Online fraudsters are staying busy, and they have the loot to prove it: Hackers have stolen $112 billion in the past six years, according to Javelin Strategy & Research’s latest study on identity fraud. That comes out to $35,600 per minute — or the price of a college education in about the time it takes to microwave popcorn.
If you belong to the 71% of U.S. adults who bank online, those figures may make you question the safety of your bank account. To combat those concerns — and, of course, to protect your money — it’s important to know how you can help thwart fraud, and what steps financial institutions take to keep your accounts secure.
- Consumers can take steps to reduce risks online.
- Banks’ own security technology efforts are increasing.
Consumers have a role in security
Large-scale data breaches get the headlines, but criminals also work on a smaller scale by attacking consumers directly. Fraudsters often use so-called phishing scams, in which they cast out emails pretending to represent a financial institution in the hopes of hooking an unsuspecting consumer. The email might suggest there’s a problem with your account and ask for your bank password or Social Security number. If you reply, the criminal could use that information to illegally make purchases or withdraw money from the account.
You generally aren’t responsible for unauthorized charges if you report them within 60 days of the transaction first appearing on your bank statement. Ideally, though, you’d be able to avoid those unauthorized charges in the first place. Here’s how:
- Change passwords regularly. Use combinations that are difficult to guess, such as a mix of upper- and lowercase letters, numbers and symbols. The more complex passwords are, the harder they will be to crack, and the more likely they’ll be able to protect you from hackers.
- Use anti-virus software. Make sure yours is up to date on your home computers and mobile devices.
- Check that the network and website are secure. Banking online from the security of your private home network is ideal. With public Wi-Fi, you can’t be totally sure who sees what you send online, unless each page you visit is encrypted. If you have to log in while away from home, consider using your cellular data plan instead of Wi-Fi, or a virtual private network, known as a VPN. However you choose to log in, check for Web page encryption by making sure the address on the browser starts with “https.” The “s” signals that the page is secure.
- Use two-factor authentication. Instead of just a username and password, many banks and credit unions ask customers to provide a second piece of information to verify themselves. It could be a unique passcode the bank sends to your smartphone as a text message, or even your own fingerprint. The point is it’s another layer, one not so easy to steal.
- Don’t respond to suspicious emails. If an email proclaims an offer that sounds too good to be true — like someone saying they want to wire you $100 million — it probably is. Chances are good that the sender is less interested in making you rich, and more interested in plundering your account.
Banks and credit unions are increasing security technology
While consumers do their part, banks and credit unions are doing theirs as well. According to American Banker, more than 70% of banks plan to increase spending on security technology in 2016.
Standard measures include firewalls, anti-virus protection on bank computers, fraud detection systems and website encryption, which scrambles data so only the intended recipient can read it. If you plan to bank online, ask your financial institution whether it employs these types of security measures.
Many institutions also rely on growing mobile banking technologies. Customers can, for example, choose to receive alerts via text or email whenever large transactions are made on their accounts. That way, they can reach out to the bank immediately if they see a purchase or transfer that they didn’t make.
And as hackers get more creative, so do the methods that credit unions and banks use to protect their customers.
“Many banks hire what are called ‘ethical hackers’ to come in to test and see if they can penetrate through their firewalls,” says Shirley Inscoe, a senior analyst at the research and consulting firm Aite Group. “They’re willing to make that investment to find the gaps so that they can fix them.”
Some banks are even applying for “.bank” top-level domain names, meaning that instead of a .com address you’d go to, say, “www.mybankname.bank.” These addresses are available only to verified and vetted banks, which must meet a handful of security requirements. Once a bank is approved, it must adhere to a strict set of guidelines or risk losing its .bank address.
So is online banking safe?
Online banking comes with its own set of risks, but those risks often have less to do with the technology than with the human beings using it. Take steps to protect your accounts while making sure your bank uses industry-standard security technology.
This way you can enjoy the conveniences of banking online — monitoring your balances to avoid fees, depositing checks, sending money to friends and family, and earning more interest from online-only banks that feature the best rates — while also staying safe.
This article was updated June 21, 2016. It was originally published Dec. 2, 2015.