How Safe is Internet Banking
Banking is so much more convenient than it was 20 years ago. We don't even have to visit our local branch to perform our banking business, as all we have to do is logon to the online website to set up standing orders, direct debits and make payments at will. The only time we need to leave our armchairs at home is when we need to visit a bank machine to withdraw cash. Online banking saves a great deal of time and effort.
As convenient as Internet banking is there will be the inevitable concerns over security with regard to our finances. How can we ever really be sure that our Internet bank is taking all the necessary precautions to protect our finances?
Phishing and PharmingWith regards to online banking websites simple username/password combinations are not considered to be adequate. Therefore the username/passwords is enhanced by further questions that only we would know the answer to. Online banks provide verification checks in different ways, and some will ask you to enter specific digits from your bank card in place of the random questions. Even with all these precautions we are still susceptible to criminals who perform what are known as “Phishing” and “Pharming” attacks.
“Phishing” when an online website (can be any website) is cloned to make it look like the real thing. An e-mail is then sent to us asking us to verify our details online claiming there has been a problem. Ironically, and perhaps cunningly the message is persuasive in that it claims someone has tried to access your account! If we are not wise to this technique we then unwittingly provide the details and data is captured by the criminal to use for fraudulent activities and is known as "identity theft".
It is easy to fall prey to this as both the email and the website that capture your details look genuine, but they are not. “Pharming” on the other hand is an approach used to redirect legitimate traffic, say, from a real online bank website to another bogus website which looks like the original.
Other weapons in the cyber criminal’s armoury are key logging programs or sending in a “Trojan horse”. The key logging programs logs every keystroke you make and captures the details while the Trojan horse is a virus designed to infiltrate your PC and keeps an eye on your activities including any financial transactions you may make on your computer. You can see that determined criminals will be able to perform their deeds unless very stringent security is in place to counteract it. There are a number of ways that banks go about this task.
The Pin/Tan SystemSome banks have what is known as a pin/tan system. A tan is a one-time password used to authenticate transactions. These are distributed to members of the online bank, usually by standard post. A more secure way is to generate them by what is known as a security token. The token uses a combination of time and something unique to the member. This method is known as two factor authentication (2FA). A list of “tans” is provided for each transaction type and is used in conjunction with the pin.
Most online banks these days use their secure protocol secure socket layer (SSL), on their websites and this provides a level of security when performing transactions on the Internet. This form of security protects websites, as all traffic to and from the website is encrypted.
Digital Signatures and CertificatesAnother form of security is provided by digital signatures. These can be stored on smartcards or other memory. A signature is unique to a bank member and encrypted digitally. Digital signatures are sometimes used on old style bank books so that counter staff can verify signatures on banking documents without requesting supporting documents.
In addition to digital signatures some web sites are assigned a digital certificate which proves that the website is genuine and can only come from that single source. These are encrypted in a similar fashion to digital signatures. Banks usually have their own virus scanners when dealing with banking transactions, but it is always vital to have good firewall, antivirus and anti-spyware software installed on your PC to add to overall security.
In the last few years there has been the occasional blip in security on the odd online banking website. For instance a few years ago some banking transactions were revealed from other people on their screens when they logged into on online banking website. However, it is very rare something like this happens but when it does it makes the headline news.
Overall online banking is very safe and it is very rare to have any problems as long as the banks procedures are followed and you protect your PC as much as possible, with the right software.