If you use a credit or debit card, bank online or make any kind of electronic financial transaction, you face some risk that your personal information or money could be stolen.
That means pretty much everyone is exposed to this threat. And data breaches, where many of these financial misdeeds begin, have become common.
In November 2015, the U.S. Justice Department and other law enforcement agencies accused several men of a massive criminal computer hacking scheme that included the largest known theft of customer data from a U.S. financial institution.
That attack targeted account holders at JPMorgan Chase, according to a company filing with the Securities and Exchange Commission. User contact information for 76 million households and 7 million small businesses was stolen during the breach.
But Chase is not alone.
The Identity Theft Resource Center, a nonprofit organization in San Diego, says it tracked 781 data breaches in 2015, including 71 that involved banking, credit or financial companies. In those breaches, more than 5 million records were believed to have been exposed. Companies on the list included Capital One, Citibank, Citizens Bank, M&T Bank, TD Bank and a number of investment brokerages, mortgage companies and credit unions.
RATE SEARCH: Find the checking account that’s best for you at Bankrate.com.
So, who pays when data or money get taken?
If someone stole money out of your personal bank account, you’d likely be made whole by your bank if you had an individual (non-business) account, you weren’t lax about safeguarding your information and you notified your bank promptly, says Stuart Gerson, former acting U.S. attorney general under President Bill Clinton and shareholder at Epstein, Becker & Green, a law firm in Washington, D.C.
Federal law says that if someone takes money from your bank account you will get all of your money back if you notify your financial institution within 60 days after the fraudulent transaction appears on your bank statement.
“(But) you can’t have done dopey things that exposed your account,” Gerson says.
Business accounts have fewer protections and are more likely to be hackers’ targets.
“They’re interested in getting into business accounts where there are big bucks and they can transfer hundreds of thousands or millions of dollars, and that looks normal because that’s what businesses do,” Gerson says.
That’s doesn’t mean individuals pay nothing for bank account breaches.
Gerson says these incidents cost consumers time and effort to remedy and could result in fewer jobs and higher costs for banking services.
“Banks are budgeting hundreds of millions of dollars to deal with electronic fraud. Somebody is going to pay the bill for that,” he says.
10 smart moves to protect your bank account
- Review bank statements for accuracy.
- Never disclose a debit or credit card PIN (personal identification number) in email or on the phone.
- Be suspicious of strangers who ask for personal information by email or phone.
- If you’re asked to provide your Social Security number or other confidential information, make sure you know who wants the information and why.
- Be wary of email attachments and “free” software.
- Don’t use part of your Social Security number as a PIN.
- Think before you download apps, click on links or reply to email that might be harmful or fraudulent.
- Keep your laptop or mobile device’s operating system and Internet browser up to date.
- Don’t store passwords, your Social Security or other sensitive information on your smartphone.
- Be aware of your surroundings when you bank online and watch out for “shoulder surfers,” people who hover nearby and observe your information without your knowledge.
Sources: Bank of America, TD Bank and the American Bankers Association
So, how can you reduce your risk?
One smart precaution is to access your bank’s online banking system with your bank’s app on your smartphone instead of a laptop or PC, says Shirley Inscoe, senior analyst at Aite Group, a financial sector research and analysis company in Boston.
“Not all banks offer a mobile app, but if your bank offers one, you definitely want to use it because it is typically more secure,” Inscoe says.
Download the app from your bank’s website, not an app store, Inscoe adds. Some app stores may have been infiltrated by hackers who can upload fake apps that look nearly identical to the real ones.
Banks are moving away from usernames and passwords and toward fingerprint scans, device detection and other more secure techniques to identify their customers, Inscoe says. In the near future, they might even use other biometrics like iris scans, facial recognition or voice prints.
If your bank’s online system still requires a username and password — and many do — it’s essential for security reasons that you create a unique password and update it often.
“Use something that’s not easy to guess and that contains maybe some capital letters, some numbers and a special symbol to make it even harder,” Inscoe says.
Other precautions Inscoe says you should take:
- Use your smartphone’s passcode or fingerprint unlocking feature if available.
- Don’t post information to social media that could be used to guess your passwords or answers to your security questions. Examples include birthdates, anniversary dates, your mother’s maiden name, your pets’ names and the type of car you drive.
- Set up bank account notifications that can alert you to fraudulent activity.
- Don’t sign into online banking on a public computer and always sign out when you’ve finished your transactions, even if you use your home computer or own mobile device.
“Many people don’t have any kind of password protection on their mobile device. If you’ve downloaded a banking app and aren’t using a fingerprint or something like that, that is not good,” Inscoe says.