Security

February 2013

1. Do not open the attachment in the email.
2. Do not forward the email to anyone else.
3. Delete the email.

 

Frequently Asked Security Questions about online banking.

Q I'm still hesitant about banking online. Can other people see my account information?

A Your account information is just as secure as it is at our physical brick and mortar bank. We've taken every step possible to be sure our system meets the latest security standards, including using the latest security encryption methods and software.

Q What about filling applications out online? How secure is that?

A Filling out applications online is as secure as the Online Banking System. Your entire session, from beginning to end, is encrypted. Our system supports 128-bit encryption, so you can also use the latest browser from Netscape or Microsoft that supports this security level. In fact, the highest encryption Netscape and Microsoft browsers support is 128-bit, so you will be using the highest bit encryption currently available if you use a 128-bit encryption capable browser.

Q I keep hearing a lot about encryption? What exactly is it, and why does it make everything more secure?

A Encryption is basically a way to rewrite something in a code which can then be decoded later with the right key. The encryption we use employs a mathematical process for the key which is made up of a certain number of bits (hence, 128-bit encryption). The higher the number of bits, the better the encryption. While using our Online Banking System, all communication from you to the system and from the system to you is encrypted using a maximum of 128 bits. In other words, when you send information to the system, your browser encrypts it using a 128-bit key, then sends it to the system. The system then decodes the information you sent it using the key (which is predetermined when your Online Banking session is started) and processes it.

Q What about information that is stored? Is it encrypted as well?

A Information stored on our system is also encrypted using at least 128 bits.

During the course of the day you may write a check, charge tickets to your favorite event, mail your bills, call home, or apply for a credit card. Normally you wouldn't give these transactions a second thought. But someone else may.

The age of information technology has created a new line of crooks called identity thieves. With each transaction, you may share personal information; your credit card number, account number, social security number, name, address, and phone numbers. An identity thief may capture this information without your knowledge and commit fraud or theft. And you may not even know it until months later.

How do thieves get your information?

They use a variety of methods such as:

• Stealing wallets and purses containing identification and credit and bank cards.
• Stealing mail, including bank and credit card statements, pre-approved credit offers, new checks, or tax information.
• Rummaging through your trash, or the trash of businesses or dumps in a practice known as "dumpster diving."
• Stealing credit and debit card numbers as your card is processed by using a special information storage device in a practice known as "skimming."
• Completing a "change of address form" to divert your mail to another location.

Once they have your personal information they may:

• Go on a spending spree using your credit and debit card numbers to buy "big-ticket" items like computers that can easily be resold.
• Open a new credit card account, using your name, date of birth, and Social Security Number. When they don't pay the bills, the delinquent account is reported on your credit report.
• Take out auto loans in your name.
• Establish phone or wireless service in your name.
• Create counterfeit checks or debit cards, and drain your bank account.
• Give your name to the police during an arrest. If they are released and don't show up for their court date, an arrest warrant could be issued in your name.
   

How can you tell if you are a victim?

Monitor the balances of your financial accounts. Look for unexplained charges or withdrawals. Pay attention to your mail; if you fail to receive bills or other mail your address may have been changed. You may be denied credit for no apparent reason, or you are receiving calls from debt collectors or companies about merchandise or services you didn't buy.

The key to protecting your identity and minimizing your exposure to potential damage is to exercise caution!

• Make sure all of your credit card, bank, and phone accounts have strong passwords. Do not use easily available information like your mother's maiden name, your birth date, the last four digits of your social security number or a series of consecutive numbers. When asked for your mother's maiden name, use a password instead.
• Secure your personal information in your home, especially if you have roommates, employee outside help, or are having service work done in your home.
• Don't give out personal information on the phone, through the mail, or over the Internet unless you've initiated the contact and you are sure you know who you are dealing with. Identity thieves can be skilled liars and may even pose as representatives of banks, service providers, or government agencies to get you to reveal identifying information. You may even receive an e-mail message that looks legitimate, but is really part of a "Phishing" scam.
• Guard your mail from theft. Deposit outgoing mail in post office collection boxes or at your local post office and not unsecured mail boxes. If you are planning to be away from home, stop by your local post office and place a hold on your mail. Or call the US Postal Service at 1-800-275-8777 to ask for a vacation hold.
• Don't leave your trash out in the open. To thwart a thief who may pick through your trash or recycling bins, tear or shred your charge receipts, copies of credit applications or offers, insurance forms, medical statements, checks and bank statements, and expired charge cards.
• Limit the identification information and the number of credit and debit cards that you carry to what you will actually need. Keep your purse or wallet in a safe place!
• Your computer may be a gold mine of personal information. Be sure to update your virus protection software regularly. Look for security repairs and patches you can download from your operating system's Web site. Don't download files from strangers or click on hyperlinks from people you don't know. Opening a file could expose your system to a virus or program that could hijack your modem. Use a firewall, especially if you have a high-speed or "always on" connection to the internet.
• Be sure you are dealing with a legitimate Web site when providing credit card information online. Look for a logo of a padlock or other indication that card numbers are protected during Internet transmissions. In addition, only provide your credit card information when you originate a transaction, not in response to an unsolicited call or e-mail, which may be fraudulent.
   
• Check your credit report at least annually. Under the Fair and Accurate Credit Transactions Act (FACT Act) consumers have access to one free credit report each year. You can request a copy through www.annualcreditreport.com, the only service authorized by Equifax, Experian, and TransUnion - the three major credit bureaus. Additionally, you may request a copy by phone or e-mail.
   

Contact Information

Internet	www.annualcreditreport.com
Toll Free	1-877-322-8228
Mail	Annual Credit Report Request Service PO Box 105281 Atlanta, GA 30348-5281

Web sites with more information:

Federal Trade Commission	www.ftc.gov/infosecurity
FDIC Consumer News	www.fdic.gov/consumers/consumer/alerts/index.html
Equifax	www.equifax.com
Experian	www.experian.com
TransUnion	www.transunion.com

What is Phishing?

Phishing is the practice of sending fraudulent e-mail messages requesting someone to supply confidential information. The e-mail is disguised to look like a request from a legitimate organization such as a bank, credit card company, or a retail merchant with which recipients may already have a business relationship. Often the message includes a warning regarding a problem related to the recipient's account and requests the recipient to respond by providing specific confidential information. The format of the e-mail typically includes proprietary logos and branding, a "From" line disguised to appear as if the message came from a legitimate sender, and a link to a web site or an e-mail address.

All of these features are designed to assure the recipient that the e-mail is from a legitimate business source. Victims may be directed to provide personal account information by responding to the e-mail, or they may be directed to click on a link that takes them to a legitimate looking web page containing a form on which they are instructed to provide information. Typically, the information requested includes account numbers, passwords, Personal Identification Numbers (PINs), Social Security numbers or other personal identifying information that will allow the perpetrator to gain access to the victim's accounts.

First Federal will never send an e-mail to a customer asking for any personally identifiable information. While you may occasionally receive an e-mail from First Federal, the e-mail will not contain personal information and will be informative in nature regarding products and services First Federal is offering, or information on transactions associated with your internet banking service. You have the option of "Opting Out" of promotional e-mail by signing in to your Internet Banking Service, and updating your user options.

Who do you call if you suspect you are a victim?

Call the fraud department at any one of the three major credit bureaus. Ask for a fraud alert to be placed in your file at all three companies. The alert tells lenders and other users of credit reports to be careful before opening or changing accounts in your name. The toll free numbers for the fraud departments are:

• Equifax   800-525-6285
• Experian   888-397-3742
• TransUnion   800-680-7289

Call your bank, credit card company or any other financial institution that may need to know. Ask to speak with someone in the security or fraud department and follow up with a letter if necessary, close old accounts and open new ones, and select new passwords and "PINs".

Call your local police or the police where the identity theft occurred. Fill out a police report that will detail what happened and get a copy for future reference.

Call the Federal Trade Commission. Call toll-free 877-IDTHEFT (877-438-4338). Also, an "ID Theft Affidavit" available on the FTC Web site can be used to help you prove you are an innocent victim and help you keep debts you did not incur from appearing on your credit report.