Popular Posts

Protecting Online Bank Accounts Against Hackers

In the last few years, it has become harder to log into online accounts. New regulations were implemented to increase account security. Most all banks now require security questions on top of your typical username and password. Some like ING Direct and HSBC Advance have virtual keypads that are designed to counter hackers' keyloggers which can steal your passwords.

The best defense against keyloggers are secure token devices which display a new password every minute. If a keylogger steals a secure token password, it's useless since the password is only temporary. The latest bank to require secure token devices is Clear Sky Accounts which has announced that it'll be sending these devices to its customers on May 17th.

The only problem with these added security features is that it's making online banking less convenient. Logging in takes longer and it's more likely that you'll forget a security question. They often don't give you many choices for a memorable security question. These security questions also make it harder to use a service like Mint.com to keep track of your accounts automatically. I don't know how a service like Mint.com will be able to automatically log into Clear Sky Accounts after the secure tokens are in place.

In addition to added protections for account logins, I've also been told that many of the ACH transfer limits are due to security concerns. One limit is a maximum amount that can be transferred via ACH. Another is not a limit, but an added delay for ACH transfers. There has been speculation that the reason for these is less to due with security, and more to due with bank profits (profits from the floats during transfers and making it harder for customers to move their money).

I guess security is also a profit issue for banks since they're on the hook when losses occur, and then there's the cost of investigating the incident and the potential bad press.

Bankrate.com just published this article on hackers and online banking. According to the article:

Consumer checking and savings accounts are protected by the Electronic Funds Transfer Act, which limits consumer losses for online theft to $50, as long as the consumer reports the loss within 60 days after the fraudulent transfer appears on the statement.

However, there is less protection for line of credit accounts and business accounts. As the article describes, business accounts are the most vulnerable and get the least amount of protection. A fraud case was mentioned in the article in which a business owner lost $50,000 when a hacker did a fraudulent wire transfer from the business owner's Bank of America account. The business owner's attorney has filed a lawsuit against Bank of America which had refused to take responsibility for the loss.

The consumer advocate, Clark Howard, just published his tips for small business owners on how to keep their banking accounts safe. One interesting tip is the use of sandboxie.com. According to sandboxie.com, their software allows for secure web browsing:

Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

I feel fortunate that I've never had fraudulent withdrawals made from my accounts (knock on wood). I did have a case of mistaken withdrawals made from my checking account at a local credit union. I was alerted of the withdrawal through an account alert which sends an email when the balance drops below a preset threshold. When I logged into my account, I noticed a mysterious withdrawal of around $200. I immediately sent a secure message. It turned out to be a mistake at the credit union, and the credit union quickly credited back the money without any additional effort on my part. This actually happened again which was a little frustrating, but at least the credit union quickly fixed it as soon as I reported it. Account alerts and regular monitoring of accounts can be useful for both mistakes and fraud.

Do you have any tips for keeping your bank account safe?

  |     |   Comment #1
One more reason why having lesser accounts is better....
  |     |   Comment #2
I heard Clark Howard mention recently that there is an electronic keyboard that you can download to your computer so you can enter passwords via touchscreen or with mouse clicks instead of a keyboard. This would thwart keyloggers.  I caught the end of the segment where he was talking about this and did not catch the name of the program.  Does anybody know what it is?
  |     |   Comment #3
Well, to have fewer accounts might lead to "putting all of your eggs in one basket" which may be far riskier for your pocketbook.
  |     |   Comment #5
Use Norton Identity safe to login since your pw is hidden from you.
  |     |   Comment #6
To Dollar Bill: Windows has a built in program called Character Map that you can use for this purpose.
  |     |   Comment #7
Roboform is an excellent utility for keeping track of numerous user name/passwords. Users can navigate to a web site and login with only one or two mouse clicks.  I wouldn't leave my home page without it. 
  |     |   Comment #9
Keepass, a freebee downloaded via Kim Komando's site, works great.  Remembers each USB, Personal ID and Password plus has a Notes area that I use to remember the answers to all the questions.
  |     |   Comment #10
Lack of user education is the main problem,  physical tokens are a good option for security instead of using passwords so implemented our local banks at peru from 2008/2009 because here we use internet coffees, but these devices are really secure?. At the beginning they tried to sell them for a few of bucks but they had to give free, gratis because people was not interested, tokens will  expires after 3 years and the customer will have to pay for a replacement.


For our daily use we could use a account with a few of dollars, and use the main  account use only at home, sometimes i needed to do a transactions but was impossible because i leave my token at home. Is stupid to use a token for paying services like telephone and other of a few of dollars.


Gustavo the keylogger guy

  |     |   Comment #13
I need Id and pw at everbank

The financial institution, product, and APY (Annual Percentage Yield) data displayed on this website is gathered from various sources and may not reflect all of the offers available in your region. Although we strive to provide the most accurate data possible, we cannot guarantee its accuracy. The content displayed is for general information purposes only; always verify account details and availability with the financial institution before opening an account. Contact [email protected] to report inaccurate info or to request offers be included in this website. We are not affiliated with the financial institutions included in this website.