General Business Practices (Commercial Customers)
- Review this information with your IT department or IT consultant and evaluate how your systems may be vulnerable to this risk. Perform a risk assessment periodically to determine if your organization is protected against identified threats.
- Dual control procedures should be in place for high risk transactions such as electronic funds transfers. This includes automated clearing house (ACH), Online Banking transfers, and wire transfers.
- Talk to your insurance provider about adding cyber insurance terms to your business insurance policy.
- Reconcile your banking transactions daily and look for unusual small amounts such as penny transactions. This may be an indication that your account has been compromised and a fraudulent plan is in progress.
- Never access bank, brokerage, or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account numbers and sign on information leaving you vulnerable to fraud.
- Immediately escalate knowledge of any suspicious transaction to the Bank, particularly if these transactions are ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent or minimize further loss.
Recommendations for Password Security
- Change passwords periodically (at least every 90 days)
- Change passwords when an employee leaves the company
- Create strong passwords with at least 8 characters that include a combination of mixed case letters, numbers and special characters
- Ensure that your account information and security responses are not written where they can be seen or accessed by others; if you do write the information down you should secure it
- Never share your user ID or password with anyone for any reason
- If you believe your username or password has been compromised contact us and have the user ID or password changed
- Secure computers, laptops and other devices with a password protected screen saver that has a timeout feature
Operating System Protection
- Ensure that you use current anti-virus and anti-spyware products to protect yourself against malicious software that is created for the specific purpose of gathering information such as user ID, password, and other critical information that may be stored on your computer.
- Ensure that you have a patch management solution that keeps your computer software current and can further mitigate new vulnerabilities to which your computer may have been exposed.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and to computers.
- Practice safe internet use. Never click on pop-up messages or links to applications contained in emails. Try to get into the habit of manually going to links that are sent to you. It is estimated that over 80% of malware is obtained from clicking on pop-up ads.
- Be suspicious of emails claiming to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes and similar information.
- Use caution when opening attachments and ensure they were sent from a trusted source.
- Consider designating a “locked down” PC to accommodate only your online banking transactions. This computer should not be used for email or any other internet activities. This precaution should minimize the opportunity to download malware.
If you are a victim…
If you suspect you are a victim of identity theft or fraud, or if your wallet or purse is lost or stolen, act immediately to minimize the damage. We recommend that you keep records of conversations and correspondence.
- Contact us at (912) 632-8631
- Contact other financial institutions and creditors for accounts that have been fraudulently accessed or opened.
- If your missing wallet or purse included bank account information, checks or your ATM card you should contact your bank immediately.
- Contact the fraud departments of Equifax, Experian and TransUnion and request a “fraud alert” be placed on your file; you can also request a statement be added to your file requesting creditors to obtain your permission before opening any new accounts
- File a report with law enforcement; keep a copy of the report for your records
What you can do to protect your information
You are our most important resource in creating a safe and secure banking environment. In conjunction with the precautions we take to protect your private information you have the responsibility of protecting yourself from fraud and identity theft. There are many steps you can take to improve your security.
Protect your password, PIN, and security tokens
Select passwords and PINs that are easy for you to remember but difficult for someone else to guess. Avoid using pet names, birthdates, phones numbers, etc. Mix capital and lower case letters or create acronyms which are easy for you to remember. Some online transactions sometimes require the use of a security token issued to you. Do leave your token in plain view or allow others access to it.
Protect your computer
Your computer may be vulnerable to spyware, malware and viruses. Malware can install programs on your computer and collect information. Programs known as keyloggers can track your keystrokes to capture your username and passwords. Make sure you have installed anti-virus and anti-malware programs and keep them up to date. Most importantly, avoid using public computers or wireless networks to access private information such as bank accounts.
Beware of Phishing & Vishing
Phishing – pronounced fishing – is a form of identity theft. It’s when thieves act as if they are representing us and try to “hook” you into providing personal information. Once you’re “hooked” the thieves can do serious damage to your financial accounts. They can dupe you into providing your Social Security Number, financial account numbers, PIN numbers, passwords, mothers’ maiden name and other personal information.
How Does It Work?
By Email (Phishing):
The most common form of phishing is by e-mail. For instance, you could receive an e-mail from your financial institution asking you to “reconfirm” your personal information. Unfortunately, this e-mail is not from your financial institution, but from a phisher pretending to be a representative of our organization.
Typically the e-mail contains a link to a Web site that looks like a near replica of our site. You click onto the link and add your personal information, which goes right into the hands of identity thieves. It’s important to not respond to these e-mails.
By Phone (Phishing):
Phishers also use the phone to hunt for personal information. Some, posing as employers, call or send e-mails to people who have listed themselves on job search Web sites. While phishing scams can be sophisticated, the following features are often indicators that something is suspicious.
Be aware of a potential scam if:
Someone unexpectedly contacts you and asks for your personal information, such as your financial institution account number, an account password or PIN, credit card number or Social Security number. Pineland Bank will not contact you for that information.
The sender, who is supposedly a representative of our organization, asks you to confirm that you have a relationship with us. We have that information on record.
You are warned that your account will be shut down unless you “reconfirm” your financial information.
Use secure sites for online transactions
When you make purchases or access private information, such as your bank accounts, online make sure the URL in the browser address bar displays “https” instead of “http”. You can also look for the padlock symbol on your browser.
Ask a professional
If you are confused by the ins and outs of computer security it may be wise to consult a professional security expert. Ask someone who can advise you on the precautions you can take to remain safe.
Monitor your credit report
Review your report at least annually for inquiries and accounts that you are unfamiliar with. You are entitled to receive one free credit file disclosure every 12 months from each of the nationwide consumer credit reporting agencies – Equifax, Experian and TransUnion. This free credit file can be requested through www.annualcreditreport.com or by calling (877) 322-8228.
What we do to protect your information
We are dedicated to protecting your privacy and the security of your information. We have numerous protections and processes in place to protect your personal information when you bank with us.
We use a wide variety of security protection and monitoring methods to ensure the confidentiality of your information. These protections include firewalls, encryption, anti-virus software, data segregation and employee training.
Recognizing the importance of information security, the Federal Financial Institutions Examination Council (FFIEC) has issued an IT Handbook which outlines controls procedures for protection non-public information and enhancing cybersecurity. In addition, the Conference of State Bank Supervisors (CSBS) in conjunction with the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and the United States Secret Service to recommend practices for mitigating the risks of various cyberattacks including corporate account takeover.
Online Banking Security
Your online banking experience is conducted under 128 bit Secure Sockets Layer (SSL) encryption. Sensitive information travelling across the internet is encrypted with a special key created by our network and your browser. With this key, your data is secured during transfer. You can tell that the SSL encryption is working by the lock or key symbol on your browser’s status bar.
The federal government, including the FDIC and FFIEC, has established rigorous standards for the banking industry and ensures strict compliance through period regulatory examinations.
Contact Information & Resources
Contact us at (912) 632-8631
For more information on how you can be protected, visit http://www.onguardonline.gov.