• Is online banking secure?

    Home » Forums » Newsletter and Homepage topics » Is online banking secure?

    Author
    Topic
    #2562549

    ON SECURITY By Susan Bradley Over the past few years, banks have been increasing their online footprint. From mobile banking with cell phones to remot
    [See the full post at: Is online banking secure?]

    Susan Bradley Patch Lady/Prudent patcher

    Viewing 25 reply threads
    Author
    Replies
    • #2562557

      I log-in to my bank with just iPhone’s FaceID.
      I pay everywhere with Apple Pay using my Apple Watch.

      I withdraw money from ATMs with just my banking iPhone app. No need to swipe credit cards.

      1 user thanked author for this post.
    • #2562576

      The piece on on-line banking is excellent.

      Tap to Pay has been universal in Canada for many years. Part of the reason is that all financial institutions co-operate in a common electronic payment system called Interac. I can use my debit card (separate from a credit card) to tap to pay anywhere in Canada with a transaction limit of $100. If tap to pay fails, as it occasionally does, the fallback is traditional chip and pin. If I need to spend more, I can use my debit card in the traditional way or my credit card for Tap to Pay or Chip and Pin. Smartphones and smart watches can also be used, if enabled. I rarely use cash any more. My banking apps also allow me to manage accounts and deposit cheques instantly.

      Oops! Just got a notice from my banking app that my monthly pension cheques from the government have been deposited. Time to check my balance!

      1 user thanked author for this post.
      LH
      • #2562978

        Pretty much the same here in Australia.  We use Tap & Go for any purchase without needing to enter a PIN, originally up to a maximum of $100.  When Covid-19 hit, this limit was raised to $200 – shops did not want their staff handling cash which had been who-knows-where.  Above $200 you can still tap, but the terminal will ask for a PIN.

        Cheques here are pretty much old technology.  They are still usable, but rarely used.  I have not received or written a cheque for years.  Any payment due to me (such as tax return, medical insurance refund) goes directly into my bank account.  Any invoice I receive will include the vendor’s bank account details and I can do an online transfer from my account to theirs via my PC browser (I never do anything financial via my phone).

        We also have a facility called BPAY (which I think comes from “bill pay”)

        https://en.wikipedia.org/wiki/BPAY.  Regular billers (such as utility companies) have a Biller Number and they assign to each customer a very long Reference Number (essentially a customer number).  You log in to your bank account and can opt to make a payment via BPAY.  Once you have entered BPAY details for a particular vendor, the bank stores the details so you don’t have to enter them again for subsequent payments.  BPAY has become more popular since many shops and other vendors started passing on to customers the “merchant fee” charged to them by CC companies (there is no fee to payers for using BPAY).

        It has been a long time since I paid cash anywhere.  While I still carry some bank notes in my wallet for emergencies (the moths really fly out when I open it!), I don’t carry coins anymore.  Vending machines, parking meters and parking stations (in my experience) all accept Tap & Go.

        LH

        Edit:  Just found out that the $200 Tap & Go limit was indeed temporary, and has now gone back down to the original $100 limit.

        Also we apparently don’t do mobile cheque depositing via phone (although you can do this via an ATM), mainly because nobody much uses chequing anymore, so not worth the banks’ effort.

         

        Dell Precision 3630 w/32 GB RAM, 500 GB (C:), 1 TB (D:)
        Window 10 Pro x64
        Internet: FTTC (Fibre to the Kerb)

    • #2562579

      My online banking began in 2000, as soon as my credit union went online.  All of my regular monthly payments (auto insurance, ISP, etc.) are setup for autopay from my credit card.  I use Microsoft Money Sunset edition (unsupported, but still works very well).  I check my accounts daily, download my transactions and update Money, as well as an Excel spreadsheet (belt and suspenders).

      I don’t use my debit card or cash (no ATM withdrawals), I always use my credit card (2% cashback on every purchase, no limits) or my phone pay app (setup with my credit card, fingerprint ID) for groceries, gas, etc.  I pay the statement balance in full every month, and avoid paying any interest.  I write only one check per month, to the guy who does my lawn care.  I could use Zelle for him, but I just pay him once a month when he’s here working, so no stamp.

      My cashback rewards average ~$50/month, which automatically transfers to my savings account on the 25th of every month.  I have direct deposit for my retirement and Social Security checks, and on the rare occasions when I receive a check, I deposit it with my credit union phone app.  I don’t carry cash, because I don’t need to.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

      1 user thanked author for this post.
    • #2562600

      Thanks for Susan’s excellent article about online banking. Here are two questions that occur to me:

      1. Susan said, “So use your debit card for authentication, but keep the credit card for actual purchasing.” When I use my debit card, I usually choose the option to skip entering my PIN. Is this transaction processed as a debit, or a credit (with the additional security features of a credit card transaction) ?

      2. Susan also said, “for credit-card payments, you can designate automatic payment of just the minimum to assure that you won’t get late fees.” But we usually pay off the credit card balance each month to avoid interest charges. Is it correct that Susan’s procedure of paying the minimum would avoid late charges but would obviously still allow for interest charges?

      Thanks in advance for any response.

       

      • #2562615

        Is it correct that Susan’s procedure of paying the minimum would avoid late charges but would obviously still allow for interest charges?

        That is correct.  Any carried balance will be charged interest.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

        • #2562642

          I generally pay the account balance on my credit cards.  However, I have auto-pay set up so that, if I forget to make the payment, the auto-pay transaction occurs, saving a late charge.

          Several cards will sent me an email warning of an upcoming auto pay transaction.  Then I go ahead and pay the entire account balance.  Thank you Capital One for warning me.

          Concerning using a debit card as a Visa or Mastercard with no pin, are you still given the protections as far as the $50 maximum and other coverages with a real credit card?

          Unless I am at a bank ATM, I avoid entering my pin

      • #2562619

        Avoid usury. Pay the full amount due on your credit card each month.

        On permanent hiatus {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
        offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
        online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
        • #2562676

          I set up the minimum just as a precaution if I forget to pay.

          Susan Bradley Patch Lady/Prudent patcher

        • #2562712

          With banks paying me the miniscule amount of interest on savings and checking accounts (as low as .01%) the last thing I want to do is pay them the ridiculous 16 to 18% interest that they have the nerve to charge me on a credit card balance!

          Being 20 something in the 70's was much more fun than being 70 something in the 20's.
          3 users thanked author for this post.
    • #2562575

      My bank’s (M & T Bank) smartphone banking app is extraordinarily useful and convenient, allowing me to do almost any banking transaction from my phone (other than withdrawing cash), including immediately remotely depositing checks received in the mail using the app’s access to the smartphone’s camera. It just snaps a picture of the front and back of the checks and sends that along with the deposit request. The paper check never leaves my desk drawer. The app will do pretty much everything else that signing into my account on the bank’s website can also do; and I can always get cash from an ATM at the supermarket when I’m there doing my shopping. All of this is extremely useful for a retired person going on 75 years of age who no longer drives or has transportation of any kind. As to how secure and safe it is, that’s a good question. All of the app’s transactions and access to my accounts are encripted end-to-end; but with the mysterious “Meta Services” invisible app roaming onto and off of my smartphone whenever it feels like it and doing who knows what while there (harvesting data I presume), who knows how secure anything I do with the smartphone is? Makes me think long and hard about ever getting another Samsung or Android device ever again.

       

    • #2562625

      I have alerts set on my debit and credit cards for any transaction. I receive immediate notification when the card is use.

      We caught a bad guy once when I was in a grocery store and my notification went off before I swiped. The store was the same chain but 300 miles away. We called store security and they nabbed them. Pretty cool!

      I have also been woken up at night for low value charges we didn’t make. This happened a couple of times with online stores who were hacked. I was able to shut off the card immediately.

      While you are at it, when you set up notifications, take the time to freeze your credit at each of the three bureaus.

      1 user thanked author for this post.
      • #2562657

        I totally agree with WSlagunacreek. I have transaction notifications set on all our accounts with very small trigger amounts. Nothing hits our accounts that I don’t get an almost immediate notification. And it has gotten far easier to freeze/unfreeze credit records.

    • #2562664

      Thanks for this timely article. But it brings up a question I’ve been wondering about.

      In general, is it safer to use a bank’s app, or to use an up-to-date Web browser to the bank’s Web site, for accessing bank services?

      The former is done with a smartphone or tablet, the latter with a computer or tablet. Does the device matter?

      Or does it depend wholly on the security of individual apps or Web sites?

      Personally, I’m more comfortable with the browser to a Web site, but that may be because I’m old. But I can learn.

      1 user thanked author for this post.
      • #2562665

        With an up to date browser, if your computer does not have a virus and you do not save the password, either computer access or phone access should be secure.  Browser history may remove secure sites once you close the browser, so close the browser when done.

    • #2562671

      Thanks for the great article. One problem with ATM cards is frequently overlooked. The routine ATM card sent to me from my bank(Wells Fargo) is what I call a combined ATM/credit card. It has a Mastercard or Visa logo on it. It can be used with or without a PIN. When I received this card, I returned it and requested a simple ATM card with no credit card logo. These cards require a PIN for all transactions. The problem with the combined card is that someone with your card can drain your checking account without providing a PIN.

      3 users thanked author for this post.
      • #2562760

        Now THAT is SCARY. I have, by mistake proffered my atm card instead of my Credit card and had it rejected so I think I am safe from this. I remember when chips were first going into cards, I tried to get a non-chipped card, eventually that was not possible. I think by then some of the bugs may have been worked out of the system.

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
      • #2562791

        The routine ATM card sent to me from my bank(Wells Fargo) is what I call a combined ATM/credit card. It has a Mastercard or Visa logo on it. It can be used with or without a PIN.

        My ATM/Master card requires a PIN no matter how it’s used.

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2562701

      Sorry, I’m still confused. I have two credit/debit cards (with different numbers) that look very similar on both front and back. The only difference (besides the card number) seems to be that one card says “DEBIT” in smallish letters on the front while the other card says nothing at all in that same location on the card. The card that says nothing is the credit card that I have used for years. The card that says “DEBIT” sometimes requires a PIN and others times it doesn’t. I had assumed that if I used the “DEBIT” card without the PIN, then it acts like a credit card with the accompanying credit card protections. Is that incorrect? The only reason we use a debit card is because we get 3% interest on the checking account balance. But if there is an important risk with DEBIT cards or no real protection from fraud/theft, we could just go back to exclusive use of credit cards. I have never actually understood any real advantage for DEBIT cards. So is it correct, as NATGILD seems to suggest in the previous note, that DEBIT cards have no real protection from unauthorized withdrawals?

    • #2562709

      Over the Labor Day 2022 weekend, People’s United Bank merged with M&T Bank.

      Despite months of planning, things did not go well. They were, in fact, disastrous, with many customers completely locked out of their accounts for a week or longer.

      Personally, I forgot to finish downloading 7 years of bank statements, and they’re no longer freely accessible to me thru M&T. (I could pay a small fortune to have them manually recovered.)

      • #2562738

        Similarly, but different . . . a month ago, after many decades, our credit union changed credit card processors. That also did not go well. No one, including credit union personnel, is able to see our credit card account information at the new processor and all the information from the prior processor is gone. All the email and text notifications of transactions with the new processor broke. So transactions appear to be successful (because they aren’t rejected at time of the transaction) but we have no way of knowing for sure. First payment due dates with the new processor came and went with no statements, paper nor online, to tell us the amount due.

        There is no communication from the new credit card processor. The credit union personnel are overwhelmed and say not to worry, sit tight and wait, we will not be penalized in any way when things are put right. People are still freaking out . . . 🙁

        • This reply was modified 3 months, 3 weeks ago by opti1. Reason: For clarity
    • #2562751

      “Writing checks and paying with cash are also two methods of payment on the decline. Even so,  you can make a payment via your bank’s mobile app or website; here, you “pay electronically” but the bank sends a paper check by mail to your payee. You can set up this so that payments are made automatically; for credit-card payments, you can designate automatic payment of just the minimum to assure that you won’t get late fees. The transaction can be either bank-to-bank using a transfer process, or with the bank “writing a check” on your behalf.”

      Quicken shows me every new CC transaction, so should a scam charge sneak in, I would see it immediately.  This has happened to me only once previously where my stolen CC number was used to purchase a laptop.

      I still get paper statements from my CC companies but no problems there because you have 25 days or so to pay the bill.  I used to mail checks but now just go to the CC websites and do an EFT from my bank when I feel like paying the bill (I ALWAYS pay the full amount due monthly).

      I haven’t used stamps in years.  Tough luck to the post office.  That is payback for charging me so much for my post office box!  Similarly, I can’t remember the last time I wrote a check and hardly ever receive physical checks, which is why I don’t understand those TV commercials where people are so ecstatic that they can use their phone to deposit a check.

    • #2562753

      Personally, I forgot to finish downloading 7 years of bank statements, and they’re no longer freely accessible to me thru M&T. (I could pay a small fortune to have them manually recovered.)

      Why do you need them?  I used to save back statements but rarely looked at them.  So one day I shredded all of them.  If there is a balance/charge problem, you should know it immediately and fix it immediately.

    • #2562755

      Personally, I’m more comfortable with the browser to a Web site, but that may be because I’m old.

      I only use web browser access for charge cards and banking.  No apps for those functions.  But I am also older.

      Many people use their phones almost exclusively (unless they need a big screen and then they switch to a laptop) and they would be more inclined to use a phone app.

    • #2562758

      And it has gotten far easier to freeze/unfreeze credit records.

      How so??

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      • #2562908

        I had to thaw and freeze last week to set something up with a new vendor.

        There is no longer any fee for this at the three big bureaus (Experian, TransUnion, Equifax).

        You can go to each website and register once for an account.  Of course you will have to give identifying info, but after that you can log in with your username and password to thaw in a couple of mouse clicks.  They say that the thaw kicks in within 5-10 minutes.

        I recommend that you specify a time period so that your credit file gets refrozen automatically in a day or so.

        If you do not want to use the internet for this purpose, they can also do it over the phone with a human customer service agent.

        By the way, my vendor called me directly about fifteen minutes later and said, “OK, thank you, the credit check went through, you can go ahead and re-freeze.”

    • #2562762

      I had assumed that if I used the “DEBIT” card without the PIN, then it acts like a credit card with the accompanying credit card protections

      Why not test that assumption, use it w/o a pin and see if you get a bill.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #2562776

      How does Google Pay, Apple Pay and Samsung Pay compare in regards to security? I’ve tried Google Pay but ended up using Samsung’s pay app.

    • #2562790

      I’m one of the lucky ones involved in the US Bank takeover of Union Bank mentioned in the article. I’m sweating bullets waiting for tomorrow to see how smoothly my new accounts work out. My SS & Pension are Direct Deposit and I have a number of utilities that auto debit my account. If there is a problem, it’s going to be a mess.

      Don't take yourself so seriously, no one else does 🙂
      All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

      • #2562914

        Evidently 3 full days wasn’t long enough to transfer accounts. No access to my accounts yet 🙁

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2562871

      It sounds like no one here had issues yet.  There are issues with online security from what I hear, or do, or experience myself. Banks and police do very little to investigate if anything goes wrong. This is why hackers keep doing it over, and over, and over.  When your accounts get cleared and you have no money, it is not helpful to hear from the bank that it will take weeks to investigate and give back your money.  Now a days, with a simple device, a person can get anyone’s banking info since everything is in the air now.  When it happens to one of you, it might finally make some of you believe that there is very little security there to protect you. This is my opinion at least. Others will disagree.

      1 user thanked author for this post.
      • #2562928

        Actually banks do investigate and do fraud alerts and require additional verification.  The reality of today’s financial situation is that your financial information is already online now.  No one can get online with cash stuffed under their mattress.

        When “accounts get wiped out” there typically has been BEC or business email compromise where the routing and account number has been misused.  Read your bank disclosures.  There are protections in place now.

        Susan Bradley Patch Lady/Prudent patcher

    • #2562905

      Susan wrote, “Thus I recommend that, rather than using an ATM to deposit your checks, you use a cell phone on a cellular network or on a trusted Wi-Fi network”

      I have always read from many Google searches that the cell network is not secure as too easy to intercept the unencrypted transmissions. Perhaps now with 5G better security? I also have read the virus protection apps on the cell phone are not as good as the virus protection on the home PC. For this reason I only do online banking on my home PC and only use ATM’s at the bank branch itself.

      To me convenience always seems to be at a price of security (whether saved passwords in your browser, etc).

      So am I missing something here? Are cell phones safe for financial stuff? And where do I get that sleeve  that Susan mentioned to protect the credit card from a passing hacker?

      • #2562906

        Once you scan and upload the photos of your check and submit your deposit request, the information is encrypted and transmitted to your bank.

        The short answer is that mobile check deposit is as secure as your other online and mobile banking functions.

        This means if your bank or credit union is taking steps to protect your information, such as using encryption and enhanced security measures, then mobile check deposits should be protected in the same ways.

        What Is Mobile Check Deposit? How Does It Work?

        Windows 11 Pro version 22H2 build 22621.2359 + Microsoft 365 + Edge

        1 user thanked author for this post.
      • #2562926

        The transmissions are encrypted.  I do not recommend that you use the coffee shop wifi to do online banking.  Cellular isn’t 100% but it’s certainly a magnitude harder than the coffee shop that you have no control over.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
    • #2562932

      I have always read from many Google searches that the cell network is not secure as too easy to intercept the unencrypted transmissions

      Banks apps connections are encrypted.

      1 user thanked author for this post.
    • #2562938

      Keep some cash on you in case the electricity goes out.

      On permanent hiatus {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
    • #2563027

      I have always read from many Google searches that the cell network is not secure as too easy to intercept the unencrypted transmissions

      Banks apps connections are encrypted.

      Cellphone connections are (still) secure when they use a G4 0r higher network; a man-in-the-middle intercept, redirect and unencrypting the connection signal is very difficult. And modern banking apps are secure enough and can recognize disruptions of the signal.
      Nevertheless it is always necessary to keep your phone-OS and Apps up-to-date, just like any other computer.

      * _ the metaverse is poisonous _ *
      • This reply was modified 3 months, 3 weeks ago by Fred.
      1 user thanked author for this post.
    • #2563099

      I use a computer and web browser for banking and I’m not old.  I’ve never paid for anything with my phone I think that is a terrible idea.  The scanning of paper checks and leaving the paper check lying around seems bad too.  My debit card unfortunately doesn’t require a pin so I try not to keep much money in my checking account.  For some reason my logins for the credit bureau don’t work and the recover password prompt just says to call them so hopefully I’m still frozen.  I have alerts set on all my cards.  I’ve had fraud on my credit cards but never my debit thankfully.  I keep cash in my wallet but usually pay with credit cards to get cash back.  Most of my spending is car or health related so I don’t spend much but I try to get cash back since it’s built into all the retail prices.  Sim swapping seems hard to mitigate and it has wiped people out.  I hope I’m secure enough for that.  I have voice recognition at that bank but now deepfakes can beat that.

      1 user thanked author for this post.
    • #2563291

      I hope I’m secure enough for that.

      1)  A friend told me that their PC just comes on (no password). I asked what happens if someone breaks into their house and steals the PC with all their financial information (that they don’t have encrypted on it)?

      2) A friend at work stopped by a gas station on the way to work and left the door unlocked. Someone stole her purse with driver’s license, credit cards, etc.

      3) A friend on way home from work stopped by a wedding reception. While inside, someone broke a window in her car. The thief failed to see her hidden work laptop with tons of company info on it.

      4) A friend used a gas station pump credit card reader to get gas. It had been hacked and their credit card info was used.

      5) A neighbor went on a one week vacation and came back to find someone had transferred their age old land line to themselves. Fortunately AT&T was able to get the line back, but I don’t know what damage was done.

      6) Every time you use your PC, Microsoft saves things all over the PC. I have 7 different folders I have to manually delete every time I close the PC to get rid of all those saves. Browsers want to save everything. Companies, and especially emails, want you to “stay logged in” and make that the default. Companies want you to use your email (that the whole world knows) as you userid (making it a useless part of 3 factor security – userid, password, text code).

      MY POINT – Convenience vs security. Unless companies stop making convenience the default OR unless consumers start treating their data security like their homes (locking the doors) and their cars (wearing a seatbelt) OR unless we start locking up the criminals that are creating such misery for the rest of us for 30 years – then these crimes will continue.

    • #2563356

      During the last two years I have transitioned from writing checks (except for one which I do not mail) to paying bills using an old phone (no digital display, no voice-over-IP, headset attached to the base with a cord) and the automated pay-by-phone system of each of the payees. Unfortunately mail theft has become so rampant that mailing (or receiving) checks is no longer a secure payment method.

    • #2563594

      My banks ATM now has a flat screen slot. You place the card at the opening and it pulls the card inside.  No more round exterior knob.  A thief can’t attach a reader anymore.

    Viewing 25 reply threads
    Reply To: Is online banking secure?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: