Skip to Content
© Andrey Popov |

5 tips for secure online banking

Somewhere in the world right now, someone is working tirelessly to break into your accounts and steal your money, your identity and your data. How do we know? Cybercriminals take new victims in record numbers year after year. Losses are expected to hit $6 trillion by 2021.

Scammers know to go where the people are. Fidelity National Information Services reported a 200% spike in mobile banking signups recently, and the FBI is sounding the alarm: Criminals are waiting in the wings to take advantage.

Maybe you’ve taken precautions such as installing security software. If you haven’t, tap or click here for three free downloads for optimum Windows security.

But even after you do that, you’re far from done. Unless you make secure online banking a part of your daily routine, your financials will still be at risk. Here are five simple ways you can bank smarter using your digital devices.

A brief note on passwords

Setting up stronger passwords may seem like an obvious first step, but its importance can’t be ignored. You need a strong password to keep hackers from accessing your private financial data information, and millions of people are sitting ducks because of insecure options like 12345678 or Password.

You’re even worse off if you share your passwords across multiple websites and platforms.

To protect your accounts, here are some ground rules for stronger passwords:

  1. Strong passwords must contain a random collection of letters (uppercase and lowercase), numbers and symbols.
  2. Strong passwords must be eight characters or longer.
  3. You must use unique passwords for every single account. If a password is ever cracked and is used across multiple websites, you’re putting yourself in harm’s way.

That may sound like a tall order, but it’s fairly easy to come up with unique, strong passwords if you have a plan in mind. Let’s use a strong password as an example: T/V\ho2nnL. It comes from a random sentence — in this case, a Metallica lyric. “Take my hand, off to never-never land.”

We took the first character from each word to get “tmhotnnl.” Next, we added some symbols in place of similar letters. M becomes /V\, the “to” from the original lyric becomes 2. Then, we capitalized a few of the letters to make a strong password that’s easy to remember: “T/V\ho2nnL”.

Once you create a password this way, you can tweak it for multiple accounts. For Facebook, you could make it “T/V\ho2nnLFB.” Amazon can be “AmzT/V\ho2nnL.” This helps create a consistent scheme for your memory without sacrificing security. Tap or click here for more help creating stronger passwords.

1. Try this free fraud protection from IBM

Phishing and website hijacking are some of the primary ways criminals can get your information to carry out identity theft and bank fraud. To protect yourself, fraud prevention software should be your first line of defense. Tap or click here to see why magecart attacks are so dangerous.

We recommend trying out Trusteer, a free cybersecurity extension from IBM. This browser extension is compatible with Windows and Mac on nearly all of the top browsers including Chrome, Firefox, Edge and Safari.

Once installed, it adds an additional layer of defense beyond your antivirus software and blocks phishing attempts, website redirects and malicious code from executing within your browser. Download and install this extension before you visit your bank’s website. You never know what might be lurking in the background.

2. Use two-factor authentication to secure your accounts

Most major banks offer two-factor authentication to prevent unauthorized logins. When 2FA is set up, you will need to enter a login code sent straight to your phone or inbox. Unless a hacker has access to your physical device, they won’t be able to log in. Here’s how you can set up 2FA for some of the biggest banks in the country.

Chase: Chase automatically enables 2FA (referred to as multi-factor authentication) by default. When you sign in to your account from a new device, you’ll automatically be required to verify your identity via a text or email code. If you don’t have a phone number or email address on file and cannot complete the process, call the support number on the back of your card.

Wells Fargo: Visit the tab labeled Your Security Center on the Wells Fargo app or website, or tap or click here to activate 2FA for your account. You’ll be instructed to provide a phone number so you can receive the security code. Once you’ve verified your code, 2FA will be active any time you log in.

Bank of America: Select Profile & Settings in the top left-hand corner of the BoA website and click Manage SafePass. You can then add one or more phone numbers to receive your security codes. Once you’re finished, you must verify your debit or credit card details, so keep your card handy until the process is complete.

Citibank: Citibank automatically enables 2FA by default. When you sign in to your account from a new device, you’re required to verify your identity via a text or email code. If you don’t have a phone number or email address on file, call the support number on the back of your card.

If you don’t see your bank listed here, you might be able to set up 2FA under your bank’s account settings or security settings where you have the option to change your password. If you still cannot find it, dial the support number on the back of your card and ask the agent to walk you through your account security options.

3. Set up alerts to stay informed

Each week, Kim gets a message with her account balances. If anything seems amiss, she can contact her bank right away.

Ignoring your accounts means you won’t see problems until it’s too late. Downloading your bank’s official app and enabling notifications there and or through your bank’s website is an easy way to stay in the know.

You can also get alerts if you hit a low balance, your bank detects unusual activity on your account and much more. You can receive these as text messages, app alerts or emails — or some combination.

Here’s how to start receiving alerts from some of the major national banks. If your bank isn’t on this list, download the official app and look for Alerts on the menu. You can also search your bank’s website for instructions or call or chat with a bank representative to get help. When in doubt, call the number on the back of your card.


  • Sign in to Chase from your mobile browser or download the Chase mobile app.
  • Select “Alerts” from the menu and follow the instructions to set up alerts and choose your preferred delivery.

Wells Fargo

  • Sign in to the Wells Fargo website, and choose the account for which you want to add or edit alerts.
  • Choose the alerts you want to receive and customize them. Save your edits.
  • To get text alerts, enroll your mobile number for text messages. You can do so by signing into your account and updating your contact information.
  • Check the box labeled Allow Mobile Texts and accept the Consent to Receive Text Messages.
  • Reply YES ENROLL to the text message you receive. Go to Manage Alerts to subscribe to the optional text alerts you want to receive.

Bank of America

  • Download the Bank of American mobile app. Use this link to select your device and get the download link sent directly to your smartphone or tablet.
  • You can also sign in to your account from a browser to set up online banking alerts.


4. Download a strong cybersecurity suite and watch your settings

Antivirus software is essential for your everyday browsing, but it’s even more important when it comes to online banking. That’s why some banks offer security software to customers.

If you use Bank of America, you can download McAfee LiveSafe virus, malware and phishing detection for 12 months. Ally Bank gives users access to free Webroot SecureAnywhere Antivirus software on up to three devices.

But even if your bank doesn’t offer a free option, you can still download powerful antivirus software without having to pay a cent. Microsoft users can get the latest updates for Windows Defender to keep their systems safe from harm. Mac users can rely on Malwarebytes to provide the latest malware, virus and ransomware definitions.

In addition to performing background scans, Windows Defender automatically scans downloads, open programs and installs new malware definitions so you can stay on top of spreading threats. Make sure you’re using the latest version. Tap or click here from your PC to update Windows Defender.

Malwarebytes is designed for speed and can scan your entire computer in as little as 30 seconds. It identifies and removes malicious files for you once the scan is complete — no extra work required on your end.

To get started, click the link below and select Free Download. The installer file will appear in your Downloads folder in the bottom right corner of your dock where all your program icons are found. Click the file to open it, and follow the directions that appear on-screen.

Beyond installing antivirus software, there are still steps you can take to protect yourself through your device’s settings. Always turn off Wi-Fi and Bluetooth services when you’re not using them, and avoid using public Wi-Fi for financial transactions unless you use a secure, private connection, like VPN software.

Tap or click here to learn more about ExpressVPN, the only VPN software Kim trusts.

5. Use a separate computer only for banking

It’s almost impossible not run into cybersecurity issues like malware, viruses or phishing sites at some point online. Instead of using one computer for all your web activities, setting up a separate device for online banking will help keep your most sensitive data secure.

Use this machine for one thing and one thing only: Accessing your financial accounts. No email, no downloads, no browsing.

We recommend picking up a Chromebook. These inexpensive laptops use Google’s Chrome OS, which is essentially a glorified web browser. You won’t be able to download games or run Photoshop on a Chromebook, but you can easily do all your online banking on one without running into trouble. In fact, it’s good that Chromebooks are relatively limited for this purpose.

Tap or click here to see Kim’s guide to setting up a financial Chromebook.

Bonus: Need to send money? Try a peer-to-peer payment app

Many online banking apps rely on a service called Zelle for sending quick and easy payments from person to person. Zelle is a type of peer-to-peer payment app that relies on encrypted communications to securely send and receive money.

Peer-to-peer apps making sending and receiving money easy, and they use security measures like two-factor authentication to protect your logins and transactions. You can also set up alerts for new payees, password changes and other suspicious activities. You’re also not responsible for unauthorized transfers like some of those other peer-to-peer apps.

Tap or click here to see our picks for the best peer-to-peer payment apps.

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started