What Makes Online Banking So 'Secure'?

Wednesday, March 19, 2014

Understanding the Worry About Online Security

The security of online banking is easily one of the biggest things people have concerns about when managing their money online.

If you’re one of those concerned people, you’re not alone. In fact, it’s smart to be cautious about who sees and who manages your money. Being wary of transacting online isn’t something reserved for those who are disconnected with, or disavowing of the developments in modern technology.

However, as with all new things, the more you know about it, the more smartly you can delegate it a level of concern. The more informed your opinion is about a subject, the more confident you’ll feel in the face of having to make a decision about it.

But before I get ahead of myself, let’s get back to the key question in point: when you’re using internet banking on your computer at home, or you’re paying a bill from your tablet, or you’re logging in to your bank’s mobile app to check your balance on your phone, how exactly do you know if online banking is secure? Sure, all banks say that your online activity is being protected by ‘security measures’, but what exactly are they, and what does ‘online security’ mean?

Alright, mysterious preamble aside, I’d like to assure you that our online banking channels are very safe, and that we have a lot of people working very hard to bring you peace of mind when using online banking.

BUT, in order for you to understand my assurance, here’s a complete rundown of what that ‘online banking security’ means, by way of the processes an organisation like ours goes through.


How we (as a case study) make online banking secure

Online Banking Security is the number one biggest priority in mind when we design and build new functionality across all of our online channels, and we have a very rigorous process we go through before we release any new functionality to the public.

Before anything within online banking – desktop or mobile – can safely hold customer information, it goes through a heavy mash of the following practices:


  • Automated security testing – we run our secure and security systems through a range of automated tools and tests to make sure all our software changes are safe.

  • Independent security reviews – we partner with specialists in IT security and we have each of our major changes reviewed by those external specialists, even if it’s just to get fresh eyes on a new feature we’ve implemented from a security perspective. They perform themselves an additional suite of tests to what we do.

  • Penetration testing – this is where we throw a lot of traffic at our online banking sytems, usually up to 10 times more traffic than we’d ever get from our existing customer-base, to ensure that our online banking systems are robust to handle lots of customers logging in; ie, that there are no crashes that could then interrupt what you’re doing with your money.

  • Denial of Service Attack testing – our internal security experts regularly perform dummy tests and throw “the kitchen sink” of dangerous and unexpected scenarios at online banking to make sure it can handle anything in terms of security.


Ah, but what about the safety of my computer?

Well, if your bank has got your online banking security covered, it’s still your responsibility to make sure you’ve done everything you can to make your portal to accessing online banking, safer.


  • Ensure your operating system and software is up to date. It sounds simple, but it’s a good way to stay on top of the latest threats. For most of you running Windows, simply type in “windows update” in your start bar and download the latest updates.

  • Don’t click on emails offering things out of the ordinary. There are swathes of people who specialise in sending “fake” emails that pretend they’re a bank wanting you to verify personal details. If you think you’ve receive one, simply delete it.

  • Have a suite of protective software installed. Then understand how that software works, and keep an eye on how it’s handling the threats to your computer. There are many websites that can install software on your machine without asking your permission that can then ‘mine’ your machine and your online activities for information about you. Having anti-virus software and a firewall active and understood will protect your when on the Internet.


And what if I bank online with a phone or tablet?

You're in the awesome club, welcome. But yes, on a serious note, there are things to look out for there too.


  • Just like with your computer, it's important to keep your smartphone and tablet operating system and apps up to date.

  • Use a PIN or password to lock your phone. A super simple protection method that provides a simple but effective control if you lose your phone

  • Don’t store personal details in your phone. Even if it is locked with a PIN or password. Whether it’s your online banking customer ID or card information, that stuff doesn't belong on your phone. It's too easily accessible. Just think “if someone stole my phone, what could then easily get into?”. "What then if they knew or guessed my password?"