Notifications
Clear all
Topic starter
25/06/2026 10:37 pm
TL;DR: Online banking risk rises when users rely on public WiFi, weak passwords, phishing-prone links, and incomplete authentication checks, according to DigiCert’s guidance on securing banking access. The real issue is that banking controls still assume users can reliably verify trust signals in hostile networks and phishing-heavy workflows.
NHIMG editorial — based on content published by DigiCert: How to keep your online banking info secure
By the numbers:
- From 1995 to 2015 the number of physical banks dropped by nearly half.
Questions worth separating out
Q: How should consumers reduce the risk of banking compromise on public WiFi?
A: Avoid banking on public WiFi whenever possible, because untrusted networks increase interception and impersonation risk.
Q: Why does multi-factor authentication help with online banking security?
A: Multi-factor authentication makes it harder for an attacker to log in with only a stolen password.
Q: What do people get wrong about checking for TLS and the padlock icon?
A: Many users assume the padlock alone proves a site is safe, but it only shows that the connection is encrypted and the certificate is valid.
Practitioner guidance
- Strengthen authentication on all high-risk banking paths Require the strongest available multi-factor option for login and sensitive account changes, and prefer phishing-resistant methods where the platform supports them.
- Reduce exposure on untrusted networks Treat public WiFi as a hostile access environment and avoid banking on it where possible.
- Verify site identity before entering credentials Check the browser certificate information and confirm the domain matches the legitimate bank before signing in.
What's in the full article
DigiCert's full blog covers the practical banking-security advice this post intentionally leaves at the guidance level:
- Browser-level certificate verification steps for checking a bank's authenticity
- Operational advice on when a VPN can reduce exposure on untrusted networks
- Specific alert types banks can send for login and transaction anomalies
- Guidance on mobile app trust and privacy settings for everyday banking
👉 Read DigiCert's guidance on securing online banking access →
Online banking security: are identity and transport controls enough?
Explore further
25/06/2026 11:13 pm
Consumer banking shows the same identity trust problem that enterprise IAM faces. The article is not really about banking convenience, it is about whether the user can verify who is asking for access and whether the connection itself can be trusted. That is the same core issue behind phishing-resistant authentication, session validation, and account takeover prevention. The practitioner takeaway is that identity assurance is only as strong as the user’s ability to distinguish the real control plane from the fake one.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- 45% of organisations cite lack of credential rotation as the top cause of NHI-related attacks, with inadequate monitoring and logging and over-privileged accounts both cited by 37%.
A question worth separating out:
Q: Who is responsible when phishing causes fraudulent banking activity?
A: Responsibility is shared across the institution, the payment ecosystem, and the customer, but the bank still has to provide strong authentication, clear alerts, and fraud monitoring. Consumers should also verify messages carefully and report suspicious activity quickly. Effective accountability depends on controls that catch abuse early and make trust signals obvious.
👉 Read our full editorial: Online banking security still depends on identity and transport trust
