Fraud and Identity Theft Prevention
Consumer eBanking Fraud Prevention Best Practices
Understanding the Risks
If you use online banking, you will be interested to learn that six federal financial industry regulators teamed up recently to make your accounts more secure. New supervisory guidance from the Federal Financial Institutions Examinations Council (FFIEC) will help banks strengthen their vigilance and make sure that the person signing into your account is actually you. The supervisory guidance is designed to make online transactions safer and more secure.
Understanding the Factors
Online security begins with the authentication process, used to confirm that it is you, and not someone who has stolen your identity. Authentication generally involves one or more basic factors:
- Something the user knows (password, PIN)
- Something the user has (ATM or Debit card)
- Something the user is (characteristics such as a fingerprint)
Single factor authentication uses one of these methods; multi-factor authentication uses more than one, and thus is considered a stronger fraud deterrent. When you use your ATM, for example, you are utilizing multi-factor authentication: Your ATM Card (something you have) and your PIN (something you know). To assure your security online, we use both single and multi-factor authentication, as well as additional “layered security” measures when appropriate.
Layered Security for Increased Safety
Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. This allows the bank to authenticate customers and respond to suspicious activity related to initial login then later to reconfirm this authentication when further transactions involve the transfer of funds. Layered security can substantially strengthen the overall security of online transactions by protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.
The FFIEC supervisory guidance offers ways banks can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the level of risk in that application. To this end, we have conducted a comprehensive risk-assessment of our methods as recommended in the FFIEC guidelines. These assessments include:
- Changes in the internal and external threat environment
- Changes in the customer base adopting electronic banking
- Changes in the customer functionality offered through electronic banking; and
- Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.
Whenever increased risk to your transaction security might warrant it, we will be able to conduct additional verification procedures, or layers of control, such as:
- Utilizing call-back verification, e-mail approval, or cell phone-based identification. Employing customer verification procedures. Analyzing banking transactions to identify suspicious patterns.
- Establishing dollar limits that require manual intervention to exceed a preset limit.
Your Protection Under “Reg E”
The Federal Reserve Board issued Regulation E to govern all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Reg E, consumers can recover Internet banking losses according to how soon you detect and report them. If you report the losses within two days of receiving your statement, you can be liable for the first $50. After two days, the amount increases to $500. After 60 days, you could be legally liable for the full amount. Contact a Service Representative at your nearest branch location for the Regulation E policy that pertains to your account.
Take Precautions to Protect Yourself
Understanding the risks is a critical step in protecting yourself online. You can also make your computer safer by installing and updating antivirus software and anti-malware programs, as well as installing firewalls and updating operating system patches and updates. You can learn more about online safety and security at these websites:
If you notice suspicious activity within your account or experience security-related events you can contact a Customer Service Representative at any branch location of Rabun County Bank. Please refer to the “Contacts” page of our web site (www.rabuncountybank.com) to locate a branch location near you.
No Rabun County Bank employee or service provider of Rabun County Bank will contact you to request your password. If you are contacted by anyone requesting your password, or believe your password has been compromised, please change your password and contact us immediately.
User ID and Password Guidelines
- Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
- Change your password frequently.
- Never share username and password information with third-party providers.
- Avoid using an automatic login feature that saves usernames and passwords.
- Do not use public or other unsecured computers for logging into Consumer eBanking.
- Users should check the last login date/time every time they log in.
- Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.
- View transfer history available through viewing account activity information.
- Whenever possible, use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
- Take advantage of and regularly view system alerts; examples include:
- Balance alerts
- Transfer alerts
- Password change alerts
- Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
- Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
- Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
- Never leave a computer unattended while using Consumer eBanking.
- Never conduct banking transactions while multiple browsers are open on your computer.
Tips to Avoid Phishing, Spyware and Malware
- Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.<
- If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
- Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
- Ensure computers are patched regularly, particularly operating system and key applications.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
- Check your settings and select, at least, a medium level of security for your browser.
- Clear the browser cache before starting any Consumer eBanking session to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences menu.
- Be advised that you will never be presented with a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching the URL and before entering login credentials. Consumer eBanking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.
- Consumer eBanking never displays pop-up messages indicating that you cannot use your current browser. Consumer eBanking error messages never include an amount of time to wait before trying to login again.
- Be advised that repeatedly being asked to enter your user ID or password are signs of potentially harmful activity.
- Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.
Tips for Wireless Network Management
Wireless networks can provide an unintended open door to your network. Unless a valid reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate purposes, it is recommended that wireless networks be secured as follows:
- Change the wireless network hardware (router /access point) administrative password from the factory default to a complex password.
- Save the password in a secure location as it will be needed to make future changes to the device.
- Disable remote administration of the wireless network hardware (router / access point).
- If possible, disable broadcasting the network SSID.
- If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.
- If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.
Rev. August 2011