很少有人会想到在网上进行金融交易的安全方式。有些人连接到公共WiFi 并(WiFi and purchase items)在亚马逊(Amazon)上购买商品或进行网上银行业务。此类行为使您面临许多风险,并且使他人很容易窃取您的财务数据(例如信用卡(credit card)详细信息)并利用它来伤害您。这就是为什么我们决定编写本指南的原因,我们将在其中向您展示在台式计算机和智能手机和平板电脑等移动设备上进行安全在线金融交易的最佳实践。让我们开始吧:
如何从连接到可信网络的计算机执行金融交易
如果您连接到受信任的网络,例如您家中或工作场所的网络,那么您不需要任何其他东西,除了安装并始终处于活动状态的可靠安全解决方案,它还可以监控您的(security solution)网页浏览(web browsing)。不要犹豫,阅读我们的面向所有人的(everyone series)安全(Security)系列,我们将在其中回顾适用于Windows 和 Android 设备(Windows and Android devices)的最新防病毒产品。Bitdefender、Kaspersky 或 ESET等(Kaspersky or ESET)一流的防病毒(Top-notch antivirus)产品具有安全的浏览器或银行和支付保护模块(banking and payment protection modules),您应该将其用于此类交易。
起初它们可能看起来很麻烦,但你不会后悔使用它们。借助此类安全功能,您可以确保您的交易不会被键盘记录器或嗅探您的网络流量(network traffic)的第三方拦截。
如何从连接到公共网络的计算机执行交易
就个人而言,我避免在连接到公共网络时进行任何类型的金融交易。免费 Wi-Fi 可能意味着有人在附近,嗅探通过该网络的流量,您也可能成为中间人攻击的受害者。如果您必须在连接到公共无线网络时进行金融交易,请特别注意浏览器或您的安全套件(security suite)给出的警告。现代桌面(Modern desktop)浏览器能够检测到有人试图用假证书替换安全证书,并试图成为您的计算机和您访问的网站之间的中间人。如果您的浏览器显示某些证书无效或您的安全套件(security suite)报告任何可疑情况,立即停止并断开与该网络的连接。连接到更受信任的网络后,最好立即更改通过该网络访问的服务的密码。
一个好主意是连接到加密您的网络流量的受信任的(network traffic)VPN 服务(VPN service),这样它就不会轻易被第三方拦截。即使被拦截,您的流量也会被加密,难以解密和理解。卡巴斯基和 F-Secure(Kaspersky and F-Secure)等一些安全产品在其 Total Security套件中包含VPN 服务。(VPN service)
另一个建议是使用现代安全套件中包含的功能,这些功能可以在与操作系统(operating system)的其余部分隔离的保险箱中运行您的浏览器,从而更难拦截您正在执行的操作。一些安全产品还使用自己的VPN服务对通过该保险箱的流量进行加密。
许多人在旅途中也使用移动互联网USB 调制解调器(USB modem)进行连接。使用此类连接比使用您一无所知的随机免费Wi-Fi安全得多。(Wi-Fi)如果您可以在两者之间进行选择,请始终使用您自己的USB 调制解调器(USB modem)进行金融交易。
如何从公共计算机执行金融交易
绝对不(NOT)建议从公共计算机进行交易。许多人使用公共计算机,他们可以安装您一无所知的键盘记录程序和其他形式的恶意软件。此外,他们可能无法使用我们在Digital Citizen上定期审查的现代防病毒产品来保护它们。如果您确实必须使用公用电脑进行金融交易,我们建议如下:
- 使用免费的在线防病毒扫描程序(online antivirus scanner),就像我们在这里审查的那样,扫描它是否存在恶意软件。如果检测到威胁,请勿使用该计算机进行任何类型的金融交易。
- 如果上面安装了安全产品(security product),请仔细检查它是否处于活动状态,或者在需要时自行启动它。
- 如果安装了更现代的网络浏览器,请使用其隐私浏览功能浏览网络。阅读本指南以了解它是如何完成的:如何在所有主要 Internet 浏览器中浏览(All Major Internet Browsers)Web 隐身(Web Incognito)。此类浏览模式可确保不会存储任何历史记录,并且一旦您关闭浏览器,所有 cookie 和活动会话就会消失。其他人将无法从您中断的地方继续。
- 请注意(Pay attention)您从Web 浏览器(web browser)或安装在该公共计算机上的安全产品收到的所有警告。(security product)如果您的浏览器显示某些证书无效或您的安全套件(security suite)报告任何可疑情况,请停止使用该计算机。
- 不要让您使用的网络浏览器记住您输入的密码。
- 在关闭它们之前,请始终从您登录的所有网站注销。
如何通过智能手机或平板电脑进行金融交易(smartphone or tablet)
如果您需要通过智能手机或平板电脑(smartphone or tablet)进行网上银行,请尽量不要使用可用的移动浏览器。从安全角度来看(security perspective),移动浏览器不像桌面浏览器那样进化。相反,请安装您的银行提供的银行应用程序(banking application)或您正在使用的商店提供的移动应用程序。此类应用一般具有良好的加密性,在移动终端上使用更安全。
对于具有可用安全套件的移动平台 - 始终使用它们。如果您买不起具有更多安全功能的商业解决方案,请考虑至少安装一个受信任的免费安全解决方案。(security solution)不要犹豫,阅读我们的面向所有人的(everyone series)安全(Security)系列,我们将在其中回顾适用于Windows 和 Android 设备(Windows and Android devices)的最新防病毒产品。
如果您连接到公共无线网络(wireless network),则容易受到中间人攻击和网络嗅探(network sniffing)。一个好主意是连接到加密您的网络流量的受信任的(network traffic)VPN 服务(VPN service),这样它就不会轻易被第三方拦截。即使被拦截,您的流量也会被加密,难以解密和理解。
请记住,关闭智能手机或平板电脑(smartphone or tablet)上的Wi-Fi并使用与移动提供商的蜂窝连接会更安全。这种连接往往更安全,也更难闻。
注意你的密码使用
无论您从哪里进行金融交易,都不要为您的电子邮件帐户和您进行任何类型金融交易的网站上的帐户使用相同的密码。为您的电子邮件帐户和Amazon 或 PayPal 帐户(Amazon or PayPal account)使用相同的密码是一个巨大的漏洞。
想想您进行金融交易的所有地方,并确保每个帐户都有一个唯一的强密码。您会惊讶地发现有这么多地方都在存储您的信用卡信息(credit card information)。这里只是几个,让您开始思考:Amazon、PayPal、Steam、Google Play Store、App Store、Windows Store、PlayStation Network、GOG、eBay、您乘坐的航空公司、Booking.com、与您预订假期的旅行社等。我们强烈建议您阅读这篇关于密码使用(password use)的文章:密码安全(Password Security)- 将您的愚蠢习惯变成极客习惯(Dumb Habits Into Geek Habits)。
结论
我们希望您发现这篇文章很有用。如果您有其他要分享的提示和建议,请不要犹豫,使用下面的评论表进行分享。
How to make safe banking and financial transactions when online
Vеry few people think about the safe way of making finаncial transactions when online. Ѕome connect to public WiFi and purchase items on Amazon or do onlіne banking. Such behavior expoѕes you to many risks and it makes it easy for others to steal your finаncial datа lіke your credit card detaіls and use it to harm you. That's why we decided to write this guide in whiсh we will show you the best practices for making safe financial transactions when online, both on desktop computеrs and mobile devices likе smartphones and tablets. Let's get ѕtarted:
How to perform financial transactions from a computer connected to a trusted network
If you are connected to a trusted network such as the one from your home or from your workplace, then you don't need anything else except having a solid security solution installed and active at all times, that also monitors your web browsing. Don't hesitate to read our Security for everyone series, where we review the latest antivirus products for Windows and Android devices. Top-notch antivirus products like Bitdefender, Kaspersky or ESET have safe browsers or banking and payment protection modules that you should use for this kind of transactions.
They might seem like a hassle at first but you won't regret using them. With the help of such security features, you are sure that your transactions are not intercepted by keyloggers or third parties that sniff your network traffic.
How to perform transactions from a computer connected to a public network
Personally, I avoid making any kind of financial transactions when connected to a public network. Free Wi-Fi can mean that someone is nearby, sniffing the traffic going through that network and you can also be the victim of man-in-the-middle attacks. If you must make financial transactions when connected to public wireless networks, pay special attention to the warnings given by the browser or your security suite. Modern desktop browsers are able to detect when someone tries to replace security certificates with fake ones and try to be the middleman between your computer and the websites that you visit. If your browser says certain certificates are invalid or your security suite reports anything suspicious, stop and disconnect from that network immediately. It is also good to change the passwords for the services you accessed via that network as soon as you get connected to a more trusted network.
A great idea is to connect to a trusted VPN service that encrypts your network traffic, so that it is not easily intercepted by third parties. And even if it is intercepted, your traffic is encrypted and difficult to decrypt and make sense of it. Some security products like Kaspersky and F-Secure include VPN services in their Total Security suites.
Another recommendation is to use the features that are included in modern security suites which can run your browser in a safe box that's isolated from the rest of the operating system and make it harder to intercept what you you are doing. Some security products also encrypt the traffic that goes through that safebox, using their own VPN services.
Many people also use a mobile internet USB modem to connect when they are on the road. Using such connections is much safer than using random free Wi-Fi you know nothing about. If you can choose between the two, always make financial transactions using your own USB modem.
How to perform financial transactions from a public computer
Making transactions from a public computer is definitely NOT recommended. Public computers are used by many people who can install keyloggers and other forms of malware that you know nothing about. Also, they might not be secured with a modern antivirus product like the ones we review regularly on Digital Citizen. If you really must use a public computer to make financial transactions, we recommend the following:
- Use a free online antivirus scanner, like the ones we reviewed here, to scan it for malware. If threats are detected, don't use that computer for financial transactions of any kind.
- If there is a security product installed on it, double check that it is active or start it up yourself if needed.
- If more modern web browsers are installed, navigate the web using their private browsing features. Read this guide to learn how it's done: How To Browse The Web Incognito In All Major Internet Browsers. Such browsing modes guarantee that no history is stored and, as soon as you close the browser, all the cookies and the active sessions are gone. Other people won't be able to resume from where you left off.
- Pay attention to all the warning that you get from your web browser or the security product that it is installed on that public computer. If your browser says certain certificates are invalid or your security suite reports anything suspicious, stop using that computer.
- Do not allow the web browsers you are using remember the passwords that you type.
- Always log out from all websites you have logged in, prior to closing them.
How to perform financial transactions from a smartphone or tablet
If you need to do online banking from a smartphone or tablet, try not to use the mobile browser available. Mobile browsers are not as evolved from a security perspective as desktop browsers. Instead, install the banking application provided by your bank or the mobile application provided by the store that you are using. Such applications generally have good encryption and are safer to use on mobile terminals.
For the mobile platforms that have security suites available - always use them. Consider installing at least a trusted free security solution, if you can't afford a commercial one with more security features. Don't hesitate to read our Security for everyone series, where we review the latest antivirus products for Windows and Android devices.
If you are connected to a public wireless network, you are vulnerable to man-in-the-middle attacks and network sniffing. A great idea is to connect to a trusted VPN service that encrypts your network traffic, so that it is not easily intercepted by third parties. And even if it is intercepted, your traffic is encrypted and difficult to decrypt and make sense of it.
Keep in mind that it is much safer to turn off the Wi-Fi on your smartphone or tablet and use your cellular connection with your mobile provider. Such connections tend to be safer and harder to sniff.
Pay attention to your passwords use
No matter where you make financial transactions from, stop using the same password for your e-mail account(s) and the accounts on websites where you perform financial transactions of any kind. Having the same password for your e-mail account and for your Amazon or PayPal account is a huge vulnerability.
Think of all the places where you make financial transactions and make sure that for each account you have a unique strong password. You will be surprised to see so many places are storing your credit card information. Here are just a few, to get you started with your thinking: Amazon, PayPal, Steam, Google Play Store, the App Store, the Windows Store, the PlayStation Network, GOG, eBay, the airlines you fly, Booking.com, the travel agencies with whom you book your vacations and so on. We highly recommend that you read this article on password use: Password Security - Turn Your Dumb Habits Into Geek Habits.
Conclusion
We hope that you found this article useful. If you have other tips and recommendations you would like to share, don't hesitate to share them using the comments form below.