Online Banking Safety, Awareness and Protection

January 1, 2017
Online Banking Safety, Awareness and Protection

Protect yourself and your account information from occurrences of takeover, fraud, and identity theft.

Unfortunately, identity crimes and fraud have increased significantly in recent years. Cybercriminals can use sophisticated methods such as malware, spyware, phishing, keylogging, and man-in-the-browser attacks, to obtain access to accounts and create fraudulent transactions. Phishing and malware attacks have more than doubled recently resulting in potential losses exceeding $1 billion. These instances can affect anyone, and they are even occurring locally.

The online banking challenge

Online banking is a great tool because it allows you to access your accounts and direct your funds from anywhere. However, because online banking provides access to sensitive financial information and login credentials, as well as higher risk transaction services (such as wire transfers and ACH origination, which allows funds to be transferred out of accounts to third parties), it is more vulnerable than coming into a bank center. As an online banking user, you should be aware of the risks and protections available to you and strategies you can take to be more secure.

Security is a two-way street

Maintaining security is a two-way street. Your financial institution helps protect your account information from their end, but you must ensure you’re taking steps from your end. Often the user side is where many of these attacks originate because there are more opportunities for access and exploitation.

At FCB, we offer features and controls to help you manage your accounts, protect your funds, maintain the confidentiality of your information/identity, and mitigate the risks of fraud. We constantly strive to ensure the security and confidentiality of your information on our networks and services offered. It’s important you take steps to ensure the protection of your computers in accessing this information.


Tips for Protecting your Information

General and Sign-on Controls

  1. Keep your information private
    • FCB will never email, call or otherwise ask you for your username, password or other online banking credentials on an unsolicited basis. You should never provide this information to others as these “phishing” attempts are frequently used to try to gain fraudulent access. Online account sites you deal with should already know this information.
    • We may send you periodic messages within your online banking session to notify you of service upgrades or availability, security awareness material or the availability of other FCB services or products.
  2. Be cautious with your email
    • Do not include complete account or card numbers, balances, social security numbers, passwords or PINs in an Email to FCB unless responding to an encrypted Email originated by FCB.
    • Do NOT open suspicious Email attachments.
    • Historically, Email attachments are one of the most popular and effective ways to spread malware. If you don’t know what it is or the sender, delete it. Do not download files or install software from unknown sources, which increases the risk of malicious attacks.
  3. Use secure computers when accessing online banking sites
    • DO NOT use public or unsecured sites (i.e. the library or an Internet café)
  4. Password security
    • Create a strong password of at least eight (8) characters. Use a combination of upper/lowercase letters, numbers, and special characters. Do not include the username in your password and avoid easily guessed passwords.
    • Change your password. Many people recommend changing your passwords every 90 days.
    • Use a unique password for each account login. Other sites like social media, membership sites ,and shops may maintain the high-security measures. A hacked account on these sites could leave you more vulnerable if you reuse usernames and passwords.
  5. Safeguard your username, password, and Company ID (if applicable) and do not:
    • post next to your computer
    • make it easily accessible to anyone
    • providing it to someone else
    • use an automatic login feature that saves usernames and passwords for the site.
  6. If applicable to some websites, always verify your login image and passphrase to ensure they match what you have selected. If they do not match, do not continue the login as fraudsters may be attempting to capture your login information and reroute you to another fictitious site.
  7. Ensure you have a current phone number and/or email address contained in your online banking profile for out-of-band step-up authentication and alerts.
  8. Upon login, check the date and time of your last login to verify it was, in fact, you logging in and not a possible hacker. Also, verify the last failed login date/time to determine if someone may be trying to hack into the account. If you find that the last login was not authentic, please call FCB immediately. Example follows:

Welcome FCB TEST, the last time you signed on was 2/1/2016 at 1:24 PM Eastern Standard Time (EST). Your last failed sign-on was 1/10/2016 at 3:59 PM EST.

  1. Be sure to sign off session when completed. Do not just close the page, “X” out or go to another site leaving the session open.

  2. Monitor and review your account activity frequently to ensure no fraudulent activity has occurred and if so, report it immediately to FCB. Also, ensure that monthly statements are promptly reviewed and reconciled, as losses could accumulate quickly if fraudulent transactions go undetected.

  3. Consider separation of duties (dual approval) when processing higher-risk transactions such as wires or ACH. These controls would allow one employee to originate the request and then another to approve or release the transaction. No one employee could process the entire transaction helping to reduce the risk of fraudulent activity both internally and externally.

  4. We have transaction monitoring services enabled on bill payments, wire transfers, ACH files for suspect fraud detection of anomalies from your normal activity.

  5. Access the Company Administration menu option in BOB to immediately remove any terminated employees or others that no longer need online banking access to reduce risk exposure.  Contact us at 301-620-1400 for further assistance.

 

Business/Personal Computer Controls

  1. Use a software firewall. If you are using Windows, enable the Windows Firewall and security. If you have a Mac and are running their OS, enable the built-in firewall.
  2. Protect your computer with well-known anti-virus/spyware software. Update the virus definitions and scan your computer regularly. Most anti-virus software will provide tools to automate and schedule these tasks so that they take place when you are not using your computer.
  3. Avoid fake anti-malware. Some anti-malware vendors who promise to rid your computer of malware actually install malware instead, often holding your computer hostage until you pay them. Don’t buy anti-malware software advertised in pop-up ads. Reputable software is not sold this way.
  4. Keep your operating system up to date. Many viruses rely on systems without current patches or security to spread. Configure your computer to update the operating system automatically if possible with current service packs, etc. Be sure that your antivirus and antispyware software are configured to update automatically as well.
  5. Step-up authentication of Out-of-Band authentication and/or Out-of-Wallet questions may be required for device IDs that are not recognized, utilizing one-time security codes to help deter hackers and account takeovers.  Ensure your phone number is current on your online banking profile.
  6. Consider using a stand-alone, dedicated computer solely for financial transactions, with no web browsing, Email or social media allowed.
  7. Perform your own internal fraud risk assessments and evaluate your online controls periodically to minimize risk.

Alerts

  1. Use built-in Email/text alert features to monitor account access and activity, as these are very effective tools in mitigating fraud risks.

  2. Pay close attention to alerts/messages for possible fraudulent access and do not ignore. If you know you did not access your account or conduct a transaction, notify FCB immediately at 301-620-1400.

  3. Alerts can be set up to show:

  • Access by the user for every login
  • Password change
  • Email address change
  • Failed sign-on attempts
  • Username change
  • Account balance < $xxx
  • Account balance > $xxx
  • Account transfer completed
  • Account transfer failed
  • Debit/credit transactions
  • Daily/weekly transfer summary
  • Wire transfer completed
  • Wire transfer failed
  • Wire transfer changed
  • ACH batch changed/added
  • ACH batch failed
  • Approval needed
  • New bill payment payee
  • Summary of bill payments made

Transaction Limits

  1. Can be placed on wire transfers at multiple levels — per transaction, daily, weekly or monthly

  2. Can be placed on ACH batches at multiple levels — per transaction, daily, weekly or monthly

  3. Can be placed on funds transfers at multiple levels — per transaction, daily, weekly or monthly

Online Banking Activity Review

  1. In addition to reviewing transaction activity on your accounts on a regular basis, also review your transfer activity, ACH activity, and wire transfer activity history to verify that the most recent transfer activity is legitimate and authentic.

  2. Sign up for eStatements to eliminate the mailing of your account numbers, checks, and activity that could be susceptible to theft and fraud. You'll receive your statement much quicker for review while saving paper.

Please see your Business Online Banking Agreement, Online Banking Agreement, Bill Pay Agreement, Mobile Banking Agreement and your account Terms & Conditions for a description of your responsibilities and the extent of the FCB’s liability regarding unauthorized transactions using online banking services.

At FCB, we are committed to protecting your information, however, it is critical that you also be aware of the risks present, implement various controls to minimize the risks and actively monitor your accounts for any potential fraud. If you ever feel your online profile, accounts or identity have been compromised, or you receive an unsolicited request for any information, please contact us immediately at 301-620-1400.