Get Adobe Flash player
Search
Home Dan's Blog Protecting Your Online Bank Account

Protecting Your Online Bank Account

PostAuthorIconWritten by Dan Schaefer
Now that Christmas is over, and I have a ton of bills to pay, I’ve been spending a lot of time on my bank’s website. Over the years, I’ve built up a habit of continually checking my online accounts to ensure that nothing funny has taken place during the Christmas rush. Not that I don’t have a sense of humor, but when it comes to banking and security, I can’t afford much humor.

This season was especially busy because I started running into maintenance issues on both my car and my cat. Both are approaching the end of their respective lives, and as such, they are beginning to generate lots of transactions on my bank account. Wow! That really sounds inhumane! In truth, I care deeply for my cat. She’s been with me for 18 loyal years, so the dent in my finances is a small price to pay. Nevertheless, the numerous vet bills are hitting my bank account now, and it’s keeping me busy on my bank’s website.
 
While perusing my bank’s website, I learned a ton of information about online financial security. I wrote down some notes and added a few notes of my own, based on my experience. I emerged with a list of top-ten security habits you can use in your own online banking experiences. I hope that this list will help keep you out of the growing list of victims of online bank fraud. While this list is not exhaustive, I think it covers some of the more important topics that can help provide security.

Here it goes:

  1. Look for the “Lock” icon on the bank’s web page. All private transactions must be encrypted for safety, so make sure that you have an encrypted connection. Most browsers will signify the encryption with a “lock” icon. Also, the website address should begin with “https”.
  2. Pick a good password. Don’t use your pet’s name. Use something cryptic, like Tz97&4f25Am45217. It may be difficult to key this in, but it’s unlikely that password-guessing algorithms will find it. Additionally, make sure the password is at least 10 characters long.
  3. Don’t use your bank password for anything other than your bank. People often use the same password for their email accounts, their FaceBook accounts, etc. This dilutes the authenticity of the password and exposes it to multiple opportunities for compromise. Having a separate password for each of your accounts means that you’ll have lots of passwords to remember, and every one of them will be cryptic. Unless you’re a savant, you won’t be able to memorize them, so make a list and write it down. In fact, make two identical lists in case you lose one.
  4. Guard the password lists! How? Write down only half of each password, and keep the other half in your head. As in the previous example, the password ended with “Am45217”. Append this sequence to each password, but don’t actually write it down. So, instead of writing down the complete password, you would only write down “Tz97&4f25”, and then you would have to remember to enter “Am45217” when actually logging in. You can use this same sequence on all your passwords. For example, aU8*4rtSAm45217, or Fz8IuL0cAm45217, or JKl9@uJlAm45217, and so on. In each case, you write down only the password without the Am45217. BTW: If you lose one of your password lists, change all passwords immediately!
  5. Your bank asks you to identify yourself by giving them a username and a password. This is how the bank “authenticates” you and makes sure that you are who you say you are. But how do you authenticate your bank? In other words, how do you know that your bank’s website hasn’t been hijacked and is now sitting there waiting for you to log in with your username and password? Many banks now have what’s known as a “site key.” Usually, the site key is just a picture that you see when you log in. It may be a picture of a horse or a paper clip or anything. Whatever site key you have, you need to remember it. When you log into the bank’s website, you should see your site key. If you don’t, then you know that someone has hijacked the bank website. Presumably, the hijacker would not have information about your site key, so you will not see it when you log in to a hijacked bank website.
  6. Each time you log in to your bank’s website, check the “Last sign in” information. Usually, the bank will keep information as to when you last logged in, and additionally, it may indicate the Internet IP address from where you logged in. If you can get historical access to all your sessions, check it periodically. What are you looking for? You’re looking for sessions that may not be from you. If you see a login session that you cannot remember or that occurred when you know with absolute certainty could not have been you, then contact your bank immediately. It could be an indication that someone else is accessing your account.
  7. If you receive an email from your bank that asks you to confirm your login status, don’t believe it. Banks do not send out such notices in email. Usually, these emails will provide a link to a website that looks exactly like your bank’s website (without the proper site key, of course). It is extremely easy to copy a legitimate bank website and make it look official. On such rogue sites, you may even see the “lock” icon and an address that begins with “https.” The lock icon only means that the session is being encrypted, but it does not guarantee any degree of authenticity. Bottom line: Make sure that YOU are the one that initiates contact with the bank website, not the other way around.
  8. Avoid “pop-up” ads, especially on bank websites. Most reputable banks will not use pop-ups. Pop-up ads are a common tool that cybercriminals use to sneak rogue programs into your computer. Also, if you see a pop-up that asks for your username and password, don’t enter it. Again, banks will not use pop-ups, especially for the entry of usernames and passwords.
  9. If you receive a phone call with an automated message that informs you there is a problem on your account, be very suspicious. Unsuspecting victims will often respond to such calls by calling the number given in the automated message, and then providing their credit card or bank account numbers to the individual on the other end. Do not respond to such calls. If you are dealing with a legitimate bank, you will not need to provide any account number information on such phone calls.
  10. Visit the security center on your bank’s website for more information. Banks are highly invested in keeping online transactions secure, and they are generally quite good at sharing security knowledge with their customers.

Best,

Dan

Trackback(0)
Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

security code
Write the displayed characters


busy
 
Advertisements

Artisteer - CMS Template Generator

Copyright © 2012.
All Rights (and some on the Left) Reserved.

Designed by Ruysdael Design.