It’s all right to say that safe online banking starts with safe offline banking. Your bank will never ask for your PIN number, and this stays the same with online banking. It is never too much when it comes to emphasize the importance of not giving away your credit card details to anyone else. Extra vigilance is required when entering it at an ATM or self-banking machine. Some fraudulent tactics involve card copying using an illegal recording of you entering the PIN number, so always hide this action from view by concealing the ATM keyboard when entering the PIN (stay close to the screen and shield the keyboard with your other hand). Beware of anyone staying too close to you when you access the ATM, which is not just an impolite attitude but can be a suspicious sign. A fraudster does not need your PIN number in order to manipulate it online. The card number, cardholder name and the CSC (card security code) are sometimes sufficient for making online purchases that will be charged to your account. To avoid this, supplementary security protocols like TANs and 3D-Secure were implemented.
Additional security measures
When using your card for online payments, there are supplementary security protocols such as 3-D Secure. While not specifically ill intended, online stores that do not use secure websites (identifiable by the “https” instead of “http” in beginning of the address) and additional security layer make you credit card more vulnerable to malicious manipulation. Some banks do not even provide insurance against online thefts for cards that were not enrolled in an additional security protocol. “Cardholders who are unwilling to take the risk of registering their card during a purchase, with the commerce site controlling the browser to some extent, can in some cases go to their bank’s home page on the web in a separate browser window and register from there. When they return to the commerce site and start over they should see that their card is registered. The presence on the password page of the Personal Assurance Message (PAM) that they chose when registering is their confirmation that the page is coming from the bank. This still leaves some possibility of a man-in-the-middle attack if the cardholder cannot verify the SSL Server Certificate for the password page. Some commerce sites will devote the full browser page to the authentication rather than using a frame (not necessarily an iFrame, which is a less secure object). In this case, the lock icon in the browser should show the identity of either the bank or the operator of the verification site. The cardholder can confirm that this is in the same domain that they visited when registering their card, if it is not the domain of their bank” (http://en.wikipedia.org/wiki/3-D_Secure).
Online banking safety tips
Phishing and pharming are the most common ways to fish out information that would eventually put a hole in your pocket. See Learn how to identify phishing e-mails. Cross-site scripting and keylogger/trojan horses are also known attacks to online banking safety.
Use a firewall, anti-virus and anti-spyware software.
Make sure your anti-virus, anti-spyware, firewall and OS and third party applications are always up to date. Install security updates frequently.
Keep your PIN, passwords, personal identification question confidential. Regularly change your password. Do not store the password on a sticker on the desktop. Do not store it in a document on the PC. Do not use easy to guess passwords. Use passwords consisting of numbers, upper and lower case letters, symbols, preferably 10 or more characters (example: r€Tw33I@ll).
Always log-out after using your account. Never leave the computer unattended while logged into your account. Use public networks with caution. Enhance the security by clearing the browser’s cache after logging out.
Look for the closed lock icon signaling you are on a certified secure website (identifiable by the “https” instead of “http” in beginning of the address). Additionally click the lock icon to check if the certificate corresponds to the site you are viewing.
Keep in mind the general rules. A bank will never ask you to provide it with your PIN or passwords. Nor will it give away money in a contest you never entered or any other circumstances. Scammers sometimes try to trick people into making a real payment by claiming “it’s just a test”. Established businesses do not release secure applications and then ask you to test them. Take extra measures while traveling and using public computers. Use vigilance: remember the process you normally go when online banking and be suspicious if it differs from last time. Use a pop-up blocker or be wary of any unexpected or out of place looking pop-ups that appear during a transaction. Manually enter your bank address instead of clicking an e-mail link to log-into your bank account.
Contact your bank immediately if you notice any transactions you did not authorize.