With data breaches an everyday occurrence now, hacking has become the crime that almost 70 percent of consumers worry most about, according to a Gallup poll. That fear looms large, but actual consumer liability for bank-fraud losses is usually zero, and stolen funds are usually restored to a victim’s account within 48 hours because of consumer protections.

But that doesn’t make data breaches and cyber crime consequence-free. After all, the cost of fraud is shared by everyone: Each dollar translates into higher interest rates and fees on loans and deposit accounts. Also, breaches often expose passwords, Social Security numbers, email and home addresses, and other account information.

There’s no guaranteed safe haven. If you thought banks were impenetrable, the data breach at JPMorgan Chase probably shattered that myth in 2014, when thieves got deep into the servers of the nation’s largest bank and stole account information, including names and addresses from about 76 million customer households.

“Large banks are more likely to be targeted by the fraudsters than community or midsized banks,” according to a 2012 biennial fraud survey of 145 banks by the American Bankers Association. But a 2015 study of banks, thrifts, and credit unions by the Government Accountability Office said that the security systems of bigger banks “are generally more sophisticated and harder to compromise.” Bigger banks and credit unions are also subjected to much more rigorous security examinations and oversight than their smaller peers.

The GAO report also found cause for concern about smaller credit unions, many of which rely on other companies for key data services. Security weaknesses in those services could open the door to cyber risks.

How to Protect Yourself

A bank or credit union isn’t the only possible entrance point for hackers. They can also get at your accounts through your home computer, tablet, and smartphone.

So make sure you follow these standard security protocols:

1. Install and regularly update anti-virus software on your devices.

2. Never click on hyperlinks (or respond to email) that seem to be from your financial institution if you suspect that they’re a “phishing” attempt to get your account log-in, Social Security number, date of birth, or other personal information.

3. Download smartphone apps only from your phone’s official app store. They’re usually screened by Amazon, Apple, and Google for security flaws. Their efforts aren’t foolproof, but those companies do provide a first line of defense.

4. Check all deposit account balances for errors and fraud at least once per month to stay well within the time limits for reporting problems.

5. Surf the Web by going only to trusted sites, and stay away from links to pornography, sexy celebrity photos, pitches for miracle potions, and other enticing content. They often lead you to websites that will expose your computer to malware that downloads automatically.

6. Use the latest security features. Cybersecurity is a perpetual arms race between banks and hackers. But you can try to stay ahead of the game by signing up for the latest security technologies as soon as they emerge, usually first at the biggest financial institutions. Look for these three:

  • Debit and credit cards with EMV-encrypted chips. So-called “chip and PIN cards” have a personal identification number code that provides greater security. If your bank issues a “chip and signature card,” demand a PIN.
  • One-time password (OTP) sent to your smartphone. You must enter the OTP to complete a retail or online debit- or credit-card transaction. Because it’s valid for only one log-in session, a hacker is unlikely to get it.
  • Fingerprint, voice, and facial recognition, and other biometric methods to authenticate your identity before you complete mobile-banking transactions.

Editor's Note: This article also appeared in the January 2016 issue of Consumer Reports magazine.