Free Wi-Fi in cafés, airports, hotels, and libraries is handy when you need to check your bank balance or finish an online order. But these networks are often poorly secured, and you can rarely be sure who else is on them or who set them up. That doesn't mean you have to avoid shopping and banking on the go entirely — it means being deliberate about how you connect and what you do once you're online.
Why public Wi-Fi is riskier
Most public networks are shared and unencrypted, or use a single password everyone knows. That makes it easier for someone on the same network to intercept unprotected traffic, or to set up a fake hotspot with a name similar to the real one, hoping people connect to it by mistake. On a network you don't control, you also can't be sure the router itself hasn't been tampered with.
This doesn't mean every coffee shop is full of hackers waiting to pounce. But when money, passwords, or card numbers are involved, it's worth removing as much risk as possible.
Before you connect
- Confirm the real network name with staff instead of guessing — scammers sometimes create lookalike hotspots such as "Free_Airport_WiFi" to lure people in.
- Turn off auto-join for open networks in your device settings, so your phone or laptop doesn't silently connect to unfamiliar Wi-Fi.
- Update your device and browser beforehand when possible. Security updates patch flaws that could otherwise be exploited over an untrusted network.
- Check that file sharing is off on your laptop so other devices on the same network can't see or access your files.
Use a VPN if you can
A reputable VPN (virtual private network) encrypts your traffic between your device and the internet, so even if someone is snooping on the same public network, they can't easily read what you're sending. If you regularly bank or shop while traveling or working from cafés, a paid VPN from a well-known provider is one of the simplest upgrades you can make. Be wary of free VPN apps with no clear business model — some monetize by logging and selling your browsing data, which defeats the purpose.
Stick to HTTPS and official apps
Whether or not you use a VPN, make sure any site where you enter payment or login details shows "https" and a padlock in the address bar. This means the connection to that specific site is encrypted, even on an open network. Avoid entering sensitive information on any site that doesn't show this.
Where possible, use your bank's or retailer's official app instead of a browser. Official apps typically have encryption and security checks built in, and they reduce the chance of accidentally landing on a spoofed login page.
Good habits while banking or shopping on the go
- Avoid saving passwords or card numbers in browsers when using a shared or public computer, and never bank from a public computer at all — you can't know what's installed on it.
- Use two-factor authentication on banking and shopping accounts. Even if login details are somehow intercepted, a second step like a one-time code makes unauthorized access much harder.
- Log out properly when you finish, rather than just closing the tab, especially on a shared device.
- Watch for unexpected prompts — a sudden request to install a certificate, update a plugin, or re-enter your password on a page that looks slightly off is a red flag. Close it and check directly through the official app or site instead.
- Turn off Wi-Fi and Bluetooth when you're not actively using them, so your device isn't quietly connecting to nearby networks or devices without your notice.
If mobile data is an option, use it
Your phone's own mobile data connection is generally safer than an unknown public Wi-Fi network, because it's harder for someone nearby to intercept. If you're only doing a quick banking check or a single purchase, switching off Wi-Fi and using mobile data — or turning your phone into a personal hotspot for your laptop — is often the simplest way to avoid the risk altogether.
What to do if something feels wrong
If a page looks different than usual, asks for unusual information, or your device gives a security warning about the connection, stop and disconnect. Switch to mobile data or wait until you're on a trusted network, then check your account through the official app or by typing the address directly rather than clicking a link. If you did enter details somewhere and now suspect a problem, contact your bank or card issuer promptly — they can watch for unusual activity or reissue a card if needed.
The simple version
You don't need to be a security expert to bank and shop safely away from home. Confirm the network, prefer a VPN, check for HTTPS, use official apps, enable two-factor authentication, and fall back on mobile data for anything sensitive. These few habits remove most of the real risk that public Wi-Fi carries.