Is Online Banking Secure? 5 Risks That Should Worry You
By Joel Lee, Make Use Of, 23 October 2015.
By Joel Lee, Make Use Of, 23 October 2015.
There’s a lot to like about online banking. It’s way more convenient than visiting a traditional bank - so much so that it can really simplify your life. Plus, online banks offer better savings rates so you get to keep more money in your pocket.
Even so, the question on most people’s minds is whether or not online banking is safe and secure.
Personally, I think it’s secure enough to use on a daily basis, but we can’t deny that there have been several breaches and security failures over the years. If you want to know the dangers of online banking, here are five real-life scenarios that illustrate.
1. Customers Kept In the Dark
Back in 2011, Bank of America’s website was flawed in that it exposed customer account data in an unsecured way - sometimes, users would log in and and see another customer’s account details.
This incident is particularly horrible because it’s not like Bank of America was actively breached, compromised, or tampered with. This was an oversight in the website itself, and it ended up harming a lot of customers.
**SECURITY BREACH** Bank of America website exposes customer accounts, data - Feb 12, 2011 11:10 PM http://bit.ly/dPZssP
- Godlike Productions (@glptweets) February 13, 2011
But the worst part is that Bank of America didn’t even notify their customers that this was happening. Even when they were aware of the issue, they failed to send out any emails or updates to let customers know what they should do to re-establish security over their accounts.
2. Banking Apps Can Be Compromised
Those of us who use online banking have probably become comfortable with things like online banking card readers and mobile payment methods, and part of that workflow is being forced to use mobile apps developed by the banks themselves.
The problem is that smartphones have security flaws that can make it very dangerous to conduct transactions using a mobile device.
In 2014, a security expert named Winston Bond demonstrated how easy it was to reverse engineer mobile apps: decompiling them back into source code, altering the behaviour of the app, and re-uploading it back onto the app distribution servers.
Using techniques like reverse engineering and mobile malware infections, it’s entirely possible for a bank app to be compromised and to have your credentials stolen or intercepted. Even using something like two-faction authentication might not be enough to prevent this.
3. All Banks Have Security Holes
Banks are always in the crosshairs of criminals. No matter how secure a bank’s system might be, it will never be perfect - and there will always be someone who finds a way to exploit weaknesses.
This was the case in 2010 when a lone intruder breached the security of Suffolk County National Bank, tapped into its user database, and got away with over 8,000 login credentials for various customers.
No bank is ever safe from this kind of cyber attack. If a database exists, it can be stolen. Period. It’s debatable whether online banks are inherently less secure than traditional banks, but everyone can agree that online banks are far from perfect.
4. Common Credentials Are Bad
In 2014, a lot of bad things happened. Kickstarter’s database was compromised. Target’s data was breached. AT&T and eBay were both hacked. Some peopled dubbed it as a “data hackpocalypse”. In the end, the perpetrators took off with millions of usernames and passwords.
So it’s a shame that online banks still mostly rely on usernames and passwords.
Most people use a single username for all of their online accounts. What’s worse, most of them also use the same password for all of their accounts.
So even if the online bank itself doesn’t get hacked, consider this: a site like eBay gets hacked and hackers escape with your login information. Suppose they inputted those stolen credentials into your bank’s website - now they have access to your account.
5. Reliability Not Guaranteed
In 2013, a distributed denial of service attack (DDOS) crippled NatWest’s internal systems to the point where customers weren’t able to access their accounts by Internet. In layman’s terms, someone clogged up their servers such that they couldn’t process interactions for regular customers.
Just joined Santander. Fed up with NatWest. Another computer failure tonight. #welldone
- Alex Reid (@AleexReid) December 27, 2013
One would think that an institution as security-conscious as a bank would have the proper measures in store to defend against these kinds of attacks, but the truth is that you never know when a bank’s online services might go down.
And back in 2009, one of the hard drive arrays used by Barclays failed - and rendered many of their services inoperable, including cash machines, telephone lines, and online banking.
Is this as game-breaking as having your login credentials stolen? Of course not. Does a DDOS attack pose any threats to you as a customer? Not really. But losing access to your account at the wrong time, even temporarily, can be quite the headache.
3 Tips for Safer Online Banking
What can you do about all of this? Does it mean you should forego online banking once and for all? Of course not. Online banking is great as long as you’re careful and take proper measures. Also, make sure you bank with an organization that won’t hold you liable for security breaches.
Use unique usernames and passwords. If you’re going to bank online, you have to make sure that you’ve never used that particular username or password before. Yes, both need to be unique. Otherwise, a breach that occurs elsewhere could still come back and bite you in the rear.
Scan for malware regularly. “It won’t happen to me” is the mindset of everyone who eventually catches malware. Only the naive think that they can outsmart malware. The entire reason that malware continues to exist is because it’s unpredictable. Use a good malware scanner and scan at least once a week.
Don’t check accounts on public Wi-Fi. There are several risks to using public Wi-Fi, including the fact that someone could be snooping on your connection to steal login credentials. Your safest bet is to wait until you’re at home to check your accounts. Learn more with these common Wi-Fi misconceptions.
For more tips on keeping yourself safe, check out these 8 security tricks used by real experts.
[Source: Make Use Of. Edited. Images and some links added.]