Smart SpendingSmart Spending

Is online banking safe?

Online banking has risks, but you can take simple steps to safeguard your money and your identity.

By MSN Money Partner Feb 4, 2013 12:33PM

This post comes from Rob Berger at partner blog The Dough Roller.


The Dough Roller logoI've banked online for years. First, my brick-and-mortar bank went online, then I opened several accounts with online banks that don't have branches.


User name field on computer screen © William Andrew, PhotographerMy guess is, you bank online, too. In fact, a 2012 comScore report revealed that close to 29% of all Internet users worldwide have accessed online banking sites. This represents roughly 423.5 million people. That number is higher in North America, where more than 45% of Internet users accessed bank websites.


With increased usage, however, online banking is becoming an increasingly attractive target for hackers.


In 2011, Citigroup revealed that more than 360,000 accounts were compromised in a hacking attack that left 3,400 accounts suffering losses of up to $2.7 million. In September, Reuters reported that Iranian hackers had been targeting Citigroup, Bank of America and JPMorgan Chase with "denial of service" campaigns, making it difficult for customers to access their accounts.


More recently, CNET reported on a McAfee Labs warning about a plan by hackers to target 30 U.S. banks in the spring of 2013 and steal money from accounts. The plan has been called Project Blitzkrieg.


Such attacks raise concerns for me, not the least of which is the safety and security of our online banking transactions. Should you pay your bills online? Should you check your balance from your bank's website? Should you transfer funds online?


For me, the answer to al those questions is yes. Here's why.


Online banking is safe for consumers

Banking websites are likely hit by hacking attacks every single day. While that may be unsettling to hear, there is a silver lining. As a result of those attacks, banks continually improve their systems to effectively deal with such attacks.


In addition, even if hackers are able to steal money from your account, you will still be protected, as banks are liable for those stolen funds. (Take note that this does not apply to institutional depositors. If your bank account is under your business name, you are not covered by this protection.)


This doesn't mean that you should be complacent, though. Online banking is safe, but you should also exercise caution when banking online. There are best practices you should observe when you use any online banking service.


First, you should understand the risks of online banking. Four types of attacks  are common: 

  • Phishing. This involves you clicking a fake link to a page that looks like it was set up by your bank. The page will have a login area where you enter your account details, and those details are sent to the scammers. With your login details -- user name, password and personal identification number -- in hand, they would be able to access your account and steal your money.
  • Identity theft. Even if hackers don't steal from your account, it can be compromised by identity theft. ID thieves can capture your personal information, such as your Social Security number, and other identifying data. That data could be used to create new accounts in your name or hack into your other accounts.
  • Keylogging. If you access your online banking site on public networks, such as Internet cafes or public Wi-Fi, there is a chance that you could fall prey to keylogging. Keylogging uses software that records your keystrokes to get your account details. 
  • Pharming. This might be a little more difficult for hackers to carry out, but it does happen. Pharming occurs when hackers are able to hijack a bank's URL so that when you try to access your bank's website, you get redirected to a bogus site that looks like the real thing.
What to do

How do you deal with all these risks?


Confirm your online bank's legitimacy. The Federal Deposit Insurance Corp. has a tool that lets your search for banks whose deposits it insures. 


Be very careful with copycat websites. Be sure you do not fall prey to sites that use a name that is very similar to that of your online bank -- for example, or When you receive an email purporting to be from your bank, don't click any links in the email. Instead, type in the URL of your bank in the address field of your browser, then log in when the site comes up. If your bank is really trying to contact you, you'll likely find a message when you access your account. You can also call the number on the back of your debit card or on your latest bank statement.


Learn more about your bank's security system. You should know how your bank encrypts your private information. When you are accessing the website, you should find a small lock or key icon to tell you that the site and your transactions are secure. You should be able to use PINs and passwords when you access your account online.


Finally, do not send personal information over email. Under no circumstances would your bank ask for personal data via email. 


Protect your computer. Hacking attacks are not always directed at banks. Because many such attacks are directed at customers, you should have the latest virus and malware scanning software installed on your computer. You should also ensure that all the software you use on your computer has the latest security updates.


In addition, you shouldn't get lazy when it comes to online banking. Some banking websites have an option that offers to "remember your computer." Choosing this option would allow you to bypass some security questions if the bank's system recognizes your IP address. The problem is that hackers can spoof your IP address and make your bank think that the hacker's computer is really yours.


Do not enable this feature. Yes, you will end up answering more security questions, but it is also more secure.


Take reasonable cautions with everything you do. Do not click links on emails, do not talk to strangers, do not download anything from people you do not trust, and look both ways before crossing the street.


Let's be careful out there.


More from The Dough Roller and MSN Money:


May 3, 2013 11:06PM
READ ABOUT THIS HACKER ANY WHO WHO REMEMBER THIS HACKER USED KNOW THAT THEY HAVE RELEASE HIM FROM PRISON SO HE NEED MORE WORKS TO DO When alleged cyber-criminal Hamza Bendelladj was arrested at Suvarnabhumi Airport on January 6, all he could do was smile. He has remained out of sight since then and only a few details have emerged on his case. here has been a lot of interest in Hamza Bendelladj, the so-called "smiling hacker", but two weeks after his arrest, few details have emerged. We do know he was arrested on January 6 while his plane was on the tarmac at Suvarnabumi airport. He was travelling with his family following a holiday in Malaysia en route to Cairo, Egypt. The arresting officer, Pol Maj Prot Sertakij from the Immigration Police said Hamza did not resist. ''He just said goodbye to his family and followed us. Then his wife and daughter continued on their journey to Egypt without him.'' Pol Maj Prot said Hamza was arrested for banking fraud at the request of the United States and was now under the detention of the Criminal Court in Thailand. ''The arrest warrant was issued by the Criminal Court,'' he said. ''The arrest warrant specifically mentioned that bail is not allowed.'' Pol Maj Prot said Hamza would have to go through the Thai court process before any ruling is made on extradition. The prosecutor's department of the Criminal Court could not say when Hamza would appear in court next. However, a spokeswoman for the department said more charges would be laid against the Algerian. Thai police said earlier that Hamza had hacked into private accounts in 217 banks and financial companies around the world, earning up to US$20 million (595.6 million baht) per transaction and amassing huge amounts in illicit earnings. EMAIL THIS HACKER HERE FOR BANK TRANSFER SCHOOL GRADES HACKS HACKING DATA AND ALOT OF WORKS OK
Feb 5, 2013 7:44AM
Safeguarding our personal identities  is important to prevent the risks of Id theft. Just read an informative whitepaper on " Wire fraud and Identity theft : Risks and prevention for Banks and consumers” which readers will find very helpful @
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.