How secure is digital banking?

What about security in digital banking and online banking?

How secure is digital banking really? In this article, we take a look at the security measures taken by both banks and customers.

Digital banking enables customers to carry out banking transactions conveniently from home or on the move. However, with increasing digitalization, security concerns are also growing.

Digital banking, also known as online banking or e-banking, enables customers to carry out banking transactions over the internet. This includes a variety of services such as transfers, account balance inquiries, setting up standing orders and paying bills. The advantages of digital banking are convenience, round-the-clock availability and fast transaction processing. Customers can carry out their banking transactions from anywhere as long as they have access to the Internet, making the traditional trip to the bank branch largely superfluous.

Banks’ perspective

Security in digital banking is of paramount importance for financial institutions. Banks use a variety of technical and organizational measures to protect their systems and their customers’ data.

Security protocols

The digital banking systems of Swiss financial institutions offer one of the most secure data transmissions in the world. Customer data is automatically encrypted in both directions using TLS certificates, which prevents unwanted access and manipulation by third parties and confirms the identity of the e-banking servers.

Multi-level login procedure

Financial institutions use multi-level login procedures for digital banking to ensure maximum security. These procedures usually combine the identification number (or contract number), a password and a time-limited transaction number (TAN), which is valid for one-time access. This combination represents a high hurdle for attackers. In addition, banks are constantly investing in new technologies to stay one step ahead of attackers and protect their systems against increasingly sophisticated hacker attacks.

Transaction monitoring

Many financial institutions use special systems to automatically monitor digital banking transactions and sort out non-legitimate transactions. These systems check the payments entered using defined rules and criteria to identify unusual activities such as foreign payments. Suspicious transactions are stopped and checked before they are actually executed. In addition, some banks require a transaction confirmation from the customer, in which potentially dangerous transfers must also be approved, often with an additional TAN. Regular and trustworthy payment recipients are included in so-called white lists to simplify the process.

Protected data centers

Swiss financial institutions operate highly secure data centers that are protected against power failure, fire, water and burglary. These centers are continuously monitored, maintained and updated. Strict entry and access controls ensure that only authorized personnel have access to sensitive data. Regular data backups ensure operational continuity. External control bodies such as the Swiss Financial Market Supervisory Authority (FINMA) and ISO standards (in particular ISO 27001) ensure compliance with international security standards.

The end customer perspective

It’s like driving a car: The safest car is useless if the driver does not drive responsibly. In digital banking, customers also make a significant contribution to security by taking conscious security measures and watching out for suspicious activity.

General security measures

In the digital world, including digital banking, it is crucial to protect personal data and devices from threats. The “5 steps for your digital security” provide guidance on how to increase online security:

  • Back up your data: regularly back up your data to at least a second medium and check the storage.
    Monitor with antivirus and firewall: Activate a firewall and install an antivirus program to protect your devices from attacks.
    Prevent with software updates: Keep your system and all programs up to date with regular updates.
    Protect online access: Secure your devices and online access against unauthorized access with secure passwords and two-factor authentication.
    Watch out and be vigilant: Always be vigilant and skeptical of unusual activities on the Internet.

More information on important security topics:

Log in securely

When it comes to digital banking, customers should observe important security measures to protect their sensitive data. This includes always entering the URL of the financial institution manually in the address bar of the browser and not using links from emails, text messages or search engines. Customers should ensure a secure connection, recognizable by the lock symbol and the correct Internet address (URL) in the browser address bar. In the event of system interruptions or unusual error messages, customers should terminate the connection immediately and notify the financial institution. In addition, digital banking transactions should only be carried out from secure, known devices and login information should be entered covertly while on the move.

A secure connection is guaranteed by TLS certificates, which encrypt the communication on the one hand and confirm the identity of the server on the other. When logging in, customers must ensure that they have established a secure connection to the correct website.

Behavior during digital banking

During a digital banking session, customers have access to sensitive information such as account details. Customers should therefore remain focused and attentive and end the digital banking session immediately in the event of unusual activity:

  • Unusual occurrences should be reported to the financial institution.
  • All confirmation messages should be read carefully before confirmation.
  • Digital banking sessions should never be left unattended.

Secure logout

The digital banking session should be terminated correctly using the appropriate logout function (“Logout”, “Logout” or “Exit”) in order to close the connection securely and protect the next login. The browser history should then be deleted to remove cached data and minimize attack surfaces. Alternatively, you can browse in incognito or private mode to avoid saving data.

Using a mobile banking app

More than half of all digital banking transactions are now carried out via smartphones or tablets. Mobile banking offers many advantages, but also risks.

A secure and clean mobile device is crucial. Devices should always be protected with the “5 steps for your digital security”. Mobile banking apps should only be downloaded and installed from official stores such as the Apple App Store or Google Play Store. Apps with a low reputation should generally be avoided and apps that are no longer needed should be uninstalled. The access rights of all apps should be reduced to the bare minimum and unnecessary rights such as location data or address book access should be deactivated. When using the app, it is advisable to only use trusted networks and avoid public (potentially insecure) WiFi networks.

Special functions of the mobile banking app: Mobile banking apps offer predefined and secure software solutions that minimize typical application errors. These apps perform security checks in the background and facilitate the secure use of digital banking by automatically performing tasks such as entering the bank address and verifying the secure connection.

Training and information

Most financial institutions and initiatives such as “eBanking – aber sicher!” offer numerous training sessions, courses and information materials to raise awareness of current security threats and appropriate protective measures. Customers should use these resources to keep up to date with new fraud methods and security practices.

Conclusion

Digital banking security is a shared responsibility that must be taken seriously by both financial institutions and end customers. By implementing advanced security measures and promoting security-conscious behaviour, both sides help to strengthen trust in digital banking and minimize risks.

Author: Cornelia Meili-Breu, Information Security & Data Protection Assistant, “eBanking – but secure!” team (www.ebas.ch), Lucerne University of Applied Sciences and Arts – Information Technology

«eBanking – aber sicher!» (EBAS) ist eine unabhängige Plattform der Hochschule Luzern – Informatik, die Sie dabei unterstützt, Ihre persönliche Informationssicherheit mit Fokus auf E-Banking wahrzunehmen. Die Website www.ebas.ch bietet umfassende und praxisnahe Informationen im Bereich der Informationssicherheit, die darauf abzielen, die Sicherheit digitaler Bankgeschäfte (E-Banking, Mobile Banking, Payment etc.) zu gewährleisten. Die Informationen richten sich sowohl an Anfängerinnen und Anfänger als auch an erfahrene E-Banking-Anwendende und werden zum Teil auch spielerisch, wie beim Phishing-Test oder Ransomware-Game vermittelt. Die Website dient somit als umfassende Informationsquelle für alle, die ihre elektronischen Bankgeschäfte sicher gestalten möchten. Des Weiteren bietet EBAS Kurse zu verschiedenen Themen (Mobile, Kryptowährungen etc.) und Zielgruppen (z.B. Endkunden, KMU).

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More