banking cybersecurityWhile online banking is designed to provide convenience to manage and access your accounts whenever you please, in today’s world — full of data breaches and identity theft — the security of online banking is something you likely think about. Luckily, as scammers have gotten smarter, so too has the technology designed to block them from our online accounts. These tools, however, aren’t useful without knowledge about what they are and how to use them, along with your own knowledge as to how you can make sure you’re taking steps to protect your accounts. Read below as we detail steps most banks take to secure customers’ accounts and steps consumers should take to secure their own accounts.

Steps your bank takes to secure your accounts

When it comes to up-to-date banking cybersecurity, most banks offer these features:

1. HTTPS and Extended Validation. HTTPS is a security measure we often discuss because of how central it is to modern web security. HTTPS is a more secure version of the HTTP protocol and it’s denoted by “https://” appearing at the beginning of a URL (as opposed to just “http://”). The current generation of Internet browsers go out of their way to highlight this difference by adding a green padlock in the left corner of the address bar, including green coloring in the same spot, featuring a grey lock at the beginning of the address bar or placing the word “secure” before the URL. This security feature ensures that communications with the web server you’re accessing are encrypted and unintelligible to any eavesdroppers who might be viewing your web activity remotely.

In addition to HTTPS, most banks are also adding something called an Extended Validation (EV) certificate, which is usually present whenever you see the company’s name in the address bar, usually near the green padlock at the beginning of the URL. An EV certificate indicates a domain name has HTTPS active and ensures that the owner of the website is who they claim to be, as the certificate is only given to HTTPS recipients who’ve had their identities verified by the certificate authorities who manage the HTTPS system. Although an EV certificate isn’t an extra layer of security, it is an additional way for consumers to know they’re on a legitimate site. Most of the banks and credit card issuers on our site use HTTPS with EV certificates — note that all use HTTPS.

2. Two-factor authentication. Like HTTPS, two-factor authentication (2FA) is one of the cornerstones of modern security and for good reason – only someone with physical access to your phone will be able to log into your accounts if you have 2FA activated. As such, that makes it an extremely useful means of protecting yourself from unauthorized account access. Unfortunately, adoption of 2FA, especially among banks, has only recently begun to pick up steam. As late as last year, several major banks did not provide a 2FA account security option. This website is dedicated to informing consumers about which websites and services, including banks, offer 2FA.

3. Account alerts. A number of financial institutions, like credit card issuers and banks allow you to set up email or text alerts for certain types of account activity. For example, you can set alerts for spending, transfers and overdrafts above a defined threshold. Many banks might offer some of these notifications by default, but in some cases, you’ll set up your own notification criteria. Similarly, you will likely be able to customize these alerts. For example, you can receive an alert when a debit over than $200 is processed. Contact your bank or dig into the online banking settings to see the alerts your bank offers.

Steps you should take to secure your accounts

In addition to knowing about or taking advantage of your bank’s security features, you should also take steps to protect your accounts. These steps include:

1. Use a dedicated device for banking. Checking your bank accounts on a device used for general web browsing is somewhat risky because systems used for multiple purposes are more likely to be exposed to malware. If possible, you should consider having a device used exclusively to access your bank accounts or credit cards online. It doesn’t have to be an expensive machine, as the benefit solely comes from the fact that you’re reducing the number of sites you go to (and thus reducing your chances of getting malware). As long as the device you use can access your accounts, that’s all that matters. On a similar note, you should know that a work-related device is often not the best option, as Sony employees discovered when the company was hacked in 2014.

2. Make a strong password. Although a password alone will not stop a determined hacker, a strong password can provide a bit of a deterrent. Unfortunately, a number of banks lack rigorous password requirements, so if you follow the default criteria, you might end up creating a password that isn’t strong enough to deter hackers. While memorizing dozens of strong, unique passwords for every site you use can be exhausting, you should at the very least make sure the passwords to your financial accounts are strong, although it’s ideal to have strong passwords for all of your online accounts. Ideally, your bank account password should include the maximum number of characters possible, as well as capital letters, numbers, some special characters and spaces, if allowed.

3. Never check your accounts using public Wi-Fi. Free Wi-Fi is a boon for mall patrons and coffee shop goers, but it can also house hackers and malware poised to steal information from unsuspecting users. It’s generally recommended that you avoid public Wi-Fi for any sort of web surfing, but this especially applies if you’re intending to check your bank account or credit card balance, or access any sensitive financial or personal information.

4. Don’t trust links sent via email. Phishing, which lures users into giving away personal information by linking them to a malicious site, has grown exponentially in the last few years. Many phishers will try and get you to click on links in emails designed to look like they’re from your bank when they are really just the handiwork of scammers. Whenever you want to access your bank accounts or credit card online, you should open your browser and type in your bank’s website into your browser’s address bar. While it may be tempting to click on a link in an email that claims your account was hacked, it’s likely that email is designed by scammers to do exactly that, as these types of scams have become more complicated as scammers have become more versed in complex social engineering and mind games. As such, you should take any emails or text messages claiming to be from your bank with a grain of salt, especially if they make suspicious and urgent requests. For example, messages asking you to transfer money immediately or providing you with a link to change your password as soon as possible are more than likely phishing emails. When in doubt, you can contact your bank by calling the number on the back of your debit or credit card for clarification regarding any messages purportedly coming from them.

For more information about how to protect your bank accounts and personal information online, read our technology blog.