Protect Your Identity
Identity theft is a fast-growing form of fraud. It involves criminals stealing a person’s personal information and using it to apply for credit, run up huge bills, stiff creditors and generally wreck the victim’s credit record.
Steps to Safeguard Your Identity
- Do not give personal information, such as account numbers or social security numbers over the telephone, through the mail, or over the Internet, unless you initiated the contact or know with whom you are dealing.
- Store personal information in a safe place and tear up old credit card receipts, ATM receipts, old account statements, and unused credit card offers before throwing them away.
- Protect your PINs and other passwords. Avoid using easily available information, such as your birth date, the last four digits of your social security number, your phone number, etc.
- Carry only the minimum amount of identifying information and number of credit cards that you need.
- Pay attention to billing cycles and statements. Inquire if you do not receive a monthly bill or statement in a timely manner. It may mean that the bill or statement has been diverted by an identity thief. Check with the Postal Service to verify that someone has not forwarded your mail to another address. Contact the bank to verify that the statement, bill or card has been sent.
- Check account statements carefully to ensure all charges, checks, or withdrawals were authorized.
- Guard your mail from theft. If you have the type of mailbox with a flag to signal that the box contains mail, do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.
- Order copies of your credit report from each of the three major credit bureaus once a year to ensure that they are accurate. Each of the three national credit-reporting agencies may contain different aspects of your credit history. Contact each of the agencies, or you may receive one free credit report per year from the Annual Credit Report Service.
- If you prefer not to receive preapproved offers of credit, you can opt out of such offers by calling 1-888-5-OPT-OUT [1-888-567-8688].
- If you want to remove your name from many national direct mail lists, send your name and address to:
DMA Mail Preference Service
PO BOX 9008
Farmingdale, NY 11735-9008
- If you want to reduce the number of telephone solicitations from many national marketers, send your name, address, and telephone number to:
DMA Telephone Preference Service
PO BOX 9014
Farmingdale, NY 11735-9014
Steps to Take If You Become a Victim of Identity Theft
If you believe that someone has stolen your identity, you should:
- Contact the Federal Trade Commission's Identity Theft Hotline toll-free at 1-877-ID-THEFT [1-888-438-4338]. The hotline is staffed by counselors trained to help ID theft victims. The FTC puts the information into a secure consumer fraud database and shares it with local, state, and federal law enforcement agencies.
- Visit the FTC' Identity Theft Assistance website at www.ftc.gov/idtheft. This website contains a special CONSUMERS - TOOLS FOR VICTIMS link to help you. These tools include a CHART YOUR COURSE OF ACTIONS form, which helps you to record the steps you've taken to report the fraudulent use of your identity, an Identity Theft Affidavit to help simplify the process of clearing up accounts opened by an identity thief, an online complaint form that once it has been completed and submitted to the FTC, will be reformatted so that it can be printed and used to support your local police report, along with other forms, references, and resources to help you.
- Contact the fraud department of each of the three major credit bureaus to report the identity theft and request that the credit bureaus place a fraud alert and a victim’s statement in your file. The fraud alert puts a "flag" on your account telling creditors that you have been the victim of fraud, and the victim’s statement asks creditors to contact you in person to verify all applications made in your name. The following are the telephone numbers for the fraud departments of the three national credit bureaus:
You may request a free copy of your credit report. Credit bureaus must provide a free copy of your report if you have reason to believe the report is inaccurate because of fraud and you submit a request in writing.
- File a report with your local police department.
- Contact any bank or other creditor where you have an account that you think may be the subject of identity theft. Advise them of the identity theft. Request that they restrict access to your account, change your account password, or close your account.
Mobile Banking Security Tips
Protect your personal information by ensuring your mobile device maintains a PIN, fingerprint authentication or strong password. When your device is not in use, enable automatic screen lock.
- Once your session is complete, log out of mobile banking before closing the app.
- Do not share personal and financial information via email, text or phone. Social Security number, birthdate, passwords and account numbers should be kept private and never stored on your mobile device.
- Delete security codes and message alerts you may receive via text from your financial institution. If you change your mobile phone number, be sure to update your online banking profile to protect sensitive message alerts.
- Report a lost or stolen device. Contact your financial institution immediately to update your information. You can also log in and remove the old device from your online banking profile.
- Use caution when downloading banking apps. Only install apps from reputable sources such as Apple® App Store, Google™ Play or a direct link from your financial institution’s website.
- Keep your mobile operating system up-to-date by installing the latest updates as prompted by your device to ensure maximum security.
- Access mobile banking on a secure wireless network. Do not use public Wi-Fi hotspots. Unsecure networks can expose sensitive data, making it vulnerable to hackers.
- Do not root or jailbreak your device. This practice weakens device security.
- When depositing a check through our mobile banking app, wait until the funds are available and then destroy the check.
- Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.
- Be smart about where and how you connect to the internet for banking or other communications involving sensitive personal information. Public wi-fi networks and computers at places such as libraries or hotel business centers can be risky if they don't have up-to-date security software.
- Get to know standard internet safety feature. For example, when banking or shopping online, look for a padlock symbol on the page (that means it is secure) and "https://" at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).
- Ignore unsolicited email asking you to open an attachment or click on a link if you're not sure who truly sent it and why. Cyber criminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a publicized email address or telephone number.
- Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A sage strategy is to ignore unsolicited request for information no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account number or passwords.
- Use the most secure process you can when logging into financial accounts. Create "strong" passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts.
- Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone's place of birth, mother's maiden name, or a pet's name, in case those details can help them guess or reset passwords for online accounts.
- Be careful when using smartphones and tablets. Don't leave your mobile device unattended and use a device password or other method to control access if it's stolen or lost.
- Parents and caregivers should include children in their cyber security planning. Talk with you child about being sage online, including the risks of sharing personal information with people they don't know, and make sure the devices they use to connect to the Internet have up-to-date security.
- Small business owners should have policies and training for their employees on topics similar to those provided in their checklist for customers, plus other issues that are specific wto the business. For example, consider requiring more information beyond a password to gain access to your business's network, and additional safety measures, such as requiring confirmation call with your financial institution before certain electronic transfers are authorized.
Corporate Account Take Over
Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business's bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent ACH transactions.
The bank has procedures in place to protect, detect and respond to corporate account takeover and fraudulent activity. However, it is important and necessary for you and your employees to follow established security practices. Following are security practices you can implement to reduce the risk of theft.
- Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risk related to their duties.
- Update anti-virus and anti-malware programs frequently.
- Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices).
- Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking.
- Adhere to dual control procedures.
- Use separate devices to originate and transmit ACH instructions.
- Transmit wire transfer and ACH instructions via a dedicated and isolated device.
- Practice ongoing account monitoring and reconciliation, especially near the end of the day.
- Adopt advanced security measures by working with consultants or dedicated IT staff.
- Utilize resources provided by trade organizations and agencies that specialize in helping small businesses. A list is provided below. Business account holders should be most vigilant in monitoring account activity. You have the ability to detect anomalies or potential fraud prior to or early in an electronic robbery.
Warning signs visible to a business customer that their system/network may have been compromised include:
- Inability to log into online banking (thieves could be blocking customer access so the customer wont’ see the theft until the criminals have control of the money);
- Dramatic loss of computer speed;
- Changes in the way things appear on the screen;
- Computer locks up so the user is unable to perform any functions;
- Unexpected rebooting or restarting of the computer;
- Unexpected request for a one time password (or token) in the middle of an online session;
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc);
- New or unexpected toolbars and/or icons; and
- Inability to shut down or restart the computer.
Business Resources are:
The Better Business Bureau’s website on Data Security Made Simpler;
The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information;
The Federal Trade Commission’s (FTC) interactive business guide for protection data;
Please contact the bank should you have any questions regarding Corporate Account Takeover.
Notice to Our Customers:
Please do not send any confidential information such as account numbers, social security numbers, driver's license numbers, passwords, etc. via email ... email is not a secure means of communication.