Do I need a VPN? Are VPNs Safe for Online Banking?

Reader Janie T. writes:

Dear Dennis,

I wanted to know if I should use a VPN (Virtual Private Network) to connect to my bank website. A service called saferweb.com claims that it encrypts my connection, but I do not know if it’s trustworthy or not. What do you think?

My answer:

That’s a good question. When visiting saferweb.com, I noticed the following statements on its website: “Safer Web offers you an additional layer of security against Internet hackers. By hiding your IP, we keep your online activity anonymous and private. Using a VPN keeps your browsing activity private and secure.

These statements make it sound like a triple secure connection to your bank, but I suggest doing something else. In fact, I will even answer the question “Should I use a VPN?” (Even if not connected to a bank) for those considering a VPN service.

How does a VPN work?

virtual private network (VPN) is software that connects your computer to another computer (a VPN server) around the world. The connection between your computer and the VPN server is encrypted. This is what a VPN is, but a paid VPN service offered by a third party is slightly different.

Let’s look at an example:

Suppose you have purchased a VPN service online. Let’s assume that the VPN service has VPN servers all over the world – and there is even one in China that you connect to because you can not better understand it. So let’s say you start Internet Explorer and access the abc.com website in your browser. When you access the abc.com website through your VPN connection, the server in China will ask you to complete this request. From there, the China server connects * to the abc.com website, which then returns this information to you via the VPN.

HTTPS VPN = completely secure.HTTP VPN = Not completely secure

So is your encryption secure if you simply connect a VPN? The answer is no.

Let’s take a closer look at this question.

The asterisk in the previous section (see: Connection *): If the abc.com website does not use secure http (https) to deliver its web pages, then your connection to abc.com is actually not secure. The only thing that “sure” is your connection between you and the VPN server in China.

In other words, if you use a VPN to access a non-secure web site (for example, http://example.com), traffic between you and the VPN server will only be anonymized if you are worried about that you are being spied out. No secure connection is made from the VPN server to the outside, unless the outside connection uses https to access their web pages (for example, https://example.com). The site will only serve https sites if a security certificate (SSL) signed by a certification authority is used.

How a VPN works: A notation example

Using the above example, I will use the notation for the sake of brevity. The connection would look like this:

You -> China (secure via VPN): China -> http://abc.com (not sure since abc.com uses http and not https) = You are only halfway safe in your connection with China, but not from China. If the site xyz.com was secure using https, the connection might look like this: You -> China (secure via VPN): China -> https://xyz.com (sure because xyz.com uses https) =They are with a 100% secure connection.

So, should you use a VPN when connecting to your bank?

Frankishly, I do not think it’s a good idea. Certainly no additional protective layers will be added – especially in relation to the claims of SaferWeb.In fact, using a VPN to connect to your bank may cause it to malfunction.

Assuming your system is not infected with malware, your operating system is up-to-date with the latest security patches, and you are using the latest web browser version of Firefox, Chrome, or Internet Explorer, and need to connect to your bank be completely safe and nothing else needs to be done. Millions of people do it every day.

Use the notation example: If you connect to your bank without a VPN, the connection looks like this: You -> Bank (sure, since you’re already using https).Is there any reason to use a VPN to do this ?: You -> China (Secure by VPN): China -> Bank (Secure by https)? Probably not.

How can the use of a VPN service strike you back?

If a VPN server has ever been compromised, all communications between you and the VPN server can be monitored and possibly decoded. So, if you’re wondering if using a VPN server is safe? I would say, “only if the server itself is secure,” which is probably impossible to prove. Servers are managed by people and people are error prone. Therefore, there is a possibility that the server is not secure.

Leave a Reply

Your email address will not be published. Required fields are marked *