both have free versions (and you need both)

4. Get yourself a decent Firewall. This is, most commonly, a piece of software that legitimately monitors your internet connection. If anything tries to access your PC from the outside or more worryingly any unauthorized software tries to send information out it should tell you and ask you whether it needs blocking. They can be set up for all levels of expertise, from no intervention (i.e. probably only programs like Internet Explorer, Netscape and Outlook allowed to send out) to 'expert' mode where you can still use P2P software like Kazaa and Edonkey. If you only access the internet for browsing and email then leave the software on its highest security setting.

5. Get some Anti-virus software. Another way for unathorised software to get onto your system is for you to open attachments to emails or download dodgy files. A firewall should pick up them when they try and access the internet, but better safe than sorry, as good anti-virus software, with regular updates will stop them installing on your system in the first place.

6. The 'Do you want Windows to remember this password for you' feature is very useful if you are using your own PC in your own living room or study and you know and trust others that may use it. Remember this feature means that anyone using your windows login account could access your secure site details, via that drop down username and password with one or two clicks of the mouse. So, if you are allowed to use your PC at work for personal use don't let Amazon set up 'one-click' buying and don't check your online banking details there either.

7. Don't use unknown PC's, e.g. at an internet cafe' or the library to access secure details. Its no good having all the software and precautions at home on your PC when you give away your details whilst having a coffee at some high street access point. Also watch out for people looking over your shoulder or watching your hand movements when typing. They could be logging your details.

8. Don't use the word 'password' as your password. A huge number of people do, nearly half. Likewise using your date of birth or surname are common guesses that hackers can make.

So is online banking safe?

It's as safe or safer than paying your bill at a restaurant. Yes there can be problems and unscrupulous persons will continue to prey upon naive users but its convenient, quick and the banks are taking more and more precautions to prevent repeats of attacks like Cahoot happening.

Check out our online loan comparison tool for the best rates and deals available for personal loans

"This is all useful advice. Are there any banks that use services like SecurID where the customer has an electronic card with a series of numbers that changes every minute using an algorithm?"

Colin Parker.