Print This Issue

One Step Ahead
May 12, 2009, Volume 55, No. 33

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Online Statements and Bill Payments: Safer Than Paper?

The number of people who have switched over to electronic personal banking in the last few years has skyrocketed, especially when it comes to paying bills online, and it’s easy to see why. Not only is it convenient, but the savings in time—and postage—can add up. And, in an era of heightened “green” consciousness, many online banking customers view dealing with fewer printed bills and statements as “a good thing.”

But is it safe? Many people are hesitant to enable their banking and credit card information for online access via the Web in the belief that it will raise their vulnerability to identity theft by hackers and other “electronic thieves.” The wide consensus of security experts, however, is that paper bills and statements sent via postal mail are much more susceptible to theft or tampering than those transferred and downloaded by the customers directly over a secure connection.

The sites operated by FDIC-insured banks offer services that are secured and encrypted using minimum 128-bit encryption, and most offer multiple levels of security in addition to passwords to protect customer accounts. For example, PNC Bank’s site will display a customer-chosen graphic and caption on login in order to defeat “man in the middle” exploits. If an incorrect graphic and caption are shown (or none are shown at all), the session may have been hijacked by an “impostor” server, and the customer should disconnect and call the bank. As with most computing resources, though, the most important thing is to choose a strong password, and in the case of banking websites, it’s a good idea that it not be one that is used on any other site or server you access.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - May 12, 2009, Volume 55, No. 33