How to secure online banking with a VPN

Banking was once an industry that revolved around paper currency (or cotton in the case of the US), but has now mostly moved online. Today, you can claim your paycheck, transfer money to savings, pay bills and pay a friend for dinner with the banking app. This is definitely more convenient, but with greater access comes greater security concerns.

Banks generally do a good job of securing apps and banking portals. You’re more likely to be a victim of a phishing scam or malicious link if your bank account is hacked (assuming you’re using a strong password and two-factor authentication, but more on that later). However, a reliable VPN can add extra protection to your online banking and even make your banking app easier.

How secure is online banking?

Most websites use HTTPS, a secure hypertext transfer protocol. As the name suggests, it is a more secure version of the Hypertext Transfer Protocol used to send data between your browser and a website. HTTPS uses TLS encryption to prevent your ISP and others on your network from intercepting your connection or seeing what you type or click on a website (although they can still see what website you’re visiting). You can check if your connection is secured by HTTPS by looking for a padlock in your browser’s URL bar.

This means that as long as you are sure that you are connected to your bank’s website or app, you can be relatively sure that you will be able to do your banking safely.

How can a VPN help protect your banking? A VPN can provide additional protection for your online banking that HTTPS cannot.

Avoid DNS poisoning on public Wi-Fi

When you connect to a website, you enter the URL of that website, such as But computers don’t use URLs. they use IP addresses like The Internet uses the Domain Name System and#40;DNSand#41; Link the URL to the correct IP address. These DNS queries are handled by dedicated DNS servers managed by your ISP or network administrator.

DNS poisoning or DNS spoofing occurs when an attacker intercepts your browser’s DNS queries and returns their own fake response. Typically, the attacker sends you to a website that looks exactly like the one they’re spoofing, but because it’s under their control, they can see all the information you provide, including your username and password.

DNS poisoning is possible because TLS does not encrypt DNS queries by default. Public WiFi hotspots typically don’t have the same protections as mainstream ISPs, making them vulnerable to DNS poisoning.
However, when you use Proton VPN, we encrypt all your internet traffic, including your DNS queries. We also process your encrypted DNS queries using DNS servers that we use ourselves. This prevents DNS resolution.

Not clear which bank you are using on public WiFi

If you’re connecting to a Wi-Fi hotspot at an airport, restaurant, or stadium, HTTPS prevents attackers from disconnecting you or seeing what you’re doing on a website, but it doesn’t stop them from seeing what website you’re on. on. They can see the bank you use through their website and use this information to create more credible phishing attacks.

However, if you use Proton VPN, your connection will be encrypted and routed through one of our VPN servers before connecting to your bank’s website. Everyone else in the public area can see the VPN server’s IP address, but not the website or app you’re using. Use your banking app when you travel

If you try to use your banking app while traveling, the company may flag it as suspicious or even deny access. Most banking websites do not expect login attempts from IP addresses outside your home country.

Proton VPN helps you bypass this geo block. When you use Proton VPN, the websites you connect to cannot see the IP address of the device you are using. They only see the IP address of the VPN server you are connected to. When you connect to a VPN server in your home country, your banking app will think you’re there.

Note. Some banking apps also block access if your IP address is not from the same country where you just purchased. We recommend first trying to use your bank account on a secure Wi-Fi network without a VPN. Then, if you are blocked, connect to your home VPN server and try again.

Use only a trusted VPN

When you connect to a VPN, it essentially replaces your ISP. It manages your internet connection, which means it can see what websites you visit. Because it can track your connection, using an unreliable VPN can be worse than no VPN at all.

Proton VPN is run by the same team of researchers who created the world’s most popular encrypted email service, Proton Mail. All Proton VPN apps are open source, so you can check their code and make sure they do exactly what we claim. Our no-logging policy has recently been audited by independent experts. Their report confirms that we do not store your browsing history, IP address or other identifying metadata.

How to make your online banking even more secure

Using a reliable VPN makes online banking more secure. But there are several other simple steps you can take to make your online banking as secure as possible.

Use a strong password

Your password is the first line of defense for all your online accounts. Using a strong unique password or password makes it difficult for attackers to guess or brute force passwords and gain access to your bank account. We recommend a four or five word title that you don’t use anywhere else.

Use a password manager

A password manager creates and stores passwords for all your accounts, allowing you to use more complex passwords than you can remember. You only need to remember one master password to log into the password manager. Most password managers also have an auto-fill feature that chooses the correct password for the website you’re visiting. If a password manager doesn’t automatically fill in the spaces in your password, that’s a good sign you’re on a phishing site.

Enable two-factor authentication

Two-factor authentication (2FA) is an extra layer of security for your online accounts, usually in the form of a time-based one-time code provided by an app on your phone. If you enable 2FA, even if an attacker manages to get your username and password, they won’t be able to access your bank account unless they can also provide the 2FA code. Almost every banking website should offer 2FA.

Enter the email address yourself

It’s an old-school trick, but an effective one nonetheless. Malicious URLs are very easy to hide in hyperlinks, and even if you check the link before clicking on it, it can be difficult to check where the shortened URL leads. Even TLS and VPN cannot protect you if you are redirected to a phishing site controlled by an attacker. However, you can eliminate this risk by entering your bank’s website URL yourself.