How risky is online banking, and what measures can reduce those risks?
Banking
Asked by Question Bot04/May/20131 answer
1 Answer
F
Faisal Khan
Answered 04/May/2013
Its risky for sure in the absence of an external 2FA (Two Factor Authentication). With an external 2FA attached to your online banking, say a 5 digit code that is sent to your mobile phone every time you login and a new 5 digit code for each and every transaction you perform online, goes a long way to secure you.
Even if your banking credentials are compromised, with your 2FA code sent to your mobile phone, you will not be able to login. Needless to say, another code would be required for each transaction you do. So hackers that do phishing for credentials can do all what they want, if they don't have the code, there is nothing they can do about it, as these codes are valid only for 300 seconds (usually).
A hacker can steal and/or take over your computer and your credentials, but not your registered mobile phone to which such codes are sent.
Procedures are in place that you cannot change the mobile phone number from the online banking portal. Doing so would require you to visit the bank and online (call-center) where they (the bank) would do a call-back verification on the number registered to be able to change the registered number.
Even if your banking credentials are compromised, with your 2FA code sent to your mobile phone, you will not be able to login. Needless to say, another code would be required for each transaction you do. So hackers that do phishing for credentials can do all what they want, if they don't have the code, there is nothing they can do about it, as these codes are valid only for 300 seconds (usually).
A hacker can steal and/or take over your computer and your credentials, but not your registered mobile phone to which such codes are sent.
Procedures are in place that you cannot change the mobile phone number from the online banking portal. Doing so would require you to visit the bank and online (call-center) where they (the bank) would do a call-back verification on the number registered to be able to change the registered number.