No one can deny the rise in popularity, nor the convenience, of online banking. In 2018, banking apps had become the third most popular mobile app category according to a Citi survey, trailing behind staples like social media and weather apps.
What customers receive in the bargain is time. Digital banking makes it a cinch to save money, send cash to friends, check our balances and even apply for loans and other financial products in less time.
But what we give up is the certainty — if such a thing ever existed — that our private financial data is being kept safe from prying eyes. In the era of digital banking, creating trust and achieving high-security online environments is a huge priority for banks and customers alike. Here’s a look at how both parties are keeping themselves safe.
What are the biggest cybersecurity threats today?
The biggest cybersecurity threats in banking today include familiar terms we broadly group under the umbrella of “cybercrime.” Other cybersecurity threats, however, are more of our own making. Here’s an abbreviated rundown:
- Unencrypted data: Leaving our data unencrypted is a great way to let potential criminals into our digital banking profiles. While “bank-level encryption” is mostly a marketing term, it’s still a signal that your institution takes this part of security seriously.
- Identity theft: Identity theft is as big a threat today as when Lifelock’s CEO had his identity stolen a dozen times after putting his Social Security number on the side of a company van. Around 16.7 million Americans had their identities compromised in 2017, according to Javelin Research.
- Fraud: Sometimes, a criminal’s goal isn’t full-blown identity theft but instead some type of fraud. Medical records are so valuable on the black market because criminals can use them to order medications or file insurance claims under somebody else’s name.
- Ransomware: Ransomware can be incredibly scary. This term refers to an outside party achieving access to and control over your computer and its files and then attempting to extort money from you in exchange for restored access. After the victim pays up, there’s no guarantee the thief will follow through.
Financial institutions can easily leave cybersecurity blind spots open for would-be criminals. Thankfully, many reputable organizations now know the stakes and how to prevent problems when they can — and respond swiftly in a crisis when they cannot.
How do banks leave cybersecurity blind spots?
Regrettably, as we’ve seen, even some of our “too big to fail” financial institutions drop the ball sometimes when it comes to cybersecurity. These blind spots occur by:
- Not making prevention a priority: Security can’t be an IT afterthought. Companies need to staff up in this area deliberately to meet emerging regulatory and consumer expectations.
- Not vetting third parties: The era of digital banking is complex and sometimes requires cooperation between multiple parties, technologies and software. Companies of all types need to make sure their partners, such as app developers, know how to keep company APIs safe. Technicians must even build physical branches’ HVAC systems with cybersecurity in mind if banks want to close any back doors in their connected IoT infrastructure.
- Not building a security-aware culture: Most businesses rely on the internet to deliver services and products. From banks to medical practitioners and manufacturers, keeping client and customer data safe means building a culture that respects security at every level. Achieving this security involves regular training, random spot checks and hiring for soft skills — such as conscientiousness and attention to detail — as well as hard skills.
Of course, banks can do all of this and still fail to connect with their customers or communicate meaningfully about the steps they’re taking. That’s why the stars of the show in the digital era are transparency and integrity. Banks can gain a competitive advantage by operating openly and by taking the right precautions before regulatory groups force their hands.
What can bank customers do for themselves?
The good news is, you’re not powerless in the face of this relentless foe. What can online bank users do to keep themselves safer? Here’s a rundown of some things you can start doing differently, today, to keep your digital-financial life safe:
- Know the signs of phishing attempts: Legitimate banks and other organizations won’t ask you for your password over the phone or in an email exchange. If you receive a message along these lines, provide no information. Instead, hang up and call the bank they claim to represent using a number you can vouch for.
- Watch for skimming devices: Believe it or not, we all still have to look out for skimming devices attached to ATMs and checkout stations. They can be difficult to spot, and not every location is as carefully or regularly inspected as others. Try to use a first-party ATM when you need to make a withdrawal, and use contactless payments via a smartphone or smartwatch wherever they’re offered.
- Go the extra mile for security’s sake: We understand as well as anybody that keeping up with our password “hygiene” is a bit tedious. As a result, many folks won’t like hearing that strong passwords are the bare minimum these days. After you go through your accounts and choose strong passwords or PINs, activate two-factor authentication for every website or app that offers it.
Two-factor authentication closes the loop on the digital security axiom, “Something you know, something you have and something you are.” If you take the above suggestions and use your on-device security features, strong passwords become the thing you “know,” your fingerprint becomes something you “are” and the two-factor authentication mechanism using your secondary device becomes something you “have.”
The rest relies on your sound judgment. Digital banking is a huge step forward for customers as well as the financial institutions serving them. As we’ve seen, banks are working hard to hire the right staff and use advanced technologies to keep us safe. However, we need to hold up our end of the bargain too and take the small steps available to us to ensure our most valuable information stays safe and secure.