How to Confirm Online Banking Security

If you’ve chosen to store your money in an online bank, which has no known physical branches, it’s important that you make sure your bank is legitimate and that your deposits are insured. To do this, first check the website’s “About Us” section to see if you can find the location of a headquarters and a note about FDIC insurance coverage.

You may also look for the FDIC logo somewhere on the site if the site’s owner claims that it’s legitimate. Your best bet is to go to the horse and  use the FDIC Bank Find feature to see if your bank is listed.

If you’re trying to reach an actual bank, be sure you’ve typed the correct information in the web url. Often scam sites will come up with a very close url and site format to trick users into entering their personal information. Make sure the web address begins with “https” instead of “http,” which will denote a secure server.

If you’re dealing with an overseas bank, be aware that it may not be covered by federally-backed insurance. Also be aware that the FDIC only insures up to $100,000, so if you have more money than that, you’ll need to open another account to ensure protection. To see if you’re covered, check the FDIC’s Electronic Deposit Insurance Estimator. 

Video: Security Breach News Report

Examples of Bank Security Breaches

In April 2005, Orazio Lembo pleaded guilty to a massive security breach involving Bank of America, Wachovia and Commerce bank accounts in New Jersey. Lembo stole personal information from 676,000 bank accounts and sold it to bill collectors.

In February 2006, Bank of America sent out new debit and credit cards to a number of customers following a data security breach. A Walmart security breach that same year prompted banks to issue 200,000 replacement debit cards.

In 2007, World Bank adamantly denied that it had been repeatedly raided by cyber criminals, despite news reports and internal communication memos that suggested otherwise. The first breach was discovered in Johannesburg involving SecurID and banking passwords that were compromised from IP addresses in China. In a second wave of attacks, spy software was installed on Washington bank workstation computers by contractors from India. More breaches were investigated by the FBI in June and July, tracing back to IP addresses in Macao.

In late 2008, HSBC Bank, M&T Bank, Citigroup, Wells Fargo, JP Morgan & Chase and Bank of America reported a security breach resulting from their involvement with Heartland Payment Systems. In the breach, credit and debit names, numbers and expiration dates were skimmed. With 100 million transactions being recorded each day, Heartland has no idea how much data was grabbed during that period but most of the 500 affected banks are issuing new credit and debit cards to all their customers.

Find Out How Your Information Is Used

Sometimes banks share personal information with their affiliates or unauthorized third parties without your knowledge. This can be unnerving to some customers. Your bank is required by law to give you a copy of your privacy policy. By reading this document, you’ll know what information is kept and what is shared. You may want to also ask your banking representative directly whether they track their client’s web browsing habits to create custom-tailored promotions.

How To Opt Out of Info Sharing

You have the legal right to prevent your bank from sharing your personal information, for the most part. You can opt out of your bank sharing information with their affiliates and non-affiliates. However, the bank may use your information to offer better products or services to you. They may also share records of your payments and transactions to firms that provide data processing and mailing services. The bank must also provide this information if they receive a court order or credit bureau request.  

The PIRG consumer group advises that you send a “None of Your Business” letter to the bank, requesting that they not share your information with affiliates. In it, you should refer to the Fair Credit Reporting Act and say that you have “opted out of any affiliate information sharing or direct marketing.” Be sure to ask for a written confirmation.

Most banks, like HSBC, First Bank and Trust and Wells Fargo, provide their customers with opt-out forms that they can fill out online or by mail to request that they receive no unwanted solicitations from third party members in the bank’s network.

Video: Is Online Banking Secure?

How To Keep Your Transactions Secure

There are several online banking steps you can take to ensure your protection.

Encryption: Most sites will scramble your personal information to keep intruders out. Some browsers display a lock or key icon to indicate you’re conducting a secure transaction. Even so, these security indicators may not be a solid guarantee, as hackers can mimic these designs on their own sites.

PIN: Your password and Personal Identification Number should be used whenever you access your online account. Your password should be changed every six months and should be unique. Don’t use your birth date or other easy-to-guess combinations. A mix of numbers and letters is generally recommended. Some of the most commonly used passwords are things like “123,” “123456,” “password,” “password1,” “abc123” or “qwerty” – so avoid them!

Mail: Do not send account numbers, social security numbers or other personal information through unsecured email. Don’t click on incoming email allegedly from your bank, particularly if it asks you to update your password or account. Bookmark your bank’s homepage and only access your online banking through the secure site.

Location: Never perform online banking at a public computer or on your own computer in public places like airports or hotels, where thieves could be lurking. If your computer is lagging or pop-ups are prevalent, you should check your computer for viruses.

Virus Protection: You can also contact your computer manufacturer, software supplier and Internet service provider to see that you have all the security updates. Their websites will often have these upgrades for free and most new computers run routine security updates. You should also own anti-virus software to make sure your computer is not infected. IBM also claims it has invented a USB stick, called the “Zone Trusted Information Channel,” that ensures safe bank transactions, even if a computer has malware, although there’s no word yet as to when it will be available or how much it will cost.  

The average loss in online banking fraud is $30,000 per case says the FDIC, and Americans have reportedly lost $16 million in just three months due to past bank security breaches. If you find there has been a security breach on your account, the FDIC has detailed information on who to contact to file a complaint.