How do I stay safe when using internet banking?

Rufaro Madamombe Avatar
Typing on laptop

Most banks in Zimbabwe now offer you online banking. Some banks like ZB Bank have completely stopped processing manual RTGS and internal transfer application forms. So given how you might already be using internet banking or will soon start using it, you might be wondering how do I stay safe when using internet banking? Here are some tips to consider.

Make sure your password is always strong

If you are not already using a strong password, one that has a mixture of numbers, letters, and symbols, then you’ve got to start now. Even though your bank will probably make sure everything is secure on their end, how secure your account is, will come back to what you’re doing when you’re using internet banking.

So your main line of defence is your password. Make sure it is strong and change it regularly like maybe once every 3 months or 6 months. Also when it comes to your username and password details, only share them with people you trust, ideally, it’d be best not to share with anyone at all but sometimes you might not have an option. And don’t just write them in a place where anyone can easily get them e.g a text/word document file on your computer or on a piece of paper.

Activate two-factor authentication if your bank’s internet banking has it

Some banks offer you two-factor authentication which will require you to enter a code that is sent to you after you enter your password. This code can be sent to you via SMS or you can get it through an app that generates the codes if your bank has it. You’ve probably used two-factor authentication to secure your Gmail account or when you sign up for services like WhatsApp that send you a one-time 6 digit code password when you first create an account.

Two-factor authentication will make sure that no-one else will be able to access your internet banking account if they don’t have your phone since they won’t get the codes. So if your bank offers it for internet banking then definitely get it set up as it will be one extra thing that a hacker has to go through in order to gain access to your account.

Only use internet banking from secure places

Whenever you use internet banking, make sure you’re using it from a secure internet connection. Generally, it’s not a good idea to use internet banking from an unsecure connection because someone else who is connected to the same Wi-Fi can easily read the data you’re sending since the connection not secured by encryption methods.

So someone may read your username and password details for your account while you’re trying to log in and they’ll then use those credentials to gain access to your account. Most bank’s use SSL certificates on their websites to make a secure connection between you and their website when doing internet banking. So you might not have to worry about this but always make sure that it is using an SSL certificate by checking if the left top corner where the URL has a green lock or says secure.

Another thing is that if you’re going to be using it from a laptop that’s not yours, make sure that you trust the person who owns the laptop that their laptop doesn’t have any malicious software that could grab your internet banking details when you try to log in. And if you do use internet banking from a public laptop or a friend’s laptop which is not encouraged, make sure you do the following.

Always log out after using internet banking

After you’ve made all the transactions that you wanted to do online, you should then immediately log out of the account. Leaving your internet banking logged in is very dangerous especially if you had used a public computer or a friend’s laptop. If you hadn’t logged out, anyone who uses the same computer can easily gain access to your funds.

So always make sure you log out if it was a public computer that you used, however, you should not use a public laptop at all for internet banking as many other people use it and you don’t know what they put in it that could affect your account.

Type your bank’s internet banking URL directly to get there

It might be very convenient to just type in Google “(My bank) internet banking”, however, the problem with that is that you might end up at a website that is not your bank’s. So you type that in and a number of search results will appear. The risk that’s there is that you’ll click on a search result that isn’t the real internet banking website of your bank.

Sometimes, when you arrive at that website, it looks very very authentic that you might even believe that it is the real one. So you end up typing in your details thinking that you’re about to log in and do your transactions. After entering your details, you are met with an error message that might say “service unavailable please try again later”.

That doesn’t seem unusual, I mean, unfortunately, online services go offline quite frequently and you just decide to follow the error message and try again later. Problem is whoever owns the website has already captured your details and they can then easily go to the real website and log in.

After that, you could end up being asked to send some money to them for you to regain access to your account or worse, they could just spend the funds available and then leave your account alone. To avoid ending up in such a situation, it is better to type in the exact URL/link of your bank’s internet banking service. That way, you are more guaranteed to end up at the right place.

Watch what you click online to secure your internet banking account

To click or not to click, that is a question you should be asking yourself for anything especially when it comes to internet banking. If you click on the wrong link, you could end up in the same situation as we just saw above. Now, you could get an email claiming to be from your bank and asking you to change your details because of some security risk.

This sounds very good, right? I mean, your bank is looking out for you. The problem is if you don’t check if the email is really from your real bank then you could end up entering your old details, which is a common thing when trying to change your details, but after doing that, an error occurs or even worse, it claims to have changed the details and you are happy thinking you’re secure again.

Just like the earlier scenario, they’ve already got your details and they didn’t change anything so they can do whatever they want with your account. If you’re not sure which email your bank uses when you receive such an email, call them and ask to speak to someone who can help you with your account and let them know about the email you just received. If it’s not from them then they’ll let you.

Keep your devices and yourself up to date

Lastly, just like how your password is the main line of defence against hackers who might want to get a hold of your credentials and use your online banking account, your device is your main vulnerability. If your device is outdated, it might have a software vulnerability that a hacker could use to gain access to your device.

After they have access to your device, they could then monitor what you do and eventually grab your details when you enter them to use internet banking or they could get them from an insecure file e.g a word document/text file that have the username and password if you had stored them there which is a very bad idea.

So keep the software on your laptop, smartphone or browser always up to date with the latest version as they’ll be the devices you’ll use to do internet banking. Staying up to date doesn’t just end with your device, always know what’s happening with your account so it is a good idea to turn on login notifications if they’re available so that if someone attempts to log in, you’ll be notified.

If you find yourself in an unfortunate situation where you’ve been hacked, contact your bank immediately for information on what to do after being hacked.


  1. MacdChip

    ”….So someone may read your username and password details for your account while you’re trying to log in and they’ll then use those credentials to gain access to your account….”

    That is a bit of scare-mongering gone overboard!

    Can you please clarify that. All banks now implement SSL certicates under https, how can someone then easily read your username and password?

    Otherwise you have covered most 101 preconditions of internet banking.

    1. Rufaro Madamombe

      Hi, Thanks for the feedback. Yes that’s true, let me fix that part as I had written it assuming the connection wasn’t encrypted but like you said, banks are kind of required to have SSL certificates for internet banking.

  2. Garikai Dzoma

    Excellent advice may I point out however that a lot of online banking portals I know do not allow you to use symbols in your password.

    1. Rufaro Madamombe

      Hi, Thanks for sharing, I didn’t know that. So what can one do in terms of password strength, will a password with just numbers and letter be enough? Do they also restrict the length of the password?