Online banking is fast and convenient. Instead of laboriously entering the information for a transfer at an ATM, you use your computer or tablet to do it. Naturally, however, criminals are interested in your account data too, and that is why you should always protect yourself.
Generally, you have a choice of different ways to complete banking transactions online
- You can use the browser to log into the website of a regular or a savings bank.
- Many banks also offer their clients their own smartphone app.
- Alternatively, you can use software for banking. Many financial management programs also have their own module for doing this. Business clients, in particular, prefer this method because several bank accounts can be managed and viewed in a single interface.
Follow these tips for more secure online banking
- Keep an eye on the security of your computer,
because the PC presents the greatest risk in online banking. Trojans and other computer threats can act as gateways for criminals. Be sure to take our general security tips for a secure computer to heart and install updates right away. - Be vigilant in the event of phishing attacks.
Criminals will try everything to get to bank clients’ access data. This also includes phishing attempts. Always remember that your bank will never ask you in an email to enter a PIN or even a TAN on a website. - Disable the convenience functions in your browser.
All web browsers offer convenient functions such as saved passwords or auto-complete. You should definitely disable those when banking online. So if your browser asks if you want to save your data, click “No”. If a third party gains access to your computer, they could simply log into online banking. - Do not use an unsecured Wi-Fi connection for banking.
If you must absolutely make a transfer, use a VPN connection or use your smartphone as a Wi-Fi hotspot. As an alternative, use the bank’s app, but only on the provider’s data network. Public Wi-Fi networks, such as in cafés and restaurants, are potentially insecure. - Use an encrypted connection.
Watch for the indicator in your browser signaling a secure connection. You should only log into online banking if the link actually starts with “https”. - Keep an eye on your account balance.
Check your (online) account statements and transactions regularly. Criminals will not necessarily clean out an account. Instead, they use small amounts and withdrawals, because it is the sheer quantity that pays off for thieves. Pay special attention to debits and (online) transfers. - Set up limits.
Most banks offer an individual limit for daily transfers. At worst, this limit represents the maximum financial loss. - If in doubt, block account access.
If you have a legitimate concern that your access data has fallen into the wrong hands or that the system is infected with a Trojan, block online access to the account as a precaution. This is usually done most quickly by phone.
If you use software for online banking, update it regularly – and also take care to back it up, so that you can access your data at all times.
Familiarize yourself with these security measures
Procedures developed specifically for online banking safeguard account access and particularly authorizations for transactions (transfers, automatic payments etc.). Communication with the bank’s computer is subject to standards that allow home banking software to be used across a variety of institutions.
The following security procedures are currently in use
- PIN/TAN procedure
Every transaction is “signed” with a one-time transaction number (=TAN). The personal identification number (=PIN) secures access to the account itself. If an attacker succeeds in intercepting the TANs, they can authorize transactions on their own. Another version of this is the iTAN procedure. It requires a specific TAN in a list to be transmitted.
Although the PIN/TAN procedure is easy to use, it is also very vulnerable to phishing attacks. - mTAN and chipTAN
Here too, a TAN is needed as a “signature” for the order. However, these are sent or generated through a second channel. In the mTAN procedure, the bank server sends a text to the mobile number saved by the client. The criminal must therefore have access to this phone. With the chipTAN, the bank client has to read the TAN from a little TAN generator. Both variants are part of a two-factor authentication system. - HBCI using chip card
Banking software supports the “home banking computer interface”. It was used as early as the 1990s as a secure procedure for transmitting bank data online. The data is assigned a specific key before being transferred to the bank’s server. It is located on a chip card issued by the bank. A chip card reader and a PIN for the card are needed to access the card.
In the case of simple chip card reader, the required PIN must be entered using the computer keyboard. Theoretically, a Trojan or a special program could intercept it there. The HBCI procedure, which is already very secure, becomes even more secure when a chip card reader with its own keypad is used. This means that the PIN entry never leaves the device.
However, before you go out and get a chip card reader, ask your customer representative whether the bank even supports HBCI – and in what form.
