I'm the computer geek of the family — blogging, gaming, Googling, I'm practically always online. But it was my wife, Rachelle, who had to give me a good hard shove into the world of virtual banking. She promised it would make paying bills, moving money between accounts, and checking our balances so much easier; even better, most dot-com banks offer higher interest rates than their bricks-and-mortar cousins. I, however, saw only the downside: If hackers can breach military computers, what's to keep them from tapping into our precious money?
There are a lot of skeptics out there. While e-banking is growing at about 15 percent each year, only 4 out of 10 households have entrusted their finances to the Internet. And they have reason to pause. "Online banks have gotten harder to crack, so crooks are targeting the consumers who use them because they have fewer protections in place," says James Christiansen, CEO of Evantix, an electronic risk management firm in Aliso Viejo, California, and author of Internet Survival Guide: Protecting Your Financial Information (Sheltonix). "On the other hand, it takes only a few smart steps to avoid most problems. Online security for the little guy is very good and getting better all the time."
Rachelle arm-twisted me into giving it a go. Now I'm happy to pay my bills electronically, without the stamps and hand cramps. Whether you're thinking about switching or have already made the move to Internet banking, here's how you can protect your money.
Protect Your Money
Look for the real thing. Your safest bet is going with a major player like Wells Fargo, Citibank, or Bank of America, whose top-rated Web sites offer a wide range of services. If you choose an Internet-only bank, proceed with caution: It can be hard to distinguish legitimate sites from cleverly designed imposters set up by scam artists who want to lure you into revealing your user name, password, and credit card and Social Security numbers so they can run up charges or take out loans. Check the site for a telephone number that connects you to an agent; if there isn't one, it's a red flag that the site is bogus. Even if you can reach someone, go to fdic.gov before you open an account to confirm that the Federal Deposit Insurance Corporation covers the e-bank's deposits.
Bookmark it. Don't use a search engine or type a URL in your browser to go to your e-bank. Thieves set up sites with addresses similar to those of real banks — usually with just one different keystroke — and clicking on a bad link or making a typo will steer you there. The sites look so authentic — down to the bank's logo — that you'd never know they're bogus. Similarly, never click on links embedded in e-mail claiming to be from your bank asking you to confirm private information or "renew" your account; banks don't request this — only spammers and phishers do. "If it were a legitimate notification, your bank would ask you to close the e-mail and go to its Web site on your own," says Christiansen.
Expect strict security. Accessing your account should involve several hurdles. A user ID and password are just the start; many places also require you to select an image — animals, a landscape, a personal photo downloaded from your digital albums — and write a phrase for it that will appear every time you try to log on; by clicking "OK," you and your bank are verifying each other's identity. Sometimes you have to input more personal details (mother's maiden name, hometown, your first pet). Once you've logged on, you should be notified that you're about "to view pages over a secure connection." Clicking "OK" should change the URL from "http" to "https," which indicates that all communication is now encrypted.
Ask to be forgotten. Don't tell your computer to remember your ID and password and automatically fill them in. "Your teen's friends, repairmen, the nanny — could try to access your accounts and write themselves an e-check," says Christiansen. Logging off after you're finished isn't good enough, since your session could still be live and accessible with a few back clicks. For added protection, delete your browsing history, then close the browser.
Steer clear of hotspots. Logging on to your bank via Wi-Fi at a coffee shop or bookstore is asking for trouble. The wireless network you're hooked up to could be an "evil twin" set up by a hacker to look like a legitimate signal so he can monitor and record every move you make. Another ploy is the "man in the middle," where crooks offer deceptive Wi-Fi signals that funnel you to a real network. You never know they're there, so they can literally rob you blind.
Keep your guard up. Make sure that your firewall, antivirus, and antispyware software are up-to-date to prevent scam artists from planting codes in your computer that enable them to steal personal data or break into programs that store financial information by tracing your keystrokes. Always shred hard copies of statements or any correspondence containing your Social Security and account numbers so thieves can't dig them out of your trash.
Choosing the right one is tricky: It has to be easy to remember but complex enough to foil crooks. In general, longer is better — at least eight characters that combine letters (upper and lower case), numbers, and punctuation marks. Don't use real words, since hackers have programs that can automatically enter every one in the dictionary. Reversing, capitalizing, or doubling a piece of easily identifiable personal information may seem clever but it's all too common. Experts suggest stringing together related names or thoughts that are meaningful to you but obscure to anyone else — for example, pick a childhood pet's name combined with the year you got it, then use numbers to stand in for similar-looking letters and vice versa (such as Garfie1dOl).
Originally published in the May 2009 issue of Family Circle magazine.