Test your online banking page to make sure it’s secure

Online banking is an extremely popular way to access your bank account. You can pay bills, make transfers, check your balance, apply for a credit card and much more. Plus, you can do it 24 hours a day, 7 days a week, whenever you want! However, it pays to be aware that your online account is safe. 

A study by the Identity Theft Resource Center (ITRC) reported that electronic security breaches(82.3%) still prevail over paper breaches (17.7%). At the end of last year about 35 million data records were exposed in 656 reported security breaches. It is 47% increase compared to the 446 data loss calamities reported in 2007. 

Keep in mind that nearly 40% of all security breaches go unreported because no company wants to lose customers, so the real number of exposed records is likely to be higher than these figures.

Massive increase in cyber fraud makes people worry about the protection of their sensitive information - name, address, date of birth or financial account information. Security breaches put individuals at risk of losing theirmoney. There are several ways to check that your online banking account is safe:

1.    The bank's website must use SSL (Secure Sockets Layer) encryption technology. Nowadays banking servers require the browsers to connect at 128-bit encryption (versus the less-secure 40-bit encryption). According to ITRC reports, only 2.4% of all websites that were cracked had encryption or other serious protection methods in use.
SSL encryption prevents fraudsters from tapping into the exchange of information between the user's computer and the bank's server. All data transmitted become unreadable for third parties. 

It works this way. When using online banking, your browser will establish a secure session with the bank’s server using a SSL encryption. This protocol requires the exchange of what are called public and private keys to decrypt messages received. So you can be sure that no one who may be able to spy on the data transmission will understand the SSL encryption. 

The SSL protocol also ensures that no other company can "impersonate" your bank's website. It will identify itself to all visitors with the help of digital certificates. It means that you can check that you have connected to the server you wanted to reach.

To learn whether your browser is in secure mode, look for the small, yellow closed padlock icon at the bottom of your browser window. You can also notice https:// at the top of your screen where the URL is displayed. The “s” after “http” indicates that web site is secure. Often, you will see the additional “s” when you actually move to your online banking page.

2.    The bank should use multifactor authentication. It requires more than just one independent piece of information to verify your identity and ensure that only you have access to your account. So besides a username andpassword, the user would need some other means to prove his or her identity. 

Each bank uses its own multifactor authentication strategy. For example, it can be one time "tokens" (codes) used for high-risk transactions involving access to customer information or the movement of funds to other parties:money transfers, issuing of a new password, changing the spending limit, giving instructions regarding deposits, etc. Each user should be equipped with a special device that generates codes or they can receive them via SMS. 

Other banks can require you to enter the answer to a secret personal question, select two letters of your memorable word from the drop-down lists or you can be sent to a page with a picture and a phrase underneath it that you have created.

If you (or somebody else) make several incorrect attempts to log in using multifactor authentication, the bank must disable your access. It is necessary to stop fraudsters who are repeatedly trying to break into your online account. 

3.    The bank should insist on long and complex passwords: at least six characters, allowing combinations of numerals and letters, including capitalized ones. Using computers, fraudsters can process a large amount of data in a very short period of time - about 1 billion guesses a second. So it can take just 10 seconds to guess 5-character password! On the contrary, 10-character password will require 3,000 years to guess. That’s why you need to have a long password for your online account. 

It also makes sense to use complex passwords containing upper case and lower case, numbers, dashes, symbols, international characters. It adds dozens of possible combinations for each character, so a hacker will need much more time to guess your password.

4.    Account holders should not use their computer keyboard to type in passwords. It is a well known fact that many fraudsters use keystroke-monitoring software on public computers. It records the URL of online banking accounts, login names and passwords. All keystrokes entered on the computer will be immediately sent to the fraudster.

That’s why banks should provide their customers with a drop-down menu or a “virtual keyboard” - a tiny on-screen graphic that looks like a keyboard. You can just select the check box “Use virtual keyboard” and use your mouse to enter the data. It will reduce the risk of password theft.

5.    The bank’s website should not re-direct its users to other sites or domains because they might be less secure. The easiest way to steal money from an online bank account is not to target the bank itself but to break into the website of a subcontractor hired by financial institution to process bill payments and transactions. 

In many cases, banks allow such companies to run its entire network. However, if a financial institution spends thousands of dollars on protection of sensitive personal information, a small third-party company may not have enough funds to install the same innovative software. Subcontractor security breaches affect hundreds of companies each year.

6.    A bank should log you out if you haven't used the online banking service for 10 minutes. This feature is very useful if you tend to leave your computer and forget to log-out. In order to continue your session you will need to log in again. 

7.    The bank should not send information relating to your online account via e-mail. You can become a victim of aphishing scam if someone identifies themselves as a bank employee and asks to click on a link and change your password.

8.    Make sure that your bank can send you real-time alerts that will keep you informed about all important transactions related to your account. Basically, there are two types of alerts: bank-initiated and optional. 

Bank-initiated alerts provide additional level of security by reporting any critical changes, for example a new password. Optional alerts are set up by an account holder to track his or her banking transactions. For example, you can receive alerts about your balance or payment due dates. 

In the busy rhythm of present-day life it can be difficult to find a time for a trip into the bank. Online banking provides a lot of excellent services to make your life easier. However, looking for the cheapest options, don’t forget to make sure that your money will be safe online!