Many banks have reduced the number of branches significantly simply because huge numbers of us have long since been using online banking for everyday financial matters. Getting small amounts of money paid out at the supermarket checkout also means there’s no need anymore to pop to the bank. You could say it’s a win-win: Banks can significantly reduce their operating costs and pass on these savings to us as online banking customers in the form of better terms.
Given rapid increases in cyberthreats and ever new cases of successful hacker attacks, the question inevitably arises as to how secure online banking actually is.
Read on to learn everything you need to know about online banking and how you can make your online banking account more secure.
How does online banking work?
In very simple terms, online banking means directly accessing a bank computer via the internet.
To bank online, all you need is a computer or other internet-enabled device such as a smartphone or tablet running Windows, macOS/iOS, Linux, or Android. And because you don’t need a lot of processing power, you can also use older devices.
Once you’ve registered and authenticated yourself, you can bank online using any popular internet browser on your PC or laptop as well as on your mobile device — with banks offering their own apps for you to perform banking transactions more conveniently on the go.
As an alternative to online banking using your browser, you can also use online banking software on your home computer — although this is usually not free of charge. These programs offer additional functions for managing multiple accounts, which can make it easier to keep track of your finances.
Regardless of whether you use an older or newer PC, your smartphone, or your tablet for online banking, proven antivirus software is essential.
Avira, for example, has over 35 years of online security experience, and its lightweight Avira Free Antivirus solution enables you to ward off a wide variety of malware. Additionally, the scans also take into account performance and online privacy.
No online banking without authorization
For your online banking transactions to be accepted and executed by the bank after logging in, you need to have authorized them. In personal banking, authorization using a TAN (transaction authorization number) is now the norm. It comes in various forms:
- A TAN list printed out by the bank and sent to you is now rarely used.
- eTAN or mobile TAN is very common. You get text a notification to authorize a transaction or you’re asked to confirm the payment via an app.
- Many banks offer TAN generators for the authorization process. These are small devices that generate a unique TAN for each online banking transaction and are considered very secure. Since two separate devices are used for the input, display, and confirmation of transactions, it’s almost impossible for hackers to install banking Trojans or manipulate transfers. Such a TAN generator is used with sm@rtTAN or chipTAN processes, for example.
In corporate banking and multi- and interbank business banking, where large sums and bulk transactions (e.g. payroll accounting) are processed, other procedures are common, since even the smallest error during the authorization process could have immense consequences. That’s why financial software is used, which is also referred to as a client program.
The advantages of online banking
Online banking didn’t come into its own as a result of the Corona pandemic, when strict social distancing rules made it difficult to enter the bank branch, although this period certainly drove its triumphant advance. That’s because the advantages are self-explanatory:
- You can view your current account transactions almost in real time and control incoming and outgoing transactions — regardless of bank opening hours.
- Account statements are delivered automatically to your inbox and there are no fees for lost statements — they’re stored in your online banking account mailbox to retrieve whenever you want.
- Making transfers, setting up standing orders or regular transfers, transferring money from a fixed-term deposit to a current account — all of this is no problem with online banking.
- And if you lose your credit or debit card, you can block the account quickly and avert greater financial damage.
How secure is online banking?
With frightening regularity, we are warned by the media or directly by our bank of new cyberattacks in which hackers are targeting online banking accounts — after all, they’re a very lucrative target. And scammers’ methods are becoming more sophisticated, so sometimes we don’t even realize we’ve fallen into their trap.
Phishing is the greatest danger with online and mobile banking. It involves wide-scale attempts by attackers to try to trick people into revealing their log in details. If hackers succeed with a phishing attack, they can access our account and use it for financial transactions.
Check out our blogpost for details on phishing, how to improve your protection, and the, sadly, very many different types of phishing attack.
How secure are TAN procedures?
Financial supervisory authorities are constantly issuing banks with new guidelines and binding requirements to ensure that online banking remains secure despite the enormous increase in cybercrime. TAN generation procedures, which we’ve already described, are a central plank of banks’ security models.
With the classic PIN/TAN procedure, the bank mails the customer a paper TAN list that’s valid indefinitely. Here, one of the available TANs can be freely selected for each transaction. But as these lists have since been compromised, they’re hardly ever used now.
Although the transaction authorization using a TAN generator is currently considered the most secure method, hackers can also attack this process. One such example which is on the rise is the man-in-the-middle attack, where cybercriminals try to intercept or even manipulate data traffic between you and your bank.
How does online banking work?
While mobile and online banking may never be completely secure, you can improve your protection significantly. As we’ve mentioned, reliable antivirus protection is definitely a must-have.
Similarly, you should always keep your PC, Mac, smartphone, and tablet’s operating system up to date, because most updates usually also fix recently discovered security holes.
A daily limit for transactions agreed with your bank can at least help ensure that your online banking account is never completely plundered. Take a look at your account transactions regularly and inform your bank immediately if you discover movements that you cannot account for or feel are suspicious.
Be careful with your credentials
Guard your credentials with your life. Just as you guard against strangers listening in to your conversations or seeing you enter your PIN at the bank counter or ATM, confidentiality is also key with online banking — especially with TANs.
Also, be careful about giving out your online banking credentials. Whether in person, written on a piece of paper and put in your wallet, or forwarded via WhatsApp or other services, only reveal your IBAN and access data for online banking to others if you absolutely need to.
Wherever possible, only use your own devices
In an ideal world, you’ll only ever bank online using your own computer on your own — secure — Wi-Fi network, log out after each online banking session, and even wipe your device’s cache. But very few of us show that level of conscientiousness.
We think it makes a lot of sense to use a VPN — or virtual private network.
Avira Phantom VPN is one such reputable VPN. Even in its freeware form, it can help you better protect the data you send and receive online by encrypting it — meaning your online banking activities are also encrypted — up to a data volume of 500 MB per month with the free version and with limitless data with the premium version.
Choose a secure password
Every time you register for an account, you get tips for setting a password. You probably already know what a good password ought to look like: It should be unique for each online account and always comprise a combination of at least eight characters, i.e. letters, numbers, and special characters — and you shouldn’t just update your passwords at regular intervals just for online banking.
Keeping an eye on several passwords for different accounts can be quite exhausting in the long run, which is why our top tip is to use a password manager. For example, with Avira Password Manager you only have to remember one master password and this tool will generate unique, strong passwords for your online accounts. This helps you improve the security of your online banking account, both in your browser as well as when banking online using your mobile device.
Look for security certificates from your online bank
The latest browsers often display a certificate when you visit a bank page, showing that an independent authority, the certificate producer, has confirmed the correctness of the bank server information.
You can tell that your bank’s website is certified by the small lock icon that appears in your browser’s address bar. Click this icon for more information about the certificate and to see if the website is legitimate.
Encrypt your Wi-Fi connection
The standard for Wi-Fi connections is currently WPA 3 (which stands for Wi-Fi Protected Access 3) and your provider will issue you with a password that’s at least 20 characters long when the router is delivered.
Customize the settings to ensure that your wireless router establishes an encrypted connection and that your wireless network is a “private network” to prevent unauthorized access.
Never respond to phishing emails
We’ve already mentioned that phishing is a major risk, especially because cybercriminals repeatedly manage to get access to our online banking credentials by sending masses of bogus emails in the hope that you’ll fall for one.
These fake messages, with links to websites that are of course also fake, are usually very professionally designed and in many cases indistinguishable from the original. But don’t let this fool you: Your bank will never email you asking you to disclose confidential information such as your PIN, TAN, or account number. If you receive such messages, let your bank know — but never follow the instructions in the email.
