Citibank Breach: IS ONLINE BANKING SAFE?: Citibank Breach Begs Question: 6 Tips to Bank Online Safely: Citibank acknowledged that a data security breach has exposed information on about 210,000 of its bankcard customers. While these data breaches seem to be growing more commonplace, experts offer tips to make online banking more secure.
Adam Levin, co-founder of Credit.com and former director of the New Jersey Division of Consumer Affairs, said it is best for consumers to carry the mindset that there will be more data breaches in the future.
"The level of sophistication of hacking has grown exponentially," Levin said. "And the bad guys are ahead of the good guys."
Citi told the Financial Times that the incident occurred in early May at Citi Account Online. With over 21 million customers in North America, according to its annual report, the breach may have exposed about one percent of its account holders. While the bank said information like social security numbers, card security codes and birth dates were not exposed, customers may wonder if secure online banking really exists.
1. Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.
"Call them back using only the phone numbers published on your cards or statements," Richard Wang, manager of SophosLabs US, said.
2. Update your security software on your computer.
"Make sure it's malware protection and have the most sophisticated firewalls and anti-intrusion software," Levin said. "Those start screaming at you anytime you're even near something that has a worm on it."
3. Check the security of your mobile device and your mobile banking apps.
Mobile banking and payments are becoming more common, which means hackers may pay more attention in that marketplace also.
Andrew Hoog, chief investigative officer of viaForensics, a digital forensics and security company, found three unencrypted (i.e., less secure) passwords in apps for Foursquare, LinkedIn and Netflix on the Android in a recent round of app security testing. Citibank received a "pass" rating for its app.
4. When logging in to perform online transactions, always enter the website address directly in your browser.
Never click links that claim to take you to banking sites.
"Citi's breach is significant. It's easy enough for a criminal with your credit card number, name and address to make fraudulent charges," Wang said. "Adding in your email address allows them to attack you directly with very convincing phishing emails to try to get even more information from you."
Adam Levin, co-founder of Credit.com and former director of the New Jersey Division of Consumer Affairs, said it is best for consumers to carry the mindset that there will be more data breaches in the future.
"The level of sophistication of hacking has grown exponentially," Levin said. "And the bad guys are ahead of the good guys."
Citi told the Financial Times that the incident occurred in early May at Citi Account Online. With over 21 million customers in North America, according to its annual report, the breach may have exposed about one percent of its account holders. While the bank said information like social security numbers, card security codes and birth dates were not exposed, customers may wonder if secure online banking really exists.
1. Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.
"Call them back using only the phone numbers published on your cards or statements," Richard Wang, manager of SophosLabs US, said.
2. Update your security software on your computer.
"Make sure it's malware protection and have the most sophisticated firewalls and anti-intrusion software," Levin said. "Those start screaming at you anytime you're even near something that has a worm on it."
3. Check the security of your mobile device and your mobile banking apps.
Mobile banking and payments are becoming more common, which means hackers may pay more attention in that marketplace also.
Andrew Hoog, chief investigative officer of viaForensics, a digital forensics and security company, found three unencrypted (i.e., less secure) passwords in apps for Foursquare, LinkedIn and Netflix on the Android in a recent round of app security testing. Citibank received a "pass" rating for its app.
4. When logging in to perform online transactions, always enter the website address directly in your browser.
Never click links that claim to take you to banking sites.
"Citi's breach is significant. It's easy enough for a criminal with your credit card number, name and address to make fraudulent charges," Wang said. "Adding in your email address allows them to attack you directly with very convincing phishing emails to try to get even more information from you."
5. Use strong passwords and don't reuse your bank password elsewhere.
"Remember that if you use the same password on multiple sites, then it's only as secure as the weakest site," Wang said.
Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.
Levin said you should even have unusual answers to additional security questions.
"If they ask for your mother's maiden name, say 'superwoman,' or something outrageous that you would only know," Levin said.
Litan said another extreme but secure way to bank safely online is to use a locked-down browser, a CD-drive that is "read-only" or have a dedicated computer solely for online banking
6. Be active in monitoring your financial accounts.
Levin said he does not believe eliminating your online accounts is the answer because they can be the best tools to monitor your financial activity in real time. He suggests you monitor your online accounts at least once a day.
"Some people say that's an outrageous use of your time, but think about how long you spend in email or your Facebook account, and think about how much time you want to protect the financial integrity of your life," Levin said.
"Remember that if you use the same password on multiple sites, then it's only as secure as the weakest site," Wang said.
Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.
Levin said you should even have unusual answers to additional security questions.
"If they ask for your mother's maiden name, say 'superwoman,' or something outrageous that you would only know," Levin said.
Litan said another extreme but secure way to bank safely online is to use a locked-down browser, a CD-drive that is "read-only" or have a dedicated computer solely for online banking
6. Be active in monitoring your financial accounts.
Levin said he does not believe eliminating your online accounts is the answer because they can be the best tools to monitor your financial activity in real time. He suggests you monitor your online accounts at least once a day.
"Some people say that's an outrageous use of your time, but think about how long you spend in email or your Facebook account, and think about how much time you want to protect the financial integrity of your life," Levin said.
By ABC News
No comments:
Post a Comment