Keeping You Protected › First Bank

Whether you bank online, in person or over the phone, First Bank is constantly working to protect you from criminal activity. We are committed to protecting your personal information. We maintain a comprehensive customer information security program utilizing administrative, technical and physical safeguards. Your other greatest ally? Awareness! Learn more about cybersecurity and what to do in case you become a victim.

Identity Theft

Identity theft occurs when someone illegally obtains your personal information—such as your Social Security number, bank account number, or other identification—and uses it repeatedly to open new accounts or initiate transactions in your name. Essentially, they try to become you. For example, someone might do a combination of the following: open new credit cards, open new bank accounts, forge checks and even apply for loans using your name and personal information. This can cause financial loss and damage your credit, which can lead to a lengthy resolution process.

Keep in mind however, that even if you think your security has been compromised, it does not automatically mean that you are a victim of identity theft. It might be an incorrect entry or an isolated incident of theft from your First Bank account that is quickly resolved by calling First Bank at (601) 684-2231.

How Identity Theft Can Happen

Physical

Theft/Robbery

Dumpster diving for documents containing personal or financial information
Stealing a purse or wallet
Taking incoming or outgoing mail from your home mailbox
Breaking into your home and taking documents or a computer with personal or financial information stored on it
Shoulder surfing at ATM machines and phone booths in order to capture PIN numbers

Address change

Identity thieves change the address on account statements or bills and have them sent to their address or, more likely, a PO Box

From businesses
Stealing information where they work
Bribing an employee
Conning an employee (see pretext calling)
Hacking into a company's computer system

Skimming
Stealing credit/debit card information by using a data storage device when processing (swiping) a card

Internet

Phishing - fishing for confidential information

The consumer receives an email that appears to be valid and originate from a financial institution, government agency or other reputable entity
The message states an urgent reason why you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message - the link appears to be the website of the legitimate company but really belongs to the "phisher"

Spyware

Software that can track online usage and personal information, even record every keystroke
Often unknowingly installed by consumers because it is packaged with other software

Trojan Horse virus

An email virus usually released by opening an email attachment
The virus scours the hard drive for personal information then sends this information to the thief's email address

Pretext Calling

The identity thief calls a financial institution posing as a customer, an official at another bank, a government regulator or a law enforcement officer trying to get information on customer's account
May use intimidation (threatening to close account), helplessness or claim an emergency situation

Clues That Someone Has Stolen Your Information

What to Look For:

You see withdrawals from your bank account that you can’t explain
You don’t get your bills or other mail
Merchants refuse your checks
Debt collectors call you about debts that aren’t yours
You find unfamiliar accounts or charges on your credit report
Medical providers bill you for services you didn’t use
Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit
A health plan won’t cover you because your medical records show a condition you don’t have
The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for
You get notice that your information was compromised by a data breach at a company where you do business or have an account
New or replacement credit cards that don't arrive in a timely manner
Credit card bills or account statements for accounts you didn't open
Calls or letters from collection agencies about accounts you didn't open
Unexpected denials of credit
Emails asking for personal information that don't address you by name, threaten action if you don't respond, or contain spelling errors

How to Prevent Identify Theft

Don't give out personal or financial information such as social security number, checking or credit card numbers, or pin numbers unless you personally know the person or organization. Always keep this information in a safe place.
Never email any of the above information even to your banker. Email is not a secure transmission. It is the equivalent of a postcard and you wouldn't put your social security number on a postcard for the post office to read, would you?
Shred any financial offers you receive such as those for credit card offers and any bank statements before throwing them away. Consider getting your bank statements online, it will not only help protect your identity but it will help the environment.
Protect your ATM PIN number and ATM receipts. Keep your ATM card and PIN number separate and shred them if you should need to dispose them. Never write your PIN number on your card, memorize it instead.
Report lost or stolen checks, debit cards or credit cards immediately to the appropriate party.
If you see something questionable on a bill, don't hesitate to question it as this may help prevent possible fraud.
Annually check your credit report for accuracy and report any errors immediately.
Review your account statements regularly, online and on paper.

If You Become a Victim

If you think your identity has been stolen or you’re a victim of fraud:

Contact us immediately at (601) 684-2231 or the company involved immediately and have all accounts closed or monitored for further changes.
Contact all three major credit bureaus to place a fraud alert on your file, this can help prevent thieves from obtaining any new credit in your name. For more information about the steps to take, and to get your credit reports, contact the credit bureaus listed below:
- Equifax: 1-800-525-6285 or www.equifax.com
- Experian: 1-888-397-3742 or www.experian.com
- TransUnion: 1-800-680-7289 or www.transunion.com
Contact other creditors. Contact your other creditors including credit card and phone companies, as well as banks and other lenders, to notify them of potential fraud. Always follow up any telephone conversations with a letter. Close any accounts that have been breached and reopen them with new account numbers and passwords. We strongly suggest not using your Social Security number as either a username or password.
File a report with the local police. Contact your local police department if you suspect that your personal information was stolen. A police report will lend weight to your case when dealing with creditors who may require proof of criminal activity.
Report the criminal activity to the Federal Trade Commission (FTC). Call the toll-free hotline at 1-877-ID THEFT (1-877-438-4338) to speak with a trained identity theft counselor. Or enter information about your complaint into a secure FTC online database at reportfraud.ftc.gov. Your information may be shared with other law enforcement agencies investigating identity theft.
You can also file a complaint with the appropriate federal investigative law enforcement agency. For a list of appropriate law enforcement agencies, go to www.justice.gov/criminal/cybercrime/reporting.html
Contact other agencies as appropriate:
Postal Inspection Service at www.usps.com. If you believe your mail was stolen or redirected, notify the Postal Inspector at your local post office.
Social Security Fraud Hotline at 1-800-269-0271. If you suspect someone is using your Social Security number for fraudulent purposes, call the hotline.
Department of Motor Vehicles office at www.dmv.org. If you believe someone is trying to get a driver’s license or identification card using your name and information, contact your local DMV
Carefully review all your credit files and accounts. Since identity theft takes time to completely resolve, you should continue to carefully review all charges and transactions appearing on account statements and online. Keep all receipts and records for proof of legitimate purchases. Any discrepancies should be reported immediately.

Computer Security Guidelines

Security Guidelines

Use a current Internet browser with 128-bit encryption that supports secure and private transactions.
Consider using the built-in security features that are provided with your Internet browser instead of disabling them.
Use a software or hardware firewall to protect your computer from network intrusion.
Maintain and run anti-spyware, anti-malware, and anti-virus software to detect new threats.
If your computer is on a wireless network (home or public), ensure that the router settings are secure, (encrypted). Using scanning devices, individuals can intercept unencrypted signals and view or obtain your information.
Use caution when downloading files, installing software, or opening email attachments from unverified or unknown sources. Many of these files contain spyware or key-logging programs that can send information back to a malicious site.
Be suspicious of emails purporting to be from a Financial Institution, government department or other agency requesting account information, account verification or banking access credentials such as User ID’s, PIN’s, Codes and similar information. Opening file attachments or clicking on web links in suspicious emails could expose the system to malicious code that could hijack your computer.
We recommend clearing the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive.
Always lock your computer when you leave it unattended. Set the computer to automatically lock after a set period of inactivity, e.g. 5 minutes.
When you are finished with your computer turn it off or disconnect it from the Internet by unplugging the modem or Ethernet/DSL cable.
Properly dispose of old computers and ensure all sensitive information is removed from the hard drive. Reformatting the hard drive may not be sufficient – use specialized software to erase information.

Additional Computer Security Guidelines for Business

As a business you have additional concerns, such as multiple users and cash management (ACH & Wires) functionality to contend with regarding the safety and security of your Online Banking accounts. There is the growing threat of fraudulent ACH transactions and Wire transfers from online banking accounts which primarily target small to medium sized businesses and government entities and can involve amounts as small as $10,000 US dollars to as much as several million dollars. The majority of these attacks require the attacker to compromise the target computer by installing malware (viruses, spyware, adware, Trojan horse, keyloggers, worms, rootkits), in addition to phishing and pharming techniques, to obtain users login credentials allowing access into the client’s Online Banking session via hijacked credentials.

The following recommendations are cyber security best practices that help reduce the risks associated with online banking. Nothing can eliminate all of the risks, however, an informed and vigilant user is a key defense. In conjunction with our Online Banking Security Information document the following is a list of additional online banking security measures for our Commercial Clients:

Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers.
Install well known and supported anti-virus and desktop firewall software on all computer systems. Look for names you know and read independent reviews of all products you use.
Ensure computers are patched regularly, particularly operating systems and key applications with security patches. It is highly recommended to sign up for automatic operating system updates for the operating system and many non-operating system applications.
Change the default login names and PINs on routers, firewalls, and other network equipment and software.
Monitor log files, especially proxy server logs, for unauthorized/suspicious Internet connections coming to and leaving the network.
Carry out all online banking activities from a hardened and completely locked down computer system.
Use a single computer with a static IP Address for all online banking transactions. If possible, register this IP Address with the Financial Institution. Actively monitor the computer for viruses and other malware and limit this computer from conducting any other Internet activity, including email.
Use a dedicated computer for all online transactions and implement white listing methods to prevent the system from going to any site/address that does not have a documented business need.
Whenever possible do not use a wireless network for financial transactions. If a wireless network must be used, enforce security measures such as enabling encryption and MAC address filtering, changing the service set identifier (SSID) and turning off SSID broadcasting.
Turn off and remove services that are not needed on computers. Allow the use of CDs, DVDs, USB devices for legitimate business needs only.
Consider blocking Internet plug-ins on the computers that access online banking accounts. Disabling Flash, scripts, pop-up windows, etc., can be frustrating for general users but will prevent multiple exploits.
Educate users on good cyber security practices to include how to avoid having malware installed on a computer and new malware trends.
Make sure employee computer profiles have the least privilege possible to do their job.
Ensure employees cannot override or circumvent security software.
Only approved company applications should be deployed on your computers, and should be patched regularly.
Use a mail service that blocks or removes email file attachments such as files that end in .vbs, .bat, .pif, or .scr. These are file extensions for executables, and are commonly dangerous files.
Prohibit the use of shared User IDs and PINs for Online Banking.
Develop and implement employee rules and policies concerning appropriate and allowed use of the Internet.
Instill good security habits with your employees. Develop a security awareness program that addresses the risks specific to your business and/or to the specific functions within your company.
Review with employees on a regular basis.
If you have employees that use laptops, consider implementing software that will determine if mobile devices have been infected before allowing them back into your network.
Employ advanced authentication techniques for user logins such as two-factor authentication (User ID and PIN - something the user knows, and Token codes - something the user has.)
Develop a working relationship with a member of law enforcement so that there is an established venue for reporting incidents.

Email Security Guidelines

Question suspicious emails. We will never send you an email asking for confidential information or your Online Banking ID or PIN.
If you receive an email that appears to be suspicious, do not reply to it or click on the link that it provides. Simply delete it.
If you think you may have provided personal or account information in response to a fraudulent email or website, report the fraud immediately, change your PINs, and monitor your account activity frequently.
Avoid clicking on links provided in emails. It is always better to type the address into your browser.
Open email attachments only if you know the sender. It is best to scan attachments with your anti-virus software prior to opening.
Most computer files have filename extensions such as “.doc” for documents or “.jpg” for images. Any file that appears to have a double extension, like “heythere.doc.pif” is extremely likely to be a dangerous file and should never be opened.
Never open email attachments that have file endings of “.exe”, “.pif”, or “.vbs”. These are file extensions for executables, and are commonly dangerous files.
Be careful and selective before providing your email address to a questionable website. Sharing your email address makes you more likely to receive fraudulent emails.
Confirm the validity of all requests for sensitive personal, financial, or account information, particularly if they are made with an urgent or threatening tone.
Confirm requests for personal or account information by going to the company’s website directly. Open a new browser window, type the Web address, and check to see if you must actually perform any activity that an email may be asking you to do, such as change a PIN.

ATM Safety

Use the following suggestions to help protect yourself when making an ATM transaction or purchase:

Block others view of your transaction:

Cover screen and/or keypad when entering PIN number.
If you feel you may be watched leave the ATM and go to a safe location.
Never let anyone assist you in entering your PIN number or give anyone your PIN number, not even a store clerk. You should guard your PIN number as you would cash.

Be Prepared:

If in line at the ATM, leave your car running, windows up and doors locked.
Have your card ready before reaching the ATM, don't wait until you get there to start digging for your card.
Remember the more time you spend at an ATM, especially after hours, the easier target you are for a thief.

Secure Cash:

After a transaction, don't visibly display your cash.
Immediately store away your card, cash, and receipt, wait until you are safely away to sort everything out.

Stay Alert:

Notice your surroundings prior to and during transactions.
If you notice anything unusual or anything or anyone that makes you uncomfortable leave the ATM and try another location if needed.

Check the ATM:

Pay attention to the actual ATM machine, if it looks to be altered or has any unusual devices attached to the card slot or keypad, do not use it and notify the bank of your findings.