Security and Prevention
An ounce of prevention is worth a pound of cure.
a gentleman standing behind a pane of glass using the touch pad interface
The Bank takes great measures to protect your personal financial information from fraudsters and recommends you do the same.
Electronic Banking Security Tips
Below are some useful tips to help you keep your personal and financial information safe and secure.
Mobile Device Security
- Configure your device to require a passcode to gain access if this feature is supported in your device.
- Avoid storing sensitive information. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, bank account numbers, etc.).
- Keep your mobile device’s software up-to-date. Mobile devices are small computers running software that needs to be updated just as you would update your PC. Use the automatic update option if one is available.
- Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to “non-discoverable” when Bluetooth is enabled.
- Delete all information stored on a device before the device changes ownership. Use a “hard factory reset” to permanently erase all content and settings stored on the device.
- “Sign out” or “Log off” when finished with an app rather than just closing it.
- Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
- Only give sensitive information to websites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”. Some browsers also display a closed padlock.
- Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
- Always “sign out” or “log off” of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
General PC Security
- Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
- Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g. Web Browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
- Automate software updates, when the software supports it, to ensure it’s not overlooked.
- If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
- Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets)
- Require a password to gain access. Log off or lock your computer when not in use
- Use a cable lock to physically secure laptops, when the device is stored in an untrusted location.
- Create a unique password for all the different systems you use. If you don’t, then one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it is probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password.
- Avoid using obvious passwords such as: your name, your business name, family member names, your user name, birthdates, dictionary words.
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
Avoiding Social Engineering Attacks
Read the tips below to avoid being a victim of an attacker interacting with and manipulating you into providing personal or financial information.
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen, it can be used to commit fraud or identity theft.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website spoofing
The following information explains the meaning of these common attacks and provides tips you can use to avoid being a victim.
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
- Avoid using websites when your browser displays certificate errors or warnings.
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS).
- Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information through email or text messages.
- Beware of visiting website addresses sent to you in an unsolicited message.
- Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
- Do not open attachments received from unknown senders or unexpected attachments from known senders.
- Be cautious of the amount of personal information you make publicly available through social networking sites and other methods. The more information publicly available about you, the easier it is for attackers to craft more convincing phishing messages.
Bank Security Measures
Securing your personal information is extremely important to us. We have implemented several measures of protection and listed some of those below.
Your information goes through a system of firewalls, which are made to keep unauthorized users out. Firewalls provide a layer of security between the Internet and your private information.
We have anti-virus protection in place that defends against computer viruses. For your security, we recommend that you install an anti-virus system on your home computer.
Online accounts are locked out after a certain number of unsuccessful attempts to log-on.
We have a well trained staff that monitors the daily logs, along with intrusion detection software that indicates if there has been an intrusion against our system.
Disaster Recovery Plan
We have a disaster recovery plan in place to make certain we will be able to operate in the event of a disaster.
Fraud Net Member
The Fraud Net Alert System is a method of information and intelligence sharing in helping close the gap on the fraudulent activities affecting financial institutions and their customers across the country.
Customer Security Measures
Thieves desire to obtain as much personal information as possible from victims. Below are some ideas you can follow to protect yourself.
- Buy a cross-cut type shredder. Shred all your important papers and especially pre-approved credit applications received in your name and other financial information that provides access to your private information. Don’t forget to shred your credit card receipts.
- Be careful of “Dumpster Diving.” Make sure you do not throw anything away that someone could use to become you. Anything with your identifiers must be shredded (cross-cut) before throwing away.
- Get all of your checks delivered to your bank – not your home address.
- Do not put checks in the mail from your home mailbox. Drop them off at a U.S. Mailbox or the U.S. Post Office. Mail theft is common. It’s easy to change the name of the recipient on the check with an acid wash.
- When you order new credit cards in the mail, or your previous ones have expired, watch the calendar to make sure that you get the card within the appropriate time. If not received by a certain date, call the card grantor immediately and find out if the card was sent. Find out if a change of address was filed.
- Cancel all credit cards that you do not use or have not used in 6 months. Thieves use these very easily – open credit is a prime target.
- Put passwords on all your accounts and do not use your mother’s maiden name. Make up a fictitious word.
- Get a post office box or a locked mailbox, if you possibly can.
- Ask all financial institutions, doctors’ offices, etc., what they do with your private information and make sure that they shred it and protect your information. Tell them why.
- Empty your wallet of all extra credit cards and social security numbers, etc. Do not carry any identifiers you do not need. Don’t carry your birth certificate, social security card, or passport, unless necessary.
- Memorize social security numbers and passwords.
- When a person calls you at home or at work, and you do not know this person, never give out any of your personal information. If they tell you they are a credit grantor of yours call them back at the number that you know is the true number, and ask for that party to discuss personal information. Provide only information that you believe is absolutely necessary.
- Do not put your social security number on your checks or your credit receipts. If a business requests your social security number, give them an alternate number and tell them why. They do not need that to identify you. If a government agency requests your social security number, there must be a privacy notice accompanying the request.
- Do not put your telephone number on your checks.
- Get credit cards and business cards with your picture on them.
- Do not put your credit card account number on the internet (unless it is encrypted on a secured site.)
- When you are asked to identify yourself at schools, employers, or any other kind of institutional identification, ask to have an alternative to your social security number. Unfortunately, your health insurance carrier often uses your social security number as your identification number. Try to change that if you can.
- In conjunction with a credit card sale do not put your address, telephone number, or driver’s license number on the statement.
- Monitor all your bank statements from every credit card every month. Check to see if there is anything that you do not recognize and call the credit grantor to verify that it is truly yours.
- Order your credit report at least twice a year. Review it carefully. If you see anything that appears fraudulent, immediately put a fraud alert on your reports.
- Take your name off all promotional lists. To opt out of pre-approved offers, call 1-888-5OPTOUT (1-888-567-8688) or visit https://www.optoutprescreen.com. Consider making your phone an unlisted number or just use an initial.
- Make a list of all your credit card account numbers and bank account numbers (or photocopy) with customer service phone numbers, and keep it in a safe place. (Do not keep it on the hard drive of your computer if you are connected to the internet.)
- Don’t put account numbers on the outside of envelopes, or on your checks.
To learn more about information security, visit any of the following web sites: