Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is it safe to do online banking in hotel?
- Thread starter hajime
- Start date
- Sort by reaction score
It's not safe to do anything on public wifi. You always run a risk doing that. I always use a VPN when I'm using public wifi.
It's not so much about the ISP or mobile carrier but about others who might be on same local network that might intercept or monitor something. It doesn't really apply to your home network (unless you have some unknown/compromised people/devices connected to it) or to the mobile carrier as they manage and secure their network kind of like the ISP you have.
Most sites are encrypted if private info is being exchanged. But non financial sites may not encrypt everything, even logins. That's where VPN comes in handy. That and you don't want people seeing where you are going or setting up a man in the middle attack.
You are a little safer at home on encrypted wifi or on mobile network. It gets harder to have the necessary access to collect your traffic. But it can happen just the same. Public hot spots are just a much higher risk.
You are a little safer at home on encrypted wifi or on mobile network. It gets harder to have the necessary access to collect your traffic. But it can happen just the same. Public hot spots are just a much higher risk.
Thanks. Do the above suggestions apply to cases that the bank provides a hardware keypad which generates a unique code each time it is used?
So, if I want to do online banking while on vacation, it is safer to do it using my own laptop computer while connected to the Internet via a trusted friend's home network?
So, if I want to do online banking while on vacation, it is safer to do it using my own laptop computer while connected to the Internet via a trusted friend's home network?
Best to use your cell phone. If not, at least make sure your friend's wifi is encrypted.
The unique key does nothing except prevent password guessing.
The unique key does nothing except prevent password guessing.
Not true. The unique key means that the username and password are useless on their own as you cannot login or do transactions without access to the key generator. Even if someone was able to obtain the username and password by hacking the hotel WiFi, they couldn't do any harm without having physical access to the key generator.
In other words, OP, you're safe because your bank requires a unique key in each login, so just use the hotel WiFi.
The username and password would not be had by sniffing the hotel wifi anyway. The banking session would be SSL encrypted. As i mentioned, banking is a lesser issue, but I would still rather an attacker not know where my accounts are held or be able to attempt a man in the middle attack and steal info that way. With MITM, all bets are off as far as data theft. Stolen info may include routing and account numbers, in which case a username and password are irrelevant. Just depends on what is being done at the time. VPN is a much safer way to go on open wifi.
On the other hand, it would seem that anyone who ever wrote a check has already been giving away their account and routing numbers every single time.
Specifically, cell network. Only because it becomes very difficult for someone to target you. Also, an attacker will no longer be some low life sitting in a hotel lobby or parking lot with a laptop.
[doublepost=1464189374][/doublepost]
Absolutely! I hate checks and haven't used them in years. But that's the risk you take handing that info to a merchant. Same with credit cards. I'd consider them slightly more trusted than a parasite sitting on open wifi looking for a mark. It's all about relative risk. The OP asked and I provided an opinion. OP's risk acceptance is a personal decision. At least the pros / cons have been provided to help make an intelligent choice.
I always bank on mobile now ...just due to convenience of opening an app, instead of a browser. Of course we now know the SS7 used in for cell phones can be hacked now anyway...
Last edited:
At least for me, my bank and credit card online sites are already encrypted before you even log in. And such sites should be encrypted that way right from the start.
A friend mentioned that if I use those small security device from the bank, I don't need to worry even I use the wifi in the hotel. The reason is that the device changes numbers every second or so. He said that if something goes wrong, the bank will take full responsibility because it is they who offered the security device and online banking service. What do you think?
Here's my thoughts...
When I go to hotels, there are always a bunch of "Hotel Free Wifi" connections/logins. How do you know which one is or isn't legit?
If I was a criminal, I'd hang outside a posh hotel, set up my computer with a "Posh Hotel Free Wifi" name, and see who connected. I'd then be looking at/logging every keystroke they sent, webpage they visited, and oh yeah, I'd be trying to inject malware on their computers also.
Or maybe the hotel IT guy is bored, and wants to monitor what you are doing.
In any event, your little security device most likely encrypts your password or adds an extra layer of security for your bank log in, but unless you are using a VPN or something else, I don't believe it would keep anybody from seeing anything else that is going on.
When I travel, I always use my cell phone. I only use a public network in extreme, dire emergencies, and I don't do any financial transactions.
When I go to hotels, there are always a bunch of "Hotel Free Wifi" connections/logins. How do you know which one is or isn't legit?
If I was a criminal, I'd hang outside a posh hotel, set up my computer with a "Posh Hotel Free Wifi" name, and see who connected. I'd then be looking at/logging every keystroke they sent, webpage they visited, and oh yeah, I'd be trying to inject malware on their computers also.
Or maybe the hotel IT guy is bored, and wants to monitor what you are doing.
In any event, your little security device most likely encrypts your password or adds an extra layer of security for your bank log in, but unless you are using a VPN or something else, I don't believe it would keep anybody from seeing anything else that is going on.
When I travel, I always use my cell phone. I only use a public network in extreme, dire emergencies, and I don't do any financial transactions.
or something like this :- http://www.tinyhardwarefirewall.com/
It's a VPN. That's what's special about PIA. Depends how secure u wanna be based on performance.
Last edited: