How safe is internet banking for businesses

Online banking: This is how the bank account is safe from fraud

For many private individuals and companies in Germany, online banking and banking apps are the most important link to their house bank. A recently published survey by the business banking platform Penta and Weltsparen showed that when it comes to financial management, digital banking is now the preferred communication channel for 94.3 percent of around 800 managing directors, owners, self-employed and people from senior management. The online banking rate of the 2,250 private individuals surveyed is just below that at 92 percent. It is also interesting that the respondents generally feel safe when using online banking, although the greatest need for improvement is expressed when it comes to data misuse.

In return, the digital association Bitkom found that among more than 1,000 Internet users in Germany, less than half change their PIN or password when banking with a PC, smartphone or tablet, and just 37 percent have installed the latest virus protection software on the devices they use.

The rules of the European Union (EU), which came into force a good year ago on September 14, 2019 with the so-called Payment Services Directive II (PSD2), are intended to make their craft more difficult for fraudsters online. "However, there will be no one hundred percent security. At best, the bank and customer can minimize the risks," says David Riechmann, specialist lawyer for banking and capital market law at the North Rhine-Westphalia consumer center.

In general, the network of consumer advice centers in Germany advises never to operate online banking in a public WLAN network, but only in the home network. The following applies: the more devices are involved, the safer the process. Even with mobile TAN processes, it is best not to process everything via smartphone.

The Federal Office for Information Security (BSI) also warns against accessing confidential data via an external WLAN network. However, if this is unavoidable when shopping on the Internet, for example, it should be noted that all data is always encrypted when transmitted to the online retailer. "Secure Socket Layer" (SSL) transmission is considered to be one of the safest methods. But what should precede all necessary security measures: "Everyone should develop an awareness that the customer himself can often be the gateway for criminals," says Riechmann.

The six most important rules for secure online banking:

High security with two-factor authentication

In many areas of electronic business processes - from mobile payments toOnline payment with Google Pay, Apple Pay, Paypal and Coup to home banking - secure authentication is required. One-factor authentication is still used in many areas, which usually relies solely on the knowledge factor in the form of a password. This has several disadvantages:

  • On the one hand, possession of this one factor is enough to break the authentication mechanism.

  • On the other hand, it is extremely time-consuming for users to create a secure and individual password for each service and to learn it by heart.

Secure two-factor authentication (2FA) can help. As a rule, after the password query, external systems are used in order to carry out a two-stage check of the user. With common two-factor systems, the provider sends a confirmation code to another device, for example a smartphone. This second factor can also be authenticated with a fingerprint (Touch ID), an additional USB token or a chip card. The important thing is that these factors come from different categories, i.e. knowledge (password, PIN), possession (chip card, TAN generator) or biometrics (fingerprint).

Multi-factor authentication with a wide variety of technologies also takes place in online banking - logging in with a password and confirming transactions additionally with TAN using the TAN process, so to speak.

  • Biallo tip: Some mobile phone providers offer various protective functions for their mobile phone tariffs, especially for children and young people. Special mobile phone family tariffs help to block certain online content and usage options.

You might also be interested in: Card fraud - watch out for cashless payments

Online banking is that safe

Especially in times of the corona pandemic, banks and savings banks offer their customers innovations and useful assistance for online banking - multibanking functions, optimized financial planners, etc. These increasingly extensive digital services not only facilitate our private and commercial banking transactions, they also harbor risks.

Everyone should take the topic of security in online banking particularly seriously, after all, it is not just the data, but the money saved that is targeted by cybercriminals. But there are ways to protect online banking against hacker attacks - such as choosing the right TAN procedure. But no matter which of the procedures is used, conscientiousness in handling is the be-all and end-all. In the following you will find a brief summary of the common TAN procedures.

The mobile TAN procedure

With the so-called Mobile TAN procedure - mTAN for short - bank customers have to register with their bank or savings bank using their mobile phone number. The bank sends the corresponding TAN number via SMS to the customer's mobile phone for every transaction, although this can only be used for a limited time.

However, the BSI recommends not using mTAN. "We have been pointing out the weak point in the SS7 protocol for a number of years", criticizes BSI President Arne Schönbohm. Criminals can easily intercept the SMS messages sent by the respective bank for authentication and misuse the TAN they contain.

The push TAN procedure

For this process, consumers have to download a special Push TAN app onto their smartphone. After each transfer, you can use it to request a TAN and transfer it directly to online banking. PushTAN is only considered secure if online banking and TAN receipt are not carried out on the same device.

The Chip-TAN process

Bank customers can use a special TAN generator here, which works with or without a giro card, and call up the TAN on the display after the order data has been transmitted. Sparkasse customers, for example, can get this compact additional device, also known as a chip card reader, from the Sparkasse shop in the cheapest version for a price of 10.96 euros. If you behave conscientiously as a user, then this procedure is considered extremely safe.

The Photo-TAN procedure

This process is also considered secure and works with the smartphone and the Photo-TAN app or a special reader. After entering the transfer data, a colorful barcode graphic is displayed on the screen and after this has been scanned, the user then receives the TAN.

If customers from Commerzbank or Comdirect, for example, activate the push function in their Photo TAN app, even typing in the TAN is no longer necessary and orders such as transfers can be approved with just one click.

How secure is mobile banking with a smartphone?

Basically, the same dangers threaten with mobile banking as with online banking with the private computer at home. In addition, however, there are specific security risks associated with mobile devices, which are obvious. PINs or TANs should never be saved on the mobile phone, otherwise fraudsters will have an easy time gaining access to personal bank details in the event of theft.

Who is liable in the event of damage?

"In principle, the bank is liable for any transfer that is not directly authorized by the bank customer. However, it can assert claims for damages. In the event of gross negligence, the bank can even demand the full amount of the damage," warns Christian Solmecke, lawyer for IT law. It is already considered grossly negligent if bank customers have outdated virus software installed on their computer.

Even more: According to Section 675l of the German Civil Code (BGB), every online banking user is obliged to "take all reasonable precautions to protect the personalized security features from unauthorized access". A clear violation is committed, for example, if you keep your PIN together with your EC card in your wallet.

What To Do In Case Of Online Banking Fraud?

Since the beginning of June, the consumer advice center has been reporting more and more phishing e-mails, which the savings banks primarily sent in the sender. Linguistically correct, with the Sparkasse logo and with emotional words, fraudsters tried to take advantage of the corona crisis. The recipients of these messages should click on a button and take "appropriate steps". But that is precisely what those affected should not do under any circumstances. Because any data that may be entered there does not end up with the Sparkasse, but directly in the hands of criminals.

Thomas Rienecker, press spokesman for the German Savings Banks and Giro Association (DSGV) says: "Certainly, fraudsters are currently increasingly trying to use the corona pandemic as a pretext to access personal data - not only from Sparkasse customers. Every large company with many customers is affected because the chances are high that the scammers will reach 'real' customers with their fake emails. "

Online banking fraud victims should:

  • Block your bank account - with a standard blocking emergency number: 49 116 116 (from abroad: 49 30 40 50 40 50),

  • contact your bank and check the transactions in your bank account,

  • only use new passwords and PINs for your account after unlocking,

  • if necessary, inform the police and contact a lawyer who specializes in internet fraud.

Biallo tip

The consumer advice center continuously collects scams that reach the so-called phishing radar.

Kevin Schwarzinger
* Advertisement: Links marked with an asterisk (*) are advertising links. If you click on such a link, buy or complete something, we receive a commission. There are no additional costs for you and you support our work.