Is a VPN Safe for Online Banking?
Internet banking has become more and more popular – especially since the COVID-19 pandemic started. It’s not surprising seeing how convenient it is. But just how safe is online banking, actually?
Well, the security normally is pretty decent. Still, hackers have been ramping up their attacks against online banking – at least according to the FBI. So you should take some precautions.
Does that mean you need to start using a VPN? Is a VPN safe for online banking to begin with?
We’ll tell you everything you need to know in this article.
Should You Use a VPN to Do Banking?
The tl;dr is that yes, you definitely should.
If you’d like to know exactly why, we have two words for you – WiFi encryption. On public networks, it’s pretty weak (the current encryption standard is vulnerable) or usually nonexistent (when you don’t need a password to log in).
What does that mean for you?
That cybercriminals can use packet sniffers (like Wireshark, which is free) to monitor and analyze your data packets. If they’re good enough, they might be able to intercept and brute-force them. Once they do that, they can steal sensitive data like:
- Login credentials
- Credit card numbers
- Bank account details
Basically, exactly what a hacker would need to empty your bank accounts, max out your credit cards, or commit identity theft or credit card fraud.
So how does banking over VPN connections help?
That might not mean much for some of you, though. So here’s a basic example – let’s say you’re logging into your Capital One account with a VPN over unsecured WiFi. If a hacker tries to monitor your traffic, they won’t see requests going to:
Instead, they’ll just see random gibberish that looks like this:
So there’s no way they’d be able to steal any sensitive data from you.
Besides that, there are two more reasons to use a VPN for banking:
1. MITM Attacks
MITM stands for Man-in-the-Middle. It’s a cyber attack where a hacker positions themselves between you and a site you’re trying to connect to. The goal is to eavesdrop on your online communications to steal sensitive data or redirect your connections.
We already showed you how using a VPN for banking can protect you from eavesdropping, so let’s take a look at the second risk.
Here’s the thing – if a hacker can see your connection request, they’ll know what sites you’re visiting. If they know you’re accessing Capital One’s site, they could redirect your connections to a fake site. If you type in your login credentials, cybercriminals can log them.
But if you use a VPN, they won’t know what sites you’re browsing anymore. They could still try to redirect your connections, sure, but you might be tipped off. After all, if you end up on a fake banking site when you were trying to connect to Twitter, that’s going to be pretty suspicious.
2. Fake WiFi Networks
Hackers sometimes set up their own networks that imitate legit public hotspots. If your device connects to them, they can easily monitor and log all your traffic.
If you check our public WiFi security guide, you’ll find plenty of useful tips that help you spot fake networks. But let’s be honest – you can’t be vigilant 24/7. So you should always use a VPN for online banking as an extra security measure.
Because it encrypts all your data. So even if you connect to fake networks, the hackers running them won’t be able to monitor your traffic.
Is a VPN Safe for Online Banking?
That depends on the VPN.
Here’s how you can tell a VPN and online banking go hand in hand:
- The VPN doesn’t keep any logs.
- The VPN offers powerful encryption (AES-128 or AES-256).
- The service doesn’t force you to use weak protocols (like PPTP, whose encryption can be cracked).
- The service doesn’t suffer any VPN leaks.
- The VPN offers a kill switch (so that traffic leaks never put your data at risk).
If it doesn’t meet those requirements, then it’s probably not safe to use when doing online banking.
Oh, and it goes without saying that a free VPN is never a safe option. Follow that link to find out exactly why. If you’re in a hurry, here’s the gist of it – a free service can expose you to malware, spam you with ads, and log and sell your data.
Need a Reliable VPN for Banking?
Our service has everything you need for a safe online banking experience – a no-log policy, DNS leak protection, a kill switch, and secure protocols (OpenVPN, SoftEther, IKEv2, SSTP).
And we also have user-friendly apps that work on the most popular platforms.
Special Deal! Get CactusVPN for $3.5/mo!
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
Will Some Banking Apps Not Work Through VPN Services?
Yes, that can happen unfortunately. We have seen people on Reddit complain about not being able to log into their Bank of America or Wells Fargo account when connected to a VPN.
Why does that happen, though?
Probably because the banks block VPN traffic or IP addresses. It’s hard to say why they would do it, but here’s what we think:
- Banks flag and block unknown IP addresses because they think they’re being used to commit fraud.
- Banks might also associate VPNs with criminal behavior. It’s a common misconception, sure, but we think they’d rather be safe than sorry.
- There’s a small chance that the IP of the VPN server you’re using was blacklisted because it got flagged for criminal misuse (maybe other users on the same server were up to no good).
If you can’t use do online banking while connected to a VPN, here’s what you can try to solve the problem:
- Use a server in the same country as your bank. So if you’re using Bank of America, use a US server.
- Don’t use different servers to access your account. Multiple IPs from different countries connecting to the same account will be flagged as suspicious behavior by your bank.
- Leet your bank know you’re using a VPN. Don’t be afraid to mention you’re using it while traveling or to get better security while using public WiFi. If necessary, let them know the server’s IP address so that they can whitelist it.
If nothing works, though, and your bank doesn’t want to stop blocking VPNs, you might have to switch to a different one. Of course, you should only do that if you really insist on using a VPN for online banking.
What Can’t VPNs Protect You Against?
While they’re excellent security tools, they can’t protect you from everything. Here are a few cyber threats that can still put your banking data in danger even if you’re using a VPN:
Malware is malicious code that infects networks and computers. Hackers often use it when they target banks. The Metamorfo trojan is a good example – it’s malware that disables the autofill functions in banking apps, forcing users to manually type their login credentials (so that it can steal them).
Unfortunately, VPNs aren’t programmed to prevent malware infections. The best some of them can do is block connections to malicious domains. But that’s still not enough to stop malware from ending up on your device.
Sure, some VPNs could block your connections to phishing sites, but that’s really not enough. Most phishing attacks come over email or phone, and a VPN can’t do anything to stop scammers from tricking you into revealing your login credentials.
Unfortunately, there aren’t any specific tools that protect you from phishing. The best defense is to learn how to spot and avoid it. We have plenty of info in this guide that should help you. Oh, and be sure to use antivirus protection too since phishing often involves malware.
Cybercriminals might sometimes create their own fake apps that imitate legitimate banking apps (like they did in 2019 when they targeted Android users).
If you download, install, and use them, a VPN can’t secure your data. It will still encrypt your traffic, yes, but it can’t stop the apps from logging all the data you’re voluntarily giving away.
The only way you can protect yourself against fake apps is to use antivirus protection (the software might detect and remove them) and double-check that you’re downloading the right app. If necessary, share the link with a support rep from your bank so that they can confirm it’s the right one.
Is a VPN Safe for Online Banking? What Do You Think?
Do you use VPNs when handling online finances, or do you rely on other methods? If you do, please tell us about them in the comments.