Knowledge is the Key to Prevention
We are committed to provide you safe and secure Online Banking. We are confident that our internal security infrastructure requiring the 128-bit domestic grade encryption and our online browser test provide privacy and security to your account and transaction information.
Your role in security is as important as ours. Here are some recommendations on how you can increase the privacy and safety of Online Banking.
You are responsible for the security and use of your username and password. Try not to select a password that is easily guessed (e.g. birth date or spouse name). If you think your password has been compromised, change it immediately online. You should then verify that no unauthorized transactions occurred on your account.
Keep your password confidential. Memorize it and DO NOT write it down. Change it every 60 days.
Do not leave your computer unattended if you are still logged onto the Online Banking site.
When you have completed your banking online, always remember to click "EXIT" before visiting other Internet web sites.
If others use your computer, clear your cache or turn off and reinitiate your browser in order to eliminate copies of web pages that have been stored in your hard drive. See your browsers "HELP" section for instructions on how to clear cache.
Use a virus protector on your computer and update it often. This will provide protection against viruses that "capture" password keystrokes or send information from your hard drive.
DO NOT use rented computers, libraries, or other open computer sites. Computers can capture information from the Internet and part of the browser software's operation, (or because someone has loaded a program in it to secretly capture your information).
When using your browser to access our Services, the browser uses encryption technology that scrambles data to make it readable by the sender. A key is required to decode the information.
When you place a request for information about your accounts or loans, the encrypted (scrambled) request is sent to our Service Provider or us. We send our replies back to you in an encrypted (scrambled) format. Even though the information sent back and forth is encrypted (scrambled), you will be able to read the data on your computer screen.
We require that your browser be equipped with 128-bit domestic grade encryption, which can only be downloaded by citizens and permanent residents of the United States and citizens of Canada who reside in North America.
If you are currently using a browser with 40-bit encryption, you will be required to upgrade to 128-bit encryption to use our Online Banking Services. Upgrading your browser is simple and instructions on how to do this are located in the browser's HELP menu.
You can check to see what level of security your browser has within the browser HELP menu. For Microsoft Internet Explorer go to "Help" and the "About Internet Explorer". The version with Cipher (security) strength should be listed. For FireFox users go to "Help" and the "About Mozilla FireFox".
For digital identity verification, we have a digital server certificate by VeriSign that your browser uses each time you sign on to verify that you are connected to us.
Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, fake Web sites, crime ware and other techniques to trick people into divulging sensitive information, such as bank and credit card account details. Once they’ve captured enough victims’ information, they either use the stolen goods themselves to defraud the victims (e.g., by opening up new accounts using the victim’s name or draining the victim’s bank accounts) or they sell it on the black market for a profit.
How phishing works
In most cases, phishers send out spam email, sometimes up to millions of messages. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Presented in urgent, business-like language, the email often makes a request of the user’s personal information. Sometimes the email directs the recipient to a fake Web site. The Web site, like the email, appears authentic and in some instances its address has been masked so the Web address looks real.
The bogus Web site urges the visitor to provide confidential information — social security numbers, account numbers, passwords, etc. Since the email and corresponding Web site seem legitimate, the phisher hopes at least a fraction of recipients are fooled into submitting their data. While it is impossible to know the actual victim response rates to all phishing attacks, it is commonly believed that about 1 to 10 percent of recipients are duped with a “successful” phisher campaign having a response rate around 5 percent. To put this in perspective, spam campaigns typically have a less than 1 percent response rate.
Pharming (pronounced “farming”) is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same fake Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a “bait” message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser.
It is hard to create a password that cannot be broken with the tools criminals have now. The goal is to make it as strong as is practical. Strong passwords do not contain anything that can be found in a dictionary or the name of anyone in your family, including pets. Also do not use your birthday, social security number or similar information. On the other hand you must be able to remember the password. Some people take a phrase or a sentence and use the first letter or the last letter of each word to form their password. You can also mix special characters, lower case, upper case letters and numbers (example: I love to eat apple pie=ilteap). Throw in a few numbers and special characters and you have (1Lte@p). Different sites may have different password requirements for length, combinations of character and which special characters you may use.
Insecurity of Email
Email is not a secure way to send information. Email is no different than sending a postcard through the mail. So including any information such as account numbers or social security numbers in an email is not recommended. Anything you send by regular email can possibly be read by anyone in the world.
Be Smart with your Mobile Device
Smartphones and mobile devices are everywhere and hackers know that. Although your phone or device make it far easier for you to surf the web, check email and conduct your bank business, they have become yet another avenue for hackers to access sensitive data.
What you can do:
- Never open email if you don't know the sender
- Don't answer text messages that ask for personal informaiton
- Don't conduct personal or financal business on public WiFi
- Use strong passwords
- Turn off Bluetooth when you aren't using it or when conducting personal or financial business
Quick Tip: Smartphones and mobile devices are essentially small personal computers and should be protected as such. Look into mobile antivirus services to keep them secure.