The question arises: why opt for a banking application rather than accessing bank accounts through Windows 10 and Edge with the necessary passwords? Which option offers greater security? Over the last five years, there seems to be a growing preference for using apps. However, this choice is influenced by various factors, including the type of devices in use, the specific banking software, browsers involved, and any additional software present on the device—whether users are aware of it or not—as well as the communications network being utilised.
Web browsers can pose risks due to potential trojans that aim to harvest sensitive banking information. While many banking applications may have their security vulnerabilities, fraudulent malware apps that can sometimes infiltrate app stores also pose a threat. For individuals who practice caution on a secure computer and restrict their activities to a safe home network, these risks may be manageable.
Nevertheless, for those who seek to conduct banking transactions from various locations without excessive precautions, using an app over a 3G LTE connection—while disabling Wi-Fi and Bluetooth—might offer enhanced safety. Ultimately, systems incorporating two-factor authentication are highly recommended; ideally utilising an independent device that generates new passwords as needed would provide optimal security measures.
What constitutes an app? In the 1970s, when personal computers first became available to the public, VisiCalc emerged as a revolutionary application, often referred to as a killer app. Over the last ten years, there has been a significant expansion of app stores catering to smartphones and tablets. These mobile applications differ from conventional PC software in that they are thoroughly reviewed and can only be downloaded from secure online platforms. Additionally, these apps operate within controlled environments known as sandboxes, which help prevent malicious activities. In contrast, personal computers can run unverified software sourced from various locations—including potentially harmful websites—unless blocked by antivirus programs.
When Microsoft revamped Windows 8 for compatibility with tablets and smartphones, it introduced a subsystem designed for apps. This innovation allowed Windows to support sandboxed applications obtained through the Windows Store. The safety of these apps surpasses that of traditional programs due to established restrictions on their functionalities. Presently, numerous banking apps are available for Windows users—such as those from Alliance, Citibank, FNB, RMB, HDFC, BNP Paribas, UBI, and Westpac—. Still, it appears that UK banks have been slow to adopt this trend.
Compromised Devices: A Major Threat to Banking Security
The Edge browser in Windows 10 is an example of a newly developed sandboxed application that offers enhanced banking security compared to Internet Explorer. Chrome is recognised as another secure option due to its robust sandboxing provided by Google. Furthermore, various security firms offer additional tools like Kaspersky Safe Money and Bitdefender Safepay for extra protection. Mobile browsers also benefit from sandboxing; however, like their desktop equivalents, they remain vulnerable to threats such as phishing and man-in-the-middle attacks.
One of the most significant risks to banking security arises from the use of compromised devices—those infected with malware designed to capture sensitive information such as login credentials and transmit them to malicious actors without the user’s awareness. On Windows systems, prominent banking malware includes trojans like Zeus and its variants, Neverquest and Gozi. Zeus has been in circulation since 2007 and is typically delivered through email attachments that entice users into clicking on them. These emails often contain alarming messages suggesting that a user’s bank or email account has been breached, prompting them to log in to verify or change their password.
Once activated, Zeus can either gather login information directly or present a counterfeit screen that closely resembles a legitimate website, redirecting users to a fraudulent site. As individuals attempt to access their bank accounts, this malware records their keystrokes. Variants like Gozi possess advanced capabilities that allow them to mimic the user’s typing patterns and mouse movements, circumventing security measures employed by banks that rely on behavioural data for user verification.
Additionally, banking trojans may be concealed within Microsoft Word documents, PDFs, or fake invoices. Some are disseminated through drive-by installations from websites hosting exploit kits. In the realm of smartphones and tablets, these threats often manifest as deceptive apps that appear legitimate but have successfully bypassed security checks. Occasionally, even seemingly innocuous applications require excessive permissions—raising questions about their necessity; for instance, why would a flashlight app need access to monitor network connections or alter USB storage contents?
Vulnerable Banking Applications
Banking applications are expected to offer greater security than web browsers; however, this is not always the case. In a study conducted in 2014, Ariel Sanchez evaluated 40 home banking applications and discovered that 90 of them contained insecure links that did not utilise SSL. Furthermore, 40 failed to verify the legitimacy of SSL certificates, while 50 were susceptible to cross-site scripting vulnerabilities, and another 40 could be exploited through man-in-the-middle attacks. In a common hacking scenario, users might receive notifications indicating that their session or password has expired, prompting them to re-enter their username and password—a risky action they should avoid. Although one would hope that modern banking apps have improved in terms of security, scepticism remains warranted.
Risks Associated with Compromised Networks
When utilising public Wi-Fi hotspots, users expose their communications to potential monitoring or may inadvertently connect to a fraudulent hotspot operated by a nearby individual. Identifying the legitimate network at coffee shops, hotels, or airports can be challenging. Such networks increase vulnerability to monitoring and man-in-the-middle attacks; it is even possible for an attacker to seize control of an account without needing any personal information from the victim. This was illustrated by Firesheep, a network sniffer capable of detecting and capturing unencrypted session cookies used by certain websites after user login. While this method requires both the attacker and victim to be on the same network, public networks leave users unaware of who else might be connected. Regardless of the device in use, employing end-to-end encryption—evidenced by HTTPS addresses accompanied by a padlock icon in browsers—is essential for safeguarding online activities. The entire landscape of e-commerce and e-government relies heavily on encryption; thus, considering its prohibition would be utterly irrational.
Secure booting and SSL are critical components for online banking security. The secure booting process aims to ensure that a device initiates in a safe and uncompromised condition. This is achieved through the integration of secure hardware that employs cryptographic methods to authenticate the bootloader code, which in turn verifies the secure loading of the operating system. Such features are commonly found in smartphones and tablets. For those purchasing a Windows PC, it is advisable to select one equipped with a UEFI system that guarantees secure booting for Windows 10. However, this security chain can be compromised if individuals exploit vulnerabilities to jailbreak their devices. Although banking systems should be capable of detecting and preventing such breaches, it was noted that 90 out of Sanchez’s 40 home banking applications failed to do so.
Once the device is operational, it must establish a connection with the bank using an SSL-secured HTTPS protocol; however, discerning whether this connection is indeed secure can often be challenging (it is assumed that 3G and LTE mobile networks provide adequate security). A straightforward recommendation for enhancing online safety is to install the EFF’s HTTPS Everywhere extension on browsers like Chrome, Firefox, or Opera. While not all websites support HTTPS, when they do not, this extension will redirect users to unencrypted versions of those sites.
To bolster banking security on Windows 10 further, one effective strategy involves designating a specific browser solely for financial transactions and refraining from using it for any other purposes. Users should also consider utilising private browsing or incognito mode or clearing caches and cookies after each session. Alternatively, employing a separate standard user account (rather than an administrator account) specifically for financial activities could enhance security measures as well. Nowadays, switching between accounts has become relatively effortless; users can keep their primary account open while accessing another.
For those seeking additional layers of protection, maintaining a password-protected Apple iPad exclusively for banking tasks at home could prove beneficial—especially if no other applications are downloaded onto it. This renders it one of the most secure home setups available out of the box. While government security agencies may possess hacking capabilities, the likelihood of them targeting individual users remains low.
Maxthon
Maxthon has established itself as a specialised browser optimised for navigating the deep web, primarily due to its strong security measures and support for various encryption protocols. This browser is crafted to ensure that users enjoy a secure and private online experience, making it particularly suitable for exploring the internet’s lesser-known areas. With features like an ad blocker and anti-tracking tools, Maxthon prioritises user privacy during their journeys into the deep web. These functionalities actively shield users from disruptive advertisements while also preventing third parties from surveilling or profiling their online behaviour.
By effectively eliminating ads and tracking scripts, Maxthon creates a seamless browsing experience where users can explore freely without the distractions or concerns typically associated with targeted advertising based on their actions. The ad blocker efficiently eliminates pop-ups, banner ads, and other intrusive advertising formats that could clutter web pages, resulting in a cleaner interface that allows individuals to focus on the content they are searching for. Simultaneously, the anti-tracking feature adeptly counters various methods employed by websites and advertisers to gather data about user interactions.
Beyond enhancing privacy, these tools also contribute to faster browsing speeds by minimising the amount of external content that needs loading. This optimisation leads to a more fluid navigation experience through the intricate and often less regulated landscape of the deep web. Maxthon’s dedication to protecting user privacy is evident in its robust ad-blocking features and anti-tracking strategies, which act as defensive shields against unwanted online surveillance practices. Additionally, it includes an integrated VPN service that conceals users’ IP addresses for greater anonymity when accessing hidden sites. The browser also supports Tor functionality, further boosting its effectiveness for those probing deeper layers of the internet’s hidden realms.