Banking Online? Tips for Staying Safe
Phony E-mails asking for personal information and other scams can drain your accounts
Phishing, a technique by which scammers try to gain access to personal information, is one of the most common threats to online banking security. Phishers send E-mails, often claiming to be from a bank, and ask the recipient to click on a link and fill out personal information. The scammer then uses that information to empty bank accounts or steal identities.
It's a common trick, and one that banks are getting increasingly savvy to through stepped-up security. RSA, which provides information security for large corporations, is one of the companies behind many of those new security measures, including personalized images and software that sends up red flags when a user is deviating from normal behavior.
U.S. News sat down with Christopher Young, vice president and general manager of identity and access assurance for RSA, to ask him how consumers can keep their identities safe from theft while banking online.
How do banks prevent security problems, especially with so many people banking online?
There are many ways in which consumers' online banking can be made more secure. Many banks now offer a set of images, asking users to select one when opening an account. If people see that particular image each time they log in, then they know it is really their bank's website [and not a fake website].
We also have risk-based analytics that measure whether you are logging in from the same geographic location as usual, from your normal PC, and what you're doing during your online session. If someone is checking a balance, that would be a low-risk activity. If they are taking out large chunks of money—or if your log-in location is in Eastern Europe instead of your home in Illinois—that would cause the risk score to go up. If it becomes too high, then the user might be asked for more information before proceeding.
Doesn't that software interfere with people's privacy? Is someone actually watching what they're doing?
No—it is all contained within the "four walls" of the bank. And it's not people looking at the [online activity]; the process is fully automated using computers.
Is there anything consumers can do to reduce their risk of being scammed while banking online?
Most banks will tell you that there's a lot consumers can do. They can install free firewalls and antivirus and antispyware tools that help protect against a variety of online threats. They can also check their banks' websites to see what security measures they offer—and then ensure that they take advantage of these.
Finally, the best thing that consumers can do when they receive E-mails or phone calls asking for their private information is simply not to respond. Generally, your bank will not call and ask you for your Social Security number.
What other mistakes do people make?
On social networking sites, people post a lot of personal data that can be exploited, including when they were born and where they live. It's like an online cocktail party. Think about what you need to open a bank account—your date of birth, address, and Social Security number. Some people post two out of three of those pieces of information. I would not put my birthday on a website.