Are online banks safe? 5 security tips for banking online
JEFF KEARNEY • Sept. 8, 2021 • 6 min read
What we'll cover
How online banks differ from traditional banks
Online banking safety precautions
How to stay safe when using online banking
In recent years, I’ve seen online banking become more and more popular because it’s convenient, user-friendly and intuitive. So many folks are switching from ATM deposits to mobile check deposits and from checkbooks to easy-to-use apps that allow them to check their balance or even use their phone to make payments. But with cyberattacks on the rise, concerns about the safety of online banking are also beginning to grow. In fact, millennials now list data security as a top reason for switching banks.
Are online banks safe? As the executive director of enterprise fraud, security and investigations here at Ally, I can shed some light on the topic. Online banks take numerous precautions to help you stay safe, and you can take some smart digital steps that don’t require much time or effort to go the extra mile on your end too. Read on for some tips from me and my team on how to keep your financial identity secure.
First, what is an online bank?
Online banks — also known as virtual banks and internet banks — operate primarily on the internet without branches. While you won’t meet a teller or banker face-to-face as a customer of an online bank like Ally Bank, you can access and manage your account anywhere, at any time, with your mobile device or computer. Chances are you’re already somewhat familiar since nearly all members of Gen Z, millennial, and Gen X do at least some of their banking online.
Compared to their traditional counterparts, online banks typically offer more advanced tools, apps and features that help you manage your money on the go. And because they have lower overhead (no physical branches!), they tend to offer higher interest rates and charge lower fees than brick-and-mortar banks.
Are online banks safe to use?
We’ve all read the reports of hackers and data breaches in the news. These highly publicized cyberattacks may have you concerned about the safety and security of online banking transactions. It’s true that hackers attack online banking websites (for both full-service online banks and traditional brick-and-mortar banks that offer online services), but it’s a myth that online banking isn’t as safe as traditional methods of banking.
How could both things be true? This new reality of cybercrime has required many banks to implement the latest advanced technology to combat fraud and scammers on a whole new level — meaning banking online doesn’t necessarily increase your financial risk.
Since online banks are primarily virtual based, they offer cutting-edge technologies like automatic fraud detection, AI-driven security, and digital encryption that make them very safe.
Your participation is also key in avoiding financial fraud. Being vigilant and street-smart about how you communicate with your bank and protect your personal information can have a great impact on reducing risk in your digital banking experience.
How to stay safe while banking online
Online banking is generally very safe, but you can further protect yourself — and your finances — with these cybersecurity best practices:
1. Choose your online network wisely.
Hackers exploit the vulnerabilities of public wi-fi. If you’re on a shared network (like at a coffee shop, library or gym), your information is in more jeopardy than using your home network. That’s because most of these wi-fi networks lack necessary security measures, have poor router configurations and typically have weak passwords.
It’s best to avoid online banking or conducting any other activity that involves sensitive data over public wi-fi. If you’re out and about, use your cellular network instead to access your online banking account. It’s not fail-safe, but it’s much more secure.
2. Strong codes, passwords and two-factor authentication make a difference.
Always secure your device and applications with at least a complex key code (something better than 1, 2, 3, 4). Most mobile banking apps provide integration with your smart phone’s biometric authentication, such as Face ID or Touch ID, which is considerably more secure than a simple key code.
Also, elect for additional authentication if it’s not already there by default. All online banks like Ally Bank have 2-step or 2-factor authentication built into their security solutions, but it’s still smart to enable multi-factor verification in other apps you use where this feature is optional, especially your personal email account, financial management and planning websites and apps, and any digital interaction you have that stores your personal information or payment methods (such as retail accounts, gift cards, etc.).
Multi-factor authentication typically requires an extra piece of information, such as a unique code that is sent to an account or device that only you can access. This is usually done via SMS (text) or email, or through push notifications within your mobile apps. These protections add another layer of security that is very difficult for a cybercriminal to replicate to gain access to your accounts, but they only work if you keep all your devices, email accounts, and applications safe with strong passwords and multiple layers of control.
Throughout the industry, customers are routinely victimized by fraud because they do not protect their devices and email accounts adequately, so these are relatively simple steps you can take for your own protection.
3. Keep authentication codes secure.
When it comes to receiving authorization codes, not all methods provide the same level of security. Having a code sent to your email is often the least secure because most people do not secure their personal email properly (as mentioned in the previous tip). Instead, opt for push notifications in your apps (when available), as this is the most secure option. Otherwise, SMS (text) provides better security than email for most people. And again, regardless, you should be protecting your email accounts with the same rigor as you do your financial accounts. Consistent with the industry, Ally Bank has recently made changes to discourage the use of email for receiving codes. If you currently do not use SMS or push notifications to receive authorization codes, now is the time to set that up.
4. Don't respond to suspicious emails, texts or phone calls.
Many customers across the industry are victimized every day by fraudsters calling and pretending to be someone from their bank. They can even “spoof” the bank’s phone number, so it looks like you’re getting a legitimate call from the bank. Oftentimes the fraudster has studied how the bank’s agents talk to customers, including use of specific scripts and tone to reflect the brand appropriately. These fraudsters also emotionally manipulate victims by claiming to be responding to urgent fraudulent activity on the account.
Even if a call or message appears to be from your online bank, don’t answer or respond if it seems suspicious in any way. Alternatively, let the caller know you are going to hang up and call the bank back directly (via the contact number listed directly on the bank’s website) to continue the conversation, just to be safe. Or, in the case of an email or text, don’t click on any links within the correspondence. Instead, go to the bank’s website and double-check its contact information.
Additionally, scan for grammar errors within the body copy of texts and email and examine all hyperlinks for irregularities — all of these can be tell-tale signs of a cybercriminal at work. For instance, a criminal might entice you to click on a link to “ally.com” where they have replaced the “L’s” with “1’s” (a11y.com), and you may not notice without very careful inspection, especially depending on the font being used by the criminal.
5. Sign up for fraud alerts.
Most banks, including Ally Bank, allow you to set up suspicious activity alerts online or through their mobile app. In the unlikely event a fraudster gains access to your online accounts, you will receive an alert via email or text informing you about any questionable transactions, including large withdrawals, account closures and fishy login attempts.
You can also choose to receive alerts on your credit and debit card activity to keep an eye on those accounts too.
Is Ally Bank safe?
Keeping your accounts and personal information secure is a top priority for Ally Bank — especially for those of us on the fraud and security teams. Our approach protects you with a layered strategy, which is constantly being updated to protect customers from the latest threats.
At Ally Bank, we guarantee that you will not be liable for any unauthorized online or mobile banking transaction as long as you report it to us within 60 days from when your statement is made available. Check out our online bank account options.
Feel safe banking on the go — whether checking your balance, paying your bills or sending money to a friend — whenever and wherever is convenient for you.
Jeff Kearney, CFE, CAMS, is the executive director of enterprise fraud, security and investigations at Ally, responsible for leading the company’s approach to fraud-fighting and prevention. Jeff works to create partnerships with teams across Ally as well as external vendors and law enforcement in order to stay vigilant and current on all fraud and security matters. Jeff has a long background in fraud and security, previously holding the position of chief security officer at GMAC Insurance.