Is Your PC Safe for Online Banking?
Online banking is something most of us do without thinking twice. But every now and then a customer asks me: "Is my computer actually safe for this?" It's a fair question — and the answer depends on a few things that are easy to check but equally easy to overlook.
Here's a practical security checklist. If your setup looks like the "safe" column below, you're in good shape. If it looks more like the "unsafe" column, there are some things you should sort out.
Safe Setup
- Windows updates current
- Windows Security active
- Browser up to date
- 2FA enabled on bank account
- Unique password for banking
- Home Wi-Fi with WPA2/WPA3
- HTTPS padlock in browser
Unsafe Setup
- Windows 7 or 8 (no security updates)
- No antivirus or expired trial
- Old browser version
- No 2FA — password only
- Same password everywhere
- Banking on public Wi-Fi
- Clicking links in "bank" emails
Let's go through each of these in more detail.
1. Keep Windows Updated
This is the single most important thing. Windows updates patch security vulnerabilities — holes in the operating system that hackers can exploit to get onto your machine. When Microsoft discovers a vulnerability, they release a patch. If you haven't installed it, you're exposed.
Check by going to Settings → Windows Update. If it says "You're up to date" — good. If there are pending updates, install them.
2. Make Sure Antivirus Is Running
On Windows 10 and 11, Windows Security (formerly Windows Defender) is built in, free, and runs automatically. For most people, it's all you need — it's genuinely good and has been for years.
The problem I see is people with an expired antivirus trial — usually McAfee or Norton that came pre-installed. When the trial expires, it stops protecting you but doesn't always make it obvious. Meanwhile, it's also disabled Windows Defender, so you're left with no protection at all.
Check by searching "Windows Security" in the Start menu and opening it. If everything shows green ticks, you're protected. If you see warnings, something needs attention. For a deeper dive into whether you need paid antivirus at all, read my post on whether you actually need antivirus in 2026.
3. Keep Your Browser Up to Date
Your browser is the program that actually connects to your bank's website. Chrome, Firefox, and Edge all receive regular security updates. An outdated browser may have known vulnerabilities that malicious websites can exploit.
Most browsers update automatically, but you can check:
- Chrome: click the three dots → Help → About Google Chrome
- Edge: click the three dots → Help and feedback → About Microsoft Edge
- Firefox: click the three lines → Help → About Firefox
If an update is available, install it. This takes seconds and is one of the easiest things you can do for your security.
4. Check for HTTPS
When you visit your bank's website, look at the address bar. It should start with https:// (not http://) and show a padlock icon. The "s" stands for secure — it means the connection between your browser and the bank is encrypted, so nobody can intercept what you're sending.
Every legitimate bank uses HTTPS. If you're on a site that claims to be your bank and it's not using HTTPS — you're not on your bank's real site. Close it immediately.
hsbc.co.uk, natwest.com) or use a bookmark you've saved yourself. This is the simplest way to avoid phishing sites.
5. Enable Two-Factor Authentication (2FA)
Two-factor authentication means that even if someone gets your password, they still can't log in without a second piece of verification — usually a code sent to your phone, or approval through your banking app.
Most UK banks now require some form of 2FA, but check yours is actually enabled. Some older accounts that were set up years ago may still be using password-only access. Log into your bank's settings and look for security options. Enable everything they offer — app approval, SMS codes, biometric login.
2FA is the single biggest protection against someone getting into your account, even if your password is compromised.
6. Use Strong, Unique Passwords
If your banking password is the same as your email password, your Netflix password, and your Facebook password — and any one of those services gets breached — attackers will try that password on your bank. This is called credential stuffing and it's how most account takeovers happen. Not through sophisticated hacking — just by trying leaked passwords on other sites.
Your banking password should be:
- Unique — not used anywhere else
- Long — 12+ characters minimum. A random phrase like "purple-kettle-running-fox" is better than "P@ssw0rd123"
- Not guessable — avoid names, birthdays, pet names, or football teams
If managing unique passwords sounds difficult, use a password manager — Bitwarden (free) or 1Password (paid) are both good. They generate and store strong unique passwords for every site, and you only need to remember one master password.
7. Avoid Public Wi-Fi for Banking
Free Wi-Fi in cafes, hotels, airports, and on trains is convenient — but it's not secure. Other people on the same network can potentially intercept your traffic. Some attackers even set up fake Wi-Fi hotspots with legitimate-sounding names (like "Starbucks Free WiFi") specifically to capture login details.
If you need to check your bank while you're out, use your phone's mobile data — 4G/5G is far more secure than public Wi-Fi. If you absolutely must use public Wi-Fi, use a VPN to encrypt your connection.
8. Watch Out for Phishing
Phishing is the biggest threat to online banking — and it doesn't require your PC to be compromised at all. It works by tricking you into giving away your details.
Common phishing tactics:
- Emails that look like they're from your bank — "Unusual activity detected, click here to verify your account." The link goes to a fake site that looks identical to your bank
- Text messages about deliveries, tax refunds, or account freezes — with a link to a fake login page
- Phone calls claiming to be from your bank's fraud department — asking you to move money to a "safe account" or read out security codes
The rule is simple: your bank will never ask you to click a link, share your full password, or move money because of a phone call. If you're not sure, hang up and call the number on the back of your bank card directly.
Phishing and scam tactics are getting more sophisticated all the time. For more on spotting fake warnings and scam popups, check out my post on real vs fake virus warning popups — the same red flags apply.
A Quick Security Audit
Run through this in five minutes:
- Open Settings → Windows Update — install any pending updates
- Search "Windows Security" — check all sections show green ticks
- Open your browser — check it's up to date (see instructions above)
- Log into your bank — check 2FA is enabled in your security settings
- Check your banking password — is it unique? Is it strong? If not, change it now
That's it. Five steps, five minutes, and you're in a far better position than most people.
Mark has been fixing computers since the late '90s and went self-employed in 2008. Based in St Helens since 2013, he works evenings and weekends from his home in Laffak — friendly, affordable repairs for PCs, laptops, and Macs. See reviews on Google
Not sure if your PC is secure?
If you're worried about your computer's security — whether it's safe for online banking, whether something dodgy has been installed, or you just want a general health check — get in touch. I'll check it over and make sure everything is set up properly.