ONLINE BANKING SAFETY

AWARENESS AND PROTECTION

Occurrences of account takeover, fraud and identity theft have increased significantly in recent years. Cybercriminals are using sophisticated methods (malware, spyware, phishing, key logging, man-in-the-browser) to obtain access to accounts and create fraudulent transactions out of these accounts. Phishing and malware attacks have more than doubled recently resulting in potential losses exceeding $1 billion and they are occurring locally.

As a user of online banking services that include sensitive financial information and login credentials, and may also include higher risk transactions such as wire transfers and ACH origination (which allow funds to be transferred out of accounts to third parties) we want you to be aware of these possibilities and offer you the greatest protection of your assets and identity. While we constantly strive to ensure the security and confidentiality of your information on our networks and services offered, we cannot ensure the protection on your computers in accessing this information, which is where many of these attacks originate.

At FB, we offer you several features and controls that can help you manage your accounts, protect your funds, maintain confidentiality of your information/identity and mitigate the risks of fraud.

We encourage you to utilize them:

General and Sign-on Controls

  • We will never email, call or otherwise ask you for your user name, password or other online banking credentials on an unsolicited basis. You should never provide this information to others except trusted persons as these “phishing” attempts are frequently used to try to gain fraudulent access. Online account sites you deal with should already know this information.
  • We may send you periodic messages within your online banking session to notify you of service upgrades or availability, security awareness material or the availability of other TB services or products.
  • Do not include complete account or card numbers, balances, social security numbers, passwords or PINs in an Email to TB unless responding to an encrypted Email originated by FB.
  • Do NOT open suspicious Email attachments. Historically, Email attachments are one of the most popular and effective ways to spread malware. If you don’t know what it is or who the sender maybe, delete it immediately rather than open it. Also, do not download files or install software from unknown sources, which increases the risk of malicious attacks.
  • DO NOT use public or unsecured sites (i.e. the library or an Internet café) when accessing online banking sites.
  • Create a difficult password of at least eight (8) characters composed of a combination of upper/lowercase letters, numbers and special characters, and do not include the username to avoid easily guessed passwords. You are strongly encouraged (and possibly required) to periodically change your password; e.g. every 90 days.
  • Safeguard your username, password, and Company ID (if applicable) and do not:
    • post next to your computer
    • make it easily accessible to anyone
    • be negligent in providing to someone
    • use an automatic login feature that saves usernames and passwords for the site.
  • If applicable for some websites, always verify your login image and passphrase to ensure they match what you have selected. If they do not match, do not continue the login as fraudsters may be attempting to capture your login information and reroute you to another fictitious site.
  • Ensure you have a current phone number and/or email address contained in your online banking profile for out-of-band step-up authentication and alerts.
  • Upon login, check the date and time of your last login to verify it was, in fact, you logging in and not a possible hacker. Also, verify the last failed login date/time to determine if someone may be trying to hack into the account. If you find that the last login was not authentic, please write or call TB immediately. Example follows:
  • Be sure to sign off session when completed. Do not just close the page, “X” out or go to another site leaving session open.
  • Monitor and review your account activity frequently to ensure no fraudulent activity has occurred and, if so, report it immediately to CFB. Also, ensure that monthly statements are promptly reviewed and reconciled, as losses could accumulate quickly if fraudulent transactions go undetected.
  • Consider separation of duties (dual approval) when processing higher risk transactions such as wires or ACH. These controls would allow one employee to originate the request and then another to approve or release the transaction. No one employee could process the entire transaction helping to reduce the risk of fraudulent activity both internally and externally.
  • We have transaction monitoring services enabled on bill payments, wire transfers, ACH files for suspect fraud detection of anomalies from your normal activity.
  • Access the Company Administration menu option in BOB to immediately remove any terminated employees or others that no longer need online banking access to reduce risk exposure.

Business/Personal Computer Controls

  • Use a software firewall. If you are using Windows, enable the Windows Firewall and security. If you have a Mac and are running their OS, enable the built-in firewall.
  • Protect your computer with well-known anti-virus/spyware software. Update the virus definitions and scan your computer regularly. Most anti-virus software will provide tools to automate and schedule these tasks so that they take place when you are not using your computer.
  • Avoid fake anti-malware. Some anti-malware vendors who promise to rid your computer of malware actually install malware instead, often holding your computer hostage until you pay them. Don’t buy anti-malware software advertised in pop-up ads. Reputable software is not sold this way.
  • Keep your operating system up to date. Many viruses rely on systems without current patches or security to spread. Configure your computer to update the operating system automatically if possible with current service packs, etc. Be sure that your antivirus and antispyware software are configured to update automatically as well.
  • Step-up authentication of Out-of-Band authentication and/or Out-of-Wallet questions may be required for device IDs that are not recognized, utilizing one-time security codes to help deter hackers and account takeovers.  Ensure your phone number is current in your online banking profile.
  • Consider using a stand-alone, dedicated computer solely for financial transactions, with no web browsing, Email or social media allowed.
  • Perform your own internal fraud risk assessments and evaluate your online controls periodically to minimize risk.

Alerts

  • Use built-in Email/text alert features to monitor account access and activity, as these are very effective tools in mitigating fraud risks.
  • Pay close attention to alerts/messages for possible fraudulent access and do not ignore. If you know you did not access your account or conduct a transaction, notify TB immediately at info@castlefirstbank.com
  • Alerts can be setup to show:
    • Access by the user for every login
    • Password change 
    • Email address change
    • Failed sign-on attempts 
    • Username change 
    • Account balance < $xxx
    • Account balance > $xxx 
    • Account transfer completed 
    • Account transfer failed
    • Debit/credit transactions 
    • Daily/weekly transfer summary 
    • Wire transfer completed
    • Wire transfer failed 
    • Wire transfer changed 
    • ACH batch changed/added
    • ACH batch failed 
    • Approval needed
    • New bill payment payee 
    • Summary of bill payments made

Transaction Limits

  • Can be placed on wire transfers at multiple levels — per transaction, daily, weekly or monthly
  • Can be placed on ACH batches at multiple levels — per transaction, daily, weekly or monthly
  • Can be placed on funds transfers at multiple levels — per transaction, daily, weekly or monthly

Online Banking Activity Review

  • In addition to reviewing transaction activity on your accounts on a regular basis, also review your transfer activity, ACH activity, and wire transfer activity history to verify that the most recent transfer activity is legitimate and authentic.
  • Sign up for eStatements to eliminate the mailing of your account numbers, checks and activity that could be susceptible to theft and fraud. You’ll receive your statement much quicker for review, while saving paper.

Please see your Business Online Banking Agreement, Online Banking Agreement, Bill Pay Agreement, Mobile Banking Agreement and your account Terms & Conditions for a description of your responsibilities and the extent of the TB's liability regarding unauthorized transactions using online banking services.

At FB, we are committed to protecting your information, however it is critical that you also be aware of the risks present, implement various controls to minimize the risks and actively monitor your accounts for any potential fraud. If you ever feel your online profile, accounts or identity have been compromised, or you receive an unsolicited request for any information, please contact us immediately at info@castlefirstbank.com

We appreciate your business and want to work closely with you to protect what is yours!!