Did you guess?

By | April 23, 2018
This content is 3 years old. Please, read this page keeping its age in mind. Thank you.

You might have guessed from the topics I’ve written about over the last few weeks that I’ve been on holiday. Over Easter we went to Cyprus and had a great time.

Anyway, the other week, I wrote about using smartphones, tablets and laptops when you’re abroad – mainly ways to use them to keep in touch.

But someone asked me a good question about it, something I didn’t cover.

Here’s the question:

When is it safe to use your phone/tablet to do internet banking when you are travelling? When is it safe to check your account, or to move money from a savings account to the one you are using for your holiday?
I have heard that it is not safe to use a public WiFi, ie one that anyone can access without a password. But does that mean it is safe to use WiFi in a hotel which requires a password, even if that password is prominently displayed, in the bar for example?

It’s a good question – and it applies not just to doing internet banking but also to buying things online, using a credit card or anything like that.

And it’s a case where the way people usually give advice can be confusing.

What you usually hear is advice like the person who asked this one had heard: Don’t access your online bank when you’re on a public WiFi network, where there’s no password.

That’s true as far as it goes. On a public network anyone could be sat on a laptop watching the traffic, waiting for someone to access a bank website and watching what they do.

But a WiFi network with a password is not necessarily much better. If it’s a bar with the WiFi password up on the wall, anyone could sit in the bar with a drink and a laptop, waiting for someone to access their bank account.

Similarly in a hotel, the password probably isn’t changed very often so it’s fairly easy to find it out, sit in the building next door, the bar or a car parked opposite and log in.

Plus, many places like this have WiFi passwords that aren’t very secure. Something like “12345” or “OurPassword” isn’t uncommon – and that’s pretty easy to crack, even if it’s not written up on the wall.

If you have mobile data on your phone, then using it if you want to access your bank is much safer. Every so often you might see an article in the papers saying that 4G (that’s what mobile phones use to connect to the internet when they’re not on WiFi) could be cracked and of course it’s theoretically possible. But it’s much harder than reading the WiFi password off a blackboard – in fact so far it’s never been reported as actually happening.

After all, theoretically pretty much any system could be cracked. But the crooks will go after the easy ones.

So if you want to do anything that needs to stay secure, like using a credit card or doing online banking, and you’re not on your own WiFi (or some other secure WiFi, like a friends’) then your best bet is to turn WiFi off on your phone and use the mobile connection.

(By the way if you have a “dongle”, that counts as mobile or 4G data, so that’s fine to use… more on these dongles another time as they can be really handy!)

But what if you can’t? What if you’re somewhere where there isn’t a mobile connection… or you don’t have a contract that includes it?

Well, you could take the risk, of course. If you’re in a smaller place, where the WiFi password isn’t publicly displayed then probably you’d be fine. It’s not a risk I’d like to take, though. In that case I’d probably prefer to use telephone banking and ring up my bank to transfer the money.   (Or if this is something you need to do often you could switch to a contract that includes mobile data or even get one of those dongles I mentioned – which lets you use mobile data on a tablet or whatever.)

I know it might be a bit annoying to hold back if you want to use internet banking and you have WiFi where you’re staying, but it’s better than the risk of finding someone’s managed to access your bank account.

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *