South African banks have warned against logging into online banking when connected to public Wi-Fi hotspots, stating that customers should rather use their smartphone banking app.
When it comes to other Wi-Fi connections such as office networks, however, you shouldn’t worry too much – provided that your network is secure and does not infringe on your privacy.
Checkmark cyber director Rudi Dicks told MyBroadband that if your office Wi-Fi access point is updated and configured correctly, the risk of your online banking data being compromised is fairly low.
“While other people who know the Wi-Fi password may be able to see which websites you visit and read your unencrypted traffic such as HTTP websites and unencrypted email (don’t use those), all the banking websites and most modern websites will force you to use HTTPS, which means that traffic will be encrypted and unreadable by others on the Wi-Fi network,” Dicks said.
“We also seem to be slowly moving to a point where using the mobile banking app on a smartphone poses less of a risk for the average customer than using your web browser.”
South African banks agreed with this perspective, stating that the security risks of banking over office Wi-Fi depends on the workplace network policy and security.
Standard Bank told MyBroadband that it is generally safe for employees to use their workplace connection for online banking, provided their business invests in network security.
“Some companies do SSL interception to monitor employee behaviour when using the Internet from company devices or premises,” the bank noted.
“This could potentially allow administrators or other trusted employees to view sensitive information within Internet banking sessions.”
“We would advise using your own device rather than a company device for Internet banking and using the mobile app with biometric authentication when banking from any Wi-Fi network.”
Standard Bank also provided the following tips for online banking users:
- Avoid clicking on links sent to work emails soliciting bank account or other personal information.
- If using both personal or corporate workstation and devices, avoid having browsers autosave or remember passwords for online banking portals.
- Avoid sharing of online banking passwords to colleagues.
- Ensure that you install security updates when available on your devices.
Absa Retail and Business Bank head of fraud strategy Ulrich Janse van Rensburg told MyBroadband it is important to inspect the Acceptable Usage Policy of the workplace Wi-Fi connection.
“From a South African perspective, local companies will often allow outbound encrypted sessions, such as those to banking sites, but the same may not apply when travelling internationally, even in the same company, as local regulations may require different security standards be implemented,” he said.
“Users should thus be very aware of the terms and conditions of usage and connect only if they are agreeable to the security and privacy being offered.”
Janse van Rensburg said that Absa discouraged customers from using public Wi-Fi or public devices for the purposes of online banking, and added that some companies may actively decrypt sessions and log employee activity.
“This could potentially compromise the privacy of online banking as the transactions from the web browser would potentially be in clear text which negates some of the security measures being applied.”
“In addition, the device being used should have the latest security and operating system updates applied and not be left unattended and unlocked while logged into the Internet banking session,” he said.
Janse van Rensburg said that the Absa mobile app is the safest way to bank, as it includes multiple layers of security and identity verification.
Nedbank Retail and Business Banking head of digital channels Tawanda Chatikobo said the encrypted nature of Nedbank’s systems makes the communication between the company and customer secure.
“All electronic communication between our client’s device (whether phone or computer) and Nedbank’s systems happens via a custom encrypted channel so that nobody listening in on the Wi-Fi communication can read that information,” Chatikobo said.
“A compromised Wi-Fi hotspot poses other risks, however, such as infecting the device.”
“Trusting your employer’s Wi-Fi network would depend on the cyber resilience of the particular organisation. While large corporates generally have very advanced cybersecurity, smaller companies may not.”
Chatikobo advised customers to use the Nedbank Money App, which is zero-rated on mobile networks and includes advanced security features.
“Consumers should also remember that the largest number of cyberattacks target the user, not the system, by means of social engineering such as phishing.”
“You should always be vigilant, whether at work or at home, when you receive a message that claims to be from your bank.”
FNB head of digital banking Giuseppe Virgillito told MyBroadband that FNB encouraged its customers to exercise caution when using online banking, regardless of which network they are on.
“We have confidence around the security of our platforms, whether online or mobile,” Virgillito said.
“To ensure that our customers remain protected, there are a few basic precautions they must take, which include: protecting their credentials, always checking their surroundings, and ensuring that they bank using a trusted terminal or device.”
“Assuming that their work environments take the basic precautions around security arrangements, using workplace Wi-Fi should present a limited risk,” he said.