Question: What are some strategies people can use to protect their banking information online?
Answer: Always use strong passwords. A good way to create strong but easy-to-remember passwords is to use pass-phrases. Create a sentence, using things that are specific to you, and memorable, combined with some special characters, such as "My1stL@sV3gasvacationwasgreat!" The length makes the passwords very difficult for an attacker to guess or crack.
Never, ever, ever share the same password across accounts. I can’t emphasize this one enough. If the model rocket enthusiast’s forum you frequent gets hacked and you’ve used the same password for your online banking account, you could be in trouble.
PROFILE
Niels Taylor
>> Age: 49
>> Title: Senior vice president and chief information security officer
>> Company: Bank of Hawaii
>> Education: B.A. Furman University, M.A. University of South Carolina-Columbia |
Use multifactor authentication (multiple layers for logging on, such as secret questions). If the online service you are using provides a multifactor authentication feature, I strongly recommend using this for important accounts, particularly your email. Gmail, Yahoo, Hotmail and others offer this feature. If your email gets hacked, the attacker not only has access to your email and contacts, he can also often use information from your emails to gain control of online banking and other high-value accounts, so it’s extremely important to protect email. You may also want to use one email account for important things like banking and brokerage sites and a different email account for less important sites.
Keep your computers and mobile devices up to date. Having the latest security software, Web browser and operating system are the best defenses against viruses, malware and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the Web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
Q: Is it safe to use public Wi-Fi to access banking information?
A: No. Public Wi-Fi hot spots can be used by attackers in multiple ways. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it. It may be possible for an attacker to gain access to your computer, especially if you don’t have the latest security updates installed. Avoid using any public Wi-Fi site to connect to important sites like online banking. In addition, it’s always wise to protect your home wireless network with a strong password.
Q: What are common security concerns voiced by customers?
A: The most common ones are in relation to phishing and advance-fee fraud.
Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with. You should also be wary of unusual email from friends and family, as this may be an indication that their machines have been compromised by an attacker or by malware. Attackers may also call or text you, posing as someone from your bank or other business, asking for personal information. Never provide this information via phone, text or email. Call the business back at a known good number to confirm this activity.
Advance-fee fraud (also called upfront-fee fraud) is a scam that typically sounds too good to be true. Be on the lookout for scammers promising to send you money, reduce your debt or bring you in on a special deal in exchange for an upfront fee, your private personal information or your signature on a contract. Before sending money, providing personal information or entering into any contract, verify the business using resources such as the Better Business Bureau website, and always consult with an attorney before entering into any legal agreement. If you believe you have been the victim of advance-fee fraud, contact your local police department or FBI office.
Q: What are some red flags that customers should watch out for when adding their credit card or banking card information to their mobile phone?
A: Most mobile wallet technologies offer a safe and convenient way to pay for things by securely storing card information within the phone and requiring the user to use a PIN or fingerprint to authorize the transaction. Many mobile wallet technologies are currently available; Apple Pay and Android Pay are two of the most popular. They use a token, rather than the actual card number, to complete the transaction, adding additional security. Neither have yet been shown to have significant security weaknesses, and these technologies are very convenient. Many industry observers believe phones will eventually be used for the majority of shopping.
Q: What should you do if you think your personal information has been compromised?
A: If you suspect you have been the victim of identity theft, it is important to take quick action. The Federal Trade Commission recommends that victims call the companies where they know the fraud has occurred and ask them to close or freeze accounts. Change passwords and PINs for these accounts. Place a fraud alert with the credit reporting agencies, and review your credit report. Report the identity theft to the Federal Trade Commission. File a report with your local police department. More information can be found at the FTC’s Identity Theft website, identitytheft.gov.
