Important Facts About Your Account Authentication and Online Banking
Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and customers.FIRST FEDERAL’S POLICY
First Federal will not contact you requesting personal or sensitive information, such as your full Social Security Number, Personal ID, Online Banking passwords, or PIN. In order to protect the security of your accounts, First Federal, or our authorized Fraud Protection or Compliance/Audit Service, may contact you by phone to update non-personal information or verify suspicious transactions. You may place a call back to First Federal to ensure the phone call you received is valid. Please click on the “About Us” link located on the top navigation bar to read more about our Privacy and Security Policies.ONLINE SECURITY IS A TOP PRIORITY AT FIRST FEDERAL
If you use online or mobile banking, you will be interested to know that we maintain the highest standards of security for our Internet Banking system. Our enhanced security adds an extra layer of protection that works behind the scenes to help secure your account information. Because of this, you may occasionally be prompted to verify your identity before continuing with your questions or transaction. For example, you may be asked a few security questions that only you know the answer to before you are able to proceed. Also, our employees will take extra steps to verify the identity of callers and customers before providing any account information.UNDERSTANDING ONLINE SECURITY
Online security begins with an authentication process used to confirm that it is you, and not someone who has stolen your identity, attempting to access your account. Authentication generally consists of one or more basic factors:
- Something only you know (e.g., password, PIN)
- Something you have (e.g., ATM card, smart card, etc.)
- Something that is physically unique to you (such as fingerprint).
Sometimes only a single method of authentication is used (single factor authentication), and sometimes more than one factor is used (multi-factor authentication). Multi-factor authentication is considered a stronger fraud deterrent.
For example, when you use your ATM you are utilizing multi-factor authentication: Factor number one is something you have, your ATM card; factor number two is something you know, your PIN. To assure your continued security online, First Federal uses both single and multi-factor authentication, as well as additional “layered security” measures as appropriate.LAYERED SECURITY FOR INCREASED SAFETY
Layered security means that controls are used at different points in the transaction process so that a weakness in one control generally is strengthened by the use of a different control. An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfers.
Layered security can substantially strengthen the overall security of online transactions… protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.
First Federal makes use of layered security to allow us to authenticate our customers, detect and respond to suspicious activity related to initial login, and then to reconfirm the authentication when further transactions involve the transfer of funds.FIRST FEDERAL IS WORKING ON YOUR BEHALF
Behind the scenes, our goal is to ensure that the authentication required for a particular transaction is appropriate to that transaction’s level of risk. Accordingly, First Federal conducts comprehensive risk-assessments of its methods as recommended by current federal guidance. These risk assessments consider the following things:
- Changes in the internal and external threat environment
- Changes in the customer base adopting electronic banking
- Changes in the customer functionality offered through electronic banking; and
- Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.
There are times when a transaction you initiate may create more risk to you and to the Bank. In those cases, we will likely request additional identification verification procedures, or layers of control, such as:
YOU HAVE FEDERAL PROTECTION
- Utilizing call-back (voice) verification, e-mail approval, or cell phone-based identification.
- Employing customer verification procedures, especially when opening accounts online.
- Analyzing banking transactions to identify suspicious patterns. For example, that could mean flagging a transaction in which a customer who normally pays $10,000 a month to five different vendors suddenly pays $100,000 to a completely new vendor.
- Establishing dollar limits that require manual intervention to exceed a preset limit.
First Federal Bank follows specific rules issued by the Federal Reserve Board, known as Regulation E. The rules cover all kinds of situations involving transfers made electronically. Under the consumer protections provided by this law, you can recover unauthorized or fraudulent transactions conducted electronically as long as you detect and report them in the manners shown below:
If you report unauthorized or fraudulent transactions within two days of receiving your statement, you may be liable for the first $50. After two days, the amount increases to $500. After 60 days, you could be legally liable for the full amount. The best practice is to notify First Federal as soon as you detect the activity. You can do this by contacting any one of our branches.CUSTOMER VIGILANCE: THE FIRST LINE OF DEFENSE
Of course, understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. You can make your computer safer by installing and regularly updating your
- Anti-virus software
- Anti-malware programs
- Firewalls on your computer
- Operating system patches and updates
You can also learn more about online safety and security at these websites:
Avoid the “Hook” in Phishing Scams
Before I joined the Banking World, the only kind of fishing I knew about was the kind that involved an individual trying to hook a fish with various types of baits and just the right flick of the wrist. Now I know there is a different kind of Phishing that is becoming a popular hobby of fraudsters. Phishing is a technique that fraudsters use to coax individuals into giving them valuable personal information.
Just like real fishermen who have a tackle box full of different lures and baits aimed to hook even the smartest fish, fraudsters have a tackle box of letters, emails, phone calls, and texts to hook you. No matter the medium that the Phishing attempt comes in, they all have one thing in common: they want you to give them information. Don’t get hooked into sharing your valuable personal information! Follow these tips:
- If you are suspicious about a request for personal information that you’ve received by phone, email, text message, website, or mail, you should first verify the request. Use a known and legitimate source to confirm the request by calling the number listed on your bank’s website, billing or bank statement, or on the back of your debit or credit card.
- Consumers should never share their mother’s maiden name, Social Security Number, bank account numbers, or account user names and PINs/passwords without prior verification – from another source – of who is asking for the information.
- Legitimate companies will not contact you and ask you to verify information. Always be suspicious if you are contacted and asked to give information, no matter who the requester claims to be.
If you have any questions, always feel free to visit your nearest First Federal branch.
By: Matthew Rice, Security Director for First Federal