The Federal Financial Institutions Examination Council (FFIEC) recently issued new supervisory guidance for banks designed to help make online transactions more secure. The new guidance is in response to an ever more dangerous online threat environment. Scams and hacking techniques are more sophisticated, new threats are continually being developed, and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft.
The new guidance means you may begin to see new security features on the websites you visit. Each of our online products has built-in security features which are continually enhanced in response to changing threats. Some of these enhancements are visible to you, the user, but others occur behind the scenes.
The new guidance also means you will see more information on how you, as a user of online services, can take action to keep your identity and your financial information and funds secure.
IMPORTANT INFORMATION FOR OUR ONLINE USERS
OUR LOG-IN CREDENTIALS
We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer. If you receive such a request, do not provide any information. Contact our Call Center by phone at 505-599-0100 or email us at firstname.lastname@example.org to report the incident.
REPORTING SUSPICIOUS ACTIVITY
If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship with Citizens Bank, call 505-599-0100 and ask to speak to a Bank Representative or email us at email@example.com
PROTECT YOURSELF BY CONTROLLING ONLINE RISKS
Understand the risks of online transaction processing:
Our website includes security alerts and information about preventing and reporting identity theft. The security tips and links to websites noted below provide important information and news to help you understand online transaction risk and options to help you control these risks. It is important to be informed and proactive. When it comes to internet fraud, account takeover and identity theft, an ounce of prevention is definitely worth a pound of cure.
Password Security Tips
- Do not share your User ID’s or Passwords with another person or provide them to others. Safeguard your User ID and Password information—never leave the information "lying around" in an unsecured location.
- Create a unique User ID and Password for each site. Do not use the same identifying information on multiple websites.
- Create strong User ID’s and Passwords. In other words, use upper case letter(s), lower case letter(s), and numbers; if the site allows for them, use symbols as well.
- Many websites force password changes (i.e. every 60 days). If a website does not do so, take the initiative and change your password on a regular basis.
- Avoid posting personally identifiable information on social media sites such as on Facebook and Twitter. Information such as street address, pets' names, home town and mother's maiden name can be used to access more secure information.
Computer / Network Security Tips
- Use quality security monitoring software on your PC that includes anti-virus, anti-malware and firewall functions.
- Use your PC's security features such as individual Log-In accounts.
- Keep PC operating system security up-to-date by applying patches and updates. Password-protect your computer network (physical or wireless).
Stay Aware of Current Scams
The Internet Crime Complaint Center (IC3) website is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), and contains useful information.
What can you do to avoid becoming a victim of IDENTITY THEFT?
Protecting your identity:
- Never respond to unsolicited requests for your social security number or financial data. Before discarding, shred credit card, ATM receipts and any pre-approved credit offers you have received, but don't plan to use.
- Check all credit card and bank statements for accuracy.
- Avoid easy-to-figure out access and personal ID codes.
- Obtain a copy of your credit report annually and check it for accuracy.
- Use only secure sites when making online purchases. Secure pages begin with "https."
- Pay for online purchases by credit card to assure you get what you paid for and to limit your liability.
- Safeguard your SSN, and check earnings and benefit statements annually for fraudulent use.
If you have become a victim of Identity Theft, immediately take the following actions:
- File a police report.
- Contact your bank.
- Notify all of those with whom you have a financial relationship.
- Tag accounts closed due to fraud, "closed at consumer's request."
- Notify credit bureau fraud units.
- Establish a password for telephone inquiries on credit card accounts.
- Place a fraud alert statement on your credit report.
- Request bi-monthly copies of your credit report until your case is resolved (free to fraud victims).
- Report theft of checks to check verification companies.
- Check post office for unauthorized change of address requests.
- Follow-up contacts with letters and keep copies of all correspondence.
- For additional help:
Experian: (Opens in a new Window) https://www.experian.com
- Report Fraud 888-397-3742
Order Credit Report 888-397-3742
- Trans Union: (Opens in a new Window) https://www.transunion.com
- Report Fraud 800-680-7289
Order Credit Report 800-888-4213
More information about Identity Theft and how to avoid it can be found at:
Federal Trade Commission: www.ftc.gov/idtheft (Opens in a new Window)
CONSUMER PROTECTION – REGULATION E
The "Electronic Fund Transfers" disclosure provided to you at the time of account opening provides detailed information. We will provide to you, upon request, a free printed copy of this disclosure.
The new FFIEC Guidance takes note that business transactions, because of their frequency and dollar value, are inherently more risky than consumer transactions. The Guidance also notes the steep rise of online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.
Recently, small- to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.
The FFIEC Guidance suggests enhanced controls for businesses:
- Business customers should be encouraged to perform a periodic risk assessment and an evaluation of the effectiveness of the controls they have in place to minimize the risks of online transaction processing.
- The password, website, computer and network tips above provide a starting point for this process and the web resource links provide additional detailed information.
- The FTC Business Center has a great deal of information for businesses at http://business.ftc.gov/privacy-and-security/data-security. Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.
- Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verification), fraud detection and monitoring systems, and IP reputation–based services. The Guidance encourages establishing layered security processes.