How Banks Keep Online and Mobile Banking Secure


Online and mobile banking are revolutionizing the way people manage their finances. Yet some (perhaps yourself) remain skeptical of the technology.


How safe is it to have your financial information online? Consider this: As the technology associated with online and mobile banking has improved, so have the security measures to keep your accounts secure.


It’s possible that you’ve banked one way for so long — paying bills with checks, receiving print statements in the mail, depositing checks at the bank — that you’re asking yourself, why change? However, online and mobile banking allow you to perform these tasks when and where it’s most convenient for you — on your computer over your morning cup of coffee, or on your bank’s mobile app on your smartphone.


Learn about some of the many measures financial institutions take to keep your sensitive information secure on the web, as well as protective measures you can implement on your own.

How do banks keep my accounts secure?

Financial institutions have entire teams dedicated to defending your accounts from threats to help you feel confident that your information is safe.


“Banks, in general, have made great strides in making their technology more secure,” says Gregg Stephens, SVP, Fraud Prevention & Payment Security at Citizens Bank.


The key to keeping your account secure, Stephens says, is the layered security approach. That involves things you can see and those you cannot.


First, what you can see: Financial institutions want to authenticate that the person making the transaction is who they say they are and that the activity being conducted is authorized. That can be achieved in a number of ways, such as inputting a PIN number or asking security questions when signing into accounts. Most smartphones even allow you to sign into your bank’s app using your fingerprint, which is another layer of defense for protecting your online accounts.


Second is what you can’t see: monitoring the pattern of transactions and other activity on your account to detect any unusual activity. If something appears out of the ordinary, Stephens says “we want to re-authenticate or prompt for additional security to really understand what’s going on.” For example, your bank might spot two transactions in California when almost all of your transactions are made at home in Pennsylvania. Then they can follow up via phone call or text message to see if you’re on a west coast vacation or if the transactions are fraudulent.

How do I properly set my passwords?

Password protection is a necessary step for protecting your online and mobile accounts. More and more online services are requiring special characters, numbers, and a mix of lowercase and capitalized letters when setting passwords for their platforms. They’re also requiring periodic changes to passwords.


“You want to manage the complexity of the password specific to the risk associated with using the platform,” says Stephens, “but do it in a way that’s meaningful to you as an individual and therefore you can remember it.”


For example, you might be more inclined to have a less complex password for non-sensitive accounts such as a social media profile and a more complex one for your online banking account.

What are the most secure practices for anti-virus software?

Another key practice for you to adopt is setting automatic updates to your internet browsers and anti-virus software. The thinking behind this is straightforward: The more updated browsers and software you have installed on your devices, the better equipped you’ll be to thwart the latest attack methods being used.


According to Stephens, internet browsers, operating systems, and other applications release their updates to defend against what are known as zero-day attacks. This type of attack occurs when a previously unknown security vulnerability is detected and exploited by a cybercriminal before the browser or system can remediate the hole in their security. However, setting updates to occur automatically ensures you are doing your part to arm your defenses with the most capable security available, security that is capable of defending against the latest attack methods.


“If you don’t have the automatic update enabled, you may have missed the latest version of the security software and you extend your vulnerability because you haven’t gone out and manually checked,” says Stephens.

The bottom line

Banks and other financial institutions have many processes and defenses in place to keep your information secure, but there are practices you can implement on your own to help add an extra layer of security. Set appropriate passwords and stay on top of software updates to ensure that your most sensitive information remains in good hands — yours.

More information

There is nothing more important than protecting you and your information, including while banking online or on mobile. Visit our cybersecurity page to learn more about privacy, security, online fraud, and our Terms of Use.


Disclaimer: Views expressed may not necessarily reflect those of Citizens Bank. The information contained herein is for informational purposes only as a service to the public, and is not legal advice or a substitute for legal counsel, nor does it constitute advertising or a solicitation. You should do your own research and/or contact your own legal or tax advisor for assistance with questions you may have on the information contained herein.