Additionally, you might find the website www.onguardonline.gov from the Federal Trade Commission, U.S. Department of Education, and the U.S. Department of State helpful in understanding Online Banking Security.
How First Bank Protects You While Banking Online
First Bank Online Banking has implemented various layers of security features to help reduce the risks associated with Online Banking and to help protect your account information from unauthorized access.
These layers include:
- All Online Banking data transmitted to us is encrypted. Encryption is the process of transforming information into an indiscernible coded message. When you click on “login”, we encrypt your Online Banking User ID and PIN using Secure Sockets Layer (SSL) technology. This secure connection is established before your Online Banking User ID and PIN are transmitted and maintained for the duration of your Online Banking session.
- If you are using one of the following browsers; Microsoft IE 7.0 or higher, Firefox 3.0 or higher, or Safari 3.2 or higher, an EV (Extended Validation) SSL certificate will be active. The EV SSL certificate will be evident as the browser will display https://, turn green, show a closed padlock and rotate “First Bank” and “Identified by VeriSign”.
- After your initial login, we require you to change your Online Banking PIN before any transactions can be requested.
- PIN guessing is deterred with a lock-out feature. Our system will automatically lock-out a user when an incorrect PIN is entered multiple consecutive times.
- Online Banking sessions have a time-out limit requiring you to login again after a period of inactivity to prevent unauthorized access to your session.
- Account numbers are not visible through Online Banking unless you choose to display the account number through the “Pseudo Name” function, however, this is not recommended in order to protect your information.
- Our Identity Verification Feature provides an additional layer of security by getting to know you and your typical and characteristic Online Banking behavior. If atypical behavior is detected you will be prompted to verify your identity by answering your established Challenge Questions.
- A personal Watermark feature appears during the login process for your assurance that you have accessed the authentic First Bank Online Banking site.
- Secure ID Tokens are available for Online Banking with Cash Management accounts. Based upon time synchronization technology, this authentication device generates a simple, one-time code that changes every 35 seconds. The token is used in conjunction with your Online Banking User ID and PIN.
- Upon proper exit from Online Banking, an alert will be displayed requesting to close the webpage of the session you have logged out of.
Understanding the Risks
As your trusted financial partner, First Bank is committed to the safekeeping of your confidential financial information. As part of this commitment we want to make you aware of current online threats and to provide you with valuable information to help identify and guard against them. Nothing can eliminate all of the risks; however, an informed and vigilant user is a key defense.
Phishing is a scam where Internet fraudsters request personal information (such as User IDs, PINs, and identifying information), from users online. These requests are most commonly in the form of an email from an organization with which you may or may not do business. Fraudulent emails such as these may look official, sometimes including the company logo. The email usually states that the company needs you to update your personal information or that your account is about to become inactive, all in an effort to get you to click on a site or divulge confidential information. No reputable business will ever email you requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers via a link to their site.
Unlike phishing, fraudsters using a technique called “pharming” don’t lure their victims with emails. Instead, they install malicious software or use other means to re-direct a user to a fraudulent website - even if the user types the correct address into their browser or uses an existing bookmark for their bank’s website. This means when you type a legitimate website address into a web address bar you are redirected without your knowledge to a bogus site that looks identical to the genuine site. Once you log in with your login name and password, the information is immediately captured by the fraudster.
SMiShing or Vishing
There is a variant of traditional phishing scams that uses telephone calls, instead of email, to collect confidential information. Customers may receive an automated phone call or an email saying their account has been compromised and gives them a phone number to call to resolve the issue. When they call, they reach an automated answering program that asks them for confidential information to verify their account. Customers should never give confidential information in response to suspicious requests such as these.
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. It is usually integrated into or bundled with a legitimate program. It can be used to carry spyware or trojans.
Spyware is a type of malware that is typically secretly installed on computers and collects little bits of information at a time about users without their knowledge and can be difficult to detect. The software then relays this information to advertisers, marketing groups, and others for advertising or malicious purposes. Information that is commonly collected includes login IDs, PINs, account information and computer files.
Spyware is usually installed without your knowledge when you download legitimate software. Sometimes the fine print of the license agreement includes information about the spyware component, but not always. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.
Keylogging is a method by which fraudsters record your actual keystrokes and mouse clicks. Keyloggers are “trojan” software programs that target your computer’s operating system (Windows, Mac OS, etc.) and are “installed” via a virus. These can be particularly dangerous because the fraudster can capture your User ID and PIN, account number, Social Security Number, “Secret Question” answers and anything else you have typed. If you happen to have the same User ID and PIN for many different online accounts, you’ve essentially granted the fraudster access to any company with whom you do business.
Trojan horses are designed to allow a hacker/fraudster remote access to a target computer system. Once a trojan horse has been installed on a target computer system, it is possible for the hacker/fraudster to access it remotely and perform various operations. Operations that could be performed by a hacker/fraudster on a target computer system include:
- Use of the machine as part of a botnet (i.e. to perform spamming or to perform Distributed Denial-of-service (DDoS) attacks.)
- Confidential Data theft: User IDs, PINs, account information.
- Installation of software, including other malware.
- Downloading or uploading of files.
- Modification or deletion of files.
- Keystroke logging.
- Viewing the user’s screen.
- Wasting computer storage space.
- Crashing the computer.
A virus is software capable of causing great harm to files or other programs on a computer. Viruses cannot spread from computer to computer on their own. They usually access new victims through infected email attachments. Some signs that may indicate your computer is infected with a virus include:
- It is operating much slower than normal or getting hung up.
- You suddenly start seeing pop-up advertisements.
- You see a new home page.
A computer worm is a self-replicating malware computer program that uses a computer network to send copies of itself to other computers without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always harm the network (mostly by consuming bandwidth), whereas viruses almost always corrupt or modify files on a targeted computer.
A software system that consists of a program, or combination of several programs, designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant administrator access, as it requires prior access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit.
Online Banking Security Guidelines
- Properly exit from First Bank Online Banking as soon as you finish your banking activities by clicking “Exit”. Never walk away from your computer with your account information on the screen.
- While using a computer in public areas beware of “shoulder surfers” who may be trying to intercept your PIN or account information.
- Do not use the same computer for online banking transactions that you use to browse the Internet.
- Monitor your account on a daily basis to detect any unusual activity immediately.
- Beware of fraudulent emails or websites known as “Phishing” or “Web Spoofing” schemes that appear to be from First Bank or other legitimate sites. Always go directly to First Bank’s website by typing www.firstbankms.com directly into the browser address bar. Never click on unverified links in emails, in pop-up ads, or on other unknown sites. These emails and links may ask for personal information or may redirect you to illegitimate sites that look like First Bank’s site or appear to have the First Bank URL address in the browser address bar.
- Know what your Financial Institution’s website looks like and what questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A vigilant user can sometimes spot these attacks by noticing slight modifications to the Bank’s standard page; extra security questions, poor grammar, misspellings, a fuzzy or older logo or a change to the location of each feature.
- Be suspicious of any email that asks for personal information, requests your authentication, or indicates a problem with your First Bank account. If you receive an email like this, DO NOT REPLY by email. Instead call First Bank at (601) 684-2231 to notify us of the fraudulent email. First Bank does not request personal or account information from clients via email or pop-up windows.
- Only use trustworthy computers. Shared public computers like those in airport lounges, internet cafes, public libraries, and hotel lobbies could be connected to keystroke loggers or infected with password-stealing viruses. Do not use them to access Online Banking or other websites containing confidential information about you.
Online Banking PIN Guidelines
Your Online Banking PIN is the key to your Online Banking account and your personal and financial information. Here are some tips to keeping your PIN secure:
- Create a strong and unique Online Banking PIN by making it as long and complex as possible with a combination of uppercase and lowercase letters, numbers, and symbols. Refrain from using predictable sequences of characters such as “1234” or “abcd”. Do not use your Online Banking ID in your PIN.
- Do not use words that can be found in a dictionary or information related to you such as your birth date, address, names of family members, etc.
- Disable any “AutoComplete” or similar features on any computer you use for Online Banking.
- Do not write down your PIN.
- Do not share your Online Banking PIN with anyone, including First Bank employees. Your Online Banking ID and PIN are assigned to you and verify who you are when you begin and Online Banking session with First Bank.
- If you feel that your Online Banking ID and/or PIN have been stolen or compromised, immediately change your PIN Online and notify First Bank.
- Change your PIN on a regular basis. We recommend changing your PIN every 60-90 days.
- Do not use the same PIN for various websites.
- Never email your PIN or respond to an email request for your PIN or other confidential information. First Bank will never ask you to submit confidential information in an email.