7 ways to improve checking account security

In an era where digital transactions are the norm, and banking is often just a click away, it has never been more critical to protect your bank account.  

Most people love the ease and convenience of banking online and rarely set foot in a brick-and-mortar bank. In fact, more than three-quarters of Americans prefer to bank via a mobile app or website.

“Banking is a digital-first practice now,” says Charles Banks, vice president, Information Security, at U.S. Bank. “It’s all done digitally from a laptop, desktop or phone.” The problem with that, Banks adds, “is making sure those digital platforms are secure. That’s the biggest concern from a cybersecurity perspective.” 

Indeed, doing everything in a digital landscape opens the door for tech-savvy criminals to gain access to unsuspecting users’ accounts and information. 

Here’s how to protect yourself — both digitally and physically — and keep your checking account fraud-free. 

Generate strong passwords 

You’ve probably heard this before, but using the same password over and over again is a bad idea. And passwords shouldn’t be short just to make them easier to remember. Either of these practices will leave you vulnerable to bad actors trying to access your accounts.  

Instead, use a strong, unique password for your checking account that’s at least 15 characters, recommends Maria-Kristina Hayden, CEO and founder of OUTFOXM, a cyber hygiene and resiliency company. Make sure it’s a mix of uppercase and lowercase letters, numbers, and symbols.  

Use two-factor authentication

In addition to requiring a username and password when logging in, your bank likely has two-factor authentication (2FA), which adds an extra layer of protection to your account. This involves getting a one-time code sent via email or text message to complete the login process. 

“Think of two-factor authentication like putting a lock on your mailbox or a lock screen on your phone,” Banks says. “You should always use the highest level of authentication, whether it’s a one-time code or a face scan. Take the same mindset you use in the physical world to secure your home and possessions and apply it to the digital space.” 

Just keep in mind that while 2FA is a good line of defense, it’s still possible for thieves to gain access to emails or trick phone networks into sending a text to a different device.  

Create a separate email address

In 2023, 67 percent of global cyber-enabled scams involved a business email being compromised, resulting in 6.7 billion in losses. Many email hacks come from phishing: Criminals gain access to your accounts after you click on a link in an email that looks like it’s from a legitimate sender.  

One simple way to sniff out phishing attacks is to set up a “secret” email address that you use only for banking and investments, says Amal Graafstra, CEO of VivoKey Technologies, which creates wearable digital security products. Don’t use that email address for anything else — no online shopping, no personal communications, no subscriptions. Not only is your secret email harder for scammers to find, but you can rest assured that any finance-related emails you receive are likely legit.  

Turn on notifications

If possible, set your account profile to notify you of any large withdrawals or unusual account activity. “If it’s an option, require verbal authorization for transactions over a certain amount,” Graafstra says. “Set up a code word for account access when you call customer service.” 

Similarly, set up notifications for any type of account changes. Did someone update the phone number or address on your account? These are the things you want to know right away, as they could point to foul play.   

“It’s about creating situational awareness,” adds Dave Pilot, vice president, Financial Crimes Disruption, at U.S. Bank. “Nobody really checks their information when they log in to a mobile banking app — they check their balance and pay bills. Take that additional step and see if there are any indications that someone else has accessed your account or is in the process of redirecting your statements and one-time codes.” 

Don’t rely on public Wi-Fi 

If you’re at a café, airport or other location with free public Wi-Fi, don’t use it to pull up your banking info. If you can use the Wi-Fi without needing a password, that means the data you’re checking on your phone or laptop isn’t secure either.  

“Password-protected Wi-Fi isn’t just used for secure access to a network,” Graafstra says. “It’s used partially to encrypt the data on that network.” No password, no protection.   

If it’s crucial that you access the internet in a public environment, use your phone’s hot spot, which is secured by your cell carrier. But still save any bank-related activity until you’re on a secure network. 

Pick tap-to-pay or use a mobile wallet

Most Americans (57 percent) use debit cards as their primary payment method, according to a 2023 banking survey. 

When shopping with your debit card, use tap-to-pay, choose a secure wallet like Apple Pay or use an online checkout solution like Paze. They’re more secure. Why? When you swipe, insert your card or manually enter your card information online, the store gets a copy of your actual card number, which can be stolen in a data breach. But when you pay with a secure wallet, tap-to-pay or Paze, the transaction is shielded by a temporary payment token that expires after a certain period.  

Keep paperwork and paper checks safe

Even though most people do their banking online, physical threats remain. For those who still prefer paper (think checks, mortgage records and bank statements), mail theft can be a real danger.  

“These documents have key information on them like your name, address and account data,” says Pilot. “Check washing and check theft scams are also widespread.”

Criminals can steal checks from unsecured mailboxes and then either extract your account information or “wash” the checks — meaning new amounts and recipients are added to them. According to the American Bankers Association, the United States Postal Inspection Service recovers more than $1 billion in fraudulent checks and money orders each year.   

The best thing to do to avoid this? Call or text whomever you were sending the check to after a few days, says Pilot. “Be proactive and confirm your check or other written financial instrument was, in fact, received by the intended recipient.”

Furthermore, “many people keep untold amounts of banking information in their homes,” says Seth Geftic, vice president of product marketing at the cybersecurity firm Huntress. “Regularly shredding documents with private bank account information is the best way to prevent identity theft and data breaches.” You can also invest in a safe for storing documents to protect your checking account info in the event of a home break-in, Geftic adds.  

Better yet? Go digital. “Doing everything online increases safety,” Pilot says. “But the digital world is also being targeted, so make sure everything is secure there as well.”

Discover more tips for smarter and safer online banking. Or just getting started? Learn which type of account is best for you.