Practice These 8 Habits for Safer Online Banking
Online banking gives you easy access to your checking and savings accounts anytime. When you bank online, you can open new accounts in minutes, transfer money between accounts quickly and keep tabs on your finances, all from the comfort of your home. The use of mobile and online banking has increased in recent years, with 22.8% of U.S. households using online banking in 2019 and 34% using mobile banking.
With the rise in online and mobile banking comes a need to keep your personal data and information safe. The safest way to bank online or using your mobile device is to keep security at the top of your mind every time you log in. The following online banking safety tips will help you avoid fraud and identity theft.
1. Use Secure and Complex Passwords
The password you choose for your accounts is the first line of defense against someone gaining unauthorized access. Although security experts have recommended choosing hard-to-guess passwords for years, many people still choose obvious passwords. In 2020, “123456,” “picture1” and “password” were among the most commonly used passwords. Ideally, the passwords you set for each account will be unique to that account, contain a mix of letters, numbers and special characters, and consist of multiple words strung together.
One way to create a strong password is to use a pair of dice and a dictionary:
- Roll the dice: Let’s say you roll a six and a three.
- Open the dictionary to page six: Count down the third word from the top. That word is the first word in your password phrase.
- Roll the dice again:Let’s say you roll two fours. Use “44” after the first word.
- Roll the dice a third time: Let’s say you roll a five and a two. Turn to the fifth page of the dictionary and choose the second word from the top.
- Repeat the process: Repeat a few times until you have a password phrase that is three or four words long.
Another way to make passwords hard-to-guess is to replace some of the letters in the words you choose with the number corresponding to their position in the alphabet. If your password contains the word “book,” you can turn it into “2o15k” instead.
If you’re concerned about remembering all of your unique passwords, use a password manager to keep them straight. You can also record the passwords in a physical notebook that you store in a secure location, such as a locking file cabinet or desk drawer.
2. Change Passwords Regularly
Another way to enhance your passwords’ security is to change them frequently, ideally once a season or every 90 days or so. Most secure sites will require a password change frequently. If your passwords do get revealed in a data breach, changing them will mean it’s less likely that a third party can use them to gain access to your accounts.
Just as you should check your smoke alarm batteries twice a year when you change the clocks, choose a memorable day to change your passwords. You might pick the start of a new season as your password change day. Another option is to change your passwords on big holidays. Program a reminder in your phone or calendar app so you don’t forget to make the switch.
3. Opt for Two-Factor Authentication
Two-factor or multi-factor authentication introduces an extra layer of security to online banking. Instead of only entering your username and password, two-factor authentication adds an extra step. You might receive a limited-time-use code, texted to your phone or emailed to the address connected to your account. Before you can access your account, you need to put in the code on the website or banking app. All Mid Penn Bank apps and online banking offers this feature for your added protection.
If you have the option, turning on two-factor authentication is worthwhile. It means that only the person with access to your phone or email address can get access to your online bank account. Since the codes usually expire after a few minutes, there’s little risk of someone stealing your phone and using it to get access to your account later.
There is one thing to be wary of when it comes to two-factor authentication, though. Your bank won’t send you a secret code via text or email, then call you to ask for the code. The code is only meant to be put into the log-in page when you’re signing on to your account. If you aren’t actively trying to log into your bank account and you get a message with a code, followed by a call claiming to be from the bank, don’t reveal the code. Instead, report the incident to your bank.
4. Use Secure Websites
When you type your username and password into your bank account’s log-in page and hit submit, the information travels over the internet from your computer to the bank’s computer. Along the way, a third party could intercept the information. Depending on how the data is handled, the third party can read it and figure out your log-in details, or your username and password could appear as random characters.
If the data is encrypted, it’s not of much use to an unauthorized party. One way to determine whether a site encrypts data is to look at the search bar or URL bar in your browser. You should see a padlock icon next to the URL. If you click on the URL itself, it should start with “HTTPS.”
The S at the end of HTTPS means the connection is secure. Any information sent over the connection is encrypted. HTTPS also means the domain is validated and that a Secure Socket Layer (SSL) certificate has been signed.
If you don’t see an S at the end of “HTTP” and there’s no padlock icon next to the URL, a third party can easily access the information you send. Avoid putting in your password or other private information on any sites that don’t use HTTPS or don’t have a padlock.
5. Stay Away From Public Wi-Fi and Computers
Free, public Wi-Fi can help you save your mobile data when you’re out and about. Public computers can come in handy if you’re visiting a new place and didn’t bring your laptop. However, you should minimize your use of shared computers and public Wi-Fi networks as much as possible. If you use a public computer and forget to sign out of your accounts, the next person to use the device can easily get access to your personal information.
Just as it’s easy to get access to information sent over unsecured websites, a third party can access any data you send using an unsecured Wi-Fi network. It’s safest to use your mobile device’s data connection when you’re away from home. If you have to connect to a public Wi-Fi network, look for password protection. If you can’t find a password-protected network and you absolutely have to connect, wait to log onto online banking or do anything that requires private information, such as online shopping, until you can get on a trusted, secure network.
Another way to protect your information when using Wi-Fi is to check your home router. Your router most likely came with a pre-set password. If you haven’t already, change your router password so it’s harder to guess. You can change the password by typing in your router’s IP address into a browser window — the IP address is usually printed on a label on the router — then following the instructions on the web page.
6. Check Your Bank Statements Monthly
If you haven’t already done so, switch your bank statements to e-statements to increase your security. Paper statements can get lost in the mail or intercepted by a third party. Should you decide to recycle a paper statement, someone can dig it out of the recycling bin and get access to your account information, especially if you don’t shred the document or blackout private information.
When you switch to e-statements, also get in the habit of reviewing them monthly. Read over the statement, looking for any signs of fraudulent activity, such as withdrawals you didn’t make or debit card purchases you don’t remember. Keeping on top of your bank statements makes it easier to catch and report fraud. The sooner you report fraud, the lower your liability. Along with reviewing your monthly statements, you might want to take a peek at your online bank account every week or so to make sure nothing is amiss. Online banking makes it easier than ever to keep close tabs on your accounts.
7. Be Wary of Email Links
You receive an email, supposedly from your bank, that asks you to log in and change your password. You click on the link and arrive at a website that doesn’t look quite right. The graphics might be a little different, or the font isn’t the same. Phishing scams attempt to get you to reveal personal information by impersonating your bank or another financial institution. You receive an email that looks legitimate but is a spoof.
Since it can be difficult to tell if the link in an email message is a legitimate one or not, your best option is to avoid clicking any links sent to you via email or text. Instead, type in the URL of your bank in your browser. If the message you received is genuine, there will likely be a section on the real website describing it. If you get an email asking you to change your password, you may be prompted to choose a new password when you try to log in. If you receive an email asking you to update your payment method, type in the website address by hand to log in.
Should you receive an email that seems questionable, it’s a good idea to report to the bank. Call the number on your bank statement to report the email and determine whether it was legitimate or a phishing attempt. You can also report the attempt to the Federal Trade Commission (FTC).
8. Keep Private Details Private
Be careful what you share on social media, especially if your accounts are set to public or allow anyone to view them. Seemingly innocent information, such as your birthday or where you met your spouse, can be used by an unauthorized party to get access to your accounts since “where did you meet your spouse?” is a common security question and birthdays are often used to identify users.
A few ways to keep your private life private online include:
- Setting your profiles to private: Only let your followers or friends see what you post. You’ll need to approve anyone before they can friend or follow you.
- Limit what you share: You don’t have to share your birthday or location on social media. That information should be on a need-to-know basis and your close friends and family will already know it.
- Be careful who you let in: Although social media lets you connect with people you otherwise wouldn’t have met, it can introduce you to people who don’t have your best interests at heart. Be wary of friending people you’ve never met in real life or to whom you don’t have any other connection.
To further protect your private information, be extra cautious about how you share personal details. If you’re sharing a password with someone, send it using encryption so a third party can’t intercept it. Your best option is not to send personal details, such as passwords or account numbers, over email or social media messaging services.
Bank Online Safely With Mid Penn Bank
Whether you use our online banking platform or our mobile app, Mid Penn Bank is committed to online banking security. If you have more questions about how to protect your online banking information or about the safest way to do online banking, we’re happy to answer them for you. Contact us today with any questions you have.