Passwords serve as the primary protection for online banking accounts; they are the key that allows access to banking information and transactions. An inadequate or simple password may result in the unauthorized access to bank accounts, but also could result in the victim being held responsible for actions taken using his or her password. Each online banking user should have a unique Access ID (user name) and a secret password. This password should not be shared with anyone, including family, friends, supervisors or employees. Anyone needing access to an account should apply for a personal Access ID.
Secure passwords should include some of the following characteristics:
- Contain both upper- and lower-case characters
- Use a special character
- At least eight alphanumeric characters long
- No words in any language, slang, dialect, jargon, etc.
- Not base on personal information, names of family, etc.
Other things to consider with passwords:
- Never write down or store unencrypted
- Avoid using the same password for multiple applications
- Don't reveal a password to anyone
- Don't reveal a password on questionnaires or security forms
- Do not use the "Remember Password" feature of applications
Even if you keep your password secret, if the computer or mobile device that you use to access online banking is not secure, then your password can be captured by malware present on the device.
Software often has security gaps that hackers discover and use to gain access to victim's computers. Updating software with repairs to these gaps is a very important part of online security. Microsoft updates, as well as updates for Adobe and Java should be applied as soon as they are offered on personal computers and mobile devices. Corporate machines on a network are likely being "patched" by the network administrator.
Along with desktop applications, security software such as anti-virus and anti-malware programs need to be kept up to date. Any computer on the internet without up-to-date protection will likely be infected within minutes.
When accessing online banking, do it from a clean browser, meaning that online banking should be the only tab open on the browser. The reason for this is an attack called cross-site scripting where malicious code embedded in a website, or in advertising on a website, can reach across to other tabs to collect information.
Public Computers or Networks
When you use a public computer, such as in a library or a hotel, you cannot be assured of the security status of the machine. It is recommended that you do not access online banking on such a machine, nor over a public Wi-Fi connection. If you own a personal Wi-Fi connection, but do not use available security features such as password protection and data encryption, it is as insecure as a public connection.
Internet Banking Security Checklist
Internet banking is a powerful tool for increasing the accessibility of your Home Bank accounts for you, but it also provides potential openings for fraudulent activity committed against your accounts. Online thieves are continuously developing new means of gaining access to your accounts through Internet Banking.
While Home Bank is working diligently to stay ahead of these thieves, we cannot completely prevent attacks occurring through your computer. It is very important that security measures be maintained by you in your home, office, or anywhere you access your bank accounts online.
To ensure protection of your Home Bank accounts when using Internet Banking, please following this security checklist.
- Change your access password at least every four months. Do not allow your internet browser or Windows to remember your internet banking password.
- Set your authentication image and authentication pass phrase, and be mindful of it when you log in to online banking. (Does not apply if tokens are used.)
- Maintain up-to-date antivirus, antispam, and antispyware programs on all computers and devices used to access your bank accounts.
- Never access your bank accounts using a public or un-secured private wi-fi connection.
- Never share your password or enter it in any website that is not the Home Bank Internet Banking login page. Home Bank will never ask you to enter your password on a form or send it by email.
- Do not send confidential information by email. Contact Home Bank for instructions for secure message delivery.
- Do not leave your computer or mobile device unattended while logged on to online banking. Click "Log Off" when you leave the online banking site to close the session.
- Notify Home Bank immediately if you discover unauthorized use of your security codes or if you believe that someone transferred money without authorization.