The answer is not very safe at all. Most Internet banking is automatically conducted over a relatively safe kind of Internet connection called Secure Socket Layers, and the banks themselves have high security which is rarely breached, but the weak link is your own personal computer, and it's a very weak link indeed.
Most personal computers are shot through with security holes. This is especially true of PCs running Windows. You'll find some examples on this page. The big problem is that if a hacker breaches the security on your computer, they can access your Internet bank account through it and pretend that they're you. The bank won't know the difference and you'll find it very difficult to persuade them that somebody else transferred all the money out of your account, even though the transaction was conducted on your computer using your telephone and your Internet connection.
If you decide to take on the security challenge of Internet banking, here are some important tips:
If you have a computer at work, running on a big network, it's highly likely that it's much safer than your machine at home. Its level of security can be measured (roughly) by how strict the limitations are on its use. For example, are you able to download software from the Internet and install it on your machine? Are you able to view all kinds of files on the Internet, including Java and streaming content? If you can't do these things (not just because they're against the rules but because your computer physically won't allow them) then it's likely that your security at work is very good. You may decide to use this computer for all your Internet banking (assuming, of course, that you've asked your employer for permission).
The only downside to this is that your network manager can spy on you and even collect your password as you type it in, but the chances are that they're earning plenty of money themselves and don't need to steal yours.
However you access your account, make sure you use a good password. Here are some tips on passwords. Never, ever, store an important password in the Password List of your computer. Anybody with a decent knowledge of computing can read stored passwords in a couple of seconds (honestly, a competent eight year old could do it).
If you bank through your home PC, you'll need to learn more about security. Start with Wise Words security tips. It's pretty much essential that you run anti-virus software and a firewall to keep out hackers. You'll also need the latest version of your operating system. Don't do Internet banking on Windows 95. It's too insecure. Windows 98 is marginal, you really need Windows 2000, and even that still has a few security holes. Windows NT is pretty good once a few service patches have been added.
Macs are relatively secure, though recently they've been attacked more often.. Again, you need the latest version of your operating system for maximum security. Each time a new version comes out it plugs more of the leaks in the previous effort.
If you're running Linux, it's likely that you know a fair amount about computer vulnerabilities yourself. You'll also know that Linux can be made safe. You're off to a good start.
The bottom line on Internet banking right now is that it's not safe. To get to a reasonable level of security you need a good knowledge of computers. If you don't have that knowledge, you're probably better off waiting until the banks get their acts together. The way forward is for them to supply their own software that you install on your own machine and use for accessing your account. Only then will Internet banking be relatively safe for people without computer expertise.
So, hackers, as popularly defined, are computer experts who spend enormous amounts of time trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited. The majority do it for fun and as a challenge. They're not interested in attacking private individuals. It's the big companies and authorities they go for. There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen. There's not a lot you can do about this, and it definitely happens from time to time. The good news is that you won't finish up with any financial liability if your credit card details are discovered. Your credit card company and the company that was cracked will sort it out between themselves. It's unlikely that you'll even know it happened. The second problem is that serious hackers need to protect their anonymity. This means they can't mount their attacks on organisations like the FBI directly through their own computers and telephone lines. They need first to create an intermediary, like a kind of base camp for a mountain expedition. To get their intermediate base they use purpose built programs called trojans and backdoors. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised. The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer. Again, in the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably. It's obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through. Don't rely on secure procedures as a method of stopping hackers. They sometimes fire programs over the Internet at a random IP addresses to see if they stick. You could be happily surfing Disneyland, and from nowhere (certainly not the Web site server) a hacking program can turn up at your machine trying to get in. Once it's inside, it will send a message back to the hacker to say it's colonized your computer. It may also send a message each time you log on to the Internet, because it's likely you'll be given a different IP address by your ISP each time you log on.
If your machine behaves strangely and you think you've got a parasitic backdoor (it's a bit like somebody else having a remote keyboard for the same computer) manually unplug the phone line to break the connection and get yourself a top virus protection program. Don't reconnect that machine to the Internet (not even to collect email) until you're sure it's clean. Don't worry unnecessarily about hacking programs. They're quite rare on personal computers. It's network managers who lose sleep over them. The exception is if you run a permanent (always-on) Internet connection, especially a broadband cable connection or DSL. Hackers just love to colonise these connections because they're so useful. If you've got one of these you must install extra security. Your service provider will be aware of the risk and should offer you advice on what kind of security you need. A good start is to install a firewall. There's a free one that's easy to use called ZoneAlarm, available from ZDNet. It's also recommended for users of regular modems who want to improve their security.
One of the best ways to improve your security is upgrade to the latest version of your operating system. Windows 2000 is in a completely different safety league to Windows 95. Linux is even better. A joke in the computer industry goes "The software package said 'Requires Windows 95 or better', so I installed Linux".
Security tips
Here are nine things you can do to improve your security on the Internet:
Most personal computers are shot through with security holes. This is especially true of PCs running Windows. You'll find some examples on this page. The big problem is that if a hacker breaches the security on your computer, they can access your Internet bank account through it and pretend that they're you. The bank won't know the difference and you'll find it very difficult to persuade them that somebody else transferred all the money out of your account, even though the transaction was conducted on your computer using your telephone and your Internet connection.
If you have a computer at work, running on a big network, it's highly likely that it's much safer than your machine at home. Its level of security can be measured (roughly) by how strict the limitations are on its use. For example, are you able to download software from the Internet and install it on your machine? Are you able to view all kinds of files on the Internet, including Java and streaming content? If you can't do these things (not just because they're against the rules but because your computer physically won't allow them) then it's likely that your security at work is very good. You may decide to use this computer for all your Internet banking (assuming, of course, that you've asked your employer for permission).
The only downside to this is that your network manager can spy on you and even collect your password as you type it in, but the chances are that they're earning plenty of money themselves and don't need to steal yours.
However you access your account, make sure you use a good password. Here are some tips on passwords. Never, ever, store an important password in the Password List of your computer. Anybody with a decent knowledge of computing can read stored passwords in a couple of seconds (honestly, a competent eight year old could do it).
If you bank through your home PC, you'll need to learn more about security. Start with Wise Words security tips. It's pretty much essential that you run anti-virus software and a firewall to keep out hackers. You'll also need the latest version of your operating system. Don't do Internet banking on Windows 95. It's too insecure. Windows 98 is marginal, you really need Windows 2000, and even that still has a few security holes. Windows NT is pretty good once a few service patches have been added.
Macs are relatively secure, though recently they've been attacked more often.. Again, you need the latest version of your operating system for maximum security. Each time a new version comes out it plugs more of the leaks in the previous effort.
If you're running Linux, it's likely that you know a fair amount about computer vulnerabilities yourself. You'll also know that Linux can be made safe. You're off to a good start.
The bottom line on Internet banking right now is that it's not safe. To get to a reasonable level of security you need a good knowledge of computers. If you don't have that knowledge, you're probably better off waiting until the banks get their acts together. The way forward is for them to supply their own software that you install on your own machine and use for accessing your account. Only then will Internet banking be relatively safe for people without computer expertise.
What hackers do
In theory, people who try to breach computer security should be called crackers rather than hackers. But the popular press has lost the distinction between the two, and I'm not going to make life difficult by trying to resurrect it.
So, hackers, as popularly defined, are computer experts who spend enormous amounts of time trying to breach the security of networks, Web servers and email servers. Usually they use a selection of specialist software to identify weaknesses, which are then exploited. The majority do it for fun and as a challenge. They're not interested in attacking private individuals. It's the big companies and authorities they go for. There are just two aspects of hacking that you have to worry about as a private individual. One is that your details are on various company databases, and when these are cracked, information about you can be stolen. There's not a lot you can do about this, and it definitely happens from time to time. The good news is that you won't finish up with any financial liability if your credit card details are discovered. Your credit card company and the company that was cracked will sort it out between themselves. It's unlikely that you'll even know it happened. The second problem is that serious hackers need to protect their anonymity. This means they can't mount their attacks on organisations like the FBI directly through their own computers and telephone lines. They need first to create an intermediary, like a kind of base camp for a mountain expedition. To get their intermediate base they use purpose built programs called trojans and backdoors. A trojan is a program that looks innocent but carries a dangerous payload, like the Trojan Horse of Greek mythology. It may be disguised as a game or some other kind of executable program, in the same way that viruses are often disguised. The payload it carries is a backdoor program (or maybe just a few lines of code that create a security hole so a backdoor program to be installed later). A backdoor program allows the hacker access to your computer whenever it's on the Internet. It's a remote control, and usually a very thorough one with full access to every facility and file on your computer. Again, in the popular press the distinction between a trojan and a backdoor (or more specifically the client element of a backdoor program) has been lost and the two are often used interchangeably. It's obviously important to avoid getting a backdoor program inside your computer. The best way is to use a competent virus protection program. Most of these will stop trojans and backdoors getting through. Don't rely on secure procedures as a method of stopping hackers. They sometimes fire programs over the Internet at a random IP addresses to see if they stick. You could be happily surfing Disneyland, and from nowhere (certainly not the Web site server) a hacking program can turn up at your machine trying to get in. Once it's inside, it will send a message back to the hacker to say it's colonized your computer. It may also send a message each time you log on to the Internet, because it's likely you'll be given a different IP address by your ISP each time you log on. 
Security holes (bugs)
The Microsoft Windows operating system was originally developed for individual PCs and secure networks - the kind you get in offices. It wasn't created for the insecure, anarchic network of the Internet. In the early stages it wasn't designed for the Internet at all, because Microsoft didn't think the Internet was important. The Internet has had to be tagged on to it, and that's led to some weaknesses, commonly known as security holes. A security hole (or at least the kind we're talking about here) allows somebody into your computer via your Internet connection. Big holes allow them to take over your computer completely. Little holes maybe give access to the contents of your clipboard or the last password you entered. Other operating systems such as Linux and Mac OS also suffer from security holes, but not to the same extent as Windows. To be fair, we have to exclude Windows NT here. This is the version used by computer professionals and it has some holes but not many. It's relatively secure. At the opposite end of the scale is Windows 95, which is riddled with holes and very insecure. If you're on the Internet and a somebody with good computing skills decides to get inside your machine, you'll find it hard to stop them if you're running Windows 95. Windows 98 stands somewhere in the middle. It's much safer than Windows 95 but nowhere near as good as NT. Windows 2000 is close to NT standard and worth upgrading to if you're worried about security. All this may come as a bit of a surprise if you thought your personal computer was secure when you're on the Internet. Currently, most personal computers are not secure. The only reason it's not a major problem is that hackers have better things to do than waste their time trying to get inside small computers full of family dog pictures and emails from Aunt Flo. They want to get inside company Web servers and databases, where they can have more fun. The war between hackers and Microsoft programmers is destined to go on indefinitely. The good news is that Microsoft seems to have realized (only very recently) that it is a major combatant in this war. For many years it didn't seem to recognize that this war existed at all. That's why there are so many insecure computers connected to the Internet right now.Examples of security holes
Doh! IE5 Clipboard view
Here's a neat little hole in IE5. With the right string of code, anybody running a Web site server can record whatever's in your clipboard.Doh! Windows 95 password view
There's a program floating around the Internet that allows hackers to decrypt any password that you've stored on your Windows 95 machine. The moral? Don't store passwords if they're important.Doh! Internet Explorer cookie stealer
With the right bit of code hidden on a Web page, it's possible to download cookies from a user's computer. Cookies are only supposed to be read by the site that creates them, so this is a significant security breach. Some cookies contain important information. For example a Hotmail cookie can help get you into a Hotmail account.Doh! IE4 text file view
If you're still using IE4.0, it might be a good idea to upgrade. Somebody has discovered a clever way to peer through your browser and look at text and HTML files on your hard drive. It's known as the Freiburg bug.Doh! Internet Explorer ActiveX hole
Probably the biggest hole of all. If there's malicious ActiveX code on a Web site, the site can send a trojan that takes over your computer. How about that for security?Doh! Office 2000 scripting hole
Another biggie. Malicious code can be sent from a Web site to change the security settings of your Office 2000 programs. And these are just popular examples. There are many other bugs out there. If you thought the Internet and your Windows/Explorer package were safe, think again. Should you worry? Most people don't. Only a tiny proportion of Internet users bother to fix all these holes in their garden fence. If you follow the recommended security tips you'll be better protected than the vast majority of Internet users. There'll still be the odd hole in your fence, but at least you won't be leaving the garden gate wide open, as most people on the Internet are.Improving computer security
Operating system
One of the best ways to improve your security is upgrade to the latest version of your operating system. Windows 2000 is in a completely different safety league to Windows 95. Linux is even better. A joke in the computer industry goes "The software package said 'Requires Windows 95 or better', so I installed Linux". Anti-virus software
Unless you're a technical wizard able to spot viruses hiding inside files, you must run anti-virus protection software. You should also update the virus recognition data file regularly. Here are more details. Anti-virus software also gives good protection against hackers, since it recognises most of the hacking files they try to install on your computer.File sharing
Unbelievably, many computers on the Internet have file sharing switched on. This is wonderful news for hackers, since any computer with Internet file sharing activated offers its content freely to outsiders. It's a particular problem for computers built before 2000, as they often have file sharing switched on as a default. You can easily check and change the setting. From the Start menu select Settings, Control Panels, then Network. Under the Configuration tab, select TCP/IP. Now click on File and Print Sharing. If either of the two check boxes that appear show ticks, click on them to uncheck them.Scripting
Unless you create VB Scripts (and if you don't know what I'm talking about, you're not creating them) you can disable Script Hosting. This is the weakness exploited by I Love You and similar viruses. Here are detailed instructions from ZDNet.Firewall
For the best Internet security, install a firewall to foil hackers. It's almost essential if you're running an "always on" connection through DSL or cable. Firewalls used to be clumsy things that took a degree in computing to set up, but the latest versions are wonderfully easy. My recommendation is ZoneAlarm2. It sits in the background and checks any program that tries to connect with the Internet, including any hacker files on your computer. It also makes your computer invisible to Internet intruders. You can download it free from ZDNet. If you're operating a regular stand-alone machine, once you've installed it change the Internet Security setting from medium to high.Patches
If you're looking for even greater security, you'll need to apply patches, which are small software add-ons designed to deal with specific security holes and other computer problems. You'll find all the patches you need, and a lot more besides, on the Microsoft site. In practice, most people can't be bothered with patches unless they need extra security for professional reasons.Security tips
Here are nine things you can do to improve your security on the Internet:
- Don't open email attachments unless you are expecting them.
- Check for the closed padlock or key symbol in the browser window when entering your credit card details and other personal information on a Web site.
- Only download software from sites you trust.
- Assume all your emails are read by other people.
- Use anti-virus software and keep the virus recognition data file up to date.
- Use the latest version of your operating system and web browsers.
- Use good passwords - not names or words you'd find in a dictionary.
- Don't store important passwords on your machine or in a password saver.
- Install a firewall. They're not as complicated as you might think.