Banking and paying bills online

Just like you protect your PIN number for your EFTPOS card, you need to protect your passwords for online banking and financial transactions.

The internet provides a convenient way to do banking and pay bills any time of the day or night. If you bank online you should be aware of the risks and learn how to protect yourself and your money.

Phishing emails are designed to trick you into disclosing personal information such as bank account details, passwords or credit card numbers. Other spam emails are used to carry Trojans and Keyloggers onto your computer without you realising it so they can track your activity and the details you enter into websites including your banking website.

Be suspicious of unexpected emails from you bank or financial institution. Learn to recognise spam and hoax emails. Read more on avoiding scams and hoaxes.

Top tips

Make sure your computer is secure—follow the advice in the Secure your computer section of this website.
It is important to use only a trusted and secure computer to access your Internet banking account. Using publicly shared computers, such as those at Internet cafes, is strongly discouraged.
Always type your financial institutions website address into your browser—never use a link to your financial institution that has been sent to you by email.
Be suspicious of unexpected emails from you bank or financial institution. Remember banks don’t do business via email and they never ask you for confidential information via email.
If any windows pop up during an internet banking session, be suspicious, especially if it directs you to another website which then requests your customer identification or password.
Always log out of your internet banking session when you have finished and close the browser.
Don't email your account Details, PIN or other financial information.
Read the security advice provided by your financial institution.

Fact sheets and resources

Understanding digital certificates and why they are important to check (File size: 270Kb)

video placeholder 3 Smart behaviours to protect your personal and financial information – watch our video on protecting your personal and financial information. A text transcript is also available.

protect_finances_website The Australian Bankers' Association (ABA), the Australian Securities and Investment Commission (ASIC) and the Australian High Tech Crime Centre have produced the Protect Your Financial Identity' website to assist consumers to protect their financial identities.

What are the threats

Phishing

‘Phishing’ is a technique used to gain personal information for the purpose of identity theft. ‘Phishing’ emails give themselves away by telling you that there is a reason why you must provide personal details such as your Internet banking log-on, password, credit card number or personal identification number by reply email or through a website. It is common for ‘phishing’ emails to contain links to a website that is a convincing replica of the financial institution’s home page.

Financial institutions do not ask for confidential financial information by email.

Trojans

A Trojan, as the name implies, secretly carries often-damaging software in the guise of an innocuous email attachment. The email and the name of the attachment are normally misleading and are often intended to entice you to open them.

Trojans can be capable of installing a ‘keystroke logger’, which captures all of the keystrokes entered into your computer keyboard. Some specifically seek to capture passwords you enter at certain websites, by capturing keystrokes or taking screen shots of sites you visit.

Using Internet banking

When banking on the Internet follow these steps:

Always access your bank’s website by typing the address into the browser.
Keep your computer up-to-date with anti-virus, anti-spyware and firewall software and the latest patches.
Set strong passwords and update the regularly. Read more on setting passwords.
Always memorise your password or PIN and do not write it down or store it on your computer.
Confirm that your data is encrypted between your computer and the bank. Refer to How to tell if a website is secure below
Always log out from the Internet banking menu when you finish all your banking.
Close your Internet browser after logging out at the end of each Internet banking session.
Beware of any windows that ‘pop up’ during an Internet banking session and be very suspicious if it directs you to another website which then requests your customer identification or password.

Protect yourself from fraudulent websites

Watch out for copycat websites that deliberately use a name or web address very similar to that of a real financial institution. These website can be designed to catch you if you mistype the web address but are also sent out with spam emails with the intent is to lure you into clicking onto the website and entering your account number and password. Always check to see that you have typed the correct website address for your bank before you begin.

How to tell if a website is secure

Check that the banks digital certificate is present and valid. Look at the web address for https:// instead of http:// and look for a locked padlock or key in the browser window. For further details about how to do this read the fact sheet Understanding digital certificates and why they are important to check (File size: 270Kb).

Further information

Many financial institutions provide information and services which enhance the security of financial transactions. It may be useful to visit the online security section of your financial institutions website.

The Australian Bankers' Association (ABA), the Australian Securities and Investment Commission (ASIC) and the Australian High Tech Crime Centre have produced the 'Protect Your Financial Identity' website to assist consumers to protect their financial identities.

News