Banking safely online

To make online business banking a safe experience, business owners can take a few simple steps:

Ensure the bank’s website is secure. Banks have a very high stake in making the online banking experience as safe as possible. After all, the more customers use online banking rather than branches, the lower their overheads. So they have spent a lot of time and money putting systems in place to make online banking secure.

A bank’s website should disclose the security methods it uses to protect customers’ data. Business owners should ensure their bank is using high-end encryption and that the user interface is a secure website. This means that the data being transferred over the internet is scrambled and only the intended receiver can use it. A secure banking site can normally be identified by a closed padlock icon on the bottom right hand corner of the browser and “https://”, rather than “http://” in the address bar.

Introduce multiple methods of authentication. Unfortunately, a secure website doesn’t rule out the possibility of online hackers intercepting passwords with a method called keystroke logging. This means that hackers can record the letters on the keyboard that are pressed when someone enters their password to access their banking system.

And so, many banks will also provide their business clients with a second layer of security. This additional security may be in the form of a series of passwords; two-factor authentication; or the use of digital certificates.

In its simplest form, a series of passwords makes it more time-consuming and more difficult for hackers, thus discouraging them. It is also possible to have two passwords so the security software uses random parts of each password at the start of an online session. This randomness provides an added dimension to the security.

Two-factor authentication commonly refers to a two-step login/authorisation process. For example, an electronic security ‘token’ is linked to an individual’s login ID and password. When activated, the token generates a one-off password, using a random algorithm, which is used as the second level of proof of identity.

A digital certificate is attached to an electronic message and used to authenticate transactions on the internet. It is an electronic ID which verifies that the sender of a message, or bank transaction request, is who they claim to be, and provides the means by which transactions can be encrypted and decoded only by the issuers and applicants of the certificates.

Change passwords regularly. While the security measures provided by banks may help protect their online banking clients, there is still much more the individual can do.

Use the security features of the banking software. If it provides the capacity to change passwords on a regular basis, take advantage of this feature. It may seem like a painful exercise to be asked to change a password in the middle of authorising a transaction, but keep in mind that it will help ensure the security of transactions.

Don’t keep a record of login IDs and passwords on or near the computer. Also, while many people think having the same password for all login IDs will make them easier to remember, this can make it very easy for a hacker to attack more than one account. Even if not asked to, change passwords regularly. For those who must keep a record, hide it somewhere.

Also remember that if a cheque with forged signatures is paid by the bank, it is the bank’s responsibility, but if an e-banking password is used by someone who shouldn’t have known it, it’s the business owner’s responsibility. Passwords must be kept secret and, when staff leaves, their banking authorities should be changed immediately.

Use and update antivirus and security software. Smaller businesses, and particularly those operating from a home environment, don’t have the luxury of a larger organisation’s IT infrastructure, which many employees (and often employers) take for granted. This is why many online banking attacks have been targeted towards home users and small businesses.

Make sure a computer is secure and that any business information is kept separate from other information on a shared computer. Install antivirus and security software on the computer, and keep it up to date.  Back up business data and applications and keep the backups secure.