Is It Safe to Bank Online?

Ten ways to keep your information secure in the wake of high-profile cyberattacks.

By + More

Last week's security breach at Citibank was just the latest in a string of incidents that have rattled consumers: Sony, Lockheed Martin, and iTunes are also among recent high-profile targets. With such big names falling victim to hackers, is it still safe to bank online?

[In Pictures: 10 Smart Ways to Improve Your Budget.]

The answer, according to top security experts, is a qualified "yes." Using the Internet to bank, buy music, or shop is still as safe or safer than visiting brick-and-mortar locations, as long as consumers take precautions and know what to do if they notice any suspicious activity. In fact, the overall trend is a reassuring one: 2010 actually saw fewer records breached than the previous year due to new infrastructure in place, says Julie Conroy McNelley, senior fraud and risk analyst at research firm Aite Group. Today, she adds, "banks have some of the most sophisticated mechanisms in place."

As long as consumers take a few basic steps (explained below) to help protect their information, security experts agree that online banking remains safe. That's a good thing, since it's almost impossible for consumers to avoid sharing personal data online if they want to participate in 21st-century life, from Facebook to online sales to paying bills. Plus, as McNelley adds, many breaches involve databases of card numbers that exist regardless of how cardholders use their accounts.

Much of online security is out of consumers' hands altogether. "It's actually extremely difficult to know how secure any bank's information-handling is," says Geoff Webb, executive at data protection firm Credant Technologies. Banks often don't share much about their security techniques, since they don't want to tip off criminals on how best to attack them. Whether they talk about it or not, financial firms should be encrypting data, segregating credit card information from other types of data, and making web applications as secure as possible. Regular training of employees is also key, he adds.

In addition to doing what they can to protect themselves on their own, consumers can talk to their representatives in Congress to push for bigger changes, Webb says. The government is becoming increasingly involved in driving the security of banks and other organizations, Webb says. In fact, the Commerce Department recently urged online companies to improve their own security, and President Obama proposed new cybersecurity legislation in May.

[See How to Stay Safe While Shopping Online.]

Here are 10 steps consumers to take to make sure their information is safe:

1. Don't talk to cyber-strangers, and don't click on hyperlinks within emails from strangers. "That's the easiest way to download malware to your computer," says McNelley. Even if an email looks like it's from a company you know, such as your bank, go directly to the bank's website and log in there instead of clicking on the embedded link, and never open attachments from strangers (or even suspicious-looking ones from friends, who may have been hacked themselves). Sometimes hackers will set up fake sites that look like real sites to capture victims' information, a method referred to as phishing.

"A financial institution will never contact you via email asking you to verify your funds, request your username or password, or any other sensitive information," says Stephen Sims, senior instructor at the SANS Institute, which educates security professionals.

2. Treat your smartphone like the computer it is. Downloaded apps can contain malicious codes, warns McNelley. "You have no idea who created that app, and very little code-checking goes on," she says. If you're going to download apps, she suggests avoiding or minimizing the financial transactions you make with the smartphone. "Mobile phones are really tiny computers, but most consumers don't treat them as such or get anti-virus software for their smartphone," she adds.

Meanwhile, be sure antivirus software on laptops and desktops is up to date. "Many compromises are a result of keystroke-logging software that is illicitly installed on a user's system, capturing usernames and passwords," says Sims.