Wi-Fi makes it easy to access information and do business online — whether you are around the house, around town, or anywhere around the world. But just because it is easy does not mean it is a great idea. The fact that data is broadcast to anybody in range means that your information could be at risk, and that is especially risky when you use Wi-Fi for online banking.
Avoiding Wi-Fi altogether is not realistic, and it is probably not even practical to save banking sessions for when you are at home on a wired connection. But you should be aware of the risks you take when using free public Wi-Fi — and there is even some risk when you bank with Wi-Fi at home or in a hotel room.
Connecting is risky
What is the risk of letting those applications run wild? Some of the information they send might not be encrypted. It might not be sensitive personal information, but it could be useful information for thieves. Potential leaks include your email address, usernames that you are fond of, and the name of your bank. With those details, thieves can piece together enough information to do some kind of damage (whether that is getting into your bank accounts or stealing your identity) or mount a social engineering attack.
How does this happen? When you use Wi-Fi, your device broadcasts everything you send over the airwaves. Any computer within the range can “listen” to that communication, although ideally, the information is encrypted so that only authorised devices understand it.
Tips for safe banking
At some point, you are going to find the need to conduct financial business over a Wi-Fi, whether it is checking your balance before a major purchase or depositing a cheque. So, what can you do to keep your information safe, whether you are out and about or just banking from the couch?
- Stay up-to-date: Keep your operating system updated, whether you use a mobile device, laptop, or desktop. Using outdated software is like leaving your door unlocked — hackers know how to get it, and it’s easy to fix most vulnerabilities with an update. If you don’t enable automatic updates, pay attention to notifications (especially if they reference important security patches).
- Use cellular networks: If you have a data plan, use your cellular network instead of Wi-Fi for banking. It is still possible for thieves to get into those networks, but it is not nearly as easy as hacking Wi-Fi. If you can also tether other devices or set up a mobile hotspot, do that — at least while you conduct banking business.
- Use credit cards for shopping: If you make purchases while using Wi-Fi, credit cards are typically safer than debit cards. A debit card draws directly from your current account, so a thief with your card number can cause serious problems (interfering with your ability to pay bills and buy food, for example). With a credit card, you have a buffer protecting your current account — plus you have better consumer protection and a grace period to get things cleaned up.
- Control your devices: Don’t set your laptop or mobile device to “connect automatically” when it finds available networks. Thieves can set up a fake Wi-Fi network very easily, and they often give those networks commonly used names (like Free Wi-Fi, Airport Wi-Fi, or Hotel Wi-Fi). Always ask which network to connect to.
- Use any security available: If your bank does not already require it, set up extra security that helps prevent unauthorised logins. For example, two-factor authentication makes it much harder for hackers to log in to your account. You can arrange things so that your bank requires you to enter a unique code (sent to you by text message or generated by an app) every time you log in. That code will only work once, so thieves will have a harder time taking over your account if they get your username and password (or even one of those codes).
- Use security software: Security software goes a long way towards keeping you out of trouble. Keep antivirus and firewall programs up to date, and use a virtual private network to access sensitive information over public Wi-Fi. Avoid jailbreaking or rooting your mobile device, as doing so can make secure devices and apps much less secure.
- Trust your browser: Your web browser wants to help you stay safe. When visiting secure sites, make sure that “https:” appears in the address bar, and look for the padlock icon. If you get any warnings (such as untrusted certificates or similar) — especially unexpected warnings while using Wi-Fi away from home — wait until you are on a secure network before accessing bank accounts.
- Monitor your account: Whether or not you bank on public Wi-Fi, it is wise to review your accounts regularly. Doing so helps you spot errors and signs of fraud — plus you will probably pay fewer overdraft fees. A quick scan through transactions is a good start, but you can also balance your account monthly for a more thorough review.
Secure websites and apps
For the most part, financial websites and apps protect your information by encrypting it before sending it over a network. As a result, your information is secure, even if thieves are listening. Your browser should show you when you are on a secure site by displaying a padlock icon and showing “https” (the “s” is the important part) in the address bar.
However, the appearance of a secure site is no guarantee. If you connect to a compromised network (meaning somebody installed malicious software on the Wi-Fi equipment), hackers can hijack traffic so that you go to a fake “secure” site instead of a legitimate website. Even if you use a bookmark or type in the web address correctly, you will end up on an impostor page that looks just like the real deal.