The Vulnerabilities of Digital Banking

The popularity of online banking is undeniable. 46 percent of banking customers have moved to an exclusively digital model. However, as with most growing digital markets, there are heightened concerns of privacy and security of customer data. With the rising prevalence of malware, phishing, and other malicious methods of stealing data online, consumers are rightfully concerned about their financial data being compromised. However, online banking itself isn’t the problem. On the contrary, it’s commonly agreed upon that consumers themselves are actually the most vulnerable component.

Take phishing as a primary instance, where scammers prey on the vulnerabilities and trust of consumers in order to trick them into divulging their data. The most common approach taken by these internet con-artists is to construct convincing emails and websites that appear to be from a trusted institution — such as the consumer’s bank. Fooled by these spoofs, consumers inadvertently give the scammers access to their login information and financials. Consumers are also regularly misinformed or confused by the continuous password debate — and they end up using weak passwords that aren’t changed often enough. When a majority of online consumers are using the highly predictable “Password1,” or the equally discouraging “123456,” it becomes easy for attackers and malicious programs to guess correct passwords.
 
 These situations are further augmented by the vulnerabilities exposed through public or open Wi-Fi networks. The Harvard Business Review explains it, “Security consultants often find that sex can be an attention-grabbing metaphor to get a client’s attention. When [they] lecture businesspeople about cybersecurity, [they] compare the dangers of using public Wi-Fi to the risks of having unprotected sex. In both cases, not taking the necessary precautions can lead to lasting harm.” By accessing their most private accounts on an unsecure network, consumers leave themselves and their personal data exposed to anyone monitoring the network with bad intentions.

In all of these situations, the financial institution itself is still perfectly secure. Their firewalls haven’t been breached and their online banking portal is left un-compromised by attackers. But poor consumer awareness of cybersecurity has led to individuals’ information and finances being endangered. Thankfully, innovative steps are being taken to limit the opportunity for user error. The FIDO Alliance and their WebAuthn initiative are a great recent example. WebAuthn allows for log-in authentication via fingerprint and face recognition software, which eliminates the need for the proven unsecure systems like passwords.

However, setting these worrying user behaviors aside, there are still a few reasons consumers should be concerned about online banking. The chief of which is how many businesses have access to users’ financial data, whether they use that data (or even intended to collect it) or not. This is a particular concern due to the recent reveal that Facebook has been collecting call history and SMS data from Android users for years without their knowing. The consternation surrounding this news has reignited a long-dormant and oft-ignored conceit: dozens of companies already have access to what you’re doing online. 
 
 Whether through cookies, IP tracking, advertisements, etc., at any point there are a number of programs tracking what you’re doing online. These can include your operating system, your internet/Wi-Fi service, your web browser, your search engine, your browser add-ons, and many others. For the most part, all of these programs can see what you do online — including banking. This means that, depending on how the companies that own those programs track, share, or sell user data, there are dozens if not hundreds of places your banking information could be compromised from. And this is on top of needing to worry about your banking/credit card information being compromised due to a data breach at Target, or Walmart, or Amazon. That information is startling to think about, and it should be. When consumers’ privacy or financial data is compromised it’s a very serious situation.

However there are ways to reduce the risk and minimize the effects of such happenings. Browsing online using a virtual private network (VPN) or tools like the Puffin Browser with similar security and privacy benefits, can offer peace-of-mind. These tools ensure that your information is kept secure and hidden from hackers. This is accomplished by filtering all your web traffic through unique, encrypted connections provided via cloud servers. Think of it as keeping yourself (including your device and data) at arm’s distance from the internet. These tools essentially establish a hacker roadblock — they can’t get through to you or your data because you aren’t directly online. So while you’re logging into your bank, hackers will never know you were even there.

Ultimately though, the best practice that consumers can follow is awareness and knowledge of these vulnerabilities and bad practices. By paying more attention to their online behaviors, especially with banking accounts and transactions, they will more readily recognize inconsistencies and red flags. And remember — if you ever notice anything out of the ordinary while banking online, be sure to call your bank. Better safe than sorry.