Online Banking: It's Still Safe
Don't let all the news about data loss scare you away from the convenience of online banking. Here's how to keep your info--and money--safe.
By Carolyn Bigda

(MONEY Magazine) – Reports of rampant Internet fraud and identity theft have led many to conclude that the convenience of online banking and shopping isn't worth the risk. That would be the wrong conclusion. The majority of ID theft occurs outside cyberspace. Banks, credit-card issuers and online retailers are rolling out more effective security features. And there's plenty you can do on your own to build a Star Wars-worthy force field around your personal data.


Sign up for security Some banks have made it harder for a crook to access your account even if he's stolen your card number or your user ID and password. (See page 25 for more on what to do if that happens.) In many cases these programs are optional, so be sure to opt in. By fall, for example, Bank of America customers will be able to request that anyone logging in from an unrecognized PC be required to answer a "mother's maiden name"-type question for access. You can elect to sign on to E-Trade's website using passcodes that are transmitted to a small keychain fob and that change every minute or so. Some credit-card issuers, including Citibank (888-285-9696) and MBNA (888-898-6262), let you make purchases with single-use virtual account numbers.

Even without these features, the longer and more complex your password, the harder it is to hack--so mix in numbers, random letters and symbols.


Lock down your browser Any bank's defenses can be compromised if your computer is an open door for fraudsters. Make sure you regularly download Windows updates (at, which often include security patches. Use current antivirus and anti-spyware programs like Norton AntiVirus 2005 ($30 at and Spybot Search & Destroy (free at And release your credit-card info to an online retailer only if you see a locked padlock icon in the lower corner of your browser window, as well as "https" in the URL, not just "http."


Don't take the bait Phishing attacks--in which an e-mail poses as a message from a bank or commerce site and lures you into divulging information--duped more than 2 million people in the past year, according to tech research firm Gartner. No legitimate financial institution will ask you to supply personal info via e-mail. When in doubt, call customer service. Never click on links or pop-ups or send back personal info.


Use credit, not debit The pay-as-you-go ethos of debit cards is good financially, but for security purposes, credit cards have the edge. They act as a buffer: If your card is misused, you won't be out actual money before you resolve the situation. Credit-card issuers also have greater legal obligations when it comes to how much they can hold you responsible for and how quickly you have to report fraud before you're on the hook.


Keep watch The beauty of online accounts is that you can monitor them almost in real time. That means you can catch crooks long before a statement arrives in the mail. In fact, a study by Javelin Strategy & Research found that the average time to detect fraud was 18 days for people who monitor their accounts online. For paper users: 114 days. And you thought cyberspace was risky.