How safe is Online Banking really?

March 30, 2010 Computer Safety Tip

In this the age of instant gratification, and hassle-free interactions, online banking has become second nature for almost all of us. No longer having to deal with ridiculously long banking queues and irate type types, one can easily sit back in the comfort of your home, and continue with all the necessary banking transactions, all whilst knowing your banking information is untouchable and safe – right? Wrong…

Well – according to Jay McLaughlin – the CIO of CNL bank in the USA (McLaughlin is also a Certified Information Security Professional) – he suggests that Online banking is highly accessible by anyone wishing to do so (legitimately or illegitimately) – and that in fact it is highly recommended to NOT make use of your regular computer system when performing Online banking transactions, as the threat and security vulnerabilities are just too many, and it is simply unsafe.

McLaughlin goes so far as to suggest that he would “like to see all of his customers – both consumers and businesses – access online banking either from a dedicated machine or from a self-booting CD-ROM running Ubuntu Linux and Firefox.”

This may not prove to be the best solution, as consumers would certainly not want to invest in a whole other computer system for online banking alone, and will very rarely want to carry with them a device to enable them to carry out their online banking; consumers want instant access – with minimal effort on their part. However, perhaps in lieu of security and banking safety one may just have to accept that an alternative means of access may be the only solution indeed.

To combat this perceived negative reaction to the proposition of different computer system whereby to access online banking data, McLaughlin is “seriously considering making available free Ubuntu Linux bootable ‘live CD’ discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL Bank’s Web site. Everything you need to do will be sandboxed within that CD. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking. A bootable CD works because it’s isolated from the host PC environment. Malware on the host can’t touch it – and any malware picked up when running from the CD-ROM goes away once the CD is ejected. When you eject the CD you have removed everything off the machine,” he says.

This could bode extremely well for all consumers who actively bank online.

In light of this debate, one should point out that it is not impossible to make use of your standard home based computer to do your online banking. In cases where the bank in question requests and supports a ‘two-factor authentication’ system, this is quite safe to utilize.

In other words, a bank would make use of an authentication code, which it will send on to the user, via an ‘out of band’ service, e.g. a text message sent to a cell phone number of the user. The code is usually a once off unique number, which will be sent to the user every time they make a new request.

All in all I think one can agree that without proper security measures put into place – online banking is quite scary and could possibly turn out to be one major headache – should a hacker stumble onto your account for their ‘kicks’.

Probably best to do would be to introduce the Ubuntu system into your online banking procedures – should your bank not be compliant with the ‘out of band’ system, as the last thing you would want is to log onto your online banking one day – and realize that you have been entirely wiped out!

Think first – act security conscious always!