Safe online banking
The transition from traditional banking to online banking has been so rapid that it's left several banks struggling to keep up, and some playing catch up with capabilities.
As with all new technologies, there is often significant joy around what it allows, with little regard to the risks that it introduces. Online banking is no exception.
Online banking is fantastically convenient - we just need to use it safely.
Safe use of internet banking isn't hard - it just requires a bit of common sense, and a bit of "just do it". The technical knowledge around how it can be unsafe is not trivial, but we'll mention it here for your information.
Just do banking
When you do online banking in a web browser, don't do other things at the same time
We're all pretty good at multi-tasking these days. We're banking in one browser tab, checking email in another tab, perhaps researching the latest diet or exercise regime in another (just me?).
Unfortunately doing so introduces a threat called "Cross Site Request Forgery", CSRF (also known as XSRF, Sea Surf or Session Riding). Essentially this lets an attacker create a forged request that runs silently, with the potential to transfer money out of your account.
How it works is pretty technical, so we'll write a separate article on that another time.
Only do banking on trusted networks
If you know you are on a safe network (e.g. home, work, VPN) then you're probably fine.
If, however, you're out and about, perhaps working remotely, then you need to think carefully. We've already written an article on public or free WiFi. As a general rule we'd recommend you don't do banking on someone else's network, unless you're using your mobile through you mobile network provider.
Who might be watching
Not all cyber crime is technical - some of it is good old fashioned confidence. If you're doing online banking somewhere that your screen, and notably your keyboard, can be overlooked (and yes, that includes screen reflections), then you're putting yourself at risk.
Some of us are not very good at typing - some of us still use two fingers. That makes it very easy for someone else to see what you are typing. Watching over your shoulder can therefore provide me with all of the details I need to get into your bank account.
Banks are improving security. Things like 2 factor authentication (that's the code you type in), and memorable phrases will help reduce the risk, and make it harder for someone to "shoulder surf", but if you've walked them past the first two lines of defence, your inviting trouble.
Never leave unattended
As a final step, never leave your laptop/phone unattended, particularly when you're doing banking. Even if that's just to fetch a spoon, or help someone who just spilled their coffee - they may be a part of a scam to distract you so someone else can initiate a transaction.
We are often told we're being over protective and overly dramatic when we discuss this stuff with people. It's possible that's true. However, for all those people who have lost money to online banking fraud, they probably wish they'd read an article like this an paid attention.
This isn't about being difficult. It's about introducing some simple, and yes we'll concede slightly inconvenient, changes to the way we work in order to significantly improve our security.
Share this article
If you found this article helpful, please Tweet, Pinterest, Linkedin, Facebook - do what you do to share it with others you think will benefit from reading it. Thank you!
You can use this code to share:
<a href="https://goo.gl/fJXi47">Quick tips to improve your security doing online banking</a>