Online Banking – An Opinion

In my post on Cloud Computing, I mentioned using online banking “if you have the guts”. I had originally gone so far off the subject of that post that I almost forgot what I was writing about. I realized that I had too much to say on the subject and decided to spin-off this post instead.

Online banking is the process of connecting to your financial institution, and performing transactions, from a computer or mobile device. No line for the ATM or teller. Sounds great doesn’t it? Think again.

The question my clients often ask me is “Is online banking secure?”. That’s like asking if logging into your computer, with your password, is secure. It is, but there are environmental issues that can lower that security. I am not a security expert, but for the sake of this debate, let’s say the technology being used for the connection between your computer, or device, and the bank is secure. It is, by the way, but I am trying to prevent some security nut from arguing the point beyond my pay-grade. The problem is, even with the connection security, there is an analog security hole. There is the possibility that someone is watching as you type your credentials. At that point, all electronic security is useless because they can now log in as you. What do ya do?

Making sure you are not being watched during any form of authentication is a start. You can’t always be alone with your computer, but you can simply be aware of what, or who, is around you. Are security cameras recording you? Is someone waiting for you to log on? I ask people all the time to turn around when I log in. It is easy to plug the analog hole.

Now is it safe? It depends. The end user is still one of the most important parts of any good security. In my business, I have seen too many infected Windows based machines. Malware keystroke loggers, like Hellz Little Spy, are the electronic version of someone watching over your shoulder. The connection from your browser, or banking application, can be as secure as Fort Knox, and it means nothing if your computer is infected. If it is capturing everything you type, and transmitting it to a far-away land , then all bets are off. For that reason I will never do online banking from a PC. Yep, I said it. Here comes the Windows defenders. Before you hate me, let me make something clear. I don’t hate Windows. I use Windows daily. I have worked with Windows based networks since Windows 3.1 and Excel 2.0. I use the right tool for the job, period. I don’t care if it is made by Microsoft, Apple, or a community of developers. I recommend what best fits the need. Yes, I use Macs at home, but with Windows XP, Vista, 7, and Server running virtually. And, I know my Windows installs are clean, but there’s no way I would risk my accounts to test it. To me, for online banking, a Mac is the right tool for the job, and even then you should practice basic safe computing.

2 Responses to “Online Banking – An Opinion”

  1. Mike says:

    Technically, using your debit or credit card these days is also online banking. I’m amazed that people don’t have the common courtesy to turn their heads when you have to enter your PIN at a store. For that matter, there are few stores that provide a privacy shield for PIN pads. I dislike having to cup my hand over the PIN pad. It just screams “I DON’T TRUST YOU, OR YOU, OR YOU!”

  2. Razz says:

    I agree. Sometimes, even the shield is not enough cover. Personally I have no issues covering the pad. I really don’t trust ‘them’. I am amazed at how often I have seen someone punch-in their PIN, and seen the whole thing. Of couse, unlike a computer, I would not have easy access to their card later. But sending your card out if the room with a waiter should always worry you.