You’ve probably heard horror stories about unsuspecting consumers who’ve fallen prey to bank fraud, and as a result, had their identities stolen or lost money due to the thieves’ unauthorized use of their bank accounts. A record 6.15 percent of U.S. consumers were victimized by bank fraud in 2016, according to a Javelin Strategy report.
Banks understand that cybersecurity is a critical component of delivering superior customer service. To avoid becoming a statistic, understand your bank’s cybersecurity features. Find information about how your financial institution makes banking online safe by reviewing its security protocols and privacy policies. For your own security, bank online with a financial institution whose site uses a combination of these common banking security measures.
Encryption scrambles data you exchange online and reassembles it using “keys” that make it readable. Look for a web address that starts with “HTTPS” rather than “HTTP” — HTTPS is the secure version of HTTP and this part of the web address indicates that all communications between your browser and the website are encrypted.
Then, look for an icon or picture of a closed padlock before the bank’s name in the address bar. The bank’s name typically precedes its web address.
A Secure Sockets Layer, referred to as an SSL certificate or digital certificate, authenticates the website. This process is called “third-party validation” or “third-party verification” because it’s implemented by outside companies such as Entrust and Verisign. TD Bank, for example, uses a certificate type called Transport Layer Security.
Some bank websites, such as Bank of America’s, display the bank name in a green-shaded bar displayed immediately before the web address in your browser’s address bar. This green shading indicates the site uses a third-party Extended Validation or EV certificate.
Authentication verifies the identities of the bank’s website and the user, so that each side knows the other is legitimate. Banks use a variety of features to authenticate your password.
Woodforest National Bank, for example, offers a mobile authentication app customers use in place of security questions. The bank also verifies authenticity via text and login challenges requiring customers to take an additional step to verify their identities.
Axis Bank employs a one-time password, or OTP, for certain transactions. Customers begin a transaction using a registered mobile device or email account. When prompted, they enter the OTP to access the account. The OTP expires after 30 minutes.
Biometric authorization identifies individuals by physical features. Examples of this technology include fingerprints, voiceprints, iris scan and facial recognition. Their accuracy stems from the fact that none of these features is exactly the same in two different individuals, making biometrics an effective tool for fraud protection.
USAA customers can use fingerprints, face or voice for secure access from a mobile device. The user employs facial recognition by taking a selfie or uses voice recognition by recording a phrase provided by the bank’s system. Touch ID uses the customer’s fingerprint to verify identity.
TD Bank customers can enroll in TD VoicePrint. The bank’s software captures the customer’s voiceprint during an enrollment conversation with a customer service representative. The voiceprint is securely stored, and the customer can use it to bypass security questions during login.
TD Bank and Woodforest National Bank are two examples of financial institutions that use two-step authentication, also referred to as multi-factor authentication, to improve security. Customers are guided through a multi-step password-verification process, such as entering a single-use code the bank’s system sends to the user’s mobile device after the user enters a password.
Secure messaging provides a safe means of communication with your bank and protects you against phishing and other scams. The scammers send you an email that looks like your bank’s, in attempt to persuade you to divulge sensitive information when you respond to the fake mail.
PNC Bank offers secure email in addition to several other communication options on its customer service page. Wells Fargo has a customer service link at the top of each page that takes users to a page with access to secure email.
Limited Login Attempts
If you’ve ever entered your password incorrectly, you may have seen a warning that too many attempts might cause your account to be locked. This is your bank’s way of preventing a brute-force attack. A brute-force attack is one in which hackers try to get into a system by making repeated attempts using a variety of password combinations. Limited login attempts reduce the risk of a brute-force attack by locking users out after a small number of incorrect password entries.
Farmers Savings Bank, for example, allows three attempts. After that, customers must reset their passwords by calling customer service or by making the request online and verifying it via email. Landmark National Bank also limits users to three attempts before locking access to the account.
Monitoring customer accounts for signs of unusual activity serves as an important asset protection tool because it helps banks catch fraudulent and unauthorized use quickly. The banks use fraud alerts to notify customers that their accounts might have been compromised.
Citi customers can receive their alerts via email, postal mail, phone or text. United Bank customers can download the “UBAlerts” app or receive alerts by text, phone or email, and PNC Bank has a security alert program that sends notifications via text or email. None of these banks charges for fraud alert services.
Fraud Protection Software
Fraud protection software supplements your anti-virus program to protect you against fraud. An example of this software is Trusteer, which financial institutions such as Bank of America and Woodforest National Bank make available as a free download. The software runs in the background and alerts you to such cyberthreats as phony bank websites, phishing and keylogging schemes — a scammer tracks the keys you hit on your keyboard without your knowledge. Trusteer updates automatically, so you don’t need to think about it once it’s installed.
Ways to Protect Your Identity When Banking
In addition to the security services online banking institutions offer, you can take your own security measures to further protect yourself and your money against fraud.
- Don’t share your password or sensitive personal information.
- Create a complex password that is hard to guess, and change it frequently.
- Review your accounts regularly to look for transactions you didn’t authorize.
- Update your web browser frequently to make sure your security patches are up to date.
- Never use your email account to share account information — use your bank’s secure messaging feature instead.
- Contact your bank immediately if you spot suspicious activity on your account.