Safety tips for online banking
11 January 2022
Using a computer or smartphone to check your finances can be a convenient way to do your banking. From transferring money between accounts or paying bills, to getting a PIN reminder using your banking app or website, there’s not many day to day transactions you can’t do online.
According to analysis by finder.com, four out of five Brits use online banking, so it might not come as a surprise that almost every bank or building society in the UK has an element of digital banking available.
You’re not alone if you’ve ever wondered ‘how safe is online banking?’ We’re going to look at the things banks are doing to keep your money safe, how to take care when banking online, and share our top tips to help you use online banking confidently and safely.
How does my bank keep my money safe?
Keeping customer’s money and personal details safe is something banks are obligated to do and they can be fined huge amounts of money if they don’t.
All banks encrypt their digital banking facilities. This means that only you should be able to see your information when logging on to online banking.
All banks must comply with new Strong Customer Authentication (SCA) regulations to keep you safe while you do your banking online. Because of this, they’ll ask you to use two forms of authentication before you can see your account details or complete any transactions. This might be entering your password followed by a single use number sent to your mobile phone, or using a number created using your online banking card reading device. It’s also common practice for online banking to automatically log you off after periods of inactivity.
When you’re completing transactions in online banking, you might see a pop-up message asking if the payment is genuine, and to encourage you to double check all the details.
To find out more about SCA regulations and see how your bank rates for its online banking security, check out this guide from Which?
Online banking safety tips
Whether you’re new to online banking, or you’ve been using it for a while, it’s good to know the most effective ways to use it safely. Using some, or all, of the following online banking safety tips will help you avoid getting caught out.
- Use strong passwords
When you register for online banking, you’ll be given a password which will usually need to be changed the first time you log on. There are certain rules for creating strong passwords for accounts like online banking, which include using a mixture of upper and lower case letters, numbers and special characters, a bit L1keThi$P@ssw0rd!
If you find it tricky to remember complex passwords, you could use a password manager tool to create and store them for you. This way you only have to remember one complex password – the one to get into your password manager. Password managers can also help you choose a new password if you want to change your password on a regular basis.
You can find out more about creating a strong password and password managers by signing up to Digital Wings for free in our article here.
- Two factor authentication
Two-factor authentication (sometimes referred to as 2FA) provides your accounts with an extra layer of security and can stop cyber criminals accessing your account – even if they have your password.
Two-factor authentication asks you to provide two layers of authentication to prove who you are. They’ll be any two from the following: something you know, like your password, something you have, for example your mobile phone (a company may send you a text message with a code) or something you are, such as your fingerprint or facial recognition.
The NCSC (National Cyber Security Centre) have written this guidance.
- Avoid public Wi-Fi, and public computers
It’s best not to access your bank's website through a device connected to public Wi-Fi. Information you send using public Wi-Fi (like in a coffee shop or hotel) could be collected or intercepted by cyber criminals, who could read - or even change – important information, like login details, passwords or emails.
By using a secure Wi-Fi network – for example, one that’s protected by a password, or your own data connection, information is encrypted, to help keep your information safe.
You should also avoid using public computers – in a library or other shared space - for online banking. But, if you don’t have a choice, clear the cache and cookies before you log off, remove any temporary folders on the device, and don’t allow the computer to save your password or any other login details.
Equally, if you’re using a shared computer at home or in the office, don’t save your online banking passwords to the device and make sure you always log off when you’re finished.
- Check your bank statements
Having online banking on your device means you can access your bank accounts whenever you like. Check your accounts regularly, so you can spot any discrepancies quickly, and take action if necessary.
If you notice any unusual transactions, get in touch with your bank immediately. Use a number from their official website, the back of your debit card, or visit a branch.
Some online banking facilities allow you to freeze your card, or report fraud using built in tools, like live chat, or direct call.
Some banks allow you to setup alerts too – they’ll send you a text message if you’ve created a new standing order or made a bill payment, for example.
- Keep your software up to date
If your device is infected with a virus or malicious software, your personal information – like online banking details, your photos or other personal documents - you store on there could be compromised. Keeping your computer software and any anti-virus software you use up to date can help protect your device for these types of attack.
You’ll usually be alerted when a new update is available, and you can often set your device or software up to update automatically as soon as an update is available.
- Avoid following log-in links
When you log into online banking, use your banks official app on your device or their official encrypted and secure website. Never follow a link sent to you via an email or text message.
Cyber criminals use phishing (scams carried out via email) or smishing (scams carried out via text message) messages to gain access to your personal details and money. They may ask you to click a link or open an attachment for further information, or to get a refund. You might be asked to download something – typically, this will be malware (malicious software) masquerading as something else. The software helps fraudsters access your details, and your money.
Here are some tips to help you spot and avoid phishing attempts:
- If you receive an email from someone you don't know, or from a company asking you to do something (make a payment or share personal or financial details), check the sender's email address. For example, the sender's name could display as ‘Barclays' but their email address could be Barclays123@mail.com. The address formatting tells you it's not genuine
- Obvious spelling mistakes can be a sign that the email is fake. Look out for inconsistencies in the wording, images, the presentation and the branding. Does it look right?
- Don't click on any links or download attachments in emails you're unsure about. Delete the email, and block the sender's email address – that way, you won't receive anything else from that account.
If you're suspicious about an email you've received claiming to be from Barclays forward it on to firstname.lastname@example.org and delete it immediately (your bank is likely to have its own reporting email address too).
- Never share your login or security information
Your bank will never ask for your confidential information over the phone or by email. If you get an apparent phone call from the bank or an email requesting your details, do not give out your login information.
Don’t share your online banking login details with family or friends. If you do share your details, change them yourself straight away, or ask your bank to help you – explaining what’s happened. If someone has managed to access your accounts fraudulently, your bank can check and help you make your account safe again.
What to do if your online banking security is compromised
Remote banking (impersonation) fraud occurs when criminals access an account usually via the internet, mobile or telephone banking to make an unauthorised transfer, typically by tricking customers into revealing their security details through scam phone calls, texts and emails. These are examples of social engineering. You can find out more by signing up to Digital Wings for free in this Digital Wings module.
£225.7 million of impersonation fraud was prevented in the first six months of 2021, up 24 per cent on the same period in 2020*. This is equivalent to £6.29 in every £10 of attempted fraud and demonstrates the value of measures taken by banks to fight fraud.
If you're a victim of an attack or have an attempted attack against you, report as much as you can to Action Fraud. Action Fraud is the Police’s internet crime reporting unit; it’s been setup to help tackle the UK’s cybercrime.
Fraud can happen to anyone. By remembering some of these do’s and don’ts you could help yourself to stay safe when banking online.
|Use additional security features such as 2FA||Use shared devices or public Wi-Fi or allow anyone you don't know to access your device remotely|
|Keep your security software and banking apps up to date, and check your accounts||Click on links in emails or text messages if you’re unsure of their origin|
|Choose a strong password||Share your online banking details with anyone (PINs, mobile banking codes and activation codes)|
How to keep your passwords safe
10 June 2022
Are you concerned about password security? Read our simple guide to learn how to create strong passwords and store them securely.
Beginner's guide to streaming
08 June 2022
Do you want to know more about streaming? Read our guide to learn what streaming is, how it works, what you need and how to improve your streaming experience.