A recent article from AARP says online banking may not be as secure as we need it to be. Design flawswhich include placing customer login fields and bank contact and security information on insecure pages, allowing the use of Social Security numbers or e-mail addresses as user IDs, and e-mailing passwords or statements to usersleave security cracks through which hackers can gain access to accounts and other personal information.
The average loss per case from online banking fraud is about $30,000, according to the Federal Deposit Insurance Corp. In just three months of 2007, hackers stole nearly $16 million from U.S. residents.
Some things you can do
• Examine the websites URL. It should begin with https://a more secure Web protocol than http://. Never enter your user ID and password on any page without that S, says Prakash. Although most banks use the safer https:// on some pages, only a small percentage have it on all pages, his report shows.
• Make sure the banks name follows the https://, as in https://www.bankofamerica.com. An unsafe website has the host or other name listed before the banks, as in https://www.oriwa.com/bankofamerica/index.html.
• Dont trust security indicators, such as padlocks or lock icons inside a page, to show youre protected. Scammers can duplicate padlock icons on login pages and pages containing whats billed as bank contact information. Instead, Prakash tells Scam Alert, a hacker could change an address or phone number and set up a fake call center to gather private data.
• Choose longer, more obscure passwords, with at least eight keystrokesideally, a combination of uppercase and lowercase letters, numbers and symbols, such as go#Hen2Ry4&z. Never use your Social Security number or e-mail address as a user ID or password, which was allowed by one in four bank websites surveyed by Prakash.
• Dont click on any incoming e-mail purporting to be from your bank, especially a message asking you to update your passwords or accounts. Instead, bookmark your banks homepage and access your accounts that way. Also, dont accept offers from your bank to e-mail you passwords or statements, which can be intercepted by cybercrooks.
• Never conduct online banking from a public computer in an Internet cafe or local library, or even with your own computer in an airport or hotel. Also dont bank online when your computer is very slow or has many pop-ups; those conditions may signal the presence of a virus that could include keyloggers, which pass along your keystrokes to a hacker.
• Whether you bank online or receive your statements in the mail, immediately report any suspicious withdrawals or other account activity to your bank.
I like the fact that every time I use my PayPal Mastercard debt card I receive an email thinking me for my purchase. If every bank or credit card company did that fraud would be reduced. Think about suggesting it to your credit card processor.