Virtually Safe

Sam Abraham        Print Edition: July 2012

Access to the Internet is now ubiquitous and so its popularity as a medium to make financial transactions is beyond doubt. Such popularity also means the online banking system is constantly prone to attacks.

As Internet's rogue citizens design inventive ways to steal sensitive information and access your money online, it is imperative that you secure your online accounts. A little effort and some basic knowledge of computers and the Internet can help you stay safe.

ON-SCREEN KEYBOARD:
This would be the easiest way to protect your password from being recorded by key-loggers, especially at public terminals. All banks have this option available to input username and password.

SPECIAL:Here is how mobile banking works

A key-logger, which can be hardware or an application installed on the computer, records and passes on information about the keyboard taps you make. Using this information, it would be easy to find your username and password. While software loggers are hard to spot, hardware loggers will have to be an attachment to the terminal. However, know that an on-screen keyboard is not fool-proof by itself.

RANDOM PASSWORDS (CLICHE BUT VITAL):
Use a combination of random letters and numbers as words, names and phrases are what cracking program check for. One way would be to remember a familiar sentence and use the first letter of each word to form the password. Try using a sentence that can have a number in between.

For example, 'my daughter was born on the 5th of November-mdwbot5o11'. You can use any sentence that is not generic. It would be better to remember an incident that is not directly related to you, such as the date of a war or the swearing in of your favourite president. Try adding special characters (@ for at, $ for s) or capitalising a letter (not the first) to improve password strength.

SPECIAL: Now, make more payments via mobiles

Also, make sure to change your password from a secure terminal after you use a public terminal.

DO NOT FOLLOW LINKS:
Always type in the web address (URL) to access your bank's website. Never click on a link from an e-mail you get. That is how 'phishers' work, they re-direct you to a malicious site resembling your bank's portal and use the information provided by you to access your account.

The login pages of bank websites are secured through an encryption process, so a locked padlock or unbroken key symbol should appear in your browser window when accessing your bank's site.

Also, the beginning of your bank's internet address will change from 'http' to 'https' when a secure connection is made. Be wary of suspicious pop-ups that appear during your banking session. Log out immediately. Don't, in response to any mail, provide your banking user ID, passwords or credit and debit card numbers.

A CLEAN CACHE:
Browsers save pages you have viewed on your computer so that it can be accessed quicker if you wish to view it again, such as when you use the 'back' button. By clearing your cache after visiting your net banking account, you make sure no one else can view the confidential information you have viewed.

Also, don't select the option on the browser that stores or retains user name and password, i.e. auto complete. It wouldn't take too long for a program to get that information from your browser.

BE SECURE:
Keep your operating system and browser up-to-date with the latest security patches. Install these only from a trusted website. Apart from public terminals, also avoid locations that offer online connections through wireless networks (Wi-Fi), where privacy and security are minimal.

Also, if you have a computer at work running on a big network, it is likely that it is much safer than your home PC. Its level of security can be measured (roughly) by how strict the limitations are on its use.

For example, limitations on installation of downloaded software and ability to view certain type of content, including Java and streaming content means it is likely that the security is good. Of course, ask your employer for permission. You will have to trust your network manager to not access records of your online activity.

Opt for the One-time-password facility whenever possible, be it to change your net banking pin, make a transaction or add a third-party account. This would require you to keep your phone number and e-mail id updated with your bank.

PUBLIC, YET PRIVATE:
Using a public terminal for accessing your online bank accounts is risky. If you cannot avoid doing so, you have the option of using a portable operating system. Many Linux-based OSes can be installed on a portable drive, say, a flash drive.

For instance, you can download a copy of open source Ubuntu and create a bootable disc. Insert the disc into your computer and restart to use Ubuntu. Once the computer boots with Ubuntu, you can connect a flash drive and convert it into a 'start-up disc' to have a portable Ubuntu installation. You can connect the flash drive to any public computer and restart it to boot with Ubuntu, ignoring Windows or any other OS the machine uses.

When accessing your bank accounts online, stay alert. Look for warning signals, such as random mails, online forms seeking passwords and unsecured websites. If you find a suspicious mail or website, inform your bank.



TIPS FOR SMARTPHONE USERS:

Tips for safe online banking for smartphone usersDownload your relevant banking application on the mobile device instead of using the browser. If your bank's app is not available, use a secure browser, especially on Android phones. Also, get software updates to avoid exploitation of software loopholes.

Ensure that your mobile device has remote wipe installed or enabled. This is so that if you lose your phone, you can delete all information you had stored on your phone. Notify your bank so that no texts or mails will be sent to your mobile device.

Refrain from using public wireless networks to do your banking. They are unsecure and hackers often lay traps using such networks. Connect only through secured or private wireless network. Also, do not connect to another device when banking.

Banking applications will prompt for a login password each time you log in. If you find any unusual behaviour, report it to your bank immediately. The app might have a bug when installed in your handset.

Cover your tracks. Some banking applications store sensitive and confidential data in plain text. Check for data traces left behind after every transaction and delete it.

Always lock your phone when not using it to prevent unauthorised user access. Check your phone settings and enable the auto-lock feature. This will also buy you some time if your phone is stolen.

Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close