Meet our writers

 







Money May 2012

Dollar Sense

Do You Bank Online? Are You Sure It Is Safe?

By Teresa Ambord

Consumers love apps, widgets, and any faster, newer, cooler technology-related gadget. So do thieves. In fact, increased use of online banking is like waving a red flag that motivates thieves to find even more ways into your computer.

The world of online banking is growing by leaps and bounds. Everybody seems to be doing it, at least a little bit. You’ve probably seen the commercials depicting a newlywed couple on their honeymoon, sending their wedding gift checks to the bank using their mobile phone. Convenient? Definitely. But how safe is it? What about checking your bank account from a wi-fi café? Or even banking from your home computer? Not long ago, one monstrous computer virus alone managed to worm its way into more than three million U.S. based computers (and more outside the country). That one virus was responsible for siphoning more than $70 million out of consumer bank accounts. So now how do you feel about banking online?

The Federal Deposit Insurance Corporation (FDIC) says that more and more banks are scrambling to offer online services and products for convenience. Consumers love apps, widgets, and any faster, newer, cooler technology-related gadget. So do thieves. In fact, increased use of online banking is like waving a red flag that motivates thieves to find even more ways into your computer. After all, they follow the money trail, and that trail leads to your bank and credit card accounts. But the FDIC doesn’t suggest you reject banking online. Just make good choices.

How do you do that? Recently a well-known hacking researcher, Darren Kitchen, was interviewed by various media outlets, including ABC News, the New York Times, Wired Magazine, and Yahoo, to answer questions about the safety of online banking.

Here are the questions and answers.

 

Is it safe to bank from your home computer?

According to Kitchen, yes, if you are sure that your home computer is virus free. If you aren’t sure, it’s better to not risk logging onto your bank or credit card company. Kitchen adds, if your home computer is connected to a wi-fi router, it should be encrypted with WPA2 security before you use it to do banking.

What about a public computer such as you would find at a library, a school, or in a hotel lobby? The problem with this, Kitchen told reporters, is that there is no way to know if a clever criminal has installed a device that captures the information you enter. This is a very real possibility, said Kitchen, so don’t underestimate it. The second you log onto your bank (or what you believe to be your bank) your username and password could be captured. Then you have effectively given a thief the keys to your kingdom.

 

What about using your own computer at a wi-fi café?

Reporters asked Kitchen if he, given his expertise in online security, would risk logging onto his own bank web site in a wi-fi café. His answer in two words, “Absolutely not.” To illustrate, he and a Yahoo reporter took their own laptops to a wi-fi café. The researcher logged onto her own bank (an account created for the purposes of the experiment). In nothing flat, Kitchen had intercepted her username and password and had total access. Had the account been real and had Kitchen been a thief, he would have been able to clean out her funds.

How did he get her log-in information? Kitchen said all a thief has to do is take his/her own router to the café and set up an open connection, using the name of the café. Unsuspecting consumers see the café name and assume they are connecting to the right place. The thief is actually pretending to be the Internet, and in fact, the moment you log onto his fake site, he actually becomes your Internet. He is effectively “the man in the middle” and he can see everything you do online. He can create a web site that impersonates your bank to the extent that you may feel perfectly secure handing over your information. Big mistake. Just ask the millions who have had their bank accounts drained by thieves.

 

What about mobile banking from your phone?

Generally, said Kitchen, this is safe if you are relying on a cell phone tower, which is much harder to fool than a connection in a wi-fi café. Still, it is not impossible to fool them. If you use wi-fi to connect to the Internet, you should know that this type of connection is susceptible to hacking. Kitchen said the best policy is to consider what could happen if your data fell into the wrong hands. Thieves work around the clock to become more sophisticated in their deception. Suppose, asked Kitchen, you lost your phone?

What information is in there? If you do keep sensitive data in your phone, he said, you should also have these two safety features: a password screen lock, and a remote wipe program, so that if your phone is lost or stolen you can still delete all the data.

 

Additional Advice from the FDIC

Before you enter your username and password, look around the web site, warns the FDIC. There should be an “About Us” section, or something similar. It probably includes such things as a brief history of the bank, the official name and address of the bank headquarters, and information about FDIC coverage.

The FDIC states that copycat web sites will use names that are close to the web address of your bank, but slightly different. Obviously the intent is to get you to take a quick look and assume you are logged onto your bank, and then enter your personal information. Slow down and read the web address carefully.

Many online banks have popped up, that are primarily or exclusively for Internet use. They offer a great deal of choice and flexibility, and may provide premiums for joining, like a free small cash deposit. If you are considering signing up with an online bank, you should know that not all of them are insured by the FDIC. Many are chartered overseas, which will mean they are not federally insured by the U.S. government. The FDIC maintains a database of the institutions it covers, so before you sign up with a bank, check it out. Just go to your Internet browser and type in “Bank Find.” Then type in the name of the bank and zip code or other address information. If the bank is insured, you’ll be provided with details. If it isn’t and you have an account there, you may want to contact the FDIC.gov for advice. Or call them at 1-877-275-3342.

 

Teresa Ambord is a former accountant and Enrolled Agent with the IRS. Now she writes full time from her home, mostly for business, and about family when the inspiration strikes.

Meet Teresa