Online Banking, Other Transactions Carry Share of Customer Risks
1. Online Banking, Other Transactions Carry Share of
Customer Risks
The convenience of online banking in allowing individuals to conduct financial transactions away
from a physical site also can pose potential security risks.
While customers have the ability to sit in front of a computer making transfers online or paying e-
bills, safeguarding what they're doing is not necessarily the primary consideration.
More risk from number of online options
Part of the reason is the variety of locations where online banking can occur: at ATMs, gas station
pumps, self-service kiosks, doing online purchasing, buying movie tickets, smart phone application
use or purchases, and website banking.
Consumers can take certain steps to protect their private information and some sites are designed to
protect customers and their data. Two suggestions for consumers are to have long complex
passwords and, although easier to remember, not using one password for every site they log onto.
Certain sites have verification questionnaires when a customer forgets a password, and prompt
screen lockouts and timeouts if the correct password isn't entered. These can be inconvenient but
are designed to stop misuse of data.
It is also advisable that when filling out long forms online, consumers not use the stored information
feature despite its convenience. With all the data stored on browsers, if a browser or computer is
2. ever compromised, these data are exposed- where you live, who you are, your annual income, etc.
In addition, physically writing down passwords should never be done.
With the common use of ATMs, kiosks, gasoline pumps, self-checkout stations, and parking
terminals, consumers can face the illegal practice of having their credit or debit card information
recorded without their knowledge. This can be done too by someone assisting with a payment such
as a waiter or waitress or movie theater or coffee shop worker.
They can use a small hand-held electronic device to scan and store card data from the magnetic
stripe. The information then is usually sold to manufacture counterfeit cards.
At some ATMs and kiosks, cameras are set up to skim PINs from cards.
Enhanced security of credit over debit cards
Credit cards are more secure than debit in being issued by third-party institutions not directly tied to
bank accounts. A debit card is a direct charge against a bank account.
At the same time consumers should verify banking sites visited, and try to avoid doing banking or
purchases by phone.
If using ATMs, gas pumps, kiosks, or point-of-sale systems, check for skimmers, cameras, or card
readers. That includes going over bank statements often and credit scores regularly. Aside from
going to the three major U.S. credit bureaus, among the sources for checking credit history are
Mint.com, Creditkarma.com, and TrustID.
But anyone banking on their iPhone, tablet, or computer first should make sure the wireless devices
are secure and that the PC or laptop is up to date on operating system patches, anti-virus software,
Java patches, Adobe Reader, Adobe Flash, and Shockwave Player.
Other online risks come from fake websites, third-party cookies, search engine trackers, URL re-
directs, malware, phishing, un trusted vendors used for purchasing, installing bad software, or even
from legitimate websites not supported by browser plug-ins.
Checking for website trustworthiness
VeriSign is one trusted third-party certification authority which vouches for a website and assigns it
a certificate. To verify a website is authentic, go to an SSL Checker and enter in any URL to find the
historical background of the assigned certificate.
The certificate should be trusted by all major web browsers with all the correct intermediate
certificates installed. Those searching for this information will find the original IP address and
owner, when the certificate will expire, and if the host name is correctly listed in the certificate.
Ideally logging onto to a financial site (with user name and password) should occur first to establish
a secure connection with the bank before continuing with login credentials.
Consumers can determine if hyperlinks are legitimate. A hyperlink purporting to go to a certain
institution may actually go to another site.
3. It is easy to manipulate a URL. However, consumers
can hover over hyperlinks to be sure they know
where they are going.
Many who monitor security issues recommend not
going to URLs from links directly. Instead they say
always type in the URL in the address bar and
validate that the apparent site does really go to the
location indicated.
Many websites track what users are doing whether for marketing or malicious purposes. Legitimate
sites track users to improve search engine optimization, tailor custom advertising, or to sell data
back to banks the user is going to in order to offer specific financial products.
Ghostery.com is a plug-in tool that gives users the option to set blocking rules. It also gives a history
of what sites track information and what these sites do with it such as providing marketing research
for advertisers. Users can decide which sites to block or they can block all sites.
These tools are not all full proof but can provide insight into sites visited regularly and what
information they're collecting on you.
Caution always necessary with mobile devices
Mobile devices are not just a smart phone but any device requiring a wireless connection. Today
nearly everyone has a cell phone, smartphone, or mobile phone.
These devices, including an iPad or Android tablet, can be subject to malicious attacks. They
probably have less security than a traditional PC or laptop.
Some of the major threats in mobile banking include the absence of firewalls or anti-virus programs.
Data leakage is possible with mobile web browsing.
Untrustworthy apps can collect information about users. Open Wi-Fi retail locations such as
Starbucks or Chipotle pose dangers for users when connecting there for any length of time.
Text messaging from phishing campaigns has resulted in people getting texts claiming to be from
their bank and seeking their social security number and banking information.
Common spy applications can be purchased and installed remotely on phones or tablets to record
conversations both in video and from the microphone. People also can divulge too much personal
information on social networking sites like Facebook or Twitter such as disclosing they're out of
town or asking someone to collect their newspaper while away.
In addition, the use of a GeoTag app for digital pictures taken with an iPhone and iPod adds location
data that can reveal user information.
With many smartphones and feature phones being tablets or iPads, their appeal is using applications
to do various functions. But this raises the question of whether data is transmitted securely and if
consumers know the risks in other forms of online transmissions.
4. Sources:
"Are Security Banking Risks Inherent for Online Transactions," Financial Web Justin Pritchard, "3
Reasons Not to Use Online Bank Accounts," About.com Guide. "Risks and Benefits of Using
SmartPhones to Make Payments," Credit Card Education, June 19, 2012