Finance Security

Is Online Banking Safe? Mostly, But Here Are 5 Risks You Should Know About

Joel Lee 23-10-2015

There’s a lot to like about online banking. It’s way more convenient The 7 Best Online Banking Features For Simplifying Your Life Does money management stress you out? What if you could effortlessly alleviate some of that stress for good? Online banking offers a lot of benefits that can help to simplify the headaches of money. Read More than visiting a traditional bank — so much so that it can really simplify your life. Plus, online banks offer better savings rates Save More Money by Using These 4 Online Banks Online banks frequently offer much better rates and perks than their brick-and-mortar counterparts. Here are four of the best options for American residents. Read More so you get to keep more money in your pocket.


Even so, the question on most people’s minds is whether or not online banking is safe and secure.

Personally, I think it’s secure enough to use on a daily basis, but we can’t deny that there have been several breaches and security failures over the years. If you want to know the dangers of online banking, here are five real-life scenarios that illustrate.

1. Customers Kept In the Dark

Back in 2011, Bank of America’s website was flawed in that it exposed customer account data in an unsecured way — sometimes, users would log in and see another customer’s account details.

This incident is particularly horrible because it’s not like Bank of America was actively breached, compromised, or tampered with. This was an oversight in the website itself, and it ended up harming a lot of customers.


But the worst part is that Bank of America didn’t even notify their customers that this was happening. Even when they were aware of the issue, they failed to send out any emails or updates to let customers know what they should do to reestablish security over their accounts.

Be sure to also check out our tips to keep your online bank account secure 10 Tips to Keep Your Online Bank Account Secure Switching to online banking comes with some security risks. These tips explain how to keep your online bank account safe. Read More .

2. Banking Apps Can Be Compromised

Those of us who use online banking have probably become comfortable with things like online banking card readers Online Banking Card Readers: How Do They Work and How Secure Are They? Online banking card readers have been around since the late 2000s, offering an extra layer of security beyond traditional online authentication. We look at how they work and if if they're really that secure. Read More and mobile payment methods Are Selfies the Future of Mobile Payments? Mastercard are trialling payment by selfie. Is the concept the future of mobile payments or doomed to failure? Read More , and part of that workflow is being forced to use mobile apps developed by the banks themselves.

The problem is that smartphones have security flaws that can make it very dangerous to conduct transactions using a mobile device.



In 2014, a security expert named Winston Bond demonstrated how easy it was to reverse engineer mobile apps: decompiling them back into source code, altering the behavior of the app, and reuploading it back onto the app distribution servers.

Using techniques like reverse engineering and mobile malware infections, it’s entirely possible for a bank app to be compromised and to have your credentials stolen or intercepted. Even using something like two-factor authentication might not be enough to prevent this.

3. All Banks Have Security Holes

Banks are always in the crosshairs of criminals. No matter how secure a bank’s system might be, it will never be perfect — and there will always be someone who finds a way to exploit weaknesses.



This was the case in 2010 when a lone intruder breached the security of Suffolk County National Bank, tapped into its user database, and got away with over 8,000 login credentials for various customers.

No bank is ever safe from this kind of cyber attack. If a database exists, it can be stolen. Period. It’s debatable whether online banks are inherently less secure than traditional banks, but everyone can agree that online banks are far from perfect.

Take a look at how hackers try to break into your bank account 5 Methods Hackers Use to Break Into Your Bank Account The risk to your bank account from hackers is real. Here are the ways hackers can gain access to your savings and clear you out. Read More so that you can better protect yourself.


4. Reused Credentials Are Bad

In 2014, a lot of bad things happened 3 Online Fraud Prevention Tips You Need To Know In 2014 Read More . Kickstarter’s database was compromised. Target’s data was breached. AT&T and eBay were both hacked. Some people dubbed it as a “data hackpocalypse”. In the end, the perpetrators took off with millions of usernames and passwords.

So it’s a shame that online banks still mostly rely on usernames and passwords.


Most people use a single username for all of their online accounts. What’s worse, most of them also use the same password for all of their accounts.

So even if the online bank itself doesn’t get hacked, consider this: a site like eBay gets hacked and hackers escape with your login information. Suppose they inputted those stolen credentials into your bank’s website — now they have access to your account.

5. Reliability Not Guaranteed

In 2013, a distributed denial of service attack (DDOS) crippled NatWest’s internal systems to the point where customers weren’t able to access their accounts by the Internet. In layman’s terms, someone clogged up their servers such that they couldn’t process interactions for regular customers.

One would think that an institution as security-conscious as a bank would have the proper measures in store to defend against these kinds of attacks, but the truth is that you never know when a bank’s online services might go down.

And back in 2009, one of the hard drive arrays used by Barclays failed — and rendered many of their services inoperable, including cash machines, telephone lines, and online banking.

Is this as game-breaking as having your login credentials stolen? Of course not. Does a DDOS attack pose any threats to you as a customer? Not really. But losing access to your account at the wrong time, even temporarily, can be quite the headache.

3 Tips for Safer Online Banking

What can you do about all of this? Does it mean you should forego online banking once and for all? Of course not. Online banking is great as long as you’re careful and take proper measures against breaches How to Counter Data Breaches: 3 Simple Ways to Protect Your Data Data breaches don't only hit share prices and government department budgets. What should you do when news of a breach strikes? Read More . Also, make sure you bank with an organization that won’t hold you liable for security breaches.

Use unique usernames and passwords. If you’re going to bank online, you have to make sure that you’ve never used that particular username or password before. Yes, both need to be unique. Otherwise, a breach that occurs elsewhere could still come back and bite you in the rear.

Scan for malware regularly. “It won’t happen to me” is the mindset of everyone who eventually catches malware Change Your Bad Habits & Your Data Will Be More Secure Read More . Only the naive think that they can outsmart malware. The entire reason that malware continues to exist is because it’s unpredictable. Use a good malware scanner 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More and scan at least once a week.

Don’t check accounts on public Wi-Fi. There are several risks to using public Wi-Fi 3 Dangers Of Logging On To Public Wi-Fi You've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks? Read More , including the fact that someone could be snooping on your connection to steal login credentials. Your safest bet is to wait until you’re at home to check your accounts. Learn more with these common Wi-Fi misconceptions 10 Common Misconceptions About Wireless Networks Today, we're going to bring networking to the forefront, and discuss 10 of the most widespread misconceptions about your home Wi-Fi network.  Read More .

For more tips on keeping yourself safe, check out these 8 security tricks used by real experts 8 Tips for Online Safety Used by Security Experts Want to stay safe online? Then forget everything you think you know about passwords, antivirus and online security because it's time to be retrained. Here's what the experts actually do. Read More .

Does this push you away from online banking? Or do you think online banking is still worth the risk? Tell us your thoughts in the comments below!

Image Credit: Shocked Woman Using Laptop by Andy Dean Photography via Shutterstock, Mobile Banking by mama_mia via Shutterstock, Locked Debit Card by wk1003mike via Shutterstock, Laptop Security by Gunnar Pippel via Shutterstock

Related topics: Online Banking, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Bilbo
    August 31, 2016 at 6:05 pm

    I've been trying to get Barclays to contact me, because I have just discovered a system failure. "Normal" failures in banking systems seem to disadvantage the customers and so so banks don't have the motivation to properly correct things or keep communication lines as open as they ought. However, I have knowledge of a system failure which can seriously disadvantage the bank. But they have ignored my requests to contact me so I can bring it to their attention. There are many people out there who would say nothing...I will give them one more day to contact me or I will consider sharing the information. I think that's more than fair.

  2. Lois E Gould
    May 4, 2016 at 2:20 pm

    I have used online banking for years with no issues. I do all of my banking from home and have a unique user id and password for every site that I use (all sites, not just the banking ones.) I just recently changed my modem to one that includes wifi and am now wondering if I have placed myself at risk or is using my own wifi from home, with my own password acceptable.

  3. Anonymous
    October 25, 2015 at 8:09 pm

    I'd say people need to find a balance between relying on banks while keeping enough cash on hand to not continually creeping back to the ATM to withdraw money. Typically, people would feel more secure if there's a physical location for them to get to and talk with a person than on the phone.

    • Joel Lee
      October 27, 2015 at 12:58 am

      Ah, good point, Zhong. Reducing one's dependency on ATMs and frequency of online banking transactions can be tough, but definitely a good move in terms of reducing overall risk. Thanks for sharing!

  4. Anonymous
    October 24, 2015 at 7:10 pm

    No one can guarantee total security; heck, even bank safe deposit boxes aren't totally safe...

    BUT, I've been using online banking and also online banks for years now. I travel regularly all around the world for months at a time. I use hotel wifi's regularly - although only with my own device, and only via “https“ (or the banks' own apps).

    All the years, there was only one fraudulent transaction against my accounts - an ATM fraud that actually had nothing to do with online banking! My bank returned the money to me two days after I reported it. No biggie at all.

    YES, bad things do happen. But they are infrequent in real life - and your bank protects you - so long as you are reasonably vigilant and you report any suspicious activity within a reasonable time frame. People need to live life and stop reading the news so much.

    • Anonymous
      October 26, 2015 at 12:33 pm

      "YES, bad things do happen. But they are infrequent in real life"
      Data theft may not occur as frequently as purse snatchings or hold ups but the amount of data stolen is certainly alarming. While 70 million accounts stolen from Target are a minuscule number in comparison to the world's population, they represent almost 22% of USA's population, hardly an insignificant number. And that is only one data breach.

      " People need to live life and stop reading the news so much."
      As in "What you don't know won't hurt you"?
      As in "Ignorance is bliss"?

      • Anonymous
        October 26, 2015 at 2:00 pm

        Ignorance here applies to people lapping up scary media reports - with no real, firsthand experience of their own to lend perspective!

        Do you regularly use Wifi in Ukraine or Russia or China, etc.? I do. And it's fine - though not 100% risk free - just as life itself isn't 100% risk free. How do you think Ukrainians and Russians do business in this digital age?

        Read your own posts. Like playing with a revolver with 5 of 6 chambers loaded? Please...

        BTW, I am an American, but traveling in and responding from Serbia right now. Safe enough is safe enough for most of the world to utilize and benefit from. Just like how most of the world drives cars and fly planes - and benefit enormously therefrom - despite daily transport mishaps.

        You are still free to worry and avoid - but digital banking and commerce is already pretty mainstream today. Cheers.

    • Joel Lee
      October 27, 2015 at 12:57 am

      "so long as you are reasonably vigilant and you report any suspicious activity within a reasonable time frame"
      For what it's worth, I agree with you, Read and Share. It's impossible to avoid ALL bad things. All you can do is weigh the risks, take the proper precautions, and roll with the punches as they come. :D

  5. Anonymous
    October 24, 2015 at 2:43 pm

    The malware threat can be handled by using a sandboxed browser.Beyond that,use a tough to crack password.

    • Joel Lee
      October 27, 2015 at 12:56 am

      Good tip on the sandboxed browser, Michael!

  6. Anonymous
    October 24, 2015 at 12:06 pm

    How about a bank whose password policy is so poor that they don't distinguish between upper and lower case letters? SunTrust still doesn't have even that much security for their users' accounts.

    • Joel Lee
      October 27, 2015 at 12:53 am

      Yikes, that sounds bad. It might be a sign that it's time to take your business elsewhere!

  7. Anonymous
    October 23, 2015 at 11:56 pm

    "It’s way more convenient than visiting a traditional bank — so much so that it can really simplify your life"
    For the sake of 'convenience' people are willing to overlook many problems, including lousy security. How convenient is it when your identity is stolen? Your life is really simplified when you have to a new identity.

    " online banks offer better savings rates so you get to keep more money in your pocket."
    Is the couple of extra dollars a year (because that is literally all you're going to get) worth the aggravation of having your data compromised?

    "I think it’s secure enough"
    I'm glad you accept the insecurity of online banking with such equanimity. When it comes to data security 'secure enough' is not good enough. It has been proven over and over again that any transaction using WiFi is insecure. Using WiFi for secure transactions is like playing Russian roulette with a revolver with 5 of 6 chambers loaded.

    "we can’t deny that there have been several breaches and security failures over the years"
    'Several' that we know of. How many data breaches have been successfully covered up? I remember reading that there are hundreds, if not thousands, of data breaches that have not been publicized. In case of data breaches, what we don't know WILL definitely hurt us.

    • Joel Lee
      October 27, 2015 at 12:52 am

      "How convenient is it when your identity is stolen?"
      Identities can be stolen even if you solely use brick-and-mortar banks, so the question is whether an online bank's boost in convenience is worth the slightly increased risk of compromise. And today, the recovery process from identity theft is way better than before (probably because so many people have fallen victim... but still).

      "When it comes to data security ‘secure enough’ is not good enough."
      Well, everyone has a line where they say "this is secure enough for me". Otherwise you wouldn't be on the Internet at all and you wouldn't have any bank accounts at all. Some of us draw lines at different places, and for many of us, online banks are within the lines. Also, I mentioned the fact that banking over Wi-Fi is not smart! :)

  8. Anonymous
    October 23, 2015 at 7:06 pm

    Honestly, anyone who banks online and doesn't change his or her password(s) on a regular basis (at least once a quarter) is just asking for trouble.

    • Joel Lee
      October 27, 2015 at 12:47 am

      True, Michael. I must admit that I'm somewhat lazy in that regard, but even a twice-yearly change in password is better than nothing. A small inconvenience for greater peace of mind. Worth it!