The Federal Financial Institutions Examination Council (FFIEC) recently issued new supervisory guidance for banks designed to help make online transactions more secure. The new guidance is in response to an ever more dangerous online threat environment. Scams and hacking techniques are more sophisticated, new threats are continually being developed, and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft.
The new guidance means you may begin to see new security features on the websites you visit. Each of our online products has built-in security features which are continually enhanced in response to changing threats. Some of these enhancements are visible to you, the user, but others occur behind the scenes.
The new guidance also means you will see more information on how you, as a user of online services, can take action to keep your identity and your financial information and funds secure.
IMPORTANT INFORMATION FOR OUR ONLINE USERS
OUR LOG-IN CREDENTIALS
We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer. If you receive such a request, do not provide any information. Contact a Personal Banker at 575-647-4100 or at email@example.com to report the incident.
REPORTING SUSPICIOUS ACTIVITY
If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship with Citizens Bank, call 575-647-4100 and ask to speak to a Personal Banker or email us at firstname.lastname@example.org
PROTECT YOURSELF BY CONTROLLING ONLINE RISKS
Understand the online products you are using:
Citizens Bank provides detailed brochures on our online products. These resources explain the product’s security features in detail and provide tips for use of the product. Look for this information on all the websites you use to process transactions online and use these features available to you.
Understand the risks of online transaction processing:
Our website includes security alerts and information about preventing and reporting identity theft. The security tips and links to websites noted below provide important information and news to help you understand online transaction risk and options to help you control these risks. It is important to be informed and proactive. When it comes to internet fraud, account takeover and identity theft, an ounce of prevention is definitely worth a pound of cure.
Password Security Tips
- Do not share your User ID’s or Passwords with another person or provide them to others. Safeguard your User ID and Password information—never leave the information “lying around” in an unsecured location.
- Create a unique User ID and Password for each site. Do not use the same identifying information on multiple websites.
- Create strong User ID’s and Passwords. In other words, use upper case letter(s), lower case letter(s), and numbers; if the site allows for them, use symbols as well.
- Many websites force password changes (i.e. every 60 days). If a website does not do so, take the initiative and change your password on a regular basis.
- Avoid posting personally identifiable information on social media sites such as on Facebook and Twitter. Information such as street address, pets’ names, home town and mother’s maiden name can be used to access more secure information.
Website Security Tips
- Monitor account activity. View account activity online on a regular basis and review periodic account statements (monthly and/or quarterly) and reconcile them to your personal records.
- Log off from a website; do not just close the page or “X” out.
- Secure websites have a web address that includes an “s” (https rather than http). If this feature is lacking, the site may not be genuine. Do not log in or conduct business on these sites.
- When completing financial transactions, verify encryption and other security methods are in place, protecting your account and personal information.
Computer / Network Security Tips
- Use quality security monitoring software on your PC that includes anti-virus, anti-malware and firewall functions.
- Use your PC’s security features such as individual Log-In accounts.
- Keep PC operating system security up-to-date by applying patches and updates.
- Password-protect your computer network (physical or wireless).
Stay Aware of Current Scams
- The Internet Crime Complaint Center (IC3) website is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), and contains useful information. The IC3 website is found here.
- IC3 information on gift card scams can be found here.
- IC3 information on other scams can be found here.
What can you do to avoid becoming a victim of IDENTITY THEFT?
Protecting your identity:
- Never respond to unsolicited requests for your social security number or financial data.
- Before discarding, shred credit card, ATM receipts and any pre-approved credit offers you have received, but don't plan to use.
- Check all credit card and bank statements for accuracy.
- Avoid easy-to-figure out access and personal ID codes.
- Obtain a copy of your credit report annually and check it for accuracy.
- Use only secure sites when making online purchases. Secure pages begin with "https."
- Pay for online purchases by credit card to assure you get what you paid for and to limit your liability.
- Safeguard your SSN, and check earnings and benefit statements annually for fraudulent use.
If you have become a victim of Identity Theft, immediately take the following actions:
- File a police report.
- Contact your bank.
- Notify all of those with whom you have a financial relationship.
- Tag accounts closed due to fraud, "closed at consumer's request."
- Notify credit bureau fraud units.
- Establish a password for telephone inquiries on credit card accounts.
- Place a fraud alert statement on your credit report.
- Request bi-monthly copies of your credit report until your case is resolved (free to fraud victims).
- Report theft of checks to check verification companies.
- Check post office for unauthorized change of address requests.
- Follow-up contacts with letters and keep copies of all correspondence.
- For additional help:
Report Fraud 888-397-3742
Order Credit Report 888-397-3742
- Trans Union: www.transunion.com
Report Fraud 800-680-7289
Order Credit Report 800-888-4213
More information about Identity Theft and how to avoid it can be found at:
Federal Trade Commission: www.ftc.gov/idtheft
Federal Trade Commission: www.ftc.gov/idtheft
CONSUMER PROTECTION – REGULATION E
Regulation E provides rules for error resolution and unauthorized transactions for electronic fund transfers, which includes most transactions processed online. In addition, it establishes limits to your financial liability for unauthorized electronic fund transfers. These limits, however, are directly related to the timeliness of your detection and reporting of issues to Citizens Bank. It is for this reason that we encourage you to immediately review periodic account statements and to regularly monitor your account activity online.
The “Electronic Fund Transfers” disclosure provided to you at the time of account opening provides detailed information. We will provide to you, upon request, a free printed copy of this disclosure.
ADDITIONAL INFORMATION FOR BUSINESS USERS OF ONLINE SERVICES
The new FFIEC Guidance takes note that business transactions, because of their frequency and dollar value, are inherently more risky than consumer transactions. The Guidance also notes the steep rise of online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.
Recently, small- to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.
The FFIEC Guidance suggests enhanced controls for businesses:
- Business customers should be encouraged to perform a periodic risk assessment and an evaluation of the effectiveness of the controls they have in place to minimize the risks of online transaction processing.
The password, website, computer and network tips above provide a starting point for this process and the web resource links provide additional detailed information.
The FTC Business Center has a great deal of information for businesses at http://business.ftc.gov/privacy-and-security/data-security.
- Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.
- Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verification), fraud detection and monitoring systems, and IP reputation–based services. The Guidance encourages establishing layered security processes.