In the 21st century, it is impossible to NOT have a bank account. Not that long ago, one could keep their money under ones’ mattress, but not anymore. So, since we are all forced to rely on our banks, we have the right to expect them to keep our money safe. And, if their security is breached, surely they are obliged to tell us, right?
Apparently not. Some Belgium banks were infiltrated over the last couple of weeks, allowing up to 90% of a “handful” of victims’ accounts to be stolen via a Trojan Horse. They have tried to place the blame back upon their customers, “warning” them to close pop-up windows and alike when internet banking with these banks. Personally, two of my internet banking service providers require me to log in via a pop-up window, and they always have, so I, too, would view this as a regular screen and enter my login data accordingly – wouldn’t you?
Yes, we must take responsibility for ourselves, but this is really something that’s out of our hands, and we NEED our banks to protect our money, because we don’t have a choice but to use them. We can choose between the different banks of course, but really, aren’t they all the same?
Sadly, the above hacking incident was not the first instance where these banks in this part of the world have been hacked; It also occurred in 2009, this time via an SQL injection. “Banks are notoriously known for keeping details about data breaches secret, and while this is somewhat understandable from a security perspective, people have a right to know that many times these are the result of basic programming errors, such as the ones reported in this article.”
What I don’t understand, as someone who is in the cyber security profession, is why these banks wait until they are breached in order to upgrade their system. It’s more economical to upgrade to the latest and greatest security system available as soon as possible, than to lose money to a hacker. Citigroup in the USA were also hacked, quite severely, in June of this year…now that I think of it, they are one of the banks with whom one logs in via a pop-up keypad…hmm…Earlier this month approximately US $20 million was stolen by some Ukrainian hackers, again from private accounts.
Whilst a lot of your personal banking security is completely out of your hands, there ARE some things that you can do in order to avoid breaches to your personal bank accounts when internet banking. For starters, NEVER internet bank over wi-fi unless it is your personal wi-fi network that is password protected. If even your pacemaker and insulin pump can be hacked over wi-fi (see previous articles from this column) then you can bet your bottom dollar that your bank account can be too…and if you internet bank over unsecured wi-fi, you WILL be betting your bottom dollar!
You can also keep your password private and safe – only share it with the people with whom you would share a toothbrush (hopefully, that is NO ONE!). There are password managers and encryption options available, so that you can keep all of your passwords complicated enough to avoid them from being guessed, and make them unique to each site, so that if one is hacked, then they aren’t all compromised.
Before loading any “free” software, read the fine print and find out what it “requires access to” in order to operate. Just today, a couple of “free” applications in the Google Chrome Web Store wanted to access ALL of my browsing history and future history, and my data from those sites – I think not!!! The other day a friend invited me to video chat on Facebook, but the terms and conditions listed EVERYTHING from my Facebook account as being the required data it would need to operate; I declined that invitation, and let my friend know why, and they immediately removed the application from their profile too and thanked me for the “heads up”.
Next time you are on the telephone to your bank with a human, or are visiting a branch, ask them about the security they provide for you whilst internet banking, ie when did they last upgrade their system. They work for you, they are your employees, therefore you have a right to know how they are protecting your money. Until next time, be safe and sensible.