Being alert about online banking

From the get-go, I didn't trust online banking.

To make my case to Windows users, I instruct you to start Internet Explorer. If you are running version 7, go to Tools -> Manage Add-ons -> Enable or Disable Add-ons, and then look at the four different sub-categories of add-ons. If you are running IE8, go to Tools -> Manage Add-ons and review the various add-ons of each type (for Toolbars and Extensions, be sure to show all).

Do you know what all those add-ons are? What they do? Where they came from? I suspect many of you will answer no, no and no. If that's the case, then you are trusting unknown software that lives inside Internet Explorer every time you use the Web browser.

Even Firefox users (on Windows machines) need to be concerned with one type of IE add-on: Browser Helper Objects, or BHOs. They live not only inside Internet Explorer, but also inside Windows Explorer.

My initial hesitancy is fueled by the recent reports of new sophisticated attack methodologies. No longer does your password need to be stolen. Instead, "crimeware", once installed on a Windows machine, simply waits for you to log on to a banking website. After the bank trusts your computer, the malicious software, running silently in the background, transfers money out of your account.

Two-factor authentication doesn't protect you. Secure HTTPS web pages don't protect you. According to Finjan, the new URLZone software doesn't even bother to generate new transactions, instead, it silently modifies the transaction you enter.

In my opinion, people should not conduct online banking from Windows machines. As I've written elsewhere, I feel the safest approach is booting to Linux to run Firefox.

But outside of your computer, alerts can be your best friend. Regardless of the source of the transaction, it's great security to be be alerted, via email and/or SMS text messaging, anytime more than a pre-defined amount of money leaves your account. Likewise, it can be very important to be automatically notified anytime your account falls below a certain dollar limit.

So, I checked with my bank, Chase, about setting up alerts. The good news is that Chase customers can set up alerts; the bad news is that only customers can do so, and only online. Walk into a Chase branch, and they can't do it for you, meaning if you, like me, have no online account, then you'll have no alerts. It's pump your own gas, when it comes to Chase banking alerts.

And if you open a Chase online banking account, setup alerts and then close the online account, the alerts go away too.

If you've set up automatic alerts with your bank, please leave a comment below about the experience. They can be a real lifesaver.

Update October 9, 2009: Speaking of being wary of online banking, the head of the FBI is no longer allowed to do online banking. His wife won't let him. 

8 highly useful Slack bots for teams
  
Shop Tech Products at Amazon