Online banking
Protection against internet attacks
19 September 2006 - Germans are banking online in ever greater numbers. In mid-2006 one in three Germans – 34% to be precise – was an online banker. In 2000 the figure was only 11%. And as many as half of all internet users do at least some of their banking online. There are good reasons for this. Transactions are generally less expensive online than in a branch office. Above all, however, customers appreciate the fact that they can take care of their banking business from the comfort and safety of their own home twenty-four hours a day. The banks have extensive security measures in place to protect confidential data when it sent over the internet, for example.
But online bankers should also help to make the internet a secure place to bank by carefully following a few basic rules. The banks have no influence on the security of internet users’ computers and programmes. Again and again, there are reports of so-called phishing attacks. In a typical example of such a scam, the customer is sent an e-mail by internet fraudsters telling him to contact his bank. These e-mails are becoming increasingly sophisticated. Often they will contain messages such as “your account has been blocked”, “your account details need to be confirmed” or even “new security precautions are necessary”. If the customer follows the link in the e-mail, however, it will take him not to his bank, but to a fake website, where the fraudsters will try to obtain confidential access data such as the customer’s PIN or TANs (one-time passwords used to authorise transactions).
Customers should also beware of so-called spyware. This is software embedded in web pages, e-mails or e-mail attachments. Once an infected object is opened, the spyware installs itself on the user’s computer without his knowledge. It then searches in the background for sensitive information such as account details or passwords and can even record which keys the user hits. The information is then transmitted unnoticed to another e-mail address or server.
Customers should always make sure who they are dealing with. They should disclose confidential information only when they are absolutely certain that they are really on their bank’s website. Any departures from the routine should make them suspicious. Above all, online bankers should enter their PIN and TANs only when they are on their bank’s secure site. One way of recognising this is that the internet address will begin with https://. Customers should also always check that their internet browser’s address bar is showing their bank’s correct internet address. Even the smallest discrepancies may be a sign that the website is fake.
The new revised sixth edition of the publication can be ordered free or downloaded.
PublicationYou may cancel this service at any time.