Once an industry that revolved around paper (or, in the United States’s case, cotton) currency, banking has now, for the most part, moved online. Today you can cash your paycheck, transfer some money to savings, pay your bills, and reimburse a friend for dinner all from your bank’s app. This is undoubtedly more convenient, but with this increased access come increased security concerns.

Banks, in general, do a good job securing their apps and banking portals. You are much more likely to fall victim to a phishing scam(new window) or a malicious link than you are to have your banking account hacked (assuming you use a strong password and two-factor authentication(new window), but more on that later). Still, a trustworthy VPN can add an extra layer of security to your online banking and even make it easier to access your banking app.

How secure is online banking?

The vast majority of websites use hypertext transfer protocol secure (HTTPS). As the name suggests, this is a more secure version of the hypertext transfer protocol used to send data between your browser and a website. HTTPS uses TLS encryption to prevent your internet provider and anyone else on your network from interfering with your connection or seeing what you type or click on a website (although they still can see which website you visit). You can verify your connection is protected by HTTPS by looking for a padlock in your browser’s URL bar.

This means that as long as you are certain you are connected to your bank’s website or app, you can be relatively certain that you can go about your banking business securely.

How can a VPN help secure your banking?

Your VPN can provide additional protection to your online banking that HTTPS cannot. It can also help you access your banking app under certain conditions. 

Prevent DNS poisoning on public WiFi

When you connect to a website, you type in that website’s URL, such as https://protonvpn.com. But computers don’t actually use URLs; they use IP addresses, such as 185.159.159.140. The internet uses the domain name system (DNS) to link a URL to the correct IP address. Special DNS servers, operated by your ISP or network administrator, handle these DNS requests.

DNS poisoning or DNS spoofing is when an attacker intercepts your browser’s DNS requests and sends back their own spoofed response. Typically, the attacker will send you to a website that looks exactly like the one they are spoofing, but because it is under their control, they can see any information you enter, including your username and password. 

DNS poisoning is possible because DNS requests are not encrypted by TLS by default. Public WiFi hotspots typically do not have the same safeguards as larger ISPs and thus are easier targets for DNS poisoning.

However, if you use Proton VPN, we encrypt all of your internet traffic, including your DNS requests. We also process your encrypted DNS requests on DNS servers that we operate ourselves. This prevents DNS spoofing.

Obscure which bank you use on public WiFi

If you connect to a WiFi hotspot at an airport, restaurant, or stadium, HTTPS will prevent attacks from interfering with your connection or seeing your activity on a website, but it won’t stop them from seeing what website you are on. They could see the bank you use via their website and use this information to craft more believable phishing attacks(new window)

However, if you use Proton VPN, your connection will be encrypted and routed through one of our VPN servers before you connect to your bank’s website. Anyone else on the public hotspot will see the IP address of the VPN server but not which website or app you are using.

Access your banking app while you are traveling

If you try to use your banking app while traveling, you may have your attempt flagged as suspicious or even be denied access. Most banking sites don’t expect login attempts from IP addresses outside your home country.

Proton VPN can help you get around this geoblocking. When you use Proton VPN, the websites you connect to cannot see the IP address of the device you are using. They can only see the IP address of the VPN server you are connected to. If you connect to a VPN server in your home country, that’s where your banking app will think you are. 

Note: Some banking apps will also deny you access if your IP address does not originate from the same country where you recently made purchases. We recommend trying to access your banking app on a secure WiFi network without a VPN first. Then, if you are being geoblocked, connect to a VPN server in your home country and try again.

Only use a trustworthy VPN

When you connect to a VPN, it essentially replaces your ISP. It handles your internet connection, meaning it can see which websites you visit. Given its ability to monitor your connection, using an untrustworthy VPN can be worse than using no VPN at all.

Proton VPN is maintained by the same team of scientists who created Proton Mail, the world’s most popular encrypted email service(new window). All Proton VPN apps are open source(new window), meaning you can go and check their code to ensure they do exactly what we claim. We recently had our no-logs policy confirmed by independent experts(new window). Their report verifies we do not log your browsing history, IP address, or any other identifying metadata. 

Sign up for Proton VPN for free today to give it a try.

How to make your online banking even more secure

Using a trustworthy VPN will make it safer for you to do your banking online. But there are several other simple steps that you can take to ensure your online banking is as secure as possible. 

Use a strong password

Your password is the first line of defense for any of your online accounts. Using a strong, unique password or passphrase will make it harder for attackers to guess or bruteforce your password and get access to your banking account. We recommend a passphrase of four or five words that you do not use anywhere else.

Learn more about creating strong passphrases(new window)

Use a password manager

A password manager generates and stores passwords for all your accounts, allowing you to use more complex passwords than you could if you needed to memorize them. You only need to memorize a single master password that lets you log in to your password manager. 

Most password managers also have an autofill feature that selects the correct password for the website you are visiting. If the password manager does not autofill your password into the blanks, this is a good sign that you are on a phishing website.

Find an open-source password manager to use(new window)

Enable two-factor authentication

Two-factor authentication (2FA) is an extra layer of protection for your online accounts, typically in the form of a time-based, one-time code provided by an app on your phone. If you enable 2FA, even if an attacker manages to get a hold of your username and password, they still will not be able to access your banking account unless they can also provide the 2FA code. Nearly every banking website should offer 2FA. 

Learn more about using 2FA(new window)

Type the website address yourself

This is an old-school trick, but it is still effective. It is very easy to hide malicious URLs in hyperlinks, and even if you inspect the link before you click it, it can be difficult to verify where a shortened URL will lead. If you are led to a phishing website under the control of an attacker, not even TLS or a VPN can protect you. However, you can remove this risk by simply typing in the URL of your bank’s website yourself.

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati