Important Facts About Security Threats and How to Prevent Them
Your Security Is Important To Us
First Commons Bank, NA is committed to protecting your personal information. We believe our customers should stay current with potential security threats and ways to avoid these threats:
- Control Mechanisms For Avoiding Security Threats
- New Online Security Threats
- Ways To Avoid These New Threats
- What The Bank Is Doing To Help Protect Our Customers
- Ways The Bank May Contact You
- Additional Security Measures For Commercial Customers
- Available Resources For Commercial Customers
- A Summary Of Your Rights Under Regulation E
If you think your identity may have been compromised, or you believe your First Commons Bank, NA accounts may be in jeopardy, or you have any questions please call our Bank at 617-243-4400.
Personal Identifying Information
- Check your bank accounts regularly.
- Always protect your PIN: Do not give the number to anyone, and cover the keypad while you are entering your PIN.
- Create difficult passwords to include numbers, uppercase letters and special characters.
- Do not give any of your personal identifying information over the telephone, through the mail or online unless you have initiated the contact or know and trust the person or company to whom it is given.
Credit, Debit and ATM Cards
- Retain all receipts from card transactions.
- Sign new cards as soon as you receive them.
- Report lost or stolen cards immediately.
- Promptly remove mail from your mailbox.
- Do not leave outgoing mail in your doorway or home mailbox, where it can be stolen.
- Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place.
- Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, and other financial documents before you throw them away.
PINs and Passwords
- Memorize your PINs and passwords and keep them confidential.
- Change your passwords periodically.
- Avoid selecting PINs and passwords that will be easy for an identity thief to figure out.
- Do not carry PINs and passwords in your wallet or purse or keep them near your checkbook, credit cards, debit cards or ATM cards.
- Be careful when downloading applications to your smartphones. If it looks like spam, if it’s free, or if it comes preloaded with advertisements, it may not be worth downloading as it may collect personal information.
- Lock your computer when you walk away.
- Know who's around when you access your account.
- Dedicate one computer for online banking business.
- Install/update firewalls and anti-virus software.
- Start managing your finances using secure online banking tools.
- Answer you security question incorrectly. For example, if you select “What was the last high school you attended” select a rival high school.
Wallets and Purses
- Do not carry more checks, credit cards, debit cards, ATM cards and other bank items in your wallet or purse than you really expect to need.
- Do not carry your Social Security number in your wallet or purse.
- Be suspicious of transactions that require advanced payment or a deposit through a wire transfer.
Additional Security Measures for Small Businesses
- Schedule regular external audits.
- Train employees on security awareness.
- Employ an information management service to safely store sensitive documents.
- Ensure that all computer software is up-to-date and contains the most recent patches.
- Encrypt all data stored on your portable devices and laptops.
- When setting up a wireless network, make sure the default password is changed and make sure you encrypt your wireless network with WPA (Wi-Fi Protected Access).
- Clickjacking: These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different. Typical to Facebook users, often sharing or "liking" the content in question sends the attack out to contacts through news feeds and status updates, propagating the scam.
- Phishing: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Website, however, is bogus and set up only to steal the user’s information.
- Spearphishing: This is more likely to occur via regular e-mail; but you may also be hit by a spear through a Facebook or Twitter message. Spearphishing (or spear phishing) works through an e-mail or message that seems quite personal, it may appear to be from a person or company with whom you normally communicate; however, it will lead you to a poisoned site. It is similar to "phishing" scams but rather than just getting a message from your e-mail provider saying your inbox is full or you have to verify your identity and so on it takes it a step further by adding personalized information to lull your suspicions.
- Pharming: In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your web browser. When you type in the address of a legitimate website, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
- Look at who is sending the email. If it seems odd, delete it.
- Keep your browsers up to date; all browsers are doing a better job screening out dangerous stuff.
- Do not click on links that ask for your personal information. If it’s from a company or bank call the company or bank directly to ask about the issue stated in the email.
- Do not click on links if you do not know who the sender is. Make sure the email address is an exact match to your contact if you do know the sender.
- Make sure you know who you are accepting as a friend on social networking sites.
- Be cautious when typing in web addresses to ensure you are directed to the site intended.
- The Bank has added extra security layers with more layered controls to our online banking, account opening, mobile banking, remote deposit capture, wire transfers, and cash management products.
- The Bank monitors our customer account activity for any unusual or suspicious transactions.
- First Commons Bank NA never requests a customer’s bank card number, account number, Social Security number, Personal Identification Number (PIN) or password through email. If you should receive an email requesting such information that appears to be First Commons Bank NA, do not respond to the email and contact First Commons Bank NA immediately at 1-617-243-4400.
- If the Bank needs to contact you we will contact you by phone, email, or mail.
- The Bank will never ask for personal information if we contact you. This includes emails sent from the Bank.
- The Bank strongly suggests that commercial customers perform a related risk assessment and controls evaluation periodically. This is done to ensure that all risks to the company have mitigation facts lowering the risk to the company.
- The Bank will provide a template electronically by emailing our compliance officer at firstname.lastname@example.org.
Fraud Advisory for Business: Corporate Takeover: This website is intended to make businesses aware of issues, provide examples, and provide update recommendations to business to protect themselves.
Corporate Account Takeover Resource Center: e resources represent several key initiatives: the Better Business Bureau’s Data Security Made Simpler, the February 2010 FS-ISAC cyber-attack exercise, a webinar conducted with the American Bankers Association, and more.
- Regulation E is applicable to all consumer deposit accounts.
- Regulation E provides a basic framework that establishes the rights, liabilities, and responsibilities of participants in electronic fund transfer systems. “Electronic fund transfer” generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs an institution to either credit or debit a consumer account.
Error Resolution Summary
In case of errors or questions about your electronic transfers, call the Bank immediately. if you think your statement or receipt is wrong or if you need more information about a transfer on the statement or receipt. We must hear from you no later than 60 days after we sent you the FIRST statement on which the error or problem appeared.
- Tell us your name and account number (if any).
- Describe the error or the transfer you are unsure about, and explain as clearly as you can why you believe it is an error or why you need more information.
- Tell us the dollar amount of the suspected error.
We will investigate your complaint and will correct any error promptly. If we take more than 10 business days to do this, we will credit your account for the amount you think is in error, so that you will have the use of the money during the time it takes us to complete our investigation.
Summary Of Consumer’s Liability For Unauthorized EFT Transfers
- You can lose no more than $50 if you fail to give notice of your lost or stolen card and/or code and your card and/or code is used without your permission MGL167B 18(a)
- A consumer is liable for an unauthorized EFT only if:
- An accepted access device is used to perform transfer
- Institution has means to identify the consumer for access device.
- Business accounts are not subject to the same protections as consumer accounts under Regulation E However, if you have any questions or notice fraudulent activity please contact the Bank immediately.
- See the Bank’s Electronic Funds Transfer Disclosure for more information.
We are aware of the recent security flaw known as "Shellshock" that has been reported as a flaw in a program known as Bash that’s used by Linux, Unix and Apple’s OS X computer operating systems. We have assessed our online and mobile banking websites and have confirmed that they are not impacted by this security flaw. If you have any questions regarding "Shellshock" or how to better protect your personal information, please contact us at 617.243.4400.