Money can be stolen from your bank account: here’s how to lower your risk

Although banks have the highest-tech cybersecurity systems, there’s not much they can do to stop a criminal who is able to assume your identity from accessing your account. “I think they do

a really awesome job at cybersecurity in general,” Iacono says. “But when someone gets total information or access to a machine, then there is a possibility of them bypassing that.” As

Steinbach puts it: “Fraudsters will go after the weakest link,” and because banks’ security systems are so advanced, “in a large portion of cases,” that weak link is the customer.     The

best way to protect your money is to consider yourself in a theft-prevention partnership with your bank, he says. Here are more ways to lower your risk of becoming the victim of an account

takeover:  1. NEVER REUSE PASSWORDS. Don’t use the same password on every single site — particularly if you’re one of the many who opt for “123456” and “password” (two of the most commonly

used passwords, according to the password management company NordPass). Use unique, long passphrases (think 40-plus characters) for each, and subscribe to a password manager, such as

LastPass or Keeper, to store them all. You’ll just need to have a single, very strong and memorable passphrase for the password manager. Choose something that’s “relevant to you but as

random as possible,” suggests Neil Grant, AARP’s senior identity and access manager architect.   2. USE A UNIQUE USERNAME, TOO. “If you don’t have to use an email address as a username,

don’t,” Steinbach says. 3. SET UP MULTIFACTOR AUTHENTICATION (MFA) ON YOUR ACCOUNTS. Banks increasingly use MFA to add an extra layer of security. You’ll log in using your username and

password, then be prompted for some second stage of verification, such as a one-time code sent by text. Facial recognition is another form of MFA that can be used to verify your identity

(though it has not been implemented by banks). "If a criminal can get you to reveal things such as your mother’s maiden name or the year you graduated from high school. They aren’t

going to even bother with your bank password, they’re just going to reset it." — Neil Grant, AARP’s senior identity and access manager architect 4. CHECK YOUR ACCOUNTS FREQUENTLY. If

you notice any irregular charges or activity, call your bank. Keep an eye out for very small transactions, such as $1 — tests criminals will do to see if the transaction goes through before

stealing larger amounts, Iacono says. (An AARP colleague recently had $12,000 stolen from her account; the theft began with a 5-cent withdrawal). 5. SET UP ALERTS FOR EVERY TRANSACTION MADE.

 A lot of financial institutions have this feature, Solomon says, allowing the customer to immediately identify suspicious transactions, which, again, is crucial. “The fraudsters act

quickly,” he says. “They’re going to transfer the money quickly, and they’re going to pull the money out quickly.” Note that if you get a message purportedly from your bank with a scam alert

with a link, you shouldn’t reply to it directly or click the link. Contact the bank separately using the direct line on the back of your bank card or its standard 800 number. (See tip

number 7, below.) 6. CHECK YOUR CREDIT SCORE REGULARLY. Solomon suggests checking in with the three major credit bureaus every three to four months to assure yourself that nobody has used

your personal information to take out a loan or credit card in your name, for instance. 7. THINK TWICE BEFORE RESPONDING TO UNSOLICITED EMAILS, TEXTS OR CALLS. And definitely don’t click on

any links included in those emails or texts. “Even if it seems like it’s coming from a brother or sister,” Grant says, “unless they’re standing right next to you saying check out this link,”

don’t click. He doesn’t even give his birthdate when his doctor’s office calls: “They say, ‘Can you verify your date of birth?’ I say, ‘No, you called me, I shouldn’t have to verify

anything,’ and I call them back,” in case it’s a hacker after his personal information.    That’s often the goal of phishing; if a criminal can get you to reveal things such as your mother’s

maiden name or the year you graduated from high school, Grant says, “they aren’t going to even bother with your bank password, they’re just going to reset it.” 8. LEARN ABOUT THE LATEST

SCAMS AND FRAUDS. The more you educate yourself on how these criminals operate, the better prepared you’ll be for the next phishing attempt or scam call. For example, Steinbach says, “If you

know that there’s the ability for the bad guys to call your phone and spoof the incoming number, you’re more wary.”   Many banks have helpful fraud-prevention information sites, including 

Citi, Bank of America and Wells Fargo.