In the last few years, it has become harder to log into online accounts. New regulations were implemented to increase account security. Most all banks now require security questions on top of your typical username and password. Some like ING Direct and HSBC Advance have virtual keypads that are designed to counter hackers' keyloggers which can steal your passwords.
The best defense against keyloggers are secure token devices which display a new password every minute. If a keylogger steals a secure token password, it's useless since the password is only temporary. The latest bank to require secure token devices is Clear Sky Accounts which has announced that it'll be sending these devices to its customers on May 17th.
The only problem with these added security features is that it's making online banking less convenient. Logging in takes longer and it's more likely that you'll forget a security question. They often don't give you many choices for a memorable security question. These security questions also make it harder to use a service like Mint.com to keep track of your accounts automatically. I don't know how a service like Mint.com will be able to automatically log into Clear Sky Accounts after the secure tokens are in place.
In addition to added protections for account logins, I've also been told that many of the ACH transfer limits are due to security concerns. One limit is a maximum amount that can be transferred via ACH. Another is not a limit, but an added delay for ACH transfers. There has been speculation that the reason for these is less to due with security, and more to due with bank profits (profits from the floats during transfers and making it harder for customers to move their money).
I guess security is also a profit issue for banks since they're on the hook when losses occur, and then there's the cost of investigating the incident and the potential bad press.
Bankrate.com just published this article on hackers and online banking. According to the article:
Consumer checking and savings accounts are protected by the Electronic Funds Transfer Act, which limits consumer losses for online theft to $50, as long as the consumer reports the loss within 60 days after the fraudulent transfer appears on the statement.
However, there is less protection for line of credit accounts and business accounts. As the article describes, business accounts are the most vulnerable and get the least amount of protection. A fraud case was mentioned in the article in which a business owner lost $50,000 when a hacker did a fraudulent wire transfer from the business owner's Bank of America account. The business owner's attorney has filed a lawsuit against Bank of America which had refused to take responsibility for the loss.
The consumer advocate, Clark Howard, just published his tips for small business owners on how to keep their banking accounts safe. One interesting tip is the use of sandboxie.com. According to sandboxie.com, their software allows for secure web browsing:
Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
I feel fortunate that I've never had fraudulent withdrawals made from my accounts (knock on wood). I did have a case of mistaken withdrawals made from my checking account at a local credit union. I was alerted of the withdrawal through an account alert which sends an email when the balance drops below a preset threshold. When I logged into my account, I noticed a mysterious withdrawal of around $200. I immediately sent a secure message. It turned out to be a mistake at the credit union, and the credit union quickly credited back the money without any additional effort on my part. This actually happened again which was a little frustrating, but at least the credit union quickly fixed it as soon as I reported it. Account alerts and regular monitoring of accounts can be useful for both mistakes and fraud.
Do you have any tips for keeping your bank account safe?