Return to protonvpn.com Facebook   Twitter   Reddit   Instagram   ProtonMail

How to secure online banking with a VPN

Posted on April 28th, 2022 by in How-to.

 

Once an industry that revolved around paper (or, in the United States’s case, cotton) currency, banking has now, for the most part, moved online. Today you can cash your paycheck, transfer some money to savings, pay your bills, and reimburse a friend for dinner all from your bank’s app. This is undoubtedly more convenient, but with this increased access come increased security concerns.

Banks, in general, do a good job securing their apps and banking portals. You are much more likely to fall victim to a phishing scam or a malicious link than you are to have your banking account hacked (assuming you use a strong password and two-factor authentication, but more on that later). Still, a trustworthy VPN can add an extra layer of security to your online banking and even make it easier to access your banking app.

How secure is online banking?

The vast majority of websites use hypertext transfer protocol secure (HTTPS). As the name suggests, this is a more secure version of the hypertext transfer protocol used to send data between your browser and a website. HTTPS uses TLS encryption to prevent your internet provider and anyone else on your network from interfering with your connection or seeing what you type or click on a website (although they still can see which website you visit). You can verify your connection is protected by HTTPS by looking for a padlock in your browser’s URL bar.

This means that as long as you are certain you are connected to your bank’s website or app, you can be relatively certain that you can go about your banking business securely.

How can a VPN help secure your banking?

Your VPN can provide additional protection to your online banking that HTTPS cannot. It can also help you access your banking app under certain conditions. 

Prevent DNS poisoning on public WiFi

When you connect to a website, you type in that website’s URL, such as https://protonvpn.com. But computers don’t actually use URLs; they use IP addresses, such as 185.159.159.140. The internet uses the domain name system (DNS) to link a URL to the correct IP address. Special DNS servers, operated by your ISP or network administrator, handle these DNS requests.

DNS poisoning or DNS spoofing is when an attacker intercepts your browser’s DNS requests and sends back their own spoofed response. Typically, the attacker will send you to a website that looks exactly like the one they are spoofing, but because it is under their control, they can see any information you enter, including your username and password. 

DNS poisoning is possible because DNS requests are not encrypted by TLS by default. Public WiFi hotspots typically do not have the same safeguards as larger ISPs and thus are easier targets for DNS poisoning.

However, if you use ProtonVPN, we encrypt all of your internet traffic, including your DNS requests. We also process your encrypted DNS requests on DNS servers that we operate ourselves. This prevents DNS spoofing.

Obscure which bank you use on public WiFi

If you connect to a WiFi hotspot at an airport, restaurant, or stadium, HTTPS will prevent attacks from interfering with your connection or seeing your activity on a website, but it won’t stop them from seeing what website you are on. They could see the bank you use via their website and use this information to craft more believable phishing attacks. 

However, if you use ProtonVPN, your connection will be encrypted and routed through one of our VPN servers before you connect to your bank’s website. Anyone else on the public hotspot will see the IP address of the VPN server but not which website or app you are using.

Access your banking app while you are traveling

If you try to use your banking app while traveling, you may have your attempt flagged as suspicious or even be denied access. Most banking sites don’t expect login attempts from IP addresses outside your home country.

ProtonVPN can help you get around this geoblocking. When you use ProtonVPN, the websites you connect to cannot see the IP address of the device you are using. They can only see the IP address of the VPN server you are connected to. If you connect to a VPN server in your home country, that’s where your banking app will think you are. 

Note: Some banking apps will also deny you access if your IP address does not originate from the same country where you recently made purchases. We recommend trying to access your banking app on a secure WiFi network without a VPN first. Then, if you are being geoblocked, connect to a VPN server in your home country and try again.

Only use a trustworthy VPN

When you connect to a VPN, it essentially replaces your ISP. It handles your internet connection, meaning it can see which websites you visit. Given its ability to monitor your connection, using an untrustworthy VPN can be worse than using no VPN at all.

ProtonVPN is maintained by the same team of scientists who created ProtonMail, the world’s most popular encrypted email service. All ProtonVPN apps are open source, meaning you can go and check their code to ensure they do exactly what we claim. We recently had our no-logs policy confirmed by independent experts. Their report verifies we do not log your browsing history, IP address, or any other identifying metadata. 

Sign up for ProtonVPN for free today to give it a try.

How to make your online banking even more secure

Using a trustworthy VPN will make it safer for you to do your banking online. But there are several other simple steps that you can take to ensure your online banking is as secure as possible. 

Use a strong password

Your password is the first line of defense for any of your online accounts. Using a strong, unique password or passphrase will make it harder for attackers to guess or bruteforce your password and get access to your banking account. We recommend a passphrase of four or five words that you do not use anywhere else.

Learn more about creating strong passphrases

Use a password manager

A password manager generates and stores passwords for all your accounts, allowing you to use more complex passwords than you could if you needed to memorize them. You only need to memorize a single master password that lets you log in to your password manager. 

Most password managers also have an autofill feature that selects the correct password for the website you are visiting. If the password manager does not autofill your password into the blanks, this is a good sign that you are on a phishing website.

Find an open-source password manager to use

Enable two-factor authentication

Two-factor authentication (2FA) is an extra layer of protection for your online accounts, typically in the form of a time-based, one-time code provided by an app on your phone. If you enable 2FA, even if an attacker manages to get a hold of your username and password, they still will not be able to access your banking account unless they can also provide the 2FA code. Nearly every banking website should offer 2FA. 

Learn more about using 2FA

Type the website address yourself

This is an old-school trick, but it is still effective. It is very easy to hide malicious URLs in hyperlinks, and even if you inspect the link before you click it, it can be difficult to verify where a shortened URL will lead. If you are led to a phishing website under the control of an attacker, not even TLS or a VPN can protect you. However, you can remove this risk by simply typing in the URL of your bank’s website yourself.

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Secure your internet

Get ProtonVPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN