Online banking from the road

[Rianne]

Looking up at the URL bar now I see this portion of my ER Forums session is not secure so that appears to be the case here.

I guess all we share here is safe and confidential?

 

[jazz4cash]

This is something I really don’t worry too much about. When I was traveling for work I was always using VPN. I don’t understand the risk wrt financial accounts that are not credit cards. I’m very unlikely to take any actions with an account that would not involve 2FA or another form of notification. Thanks to advice here I’ll definitely use cell data in the future.

 

[Kwirk]

I like to be careful, paranoid even, when using public WiFi. BUT...

Everyday there appear to be literally millions of unsophisticated users of public WiFi. Yet I never seem to hear any of the horror stories about public WiFi like I hear stories about email phishing, key loggers, and even SIM swapping. I can find plenty of stories touting the presumed risks of public WiFi but not actual instances of recent fraud. These stories do seem to sell a lot of VPN subscriptions and malware software. The warnings do not appear to be coming from banks or internet merchants. I'm inclined to believe that public WiFi is now reasonably safe for most uses. (I still wouldn't suggest entering credit card information on a random site that may not be using HTTPS.)

I'd be interested to hear of any actual and recent cases of fraud resulting from public WiFi use. There should be many thousands of such cases if all of the warnings are to be believed.

 

[harley]

Been there many times (6 or 7 times I think) when I was working. There is nothing like attending a week+ long security conference (Blackhat/Defcon) in Las Vegas with all expenses paid (well almost all )

Especially since it's usually the same week as the AVN Adult Entertainment Expo. Nothing like putting a bunch of unsocialized nerds next door to a major porn convention.

ERD50, here's an interesting article if you're interested in nuts and bolts. They're trying to sell their services, but there's a lot if information in the article. https://news.netcraft.com/archives/...rvers-vulnerable-to-trivial-mitm-attacks.html

As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.

 

[JustCurious]

As far as the people saying they've done it a million times with no issues, that's fine and true. Personally I don't think too many people are lurking waiting for innocent victims to log onto the hotel wifi. ANd 2FA helps a lot. But they really aren't very safe, and you never know when lightning will strike.

Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."

 

[btdt22]

I never use free wifi for banking or other secure transactions, but I have used my Verizon connection for bank transfers etc.

 

[GrayHare]

https does not encrypt metadata, meaning it leaks all sorts of information about you and the sites you access, though probably not your password. By gathering your metadata a hacker can learn much about you, perhaps enough information to impersonate you online.

 

[Ed_The_Gypsy]

I'm paranoid about this and never contact my financial institutions while on the road, But I have things set up so I don't need to. I would not be uncomfortable accessing banking over the cellular connection on my phone or via the phone's hotspot. If I ever run into a situation where it becomes critical to use public wifi I would risk it because I am confidant that my financial institutions use end to end https.

Same here.

 

[jazz4cash]

Right. It's sort of like someone saying "I've been driving without using a seatbelt for years and I've never been injured, so it's safe."

Not at all unless I’m REALLY missing something. Driving with no seatbelt will get you killed.

Maybe I’m naive. I do check on account activity and use billpay but don’t do much beyond that. Just about anything else involves 2FA or some other means of notification. The most important piece is to be alert to scam calls and emails.

 

[jazz4cash]

And I’ll add that checking balances daily is all part of detecting issues ASAP.

 

[Janet H]

Can't vote as I only use cellular date to do mobil baking when away from home. Would never use a hotel wifi for banking.

Same here...

 

[HI Bill]

Disclaimer: I'm not an IT person, but my understanding is that if you log into an unprotected (public) wi-fi account, according to articles I've read on CNET and other places, it's super easy for others to intercept everything you do, including usernames and passwords...and they may even be able to install a keystroke logger onto your device. I've read numerous articles telling you to never log into secure sites on a public network.

I only use the cell carrier when away from home to access financial sites.

 

[JustCurious]

I only use the cell carrier when away from home to access financial sites.

Is that safe?

 

[Tracer]

I opted in to the security "Lockdown" feature on my accounts at Fidelity. Even I can't electronically transfer funds out of my own accounts unless I go through a 2FA (two-factor authentication) to get them unlocked. I also get plenty of notifications, especially on my credit card when over it's over a certain amount or if the card is not present such as an online purchase. Things that make me feel a bit safer no matter where I log into my accounts, which I check often. Been doing this ever since there was Wifi. No problems yet. Can a hacker get into my accounts and do some damage? It would be extremely difficult, but nothing is impossible. I would think they would rather choose someone's account that doesn't have all these safeguards in place.

 

[JoeWras]

https does not encrypt metadata, meaning it leaks all sorts of information about you and the sites you access, though probably not your password. By gathering your metadata a hacker can learn much about you, perhaps enough information to impersonate you online.

Bingo.

HTTPS is great, so even a man in the middle can't see the password on your bank transaction. Most banks and big shopping sites have a handle on this and do https correctly, so that's less and less of a worry.

What is a worry is EVERYTHING ELSE you are transmitting. You know how google/amazon/ER.org present you ads for stuff you just looked at? Now, imagine a hacker getting all your session data. It is just bits and pieces. But these guys are getting crazy good with big data analysis. They'll just take your information and add it to your "profile" which is slowly building out there.

Eventually, they may have enough information to give to their inside-friend at a cell company and sim swap you.

You see, it isn't the easy just-pick-off-the-password anymore. It is about building a profile to use against you with all the other data.

 

[Retired Expat]

Any password protected WiFi is better than an unsecured public connection and preferable to a phones data connection. Public places like hotels that have password protected systems are still not secure if the passwords don’t change regularly.

VPN’s are so simple to use that I use them whenever away from my home router and I have a dedicated VPN router at home too....

 

[pb4uski]

Can't vote as I only use cellular date to do mobil baking when away from home. Would never use a hotel wifi for banking.

+1 When traveling I'll only use my cellular data.... never a hotel or public wifi... will log on from an AirBNB lodging.

 

[Luckybreak]

Agreed

 

[BBinTLS]

I never do that over unsecured connections

But I often do it using the VPN....it's not that hard and it gives you all the protection you need over unsecured wifi links.

 

[PointBreeze]

Can't vote as I only use cellular date to do mobil baking when away from home. Would never use a hotel wifi for banking.

+1

 

[Rustic23]

I use a travel router. I plug it in via a cord to the hotel system. Then all of our devices go through it. I also us a vpn when banking, or phone as a hot spot.

 

[jjuneau]

Use phone service

I will do banking from the phone using cellular data, not WiFi.

 

[walkinwood]

Without getting into technical details, if you are using a browser, the connection between your device and the server is encrypted from end-to-end. The perceived security of the hotel wifi should not factor into this decision.

Exactly!

- Use a book-mark in your browser to get to your financial institution website to make sure you don't fat-finger to a phishing site.
- Verify that the URL starts with https://
- Use 2-factor authentication if available

You should be doing the above when logging in from anywhere including your home.

From what I understand, financial institution apps on phones are secure whether over Wi-fi or cellular.