Ask the Expert: Using secure online banking

Didier Richter joined BIL 17 years ago with a degree in Business Engineering. Since 2008, he has worked to develop digital products and services – not least of which is the first app ever released by the bank. Today, as Head of Digital Banking, Didier shares his knowledge of cybersecurity and discusses the advantages of banking online.

What is online banking? Is it the same as web banking or mobile banking?

Online banking is a service that banks provide. It allows you to manage your finances from anywhere and at any time, right from your computer, tablet or even your smartphone. If you want to view your accounts, transfer money, get a bank slip or even send documents to your financial adviser, you no longer have to worry about when the bank is open.

The concept of online banking includes both web banking, or banking from a computer, and mobile banking, or banking through an app on a smartphone.

Today, smartphone apps are definitely more popular. This is largely due to the fact that they keep you informed with notifications in real time.

Do smartphone apps and banking websites have all the same features?

Depending on your bank, features may differ between platforms. We made the decision to offer the same features on both. You are also free to use both at the same time, depending on what you want to do.

Today, smartphone apps are definitely more popular. This is largely due to the fact that they keep you informed with notifications in real time. That’s a real added value for users, who are alerted when certain things happen on their account. You can be notified if a particular account limit is exceeded, or if you receive an e-document, for example. This is also very useful for users who follow the stock market.

Is there still any reason to go to the bank, or can everything be done online?

Online banking doesn’t work for things that require human interaction, like consultations. To review your financial status or when clients reach a life milestone (like buying real estate, sending their kids to university, or even managing an inheritance), you need to work with a real person, so that’s the method we offer. But you can use online banking to schedule your appointment and prepare for it. This makes all the difference when you compare us to the online-only banks that have cropped up on the market in recent years. They offer fully digital services, but you never get to meet with an adviser in the flesh. On the other hand, most banks in Luxembourg have taken the best of both worlds, adopting the speed and practicality of digital banking, but without losing the undeniable value of getting advice in person.

Is the service free, and what do you need to log on?

It’s a free service that every bank in Luxembourg offers, as far as I know. This is also what allows them to work with the Luxembourg government and the LuxTrust organisation, which specialises in electronic identification, to guarantee completely secure access.

To identify themselves, users need an electronic signature provided by LuxTrust in the form of either a digital token or a physical one. For even greater security, the 6-digit code (physical token) or 8-digit code (digital token) changes every 162 seconds. Users also have to provide a username and password to log in to their online bank account.

Today, to log in on an app, you no longer have to use your token every time. It’s required for the initial activation, but after that you can use biometric verification or the PIN for your phone to access your account. Only certain services still require the token for increased security; for example, if you want to make a transfer to a new beneficiary.

Thanks to the LuxTrust system, fraud occurring on the bank’s side is completely unheard of in Luxembourg.

On that – some users do worry about security. What do you say to reassure them? What advice would you give them?

Let me be clear: today, the connection between a user and their bank is as secure as it gets. Thanks to the LuxTrust system, fraud occurring on the bank’s side is completely unheard of in Luxembourg.

The risk is really on the side of the client, who might receive a phishing email or SMS from someone posing as their bank and asking for their login information. Your bank will never ask for your details in this way, and you should never respond to this type of email or SMS. If you’re not sure that a link to your login page is safe, go to your account by entering your bank’s URL in the search bar yourself.

And if you’re using a computer, you should have up-to-date antivirus software installed and avoid logging in from computers you don’t already trust, like those in internet cafés. It’s better to always use your own computer, or the ones at our branches. Finally, when you download the online banking app, make sure you get it from the official app store for your operating system – so, the App Store for iPhone or Google Play for Android, for example.

What personal banking data is used, and where is it stored?

No personal data is stored on the client’s device for our purposes. With each login, a secure tunnel is created between our servers and whatever device the client is using. The data that passes through it is encrypted all the way up to the point where the client sees it on their screen, as an account balance or transaction history. This data is confidential, and certainly personal, but there is no way for a third party to abuse it.

All of our servers are located in Luxembourg and are well protected from any unauthorised access.

Remember, no personal data is saved in the app if your smartphone is lost or stolen. Still, it’s best to block your LuxTrust certificate and request a new one.

What if your phone or computer is lost or stolen? And what can users do if they notice strange account activity or have a question about something?

If your computer is stolen, there is essentially zero risk. No data is stored on it at all. Of course, that’s assuming the password hasn’t been saved on it, which you should never do, but which lots of people do, unfortunately. In this case, it’s best to contact the bank in order to block access to the account and get a new LuxTrust certificate. The same is true if your smartphone is lost or stolen. No sensitive information is saved in the app either. Still, it’s always best to contact LuxTrust to block your certificate and get a new one.

We have a hotline all our clients can use to ask questions, get information, or declare theft and request a block.