Security Technology Explained

How Do I Know VPNs Won’t Intercept Bank Login Details?

Ben Stegner 27-09-2017

By now, you hopefully know that using a VPN is vitally important for your security 11 Reasons Why You Need a VPN and What It Is Virtual private networks can protect your privacy. We explain what exactly they do and why you should use a VPN. Read More . Obscuring your IP address and internet activity keeps you safe from prying eyes. But when using a VPN, how can you be sure that the VPN provider isn’t intercepting sensitive information, like your bank login?


Assuming your VPN is trustworthy 5 Signs You Can Trust Your VPN Client Using a VPN helps protect your traffic from snooping and your information from theft. But how can you be sure that your VPN is protecting you? Here are five signs your VPN is trustworthy. Read More (which you can’t be sure of with a free VPN 5 Reasons Why Free VPNs Just Don't Cut It VPNs are all the rage, but if you're thinking of going the free route, please reconsider. Free VPN services come with risks that may not be worth taking... Read More ), the answer is encryption. Whenever you use a VPN, the security that it offers builds on top of the security that’s already built into secure websites.

Let’s take an example.

When you visit Bank of America’s website, you’ll see a green padlock icon in the URL bar. This shows that you’re connected using HTTPS, and thus the sensitive information you transmit — even without a VPN — is secured by encryption. Only your machine and Bank of America’s servers can read what’s sent.

If someone intercepted the data during transmission, they wouldn’t be able to read it. They might know know that you visited Bank of America’s site, but they couldn’t read the data itself that you sent.

What happens when we introduce a VPN into the equation?


Say you’re on a VPN connection when you log in to Bank of America. The sensitive information you send to the website is still encrypted before it gets sent to the VPN server, and it only gets decrypted when it reaches Bank of America’s server. Even though your bank login passes through the VPN server, the VPN server can’t read it.

The bottom line is that your passwords aren’t ever sent through the VPN — only an encrypted hash of them.

As discussed in our explanation on encryption How Does Encryption Work, and Is It Really Safe? Read More , breaking this with brute force would take over a million years using modern supercomputers. Thus, when connecting to properly secured sites, a malicious VPN provider would only end up with a useless encrypted string if they tried to steal your login info.

There’s only one way that a VPN provider could steal your login details: by setting themselves up as a man-in-the-middle attack. Theoretically, installing VPN software could allow a company to set up their own certificate What Is a Website Security Certificate? What You Need to Know Website security certificates help make the web more secure and safer for online transactions. Here's how security certificates work. Read More as a trusted authority on your computer. This would fool your browser into thinking that insecure sites are actually safe.

With a reputable VPN, however, there’s next to no risk of this.

Have you ever worried about your security when using a VPN? If you don’t use a VPN, why aren’t you using one yet? Tell us what you think in the comments below!

Image Credit:

Related topics: Online Security, VPN.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Hassie Macaluso
    September 27, 2017 at 9:49 pm

    We absolutely love your blog and find the majority of your post's to be exactly what I'm looking for. Would you offer guest writers to write content to suit your needs? I wouldn't mind creating a post or elaborating on some of the subjects you write related to here. Again, awesome weblog!

  2. ReadandShare
    September 27, 2017 at 7:10 pm

    As an average American Joe traveling the world, I don't care if people snooping around open WiFi's learn that I visited MUO and also BofA. Since most all email and financial websites (including GMail and BofA) employ HTTPS, I am safe emailing and doing banking on open WiFi's without any need for VPN's.

    Numerous articles like this one parrot each other about the necessity of using VPN's - tell us why HTTPS isn't good enough on its own (as in my situation).

    • dragonmouth
      September 29, 2017 at 12:14 pm

      "most all email and financial websites (including GMail and BofA) employ HTTPS"
      But not MUO. :-)

    • Godel
      October 3, 2017 at 9:24 pm

      It was explained in the article, namely a Man In the Middle Attack.

      When you attempt to go to your bank's website they display a replica of your bank's login screen and let you type in your credentials. Then they tell you that your login was wrong and put you through to the real bank site to reenter them, but they already have your login data stored for later use.
      In both cases you're using encrypted HTTPS communication but in one of them you're talking securely to a bunch of crooks (maybe in both cases?). This is also why some form of 2FA is a good idea.
      Bottom line is VPNs aren't perfectly safe but they're better than trusting some random Wi-Fi connection in a Greek coffee shop.

  3. dragonmouth
    September 27, 2017 at 12:17 pm

    "Assuming your VPN is trustworthy"
    You do know the definition of the word 'ASS U ME'?

    • Ben Stegner
      September 27, 2017 at 2:51 pm

      If you're using a paid VPN with a good subscription, that's about all you can do. I just wanted to note that as I obviously can't verify that everyone reading this has a trustworthy VPN.