Online Banking Systems
Although online banking systems have been around for a while, they are still looked at with
suspicion by some Internet users – especially older folks. It’s understandable why: up until a
few years ago online banking systems were frequently targeted by hackers due to the
potential for theft. And too many financial institutions (and governments) didn’t take Internet
security seriously enough.
However, that has changed relatively recently. The following factors have all had a big
impact on online banking solutions, for the better:
• Fear of reputation damage from widespread data breaches;
• Newer government requirements;
• Greater focus on and investments in corporate security practices;
• Significant improvements in data security technologies.
That’s not to say that your financial institution will never be breached. As we discussed in the
Social Engineering section, hackers are very clever and innovative, and it’s important to
realize that this is a cat-and-mouse game. But today’s online banking systems are light
years ahead of where they several years ago. Information security is a booming business,
and a lot of smart people have made it their focus to protect your data and assets.
So if you have been dismissive or afraid of online banking before, please give it a second
look. Check out your bank, credit union, or building society’s online banking system. Read
up about how they trying to protect your information, and feel free to grill them on some of
the topics that we’ve covered earlier in this book. Because most modern online banking
systems offer you convenient and immediate access to your financial assets, and allow you
to provide a plethora of important actions, such as transferring money securely between
accounts or systems, paying bills securely online (which avoids to risk of check/cheque
fraud and the theft of bills from your mailbox), tracking your investments closely, and closely
monitoring for potential account and card fraud.
Some questions you might want to ask them about their online banking system:
• Does their online banking system support multi-factor authentication? Their
answer should be an emphatic ‘yes!’ and they should be happy to share the
details with you.
• How do they encrypt their customer’s data ‘in transit’ – in other words, when it’s
being sent over the Internet? As of right now, the answer here should be that they
use HTTPS and TLS.
• Do they encrypt their customer’s data ‘at rest’ (in other words, when it’s sitting on
their servers or in the cloud? As of right now, the answer here should be that they
use a strong encryption method like AES or RSA.
• What steps do they take if you tell them that your account might have been
hacked? They should encourage you to immediately contact them and be
prepared to be moved to a new account.
• Which government agency or regulatory body do they report data breaches to,
should they occur? This will depend on your country and the type of the financial
institution, but some quick research by you can verify this.
• Are they insured by a government agency or regulatory body (which means that
you can get any lost assets back in most cases)?
• Do they have a dedicated information security team who closely monitor their
online banking system for possible issues? Their answer should be an emphatic
‘yes!’ and they should be happy to share the details with you, including that they
perform regular ‘penetration tests’ to try to anticipate how a hacker might try to
break in to their systems.
Simplifying your Finances
If you have financial accounts with many different organizations, you might not realize it, but
you are increasing your exposure to fraud.
A lot of people have bank accounts, investment accounts, credit cards, and other financial
assets spread across an overwhelming number of institutions. And if you have trouble
tracking them, or if they require a lot of time to monitor their activity, that opens the door to
exploitation by hackers or other unsavory individuals.
It’s important to note that this risk isn’t isolated to online fraud. It is also a concern for more
traditional types of fraud, such as mail fraud, check/cheque fraud, or letter-based/fax-based
social engineering.
So a good practice is to limit your financial assets to just a few institutions. And also, make
use of your institution’s online banking systems – assuming they are secure and reliable!
The Internet of Things
If you’ve shopped around for appliances or other household devices recently, one thing you
might have noticed is the growing trend of Internet-connected devices. Refrigerators,
heating and air conditioning systems, home thermostats, printers, televisions… the list goes
on. An increasing number of household items are being sold with built-in WiFi connectivity,
which allow you to control them remotely via your smart phone. The broad term for this trend
is the ‘Internet of things’ (or ‘IoT’).
It’s wise to be cautious of connecting up IoT devices to your home network. As with many
other online privacy concerns, the benefits of convenience come at a cost of security. Sure,
being able to access your home security cameras via your phone is neat. But that also
means it’s possible for criminals to also hack into them and invade your privacy.
You can take common-sense precautions to limit these concerns helps a lot. But ultimately,
the best defense is to not hook these devices up to your home network in the first place. Is
being able to check on your fridge’s temperature really worth the risk of someone using that
appliance as a gateway in to compromising your entire home network?
Section Review
Action Items:

• Consider using multiple email accounts to isolate your Internet communications;
• Don’t be afraid to use your financial institution’s online banking system, but do your
research to make sure it is secure and well-kept;
• Try not to spread your financial assets across too many different institutions.
Other Terminology
Related to online security and privacy, you might see some of the following terms mentioned
in articles or television programs.
Don’t feel obligated to learn about the following terms, especially if you’re feeling
overwhelmed with the information presented thus far. But if you want to learn more, knowing
some of these terms might help you to better understand the Internet and online security.
Authentication is the general process that websites use to verify each of their user’s identity
for areas of their website that contain sensitive or private information. Authentication usually
involves providing credentials (most often in the form of a username and a password), but
can sometimes also involve a PIN number, or a temporary token that is sent to the user via a
mobile phone text message.
The term bandwidth refers to your Internet data usage, either via your Internet Service
Provider (ISP) or your mobile provider. Most providers in the Western world have a cap on
how much bandwidth you can use within a given month.
Bloatware is a negative term for computer software that comes loaded with unwanted
features or additional programs. It is relevant to the concept of only safety because
bloatware can include features that quietly use your Internet bandwidth to send and/or
receive data, sometimes without your knowledge or authorization.
Broadband is a general term used to describe a high-speed Internet connection. Broadband
for consumers usually involves a cable or DSL (Digital Subscriber Line) connection between
their home and their ISP (Internet Service Provider).
In terms of Internet usage, cookies are little chunks of data that are used by web browsers to
store information about your interactions with a given website. This sounds more ominous
than it really is.
Most cookies are harmless, and only store harmless preferences about how you should use
that website. However, they can also store web browser session information, and be prone
to exploitation by hackers who want to sneak in and steal or manipulate your information
with some web sites. Logging out to end your session is usually a good precaution to
prevent such cookie-based attacks though.
A CAPTCHA is a small test that some websites conduct to ascertain if you are human or not.
You’ve probably already encountered these online, especially when registering a new
account or recovering an existing account’s password. CAPTCHA stands for Completely
Automated Public Turing test to tell Computers and Humans Apart, and they come in a few
different varieties.
• An image with skewed or distorted text, followed by a text box into which you type in
what you can read in the image;
• An image broken up into a clickable grid, and a prompt for you to click on each
section of the image that contains a specific item (e.g. a sign, a car, or a shopfront);
• A simple checkbox that you need to manually click.
The idea behind CAPTCHAs is to require human intervention when filling in an online form,
and so prevent automated systems from quickly posting requests to a website.
The Cloud
The Cloud is a catchy phrase basically refers to data that is stored on the wider Internet.
Data stored in the cloud is usually stored on powerful, well-maintained computers that are
housed in huge, secure buildings. Companies are increasingly storing their data in this
manner because it means they can focus on other efforts. Cloud-hosted data is usually no
less secure than data that is stored on a company’s premises.
A crypto-currency is a type of currency that has no physical (i.e. paper or coin)
representation, and that is not controlled by any central agencies, national governments, or
banks. An example of a crypto-currency that you might have heard of is Bitcoin.
Crypto-currency ‘coins’ are generated by computers completing complex mathematical
calculations. Their worth is based on market demand, which means their value can fluctuate
wildly and be prone to booms and busts. So it’s usually best to avoid investing or
exchanging money for crypto-currencies.
The Dark Net
Also sometimes (and contentiously) called the ‘Dark Web’, or confused with the ‘Deep Web’,
the Dark Net is a portion of the wider Internet that is hidden from regular users, and is only
used by very tech-savvy individuals (including more knowledgeable hackers).
It’s a place where stolen information, drugs, human trafficking, extreme forms of
pornography, and any number of other illegal activities are frequently sold for money (often
crypto-currencies), and is best avoided. Fortunately, it is also quite difficult to access for
most regular Internet users.
The Deep Web
The Deep Web refers to another portion of the wider Internet, but unlike the Dark net, the
Deep Web does not usually have a scary or ominous subtext. The Deep Web includes
internal corporate networks and data. It is a portion of the Internet that is either inaccessible
or difficult for the general public to reach, because the data is locked up and requires some
form of authentication to access. The Deep Web and the Dark Net are often, and mistakenly,
confused for one another. But they are very different conceptually.
Encryption is the process of masking data so that it’s difficult for unauthorized people or
systems to be able to read it. Encrypted data will look like an unintelligible chunk of text, but
with the right settings it can be reversed back into its original ‘raw’ value. There are many
different forms of encryption, with the most popular overall standard being AES (which
stands for Advanced Encryption Standard).
Similar to encryption (and often mistaken for it), hashing is another way of protecting data.
However, hashed data is very difficult to reverse back into its original raw form. A ‘hash’ is a
one-way process whereby data is made into an unintelligible chunk of text and sent to a
computer system. This value can then be compared to another hash that is stored in the
system. If the two hashed values match then the sender can feel confident that the value
they sent was correct. If they don’t match then the sender only know that the value they sent
across is wrong. But they don’t know what the correct value is.
Hashing is a very popular way to store passwords and other authentication data. As the time
of writing this, the RIPEMD hashing method is one of the strongest out there. But the
SHA512 method is still popular.
ISP stands for Internet Service Provider. An ISP is a company that provides Internet access
to either a consumer or a business over communication lines that the ISP owns and
Open Source
Open Source is an ideology that is commonly employed when writing computer software.
The idea behind ‘open source’ software is that the underlying code is available to anyone
and everyone. Open source computer code is readily accessible to the world to read or
customize for free, and open source software is free to use (though sometimes with
licensing restrictions).
The goal of the open source approach is to instill a level of transparency that makes it easier
for people to collaborate and build better, more secure computer programs. Arguably the
most popular form of open source software are the various Linux operating system variants.
In modern online terminology, responsiveness refers to a web site or web application that is
designed to display nicely on any sized device. So while the website might look different on
a desktop computer with a large monitor when compared to a smart phone, it will still be
easy to ready and interact with on both devices.
Streaming refers to a type of data transfer over the Internet that usually involves voice or
video. It can be one-way (e.g. watching a non-interactive video on YouTube or Netflix), or
two-way (e.g. video chatting in real-time with your friends or family via Skype or Zoom).
Streaming often uses a slightly different Internet protocol (UDP) that is more forgiving about
data loss than the protocol used for many other more precise Internet activities (TCP).
Usability is an increasingly common term on the Internet. And while it only has a passing
relevance to online security, it’s still very important to understand, especially for older
Internet users.
Usability refers to how usable a website or a mobile application is. It is a concept that is
designed to allow everyone to easily use that website or app, regardless of whether they
have mobility issues (e.g. users who have difficulty using a mouse or touchscreen) or if they
are visually-impaired (e.g. users who are color-blind, have poor vision, or who are legally
blind). Usability is addressed on modern websites via a number of methods. These include:
use of easily-resizeable text, having the pages be easy-to-read regardless of the screen
size, using proven complimentary color palettes, and making them accessible via screenreader technologies.
VPN stands for Virtual Private Network. It is a secured link between two specific computers
across the Internet. Access to the VPN requires specific credentials, so unauthorized users
cannot sneak in. The goal of a VPN is to allow for sensitive information to be transferred with
much less risk of it being intercepted by a third party.