10 Tips for Even Safer Online Banking

Close-up of hand holding a modern smartphone with a generic mobile banking app running. The app interface is non existing one. It has been created in graphic program by contributor

About half of Americans now use computers or smartphones as their primary banking method. Online banking with PCs or Macs still reigns supreme as “most preferred” by one-third of customers, but mobile banking has increased fourfold since 2010.

Either method is safer than mailed statements. But with their geo-location capabilities, secure banking apps and other advances in mobile software, smartphones may have the security edge over traditional computers. Here’s how to make mobile and old-school online banking even more secure.

Use your “best” password practices. That means always using a different password for online banking than for other accounts, changing it within every 90 days and making it at least 15 characters (combining uppercase and lowercase letters, numbers and symbols). If you can memorize only one strong password at a time, reserve it for online banking.

Get discounts on financial services from trusted companies — AARP Member Advantages »

Ensure two-factor authentication . Now offered (if not required) by most banks, this often entails a unique image or key code after you sign in but before you enter your password. Some banks now offer a security token code with ever-changing codes after you register your smartphone. Whatever method is used, it should be obvious and consistent. In other words, don’t proceed with your password if that familiar photo is missing without first contacting your bank.

Have an MIA plan. Check with your wireless provider about features that let you remotely erase content or turn off access to your device and bank accounts if your phone is lost or stolen. Apple’s iPhone has the Find My iPhone app built in, but you need to activate it; apps such as Where’s My Droid are available for Android devices.

Use official bank apps. Whenever possible, download apps directly from your bank’s website. If you can’t, ask your bank where you should get its branded or sanctioned app (most likely from a trusted app store). With banking apps, information is usually encrypted and more secure than text messaging or email.

Don’t do online banking from a public Wi-Fi hot spot; most don’t have encryption. Also, set your laptop, tablet or smartphone so that you have to manually select the Wi-Fi network.

Secure the smartphone itself. Most people still don’t use a screen-locking PIN, which prevents access to online accounts (and everything else) should their phone be lost or stolen. Do not use any of the following combinations for PINs, since they are most easily guessed and hackable: 1234, 0000, 2580 (a top-to-bottom keypad sequence), 1111, 5555, 5683 (which spells "love"), 0852 (a bottom-to-top sequence), 2222, 1212, 1998 or your birth date or birth year.

Always log out at the end of each banking session.

Know what to expect in emails or text messages. Legitimate messages from your bank about month-end balances and other matters should always include your name and a portion of your account. So ignore “Dear Customer” correspondence alleging account problems, and requests to verify or provide account information.

Even with “personalized” bank messages, it’s safer to type the website address yourself, rather than trust imbedded links.

Check in often. Online bank accounts should be monitored at least twice a week — ideally, each day. It’s especially wise to check your account after using a debit card for purchases or ATM cash withdrawals.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: Spaceliner/iStock

Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs