Pinterest Stumbleupon Whatsapp

You can’t argue with the convenience of paying bills and reviewing transactions online, all without going out of the house, sitting comfortably in front of your computer. Of course, as you’re probably well aware, there are certain caveats to banking online, the most important being security.


Let’s take a look at the most important aspects of banking online, and how can you protect yourself and your bank information.

Phishing, by far the most common vector of attack, is often an email, text message or even call, that, through a technique called “˜social engineering’ fools you into believing that the bank contacted you. Social engineering is, according to BinarySEC:

Art of manipulating persons in order to bypass security measures and tools. The purpose is to obtain confidential information from users through phone, e-mail, snail mail or direct contact and secondly use these data to gain illegal access.

  • The easiest thing to do in order to protect yourself is to never click on links in emails pertaining to be from banks and other financial institutions. Even if you believe the message might be from a trusted source, go directly to the bank website by typing the web address yourself, or even better call the bank directly. Remember to always report phishing attempts.

Malware, spyware and other types of computer viruses, present a major risk especially on Windows platforms.

  • If possible, work on Linux or Mac computers day-to-day. It is widely believed that the security system for those operating systems, both Unix-based, is more robust.
  • Use a Linux Live CD from any major available distribution. A perfect example is the Ubuntu Live CD. Available for free via the ShipIt program or easily downloadable from mirror servers around the world, it guarantees that you have a uncompromised environment for working with sensitive information.
  • Make sure your software is always up-to-date. New vulnerabilities are discovered every day and the developers are usually pretty quick to patch the hole. Update your anti-virus, anti-spyware, and leave Windows Updates on automatic check every day.
  • Security through obscurity isn’t very well regarded by security researchers but it will protect you from exploits targeted at mainstream software. An example of this could be Google’s Chrome, which remained unscathed at the recent Pwn2Own security contest, although it is based on the same underlying code base, WebKit.
  • Some malware will try to route your request for a bank website to a malicious one. Remember to always check the security certificate of the webpage you’re visiting. Even if the connection is SSL secured (https://) and the site presents a security certificate, you should still verify the issuer, the owner and the expiration date to ensure it belongs to a bank.
  • To prevent DNS exploits and redirects, you should use OpenDNS or a VPN service you trust to have up-to-date software. A VPN service also ensures your traffic will be encrypted, out of reach of network sniffers and packet capturing and reconstruction; A VPN is extremely useful on an open wireless connection. For example, I use Witopia’s personalVPN service.



Extra security measures are usually provided by your bank. You should check with your bank’s website to find out if they have software solutions like NatWest’s Rapport and multi-factor authentication using tokens,  SMS or other means of verification.

If you’ve got any tips or stories to share regarding security and online banking, feel free to leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Encryption Software
    October 21, 2009 at 10:04 am

    A good rule of thumb is that your bank or any other business of which you are a customer will never ask you to provide sensitive information anywhere but their main site and only when logging in. If such a message appears, especially if it comes alongside a potential prize or reward, then your suspicion that it is malware or phishing is well-grounded. The several comments above about repairmen stealing sensitive information is frightening and should not be taken lightly. When someone in a privileged position is using it for selfish reasons, they are abusing their power. People should make sure to report such criminal activity first to police and then to a manager at the company.

  2. Varun
    April 17, 2009 at 5:40 am

    To be honest ,your 4th point is like shameless advert for Chrome.
    Was Opera broken at Pwn2Own? It wasn't even tested because it can't be.And its rules mobile sector,you can access banking through mobiles,right?
    Is chrome there on mac linux (etc,etc platforms)as we speak with support.errrrr NO.
    Please do't be so blatantly obviously biased and unaware of better technology out there.Its just sad.Thank you.

  3. Chris
    April 16, 2009 at 2:51 am

    "It is widely believed that the security system for those operating systems, both Unix-based, is more robust."

    Not true. They're just less targetted.

    • Stefan Neagu
      April 16, 2009 at 3:26 am

      Could you elaborate on that statement? Why do you think that? I have quotes from multiple security researchers stating that the Unix, and open source code in general is more secure.

      • Chris
        April 16, 2009 at 3:32 am

        "The truth is simple. The most commonly used systems are going to be targeted the most. There's no point putting sharp tacks on the road if no one is using inflatable tyres."

        "Mac OSX is not the most secure system in the world. Nor is Windows or any of the Unix or Linux based systems. All have their security strengths and weaknesses. Often, it's the user that determines just how strong these systems are with the precautions they take."

        • Stefan Neagu
          April 16, 2009 at 3:55 am

          Yet there are about 20 viruses total for linux, and none in circulation. Plus that exploit you're talking about was in Safari a web browser not the OS itself.

        • Chris
          April 16, 2009 at 4:02 am

          You obviously didn't understand what I was saying.

          Why would anyone want to make a virus for Linux, when hardly anyone uses it? They're obviously going to make a virus for Windows because that is the mainstream OS that everybody uses. I can't make it any more clearer.

          Don't complicate things - The link I included was only for reference. The actual news story the comment was from had nothing to do with the the quote I was showing you.

        • Stefan Neagu
          April 16, 2009 at 4:30 am

          By hardly anyone you mean of course the thousands of servers around the world and about 2 million active home users, right?

        • Chris
          April 16, 2009 at 4:39 am

          By hardly anyone I mean 2.1% using Linux, compared to 88.67% using Windows.

  4. Douglas
    April 15, 2009 at 6:36 pm

    Online banking can be quite tricky! I had all of my info stolen once, it took me ages to get my money back - I was destitute for weeks! During that time I really had to learn to scrimp and save. If you're interested, you should check out with similar info!

    • Stefan Neagu
      April 16, 2009 at 2:24 am

      I've checked out your blog, some good tips over there! Could you share some more details on your story?

      • Douglas
        April 16, 2009 at 1:54 pm

        Well, basically my info got taken... Im not entirely sure how/when. I suspect it was one of the things that killed my computer or one of the repair technicians (I had to take it in ~5 times over a two month period). Found out when there was suddenly over 4k missing from 3 different bank accounts and another grand in charges on my credit card. After that it just seemed to pile up... I ended up having to work with bank officials and the authorities, get a new SS, the works!

  5. Grant
    April 15, 2009 at 4:25 pm

    If your laptop is used by someone else or sent away for repairs check it thoroughly before use. My Lenovo laptop came back from a warranty repair with a virus designed to collect banking logins and send them to another site!

    • dave
      April 15, 2009 at 7:00 pm

      Thanks for the advice grant =)

    • Stefan Neagu
      April 16, 2009 at 12:32 am

      If someone from the repair team installed that malware intentionally, I think it constitutes some sort of a felony. Are you sure your system was clean prior to the repair?

    • scott
      April 16, 2009 at 2:12 pm

      Any time I send a computer to the shop it goes with a fresh install of the Operating System with no personal information on it. The browser has not been used, same for the email client (among otehers). I set up a user account and pssword of "service" for the repair place if they need it.

      After I get the computer back, I reformat the hard drive and do a fresh install of the OS. It's probably overkill but I feel better.