How safe is online banking these days?

I’m thinking about taking the plunge with a major bank that boasts that its security is excellent.

Do I need a high powered firewall, just in case? What other things do you recommend?

I’ve been using internet banking for over 8 years and haven’t had any security issues. I wouldn’t worry about it as a “special case”. As long as you have normal / good security on your machine for browsing, you should be fine.

IMHO, at least.

I’ve been doing all my banking and bill paying online since, well, since I had a checking and savings account. My bank doesn’t even have crazy security measures and I haven’t had any problems whatsoever. The only problems I’ve had with security is when my husband left his ATM card on the counter at the post office and some jerk stole it and overdrafted our account. So, in my experience at least, meatspace banking is more laden with security problems! But I’m married to the Absent Minded Professor.

Obviously I wouldn’t bank over an unsecured wireless network, but otherwise I don’t take any other measures other than not storing my PWs on my machine. I also learned to identify phishing scams. Pardon if it may seem obvious, but NEVER click on any link in an email or instant message claiming to be from your bank and asking for your account #. I’ve had a slew of PayPal and Bank of America phishing emails lately. I usually forward them to the authorities at whatever bank they purport to originate from.

So yeah. Online banking. I can’t imagine doing it any other way - all my finaid direct deposits and so did my paychecks. I only keep my checkbook for a few things, but mostly for the rent. I have an ING orange savings account as well and their security is crazy-good. They have several security questions and you have to use a PIN to log in. I am very happy with their security.

Online banking wouldn’t be any more dangerous than online shopping in terms of your own personal firewall. And the bank itself you don’t really need to worry about since if they get robbed that’s them not you and they’re insured.

Any back and forth transmissions between your computer and theirs is done through common encryption protocols which are exactly the same regardless of whether you’re shopping for doggy treats on the internet or doing your banking and regardless of whether you’re using Firefox or Internet Explorer. And your firewall just doesn’t matter at all.

Not having a firewall leaves you open to getting a virus in which case there’s some chance that it will be a keylogger and the person watching what keys you’re pressing will get your credit card number and such–but that’s not related to online banking unless they see you logging in to your account and know what bank it is. Either way you still want to have a good firewall–or just plain off never enter personal information into anything on your computer. But frankly you’re safer sending your credit card number to an online store than you are handing your credit card to the waiter at a restaurant.

Thank you all. I guess I’ll go ahead with it.

But you remember that I asked about firewalls? Well I Googled for the top 5 firewalls.

Check the amazing (to me) information regarding mostly household names:

I found this excerpt from their “Public Reaction and Comments” section a wee bit unsettling. (My emphasis)

What do you think?

Wells Fargo had a system wide meltdown about a month ago. All ATMs were locked out, and for me, I was panicked because the website was not registering the last two days of deposits, but it was showing the withdrawals, so I looked overdrawn when I wasn’t.
I went scrambling to scrounge cash to deposit with a human teller so it would be reflected immediately. But when I got to the bank I found out they were in turmoil as well, with lines out the door.

Bank of America (which I have and like their online banking system) has a two stage login. The first just looks normal but the second shows you a picture that you select when you sign up. If the picture isn’t legit then something is up although that has never happened to me. The biggest risk would be responding to e-mails asking you to verify your “information”. I don’t worry about it otherwise and Bank of America gives you a very secure connection to their site that has been tested at length.

Good. And BoA is the bank I was talking about. Gonna do it. Thanks.

Furthermore if you log into B of A from a strange computer, IIRC you are asked an additional security question.
Wait a second and I will try it from my new laptop.
I’m back. Yes, when I logged in for the first time from my new laptop, before I got the picture challenge, I was told that the website did not recognize my computer, and asked one of my security challenge questions.
I was also asked if I wanted the website to remember this computer so I did not get the challenge question next time. Note: If you say yes to this, you still have to identify the picture correctly.

I would say that B of A’s website is very secure.

I can confirm what Rick said about BoA.

There are three main places that security problems can occur:

  1. On your machine. If you get certain types of malware, the passwords and such you enter can be logged and sent to The Bad Guys. Hence, the BofA system attempts to lessen such problems since The Bad Guys are not yet logging the picture picking system. Expect that to change.

In short, you have to keep your machine 100% clean of malware.

  1. The link from your machine to the website. As mentioned, the normal was such data is sent is encrypted. Certain bad things can happen that breaks this (like malware on your end), but this is the least likely problem.

  2. The website end. Lots of bad things can happen here. Evil programmers working for the bank can set up all sorts of bad things. But, if they do something to you and many other customers, the bank will make good to avoid lawsuits.

Sloppy programming is the bigger concern. Especially with the “Web 2.0” nonsense which “enhances” your web experience while opening up a myriad of new holes for people to exploit. Cross-site scripting, javascript bugs, and on and on. (Google’s gmail has been found to have 2 major holes in recent days.) You should assume that the bank’s web site has several dozen exploitable security holes of which between 0 and 1 are currently known to The Bad Guys.

While a bit scary, it is actually far more secure than using a lot of physical banking systems. The security holes there are far more numerous and all well known to The Bad Guys. Which makes a no-brainer even to an Internet security concious person such as myself.

I’ve been online banking, and BillPay, for years and years. Once you make the switch, you’ll never go back. It’s saved me hundreds of hours of time that I used to spend writing checks, reconciling accounts, running to the post office. I’ve never had a security issue.

And with my bank, it’s free!

I have Suntrust, never had a problem. I don’t even look at my paper statements anymore since I pay bills online every two weeks and balance to the penny each time (or figure out why I don’t.)

The main thing is stamps…we have cut waaaaaaaay down on stamps. Hell, we even have some 37 cent stamps left, and that’s from two postage increases ago!

I work at a bank and 99.99% of any fraud to do with internet banking is low-tech. In other words it is a woman giving her password to her boyfriend. They break up and he starts using her online banking to clear her out. Or it is people using a net-cafe and someone looking over their shoulder and seeing their password and then clearing them out.

HSBC has a clever second password…instead of typing it in, you use a mouse to click letters on a virtual keyboard. That way no one can access your account just from shadowing your keystrokes.

The keyword is “yet”. This scheme in particular is easy to add to a keylogging package. The BofA image scheme is a bit harder to log since it is easier to place the images allover as well as giving them one-off names. With an on screen keyboard, randomly placing the letters in different locations will drive customers crazy.

It also is poor compared to the BofA scheme since you can generate a fake login screen much more easily. Makes phishing easier.