When was the last time you stopped by your bank’s physical location? Odds are it was a while ago. In today’s high-tech society, online banking is probably the main way that you manage your finances.
That convenience doesn’t come without a cost. Online transactions of any kind, but especially banking, can make you vulnerable to hackers, phishing schemes, and identity theft. If you’re not taking steps to secure your sensitive data, you could be one mistake away from a major issue.
“In most general cases, security risks are provoked by a combination of user behavior and active attackers,” says Rongxing Lu, associate professor and university research scholar in the faculty of computer science at the University of New Brunswick, Canada. “Some examples are installing malicious plug-ins to browsers, using weak login passwords, or submitting login credentials to phishing websites.”
The onset of the COVID-19 pandemic made us all more likely to manage finances from the safety of our homes. According to the American Bankers Association, 63 percent of all bank interactions before the pandemic occurred via a mobile app, online, or over the phone. Since the start of the pandemic, that number has increased to 77 percent.
Gen Z and millennials are significantly more likely to bank online than their Gen X or baby-boomer counterparts. That means students are banking online too—in a recent CampusWell survey, nearly half of all student respondents said they use online or mobile banking at least once a week.
“It’s really convenient, especially because of COVID-19. My bank shut down some branches temporarily and the open ones were far from where I live. Mobile/online banking allows me to deposit into my accounts from afar. I haven’t had a negative experience yet, but I do think it opens up the risk of having your account hacked.”
—Ciara A., first-year graduate student, University of Nevada, Las Vegas
“I transfer money to maximize higher interest rates. Online banking lets me move funds and avoid overdraft fees on the fly.”
—Evan L.*, first-year graduate student, John Hopkins University, Baltimore, Maryland
“Mobile banking is nice because I can deposit a check without physically going to a bank. Since the nearest one is an hour away, I prefer not to travel if I don’t need to. It is worrisome to have my bank account readily available on my phone, though. If I forget to close the app, someone else could grab my phone and access it.”
—Nash N., second-year graduate student, Clemson University, South Carolina
Phishing is one of the most common methods of identity theft, and you’ve probably seen a phishing attempt before. Hackers attempt to trick you into giving up personal information so they can gain access to your accounts.
Have you ever seen an email in your spam box that looks a little like an email from, say, WellsFargo asking you to verify your personal information? The content of the email may tell you that you need to log in to your online account and update your password. If you click the link (hint: DON’T), you’ll be directed to a dummy site that will automatically download tracking malware to your computer.
“Scammers usually launch phishing scams through emails or SMSs,” says Lu. “These scam emails usually contain obvious spelling errors, grammatical errors, or non-ASCII characters that look like ASCII characters [e.g., ҽ and e, Ɲ and N] to evade these filters, which is a distinctive feature of phishing emails.”
Another tip: Check the email address of the sender. If it’s spam, it would likely not have the same domain ending as your financial institution. If there’s any uncertainty as to whether the email is legitimate, always call your bank before clicking through to a link or responding with any personal information.
Keep in mind that phishing can also occur over the phone. Be wary if you receive a call from someone claiming to be an IRS representative—they’re likely attempting to pry personal information from you, if not take your money.
As convenient as online banking is, it can also leave your most sensitive information vulnerable. Hackers know how easy it can be to gain access to your banking information if proper precautions aren’t taken. Here are 10 tips to help protect yourself:
1. Use a private Wi-Fi network for banking.
According to Consumer Reports, security experts have been advising people to avoid public Wi-Fi since the beginning of its widespread availability because of hacking risks.
If you must use public Wi-Fi, take extra precautions.* Stick with sites that are encrypted, don’t save any of your passwords in your browser, and clear your cookies to stay secure. You could also consider setting up a virtual private network, or VPN (which requires a little Googling). See the “Get help or find out more” section below for tips on how to do this.
*Note: Public Wi-Fi is often unencrypted, meaning whenever you connect to Wi-Fi outside of your home network, any personal or private information you put into your browser can be easily accessed by anyone connected to that same Wi-Fi network.
2. Change your passwords every 90 days.
By changing your passwords every three months, you’ll make it more difficult for hackers to steal or decode them. Only 15 percent of student respondents in our recent CampusWell survey said they practice this habit, but it’s an important one. Make it easier by setting a reminder (repeating every 90 days) on your phone. If you’re overwhelmed at the thought because you have so many different accounts, a password manager can help (more on that below).
“Generating passwords based on a pattern that only you know may be a better solution than writing them down,” says Lu.
3. Choose strong passwords.
Forbes shared these tips for creating strong passwords:
- Choose longer passwords, such as a phrase rather than a single word.
- Use a mix of upper- and lowercase letters.
- Include numbers and special characters.
- Avoid common sequences, such as “1234.”
- Avoid using personal information, such as your name, pets’ names, date of birth, etc.
- Don’t store your login details in your online banking or mobile app.
You can also use a password generator such as LastPass to create secure passwords for you.
4. Use a trustworthy password manager.
Google Password Manager is generally very secure, but there are plenty of other top-rated password managers you could opt for. These make it way easier to stay on top of changing your password frequently (and keeping it strong), since there’s only one to remember.
5. Enroll in two-factor authentication.
This means your phone will be used to verify your identity when you log in (usually with a time-sensitive code). It’s a pain, yes, but it’s worth the significant added protection.
6. Keep your PINs, card numbers, and account numbers confidential.
Don’t share your personal information over email or any messaging platform, even with someone you trust.
7. Check your bank account balance and activity at least once a week (and ideally more often).
This is a good habit even just for your own financial well-being, but it’s also an opportunity to spot where you may have been wrongfully charged (or worse, stolen from). If you see a fraudulent charge, alert your bank ASAP.
8. Always access your bank site by typing in the address, not clicking a link from an email.
As soon as a web page looks suspicious (maybe a typo or a blurry image), stop what you’re doing and close your open browsers. Clear your cache and restart by typing in your bank’s home page URL directly.
9. Use a reliable antivirus program on your personal computer.
There are plenty of antivirus options, depending on what type of computer you’re using. The important thing is to keep your software up to date and running.
10. Keep your computer, phone software, and apps up to date.
Older versions of apps and software may not have the security updates required to keep your information safe.
The site Identitytheft.gov will walk you through the steps you need to take if you think your Social Security number, online banking login information, debit or credit card number, driver’s license information, or other personal information has been lost or exposed. You should also call your financial institution ASAP and keep them in the loop—they might even have an expert on staff to help guide your next steps or investigate your account. It can be a long and tedious process, as you might imagine, so prevention is the best safeguard.
*Name changed for privacy
Lu, Rongxing, PhD, associate professor and university research scholar, Faculty of Computer Science, University of New Brunswick, Canada.
CampusWell survey, October 2021.
Consumer Financial Protection Bureau. (n.d.). Tips when using mobile devices for financial services. https://files.consumerfinance.gov/f/201406_cfpb_consumer-tips_mobile-rfi.pdf
Federal Trade Commission. (n.d.). When information is lost or exposed. https://www.identitytheft.gov/#/Info-Lost-or-Stolen
Fowler, B. (2019, April 12). Is using public wifi still a bad idea? Consumer Reports. https://www.consumerreports.org/digital-security/is-using-public-wifi-still-a-bad-idea-a8476049516/
Lake, R., & Foreman, D. (2021, June 28). How to protect your online banking information. Forbes. https://www.forbes.com/advisor/banking/how-to-protect-your-online-banking-information/
Loftin, S., & Murphy, B. (2021, October 21). Preferred banking methods infographic. American Bankers Association. https://www.aba.com/news-research/research-analysis/preferred-banking-methods
CIBC. (n.d.). Online banking safety tips. https://www.cibc.com/en/privacy-security/online-banking-safety-tips.html
Schifferle, L. (2020, October 6). Play it safe online. Consumer Financial Protection Bureau. https://www.consumerfinance.gov/about-us/blog/play-it-safe-online/