7 ways to protect your banking and financial accounts from hackers

5 min read

People are after your money via the internet. Some $2.7 billion in online theft and fraud was reported to the FBI last year alone.

If you’re among the millions affected by one of the many data breaches reported each year, someone may already have the information needed to open an account in your name or access an existing one. If they don’t have it, they’re going to be trying to get it.

A favorite way for hackers is to contact you, pretending to be your bank.  Oftentimes consumers just hand over key information crooks in faraway places need to grab your cash.

Yes, your money in the bank is protected in a Federal Deposit Insurance Corp. account. But keeping others from accessing that money is a 24/7 job.

The following are strategies you should utilize to better protect your accounts and financial reputation. They won’t protect you from every scenario. But they may help save you time and help you avoid stress and losses you’d incur if you fell victim to a financial scam or had your personal information compromised in a preventable instance.

1. Put some thought into your ATM PIN and online password

Easy to remember and hard for others to guess. That should be the foundation for security for your ATM or debit card PIN. Avoid using any form of your date of birth, Social Security number or phone number in your PIN. Don’t write this number down and never keep it in your purse or wallet. It’s also a best practice to change your PIN every few months and never tell anyone your PIN. When you’re using an ATM, the American Bankers Association advises you to use your hand or body to shield the ATM keypad as you enter your PIN.

For your online passwords, don’t use the same one twice. That way if one is compromised, your other accounts won’t be impacted. Also make sure to use both upper case and lower-case letters, numbers and special characters in your password. It may also be best to avoid using actual words in your password. Misspelling a word or two and having a password of at least 10 characters are two tips given by the University of Arizona Information Security. You may also want to use phrases in your password. So, if your phrase is, “my house is red,” then m-h-i-r could be a part of your password.

2. If your bank calls you, call them back

If you receive a phone call from your bank, or someone saying they’re from your bank, don’t give any sensitive information.

“People really should politely just hang up and actually look up a number from either the back of your card or a bank statement or whatever,” says Rose Oswald Poels, President/CEO for the Wisconsin Bankers Association. “And call the actual bank yourself.”

Even if the number on caller ID seems to be from your bank, caller ID spoofing can allow someone to seem like they’re calling from a legitimate business. This practice, according to the FCC, can trick someone into giving out their sensitive personal information that’s not your bank.

Oswald Poels says text message scams also come in the form of text messages. These messages may be phishing for information. Again, the best practice is not to reply and to play it safe and call your bank on a number that you verified from an official source – such as the bank’s website – outside of the text message.

3. If your bank emails you, don’t reply

Email is another area where others may try to phish for your information. Follow the same strategy and either start your own conversation to reply by calling your bank through a verified phone number, outside of this email, to see if the email is really from your bank and to see why you were emailed. Phishing attempts may have an intentional sense of urgency. So make sure you think through your actions, and use a safe, verified communication channel, such as the phone number from your bank’s official website or from the back of your debit, ATM or credit card.

Confirm with your bank that it’s secure to send sensitive information through a secure message via the website or the bank’s app. And avoid sending sensitive information via email. Keep in mind that crooks can set up real-looking bank websites with addresses similar to that of the actual bank in an attempt to get you to enter your login information.

4. Set up a verbal password on all your accounts

If someone has sensitive personal information, they can wreak havoc on your finances. But a verbal password is another line of defense to stop someone posing as you in their tracks. Ask your financial institution if you can put a verbal password on your account. These are mainly used for phone calls to customer service and for in-branch visits. Banks, brokerage firms and insurance companies may offer this extra layer of protection.

If a person is posing as you and doesn’t have this verbal password, it should stop them in their tracks and at least prompt the financial institution to do further due diligence. But if the financial institution doesn’t have a process in place – requiring that this password is given for all transactions – its effectiveness will be limited. If the companies you deal with don’t have this security in place, consider moving your accounts to others that do have it.

5. Utilize a credit freeze

A credit freeze may prevent another person from applying for credit in your name. The odds of a data breach affecting one of us increases every time our information is compromised. A credit freeze is a free tool that restricts access to your credit report. You’ll need to visit each of the three credit bureau websites to freeze your credit.

When you apply for credit you’ll need to lift your credit freeze. In some cases, you may need to lift your credit freeze when opening a bank account. A fraud alert allows creditors to obtain your credit report if they take steps necessary to confirm that you’re the person involved in the credit transaction, according to the Federal Trade Commission. But a fraud alert only lasts for one year, so put a reminder in your calendar to renew it.

6. Set up alerts on your account

Whether they are email, text or through your bank’s app, setting up alerts can help you keep tabs on your account. We should all check our accounts frequently. If this isn’t possible – or you’re not able to do this – at least having alerts can help bring an unauthorized transaction or a bill you forgot was being debited from your account on a certain day to your attention.

“I’ve actually had that help me in a situation where someone was trying to use one of my credit cards that they somehow got the number from,” Oswald Poels says. “And I got a text alert from the card company, so you’re able to just stop the fraud that much faster — which is very convenient.”

7. Lower your limits

If you use a debit card, you can potentially limit your exposure by asking your bank to decrease your purchase and ATM withdrawal limits. If you do this, and someone obtained your debit card or its info, this may limit the spending that they’re able to accomplish. If you catch these fraudulent transactions quick enough, you’ll be able to dispute them. But the dispute process with a debit card can take up to 10 business days. Debit cards may have point of sale transaction limits allowing purchases of several thousand dollars. If you don’t routinely make purchases of this amount, then you probably shouldn’t have limits set this high. For larger purchases, you’d be better off using a cash-back credit card, unless you’re earning rewards with your debit card.

Debit cards may be able to be used for point-of-sale transactions without a PIN. So, if you’re only using a debit card for ATM withdrawals, you may want to consider asking your bank if it offers an ATM card. This card won’t have the Visa or Mastercard logo on it and can only be used for ATM transactions. You may be able to lower your limit on this as well. One caveat is your bank may still have a policy that allows a purchase or ATM withdrawal above the daily limit to be approved. So check with your bank.