In a Nutshell: Approximately 46% of Americans have had their credit card number stolen in the last five years. The statistics don’t reveal how those credit card numbers were obtained, but lax Wi-Fi security is likely a culprit of those crimes. Every day, consumers log in to free Wi-Fi networks at coffee shops, airports, and hotels and trust the connection to be up to date with the latest security standards. Web criminals often look for vulnerable public wifi hotspots to steal and record any information traveling along the signal. Older WPA2 protocols set by the Wi-Fi Alliance will get a makeover in 2018 with the unveiling of WPA3 standards that should make common activities like conducting mobile banking transactions in public more secure.
I can’t remember the last time I went a day without relying on a Wi-Fi signal for internet access. Whether at home, on the road, or as I sit here typing this in an office connected wirelessly to the internet, I need a reliable wifi connection.
Many businesses provide their customers with complimentary Wi-Fi access, but those coffee shops, hotels, and conference centers rarely check to ensure their signals are updated with the latest security patches. Any information sent and received on these networks could be intercepted by cyber criminals who take advantage of substandard network security or easy-to-guess router passwords to access user data.
For years, consumers have been warned against conducting financial transactions over public networks. While that warning should still be heeded, recent advances in technology can mitigate some of the risks associated with using public Wi-Fi networks.
Every Wi-Fi CERTIFIED device sold in stores uses the encryption algorithms in WPA2 (Wi-Fi Protected Access) technology to protect user privacy online. But over time, criminal hackers have found ways to crack the WPA2 encryption, which debuted in 2004, enabling them to enter and exit a network without the owner ever knowing. Recent WPA2 updates have patched those potential areas of concern, keeping those devices, and the data they transmit, secure.
But when a malicious hacker gains entry to a network, everything traveling across the signal becomes fair game — even that time you checked your savings account balance really quickly while sitting in the airport before a trip.
The Wi-Fi Alliance, whose 800+ members include companies such as Apple, Samsung, and Intel, is charged with setting the standards for Wi-Fi security. The Alliance recently released WPA2 security updates and announced a 2018 release for WPA3. Until that new level of encryption becomes standard, here are some steps you can take to protect your financial data if you must use public Wi-Fi signals to conduct personal transactions.
How to Keep Your Info Private When You’re Out in Public
The technology used by criminal hackers to access Wi-Fi data seems to evolve faster than the security solutions available to consumers. Staying ahead of cybercrime trends is hard enough for the software giants, so how is the average Joe Consumer supposed to protect himself?
1. Use Two-Factor Authentication
The extra login steps required by some apps may seem like a waste of time, but they’re worth it. Two-factor authentication requires a user to log in to a website or application using their password and then enter a second passcode sent to them via text message.
Currently, this is predominantly used when a user attempts to log in from a device the website doesn’t recognize. Future changes are in place to make these steps more common for every login attempt.
While the process is indeed slower, it’s simply more secure than any other login method when using public Wi-Fi. Even if a malicious hacker gains access to your financial password, he or she would have to also take control of your phone’s messaging system to get the passcode needed to get into your account.
2. Use Only Secure Banking Apps and Websites
This one can be as simple as looking at the URL of the website you’re visiting. If it starts with HTTPS:// then the company has switched over to a full-time secured connection that provides encryption for all of the data transmitted to and from the website.
While the migration to HTTPS has been underway for several years, some companies have been slow to adapt because of the time and financial expense of making the switch. Most large banks have moved to secured servers, but it’s still smart to look at your address bar before typing any sensitive details like passwords or Social Security numbers.
Checking the security of your financial institution’s applications is not as easy, as they do not feature address bars. Your bank’s website should provide information about its app security. If you’re still in doubt, call customer service and ask what standards they use.
3. Keep Your Firewall Enabled at All Times
Laptops and other PC devices communicate with the help of ports. Non-secured HTTP communication typically takes place over port 80 — one of your computer’s 65,535 total ports. Any unused and opened port can become an avenue for criminals to enter your computer.
Many laptops and PCs come with firewall software that seals access to ports and makes it difficult for attackers to scale their way into your network. Depending on the operating system you’re using, enabling your firewall can take a few moments and less than five mouse clicks — a small price to pay for peace of mind.
4. Keep Your Device Updated
I can’t be the only person who gets the “Your Phone is Ready for an Update” message at the worst possible times. I’ve been guilty of habitually hitting the “Remind Me Later” button until the phone gives up and forces the update through.
Although many people swear their phones always act up after an update is completed, these updates often feature critical patches that fix security flaws that could put your financial data at risk. By promptly completing your phone software updates, you can help stay ahead of trends in cyber theft.
5. Turn Wi-Fi OFF When You’re Done
After you’ve concluded your work, make sure to turn off your device’s Wi-Fi. Even when you’re not accessing the internet, programs running in your phone’s background could be communicating with the web and searching for updates or new messages. Those updates could include personal information like account numbers.
6. Use a Specialized Secured Browser
While a majority of web surfers use the default browser on their smartphones, a wealth of alternatives are available to meet your browsing needs. A new age of secured browsers feature add-ons and plugins that, while not a complete defense against attacks, provide an extra layer of protection that can improve your browsing experience when combined with other defense measures.
7. Use Credit Cards Instead of Debit Cards
A lot of the marketing used to sell internet security software addresses the dangers of having your credit card numbers stolen. While no one wants to have that information hijacked, more than 46% of Americans have become victims of the crime in the last five years.
Debit cards, on the other hand, contain added information, including bank account data that is much harder to change than a credit card number should a breach occur.
If you’re shopping via a public Wi-Fi network, use a credit card instead of a debit card to fund your purchases.
The Future of Wi-Fi Looks Bright, Fast, and Safe
The Wi-Fi Alliance, the organization that sets the standards for Wi-Fi safety, announced in January 2018 the forthcoming release of WPA3.
Expected to roll out later in 2018, the improvements provide greater functionality for the Internet of Things (such as home appliances and other devices with limited or no displays) and increase security measures by blocking outsiders from guessing Wi-Fi passwords.
Perhaps the biggest change is the added encryption of all information traveling through public Wi-Fi networks and an open network that provides every person using the signal a secure and private channel of their own — meaning no more mass streams of data available to criminal hackers.
Devices supporting WPA3 will be released later in 2018; in the interim, WPA2 devices will still be available in stores. Fortunately, WPA3-enabled routers will accept both WPA2 and WPA3 connections.
The changes instituted by the Wi-Fi Alliance are designed to give consumers confidence when using public Wi-Fi to conduct financial transactions or other tasks that include private information.
The internet will likely never be a completely safe place, but with a little effort and knowledge, you can avoid becoming a statistic in the seemingly daily internet data breach reports.