Understanding online banking security: 25 tips to help keep your account more secure
10 Nov 2021Online banking can be a convenient way to manage your money or pay bills. But how do you ensure that your details are safe? We take a look at what happens when someone steals from an account and provide 25 tips for a more secure online banking experience.
Cash is no longer king when it comes to handling personal finances in Australia. Online banking is the preferred choice now for the majority of the nation, and, according to the Australian Banking Association (ABA):
- 80% of Aussies prefer to transfer money, pay bills or check account balances online
- 71% of smartphone users use their digital wallet weekly
- ATM withdrawals of cash have more than halved since 2012
However, as the use of online banking rises, so too do the scams, hacker attacks and security flaws that allow thieves to steal millions of dollars from personal bank accounts each year from many thousands of people. So, how can you make your online banking experience more secure?
In this article
25 expert tips to make your online banking experience more secure
There are ways to make your online banking experience more secure. Canstar reviewed advice and information from sources such as major banks and lending institutions, government agencies and cyber experts, to compile this list of 25 tips for online banking security:
Check your transaction history regularly
1. Be on the lookout for charges or fund transfers you don’t recognise. Alert the financial institution asap.
Keep user details and passwords secure
2. Never disclose user information and passwords to anyone.
3. Do not store a list of passwords, unless they are protected in a special, secure password app or program.
4. Use strong passwords.
5. Do not use personal information in the passwords, and do not use one password for multiple programs or accounts.
6. Consider using the highest security measures available, such as two-factor or multi-factor authentication.
Take advantage of security features offered by your bank
Financial institutions are required to keep your data – and your money – safe from thieves. They often have a range of security features that they recommend their customers use, such as:
7. Transaction alerts, which could help you to see in real-time if a transaction has been made or a card has been used in an unusual location
8. The option of blocking international transactions, or other types of transactions, from a card or account type
9. Several security ‘layers’ of protection, which could involve the bank sending you a code via a text message before allowing certain transactions, or actions, such as changing your password
10. Pay ID, which could help keep your details safe
11. Setting a payment limit on what can be used/transferred/spent per day for your accounts.
Be suspicious and don’t give out your personal information
12. Be wary of what you post on social networking sites, as thieves can use this to build a profile about you, which could assist identity theft.
13. Investigate all requests for information, such as who is asking for it, how it will be used and where the company is located.
14. When filling out forms or signing up to mailing lists online, be wary of what is being asked of you. If you don’t think it’s necessary to give over personal information, query the organisation asking for it, or, if possible, leave the field blank.
15. Scammers often use sophisticated-looking emails and SMS messages to trick you into clicking on a link, which could allow a virus to be downloaded on your computer, or to trick you into giving up your personal information such as bank account details. Be suspicious of all incoming messages requesting you to click on a link or to give up personal information.
16. Don’t open emails from addresses you don’t recognise, and, if you do, do not click on any links inside the email.
17. Don’t answer calls from unknown or blocked numbers – allow them to go to voicemail so you can verify if the caller is legitimate.
Store and dispose of documents carefully
18. Secure your mailbox to prevent anyone accessing it without a key. Thieves can use the personal information in your mail to help build a profile about you, helping them to steal your identity, for example.
19. Dispose of sensitive information carefully – shred or destroy bank documents, bills, or anything that includes personal information.
20. Keep important printed documents locked in a filing cabinet or in a safe location, in case of a break-in.
Keep your device/computer secure
21. Use up-to-date anti-virus software to protect your computer.
22. Ensure operating systems and app are updated regularly, and turn on “automatic updates” where possible. This could ensure that any security patches are installed, which helps to prevent hackers getting into your device or computer through flaws in the software.
23. Make sure that you never enter your banking details on a shared computer, such as at a library or at work where more than one person uses your computer.
24. Lock your computer or device when you are not using it or when you walk away from it, even for a short period of time. Make sure it has a strong password that’s not easy to guess. Enable location software (such as FindMyFriends or similar).
25. Don’t use public wifi for any sensitive actions, such as banking, and ensure that there are security measures in place to protect your device (such as using VPN).
How do thieves steal money from online bank accounts?
Unfortunately, there are a number of ways thieves can take money from an online bank account, according to the ABA, ScamWatch and Moneysmart, including:
Phishing
The thief tricks you into giving up your bank account details. Scamwatch states these types of attacks are getting more sophisticated and it can often be very hard to tell if something is a scam or a legitimate request from a financial institution. Once they have your details, the thieves then log in and transfer money out of your accounts. They then also have access to your personal details and could open additional credit accounts or take out loans in your name, or steal your identity to use it in other ways.
Identify theft
A thief will research you to build a profile until they have enough information to be able to impersonate you. They will then open bank accounts and take out loans or credit cards in your name, access your accounts and withdraw your funds, etc.
Hacking
This is where a thief will use technology to break into your computer, such as via vulnerabilities in your operating system, wifi connection, mobile device software and so on. Once inside, they will access your personal information and bank account details.
Remote access
A thief will convince someone to allow them to remotely access their computer or device. This allows the thief to download software, which can uncover your personal information such as bank account details. They could then take funds from your accounts, set up new accounts or loans and so on.
Credit card fraud
Another type of online banking fraud involves credit cards. A thief uses your credit card number to make purchases. For example, the card number could be sold to them on the dark web, copied from mail stolen from your mailbox, ‘hacked’ from a legitimate site due to a security breach, or taken using a computer algorithm to fluke an active card, which just happens to be yours. If you notice transactions that you didn’t make on your credit card statement, contact your financial institution immediately. I did this, when I was scammed…
Case study: Surprise! I’ve bought a laptop?
I thought I had done pretty well in securing my accounts and assumed I was educated enough to perhaps avoid this scenario, as someone who writes about the financial sector. But, alas, this was not the case. Someone managed to steal more than $1,800 from my bank account via a bogus PayPal charge to my credit card. Luckily, the fraud was easy to identify as it was a larger sum among the evidence of my daily coffee spend, and in US Dollars, so it waved at me like a big red flag on my credit card transaction history (which I check weekly, if not daily). I contacted my bank straight away. They cancelled my card and said a fraud team member would be in contact. They also put a hold on the $1,800 charge. I then contacted PayPal, and their investigations squad sprang into action. They discovered that the purchase was for a laptop computer, which I didn’t buy, from a very dodgy website, which I had never seen before. The thief had used my real credit card number, entering it directly into the site’s PayPal-powered payment portal. The transaction was made in the United States, where, obviously, my credit card and I were not. PayPal said that it would take up to three weeks for the investigation process to be declared complete and, if there were no hiccups, the money would then be refunded. As my card had been cancelled, the money would be sent to my bank and they would sort out how to get it back to me. And they did. How did the thieves get my credit card details? I will never know. But I am now even more cautious when it comes to online transactions of any kind. I even have a separate ‘online purchase only’ low-fee credit card, with a very low spending limit.
How to tell if someone has stolen money from your online bank account
When someone steals funds from an existing online bank account, it will likely show up in the transaction history of that account. It is likely to be in the form of a charge or transfer that you did not authorise, nor recognise. It may also be hard to spot, depending on the sophistication of the thieves and their scamming attempt. It could be one large sum, or a series of smaller transactions. That’s why it’s a good idea to go through your statements line by line, and to make a habit of checking on your transaction history regularly.
What to do if someone has stolen money from your online bank account
The Federal Government’s Australian Cyber Security Centre advises anyone who suspects that their bank account has been accessed to:
- call financial institutions immediately. Most online banking providers have fraud teams that can help you. Options that might be available to you could include cancelling or putting a hold on your credit or debit cards and freezing your bank accounts to minimise any further loss of money. It could be a wise idea to contact them via phone if your banking app or computer has been compromised. If you have multiple accounts across different banks, perhaps let them know what’s going on, too.
- change passwords. This includes your email, social media account, and computer passwords – basically, as many passwords as you can. Choose secure passwords (following the site’s advice, such as including numbers, a mix of upper and lower case letters, special symbols and so on).
- request a credit report from a ‘reputable credit reference bureau’. They can help identify if the thieves have applied for any loans or credit cards in your name.
- notify relevant websites.
Check your credit score for free with Canstar
Moneysmart also recommends letting your friends and family know that your internet security has been compromised. This could help them to identify anyone approaching them pretending to be you and trying to get information from them, such as via fake or hacked social media accounts.
If a theft was a result of a scam, you could also report it to Scamwatch. While the organisation cannot help an individual retrieve funds from scammers, they collate reports and warn other people about them.
If you suspect fraud, you can also report it to the police.
If a scammer causes a charge through a payments system, such as PayPal, you may also choose to contact the payment provider directly, although it could be a good idea to check with your financial institution first to find out what the process will be from their end.
Other ways to get help include:
- Financial counselling: You can contact the National Debt Helpline on 1800 007 007. Financial counselling is typically free for people wishing to obtain free and confidential financial advice if a scam has left you in debt.
- Psychological support: Lifeline on 13 11 14 or online, or Beyond Blue on ph 1300 22 4636 or online. The national identity and cyber support service, or IDCARE, is a not-for-profit organisation that helps victims of identity theft. You can call IDCARE on 1800 595 160 or submit an online form.
Cover image source: mrmohock/Shutterstock.com
Thanks for visiting Canstar, Australia’s biggest financial comparison site*
This article was reviewed by our Sub Editor Tom Letts and Sub Editor Jacqueline Belesky before it was updated, as part of our fact-checking process.
