Online Banking Security

I don't have suggestions regarding VPNs or security but I do suggest you take some kind of file with all of your banking security questions and answers in them. Yep, it never occurred to me that I wouldn't remember but I managed to lock myself out of my billpay account during the first week of an 8 week trip last fall. Let the record show that the answer to the question What was your first dog did NOT include the color of said dog. Ugh.

Before you travel I also suggest you pay your online bills at least once from all the devices you will have with you so those accounts will recognize you.

You may be way ahead of me on this, if so I apologize, but it might help someone who is reading along.

I am not a security expert but have tried to think through logically. On the road we pay our credit card bills, etc., by arranging the payment through the credit card site. These are one time authorizations to pay the credit card. My thinking is, if the access to the credit card was compromised, then the only thing that someone do would be to authorize payment of my credit card again. The cc number is not available or any other critical financial information. Someone could causes problems by changing alerts, passwords, etc., but no access to any financial data or money.

On the other hand if I set up a payment account through my banking web site, and that access is compromised, then someone could all kinds of nasty things to my checking account. I never check my bank balance on line when traveling, so my concerning about the banking site is min. I have notification alerts set up on all credit cards that send an email alert anytime the credit card is used in a foreign location or without the card being presented. That way I can be quickly alerted if the credit itself was compromised. The alerts are especially useful because they tell me nearly instantly how much in US dollars was charged to the card. For the past few years, this has worked well for us.

I do use a VPN whenever I'm using any public WiFI, in Europe or elsewhere. I setup my own VPN service on my home router. Then I connect to that VPN from anywhere, which puts my laptop on my home network whenever I'm away.

Your average home router may not have a VPN feature, but if you know someone who is tech savvy, it's relatively easy to setup with the right router. (I am tech savvy.) The benefit of doing it this way: no monthly fee for a VPN service. You can also subscribe to a VPN service, which means you are connecting to some organization's private network (presumably in North America? Not a given) which presumably has higher security than the random WiFi network you are using in Europe. I prefer doing it myself not only because I don't pay a monthly fee but because there is no "middle man" - I'm connecting to my own home network which I believe is secure. I don't have to trust some other company's VPN service to be secure.

If you don't have a VPN? You might see if your credit union or bank offers something called "two-factor authentication" or "two-step security" to be able to login to your online banking account. (I suspect this will be the norm in a year or two for all financial institutions anyway.) This means you can't simply login with a single password - you will need to have them, for example, text you a second temporary code as well, each time you login. So even if someone steals your password, they wouldn't have the second step, without having access to your phone too. Obviously this implies you would have a phone with you that works in Europe and can receive text messages.

Even without a VPN, over any unsecure network - public WiFi say - you are already relatively secure if you use a website that uses SSL (encryption), and surely every credit and bank has been using that for years. (Facebook, Gmail, and many other sites now use SSL too for everything; any time you enter a credit card number online when making an online purchase, that website is almost certainly using SSL) That means your traffic over the network is encrypted. There have been security hacks related to SSL over the years, but these are still pretty rare. A VPN simply improves your security even more. Still, your credit union or bank may detect you are not in your home country and may not let you even login from there. (A VPN would connect you to some network say in North America so your credit union/bank would think you are there not in Europe.)

In the unlikely event that some hacker somehow stole the username/password for my online banking accounts the worst they could do to me is transfer money between my own checking/savings accounts.
Annoying but nothing to loose sleep over. When overseas I routinely check my accounts on a daily basis on lots of different public non-vpn Wifi connections, and never had any of my passwords compromised.

Andrew, wow, I appreciate your thorough description and detailed information even tho I am not the OP!

I use ExpressVPN but there are many others like it. I purchase it on a monthly basis whenever I'm traveling. You can select the country where you would like your VPN address to be so that, for example, if you're in Europe you can make it look like you're in the USA.

Michael, with my bank account, once you are into the account you can go ahead of set up payees and transfer money to them. I have never completed the process of setting up a payee but it looks simply to do and no additional levels of security. So if someone gets into the bank account, what is to keep them from setting up a fake payee and transferring funds to them.

You can make this very complicated, maybe so complicated you cannot gain access. For a while I used the Google double log on but it was pain when traveling without a reliable cell phone connection. Goggle will pre-print ten access codes but it is still a pain. Of course, that is the idea. The harder it is for me to gain access to my account, then it will be harder for someone else.

I still think it is simpler and easier just to pay through the credit card site.

I live in hotels and have to use their networks. So, I've been using a paid VPN for awhile. I use it on my IPad to access financial accounts. I also use the financial institutions app to increase security.

I also use Dropbox to keep financial log in information. The good thing about the Dropbox app is you can set it so you need to use a security code to access the app and not just click on it. So, if someone should steal your computer/tablet, they would have a hard time opening up Dropbox.

The other nice thing about the VPN I use is that it allows me to log on via about 8 different countries including the U.S. So, if I'm overseas somewhere that is blocking websites, I can log onto the net via a U.S. IP address. (Or a British one if I want to watch the BBC.)

I use Hotspot Shield. They have both a fee and paid service. One bit of warning.....they have so many customers in the Middle East that Google sometimes recognizes the VPN IP address as coming from there and I get ads in Arabic. I checked with HS and they said it was nothing to worry about.

I also carry a small travel router with me in case there is an ethernet port in my room. IF there is, I connect the router via ethernet and set up my own wifi network that is password protected.

I also use Hotspot Shield paid service. I have it installed on my phone and use it anytime I'm using public wifi here in the States or overseas. I also have it installed on my iPad that I use for email and accessing banks.

I also carry a small travel router with me in case there is an ethernet port in my room. IF there is, I connect the router via ethernet and set up my own wifi network that is password protected.

A word of caution here. I hope this doesn't mean that you're using your devices in the hotel room without the VPN, trusting your password-protected travel router is getting you to the internet safely. First off, its possible the hotel isn't entirely hardwired and uses wifi to connect switches that have wired ports to nearby rooms, although this isn't the most common setup. More importantly, if you aren't using VPN then your packets are traveling over a network that may not be set up with security in mind, so your packets are visiting all the other ports in the building. See http://www.cnet.com/news/ethernet-connections-in-a-hotel-room-are-not-secure/

I always use vpn when doing anything "sensitive" over the internet. I don't always use it on my phone when casually surfing or using cell service. But for banking or anything else needing some security, I use VPN. And if not using an app, I make sure the site url includes https.

Michael, with my bank account, once you are into the account you can
go ahead of set up payees and transfer money to them.

With my banks in order to do any of that fancy stuff it requires telephone verification for my home phone....robocall to my house with a temporary pin number which you then enter into the web site.

Thanks for the responses. Clearly not a one-size-fits-all solution (not that that was what I expected). Definitely appreciate you each taking the time to chime in.

I should also add that if you use a VPN, once in a while the WiFi you are connected to will block it - as part of a too-overzealous security of the network. Maybe 1/10 times, I land on a network that blocks my VPN connection. Now I travel with my phone which has data and hotspot so I know I can always use that as backup to the local WiFi if necessary.

ft,

I use a slightly different method to handle bill payments for all trips, regardless of trip length. As I know the dates that all payments are due every month (credit cards, utilities, etc.), I simply pre-program the payments to be made on the appropriate dates. My payroll is deposited in a savings account so I also pre-program a transfer of the necessary amount to the chequing account (where the bill payments are made from).

On those few occasions when I've had to make an unexpected transfer (such as for a gift), I just make a short call to the call centre at my credit union and that can usually be taken care of in about a minute.

I will occasionally check my balances online using the Wi-Fi at hotels, but have never been too concerned that hackers will intercept that, since the hacker would have to be on or close to the premises. I'd be more worried about data interception at more "public" locations such as Starbucks or McDonalds, where the hacker could be the person sitting next to you. I probably won't need to check balances that way as much now, as I have a "Quick Balance" feature on the App provided by the credit union that shows me all the balances at a glance.

I really like pre-programming payments as that means I can strictly enjoy the holiday without having to worry about forgetting bill payments, or even having to take the time to deal with that.

I hate to burst anyone's bubble regarding wifi and public networks, but I used to work in the network security industry (but not currently) and the concern about public or semi-public networks (hotels, chain restaurant, coffee shops, etc) is the terrible deficiency of maintenance of their network security. Although I'm speaking collectively about all, it is a relatively rare situation to find an organization that has a strong security update program (maybe 15% of them). Many network servers are woefully out of date by several upgrade cycles, and in a significant number of cases there is a lot of unknown programs and bugs on the servers. Even among high-end hotels, the amount of resources they devote to the issue can vary widely. Franchisees are not always held to the strict terms of their agreements to maintain their wifi network systems. What this means is that an enterprising hacker can install a program on poorly protected networks that will monitor traffic and siphon off selected data to another site. My personal solution is a VPN, and/or paying for a cellular data plan when using for sensitive information. Even those solutions are not fool-proof, but it reduces the chance of data theft. Be paranoid. It's justified. At the same time, try to think logically, figure out a damage-control plan in advance of your trip, and then have fun on your trip.

There are some non-obvious risks with using a public WiFi network (not just in Europe, but anywhere). There is more to worry about than just your network traffic - website and email activity - being monitored over the WiFi. The network could be hacked, unbeknownst to the owners, and directing you to fake websites that look like your bank website, but aren't. Or, they could install malware on your computer when you think you are visiting a legitimate website but aren't - and later, when you land on your real bank's website, your activity could be monitored by the malware.

A VPN avoids most of this worry. Then again, nothing is 100% secure.

You can prepay your monthly expenses if you use online billpay. I've done that in the past when traveling out of the country. The service provider (phone, water, utility, etc.) would be carrying a credit so you would not have to worry about paying each month.

You could always prepay your credit cards, estimating what you may incur or if you have budgeted your expenses, use that estimate.

We use Expresss VPN as our provider after researching reviews, user comments, etc. I would NEVER go online without using a VPN service (for anything/everything). It will encrypt the data you are sending from end-to-end. While there really is no way to be 100% secure, VPN is a good preventive measure, especially when using public wifi (hotels, airports, etc.). Two-factor authentication and the methods used to deliver the PIN code varies by company/bank/institution. Our bank only delivers the PIN via phone call, so that would be problematic when we're in Europe. Here is a site that offers information:
https://twofactorauth.org
Hope this is helpful.

I only do sensitive online webstuff when connected through cellular data and never on a hotel or public wifi. I turn my phone into a mobile hotspot by "Tethering" to my tablet. I think the cost and ease are probably a better option for the occasional traveler than setting up a VPN.

OK, I admit it, I am totally paranoid to do bill paying etc. online. I know several tech savvy people who won't do it either. One suggestion I have, which I know sounds very old fashion and cumbersome, is to have a very trusted family member or friend pay your bills for you while you are away using the good old check book method. Although I am rarely gone for such an extended period of time, I have done this in the past and it has worked just fine. Very old school, I know, but it totally eliminates the concern you have!

Continued thanks for the input. Still haven't settled on a preferred approach, but it will certainly involve pre-paying what we can and minimizing online account access. I did install a VPN, simply because I'm convinced it is a good idea regardless of the browsing (whether banking or cat videos; whether at home or abroad).

Also, a general question regarding two-factor authentication. Is anyone aware of a bank that issues a key-fob (or something similar) that generates a random number for these purposes? It seems like that hands-down most common approach is to rely on the user's phone (whether by sending a text message, and e-mail, or a dedicated app for that purpose). I know some businesses use the key-fobs for remote access, but haven't seen anything similar for individual banking accounts.

My solution to this is that I have all my recurring bills set up for automatic payment. I can be off the grid for months and not miss a payment.