Banking Online? Tips for Staying Safe

Phony E-mails asking for personal information and other scams can drain your accounts.

By + More

Phishing, a technique by which scammers try to gain access to personal information, is one of the most common threats to online banking security. Phishers send E-mails, often claiming to be from a bank, and ask the recipient to click on a link and fill out personal information. The scammer then uses that information to empty bank accounts or steal identities.

It's a common trick, and one that banks are getting increasingly savvy to through stepped-up security. RSA, which provides information security for large corporations, is one of the companies behind many of those new security measures, including personalized images and software that sends up red flags when a user is deviating from normal behavior.

Phishing, a technique by which scammers try to gain access to personal information, is one of the most common threats to online banking security. Phishers send E-mails, often claiming to be from a bank, and ask the recipient to click on a link and fill out personal information. The scammer then uses that information to empty bank accounts or steal identities.

It's a common trick, and one that banks are getting increasingly savvy to through stepped-up security. RSA, which provides information security for large corporations, is one of the companies behind many of those new security measures, including personalized images and software that sends up red flags when a user is deviating from normal behavior.

U.S. News sat down with Christopher Young, vice president and general manager of identity and access assurance for RSA, to ask him how consumers can keep their identities safe from theft while banking online.

How do banks prevent security problems, especially with so many people banking online?

There are many ways in which consumers' online banking can be made more secure. Many banks now offer a set of images, asking users to select one when opening an account. If people see that particular image each time they log in, then they know it is really their bank's website [and not a fake website].

We also have risk-based analytics that measure whether you are logging in from the same geographic location as usual, from your normal PC, and what you're doing during your online session. If someone is checking a balance, that would be a low-risk activity. If they are taking out large chunks of money—or if your log-in location is in Eastern Europe instead of your home in Illinois—that would cause the risk score to go up. If it becomes too high, then the user might be asked for more information before proceeding.

Doesn't that software interfere with people ' s privacy? Is someone actually watching what they're doing?

No—it is all contained within the "four walls" of the bank. And it's not people looking at the [online activity]; the process is fully automated using computers.

Is there anything consumers can do to reduce their risk of being scammed while banking online?

Most banks will tell you that there's a lot consumers can do. They can install free firewalls and antivirus and antispyware tools that help protect against a variety of online threats. They can also check their banks' websites to see what security measures they offer—and then ensure that they take advantage of these.

Finally, the best thing that consumers can do when they receive E-mails or phone calls asking for their private information is simply not to respond. Generally, your bank will not call and ask you for your Social Security number.

What other mistakes do people make?

On social networking sites, people post a lot of personal data that can be exploited, including when they were born and where they live. It's like an online cocktail party. Think about what you need to open a bank account—your date of birth, address, and Social Security number. Some people post two out of three of those pieces of information. I would not put my birthday on a website.

Shouldn ' t you also always look for the " https " at the top of the computer, instead of the normal " http, " when you ' re entering personal information online?

Yes, that helps, but those things can be spoofed. It's possible to take what's fraudulent and make it look authentic. You should always ask yourself, "How did I get to this site?" Was it via another site that's legitimate? Think about the context—just as you would in the physical world.

What kind of security measures do you look for in your personal bank?

I probably gravitate toward more security. One size does not fit all. For a brokerage account, you probably want more security, because it may have your life's savings. It's all a matter of degree. Adding too many layers of security is like creating a building that no one can get in and out of. There's a balance between needing more security and usability. You can't make bank accounts too hard to access, or no one will use them.

If consumers are scammed online and lose their money, would the bank give them their money back?

In most cases, they are protected. [Laws require banks to reimburse customers for all but $50 of their losses, as long as they report the fraud within a certain time frame.] Most banks, for good customer relations, will cover more than is required by law.