Is it safe to use public Wi-Fi for banking?
Using public Wi-Fi for banking carries real risk. An attacker on the same network can potentially intercept your session or redirect your traffic. Use mobile data or a VPN instead.
Last reviewed: 10 June 2026
Explanation
Public Wi-Fi in cafes, airports, hotels, and shopping centres is shared infrastructure you have no control over. Attackers can set up rogue hotspots with convincing names — 'Airport Free WiFi' — that look identical to the venue's legitimate network. Once you connect, all unencrypted traffic passes through their device.
Modern banking apps and websites use HTTPS, which encrypts data in transit. However, attackers can use SSL-stripping techniques on unprotected networks to downgrade connections, or they can use a man-in-the-middle proxy to intercept your session token even after you have authenticated. Session hijacking can allow an attacker to operate your account without ever knowing your password.
The practical risk varies. A sophisticated attacker is required to exploit most modern banking sessions, so casual use on reputable public networks is unlikely to result in compromise. But the risk is not zero, and the consequences of a bank account takeover are severe. The safest habit is to switch to your mobile carrier's data network for any financial activity when away from a trusted home or work network.
If you must use public Wi-Fi, a reputable VPN (virtual private network) encrypts all your traffic before it reaches the hotspot, making interception far harder. Enable two-factor authentication on your banking apps so that even a compromised password alone is insufficient.
Common red flags
- Multiple similarly named hotspots available in the same location (one may be a rogue clone)
- The Wi-Fi network does not require any login or venue code to join
- Your device warns that the network's security certificate is untrusted
- The connection redirects you unexpectedly before reaching your bank's site
- Banking session logs show logins from unfamiliar locations or devices
What to do now
- Switch to mobile data for any banking or financial transactions when on the go
- Install a reputable VPN and activate it whenever you use public Wi-Fi
- Enable two-factor authentication on all banking and financial apps
- Check your banking app's recent login history regularly for unrecognised access
- Keep your device's operating system and banking app updated to patch known vulnerabilities
- If you suspect your session was compromised, change your banking password immediately and contact your bank
Frequently asked questions
Does HTTPS protect me completely on public Wi-Fi?
HTTPS encrypts the content of your connection, but it does not prevent all attacks. Rogue hotspots can issue fake certificates, and some older apps or sites may allow insecure fallbacks. HTTPS is necessary but not sufficient on untrusted networks.
Is the public Wi-Fi at a reputable hotel safer than at a random cafe?
Brand reputation offers no technical security guarantee. Both types of network can be misconfigured or have rogue access points nearby. Treat all public Wi-Fi the same — use a VPN or mobile data for sensitive transactions.