In spite of occasional catastrophic Internet-wide security vulnerabilities, we’re at the point where it’s increasingly futile to try to avoid conducting financial transactions online. If you’re reading this, chances are you probably do a bit of banking, buying, and – as we’re about to discuss – money transferring online.
It’s no secret that the Web is a bit of a mess, as far as security is concerned, but it’s also unquestionable that conducting financial transactions online is incredibly convenient, whether you’re paying taxes or a parking ticket or making good on a bet via PayPal. For sure, there are a number of risks faced by anyone attempting to send money online, but there is also a long list of common sense protections available to anyone who knows what to look for. In the end, I think the good outweighs the bad, both broadly on the internet as a whole and specifically regarding money transactions there.
First and foremost, you have to ensure that your computer or mobile device is secure before you even worry about the transaction itself. To start, make sure your operating system and any software or applications that may be involved in the financial transaction are up-to-date. If you’re on a traditional computer, this means making sure you’re working with the latest version of Windows or OS X or any other operating system. For Windows, you should just set the updates to install automatically. For a Mac, just keep your eyes on the App Store icon and install any update as soon as possible when one becomes available. On traditional machines, you definitely want to double check and make sure you are working with the latest version of the browser, too, because you’ll probably be conducting these transactions over the Web. Once you are sure you are on the most recent version of the operating system and browser, which you can generally figure out pretty easily somewhere in your browser’s settings menu, then you are ready to move on.
Don't go transferring money on communal work machines, public computers, or friends' devices. #Kaspersky #tipTweet
Mobile devices are a bit different. For these, you’ll also want to guarantee you are working with an up-to-date operating system, be it iOS or Android or Blackberry or Windows Mobile or whatever. The mobile environment differs slightly from the desktop computer in that you probably aren’t going to conduct your transactions over the Web. It’s more likely that you will use some sort of money transfer application. So, go ahead and make sure that application is totally updated. In fact, while you’re at it, you may as well update all your other apps as well, because it’s always possible for an attacker to achieve device-access through some other vulnerable application.
The reason we want to make sure we have all of our updates installed is because security updates ensure that most known vulnerabilities are closed off. Of course, there will be some bugs that don’t get patched for whatever reason, but on the whole, it’s nearly impossible to compromise a fully patched device. Sure, there are zero-days, but only a fool would burn a zero-day to skim banking information from a standard consumer.
The last thing you want to do to protect your personal machine is to make sure you are running a solid anti-virus program on both your mobile device and your traditional computer. It’s well-known that malware is an issue for the PC, but it’s also increasingly apparent that crooks are targeting the Android platform as well, particularly with financial malware. Running an anti-virus will ensure that you are keeping malware that could be designed to steal personal payment information off the device you are about to move money with. Beyond that, the best anti-virus products offer a safe money feature that runs payment websites against a whitelist of trusted sites, checks to make sure your connection with them is secure, and also makes sure the systems on which the transfer is occurring are patched and secure.
Also, never ever perform a transfer on a machine that you don’t control. Work machines are fine if you are the only person that uses them. Don’t go transferring money on communal work machines, public computers, or friends’ devices.
Securing the Web
Now that your personal machine is nice and secure, you want to make sure (inasmuch as it’s possible at least) that the websites you’re interacting with are secure as well. The obvious first step here is to avoid sketchy money transfer services. I can’t pretend to know all the trustworthy money transfer services out there, but you should be safe with PayPal, MoneyGram, Western Union, Venmo, and any number of others. It’s up to you; just make sure you do a bit of research.
Once you’ve decided on your service, make sure it offers strong encryption. Look at the address bar and make sure you see the padlock and ‘HTTPS,’ because you want to make sure you are transmitting any information over an encrypted channel. You may even want to examine the certificate, though your browser likely does that for you, so long as you are up-to-date. Beyond that, just look out for shady banner advertisements that may constitute adware and attempt to steal information from your browser sessions. This is why it’s doubly important to choose a reliable payment service.
If you are using a site that requires login – and I certainly hope you are – then you want to make sure you are using a strong, long, and unique password with a mixture of letters, numbers, symbols, spaces, and uppercases. This is serious business. I write this a lot, but I won’t judge you for using a weak password to protect a throw-away email account that you use to sign up for mailing lists. However, it’s incredibly foolish to use anything other than the best of passwords to protect an account on which you plan to handle money. Financial accounts truly warrant strong and unique passwords (you can check your password here.)
Assuming you have a strong password, the next step is to implement some form of two-factor authentication on whatever site you are using. This way, you will have to confirm any logins using an SMS or email-based security code. This serves two purposes: it raises the barrier of entry into your account, and it also lets you know if someone is trying to access your account. If you get a two-factor notification when you aren’t attempting to login, then that is a pretty good indication that it is time for a security scan of your computer and password change (because it means someone likely has your password and is trying to access your account).
The last thing to do is to use some sort of transaction guarantor, like Verified-By-Visa or 3D Secure, which will require another one-time password from you before the transaction can go through.
If you follow all these steps and keep an eye on your bank account or credit card balance, then you should be safe.