Security at Colony Bank
Online Banking Security
The Power of Protection for Your Peace of Mind
Colony Bank is committed to making Online Banking and Online Bill Payment safe and giving you peace of mind when you access your account information online.
Mutual (Intelligent) Authentication is a quick and easy security measure that helps prevent fraud and identity theft when you access your accounts online. This helps ensure your identity; you first provide answers to questions to which only you know the answer. If there is ever an attempt to access account(s) that Colony does not recognize, you will be prompted to answer one or more of these questions. In addition, periodically when you start to login, you will be presented with one of these questions that you will have to answer before you can access your account information.
Below are some things you can do online that will help lower the risk of identity theft and fraud:
• Stop receiving paper statements by mail to limit fraud.
• View cleared checks online to monitor for check fraud.
• Pay your bills online to reduce the chances of mail fraud.
• Login to Online Banking and view your account activity frequently to detect fraudulent activity sooner.
• Anytime you change your online password, e-mail address, or modify or add another online payee, Colony will automatically send an eAlert e-mail notification. In addition, you can setup to monitor payments to ensure they meet your criteria.
• Check your credit report at least once a year.
Fraud – Fraud is a term that has become part of our everyday vocabulary. You probably hear variations, from identity theft, online fraud, such as phishing and pharming, to offline fraud, including credit card solicitations, print fraud, check scams, mail fraud and health insurance fraud. You can help protect your personal information by using caution when providing confidential information. Also, by keeping yourself updated on alerts, you can prevent yourself from becoming a victim.
Identity Theft – Identity Theft is the unlawful act of capturing, transferring, and/or using one or more pieces of another person’s personal identifying information (including, but not limited to, name, address, driver’s license number, Social Security number, account information, account login credentials, or family identifiers) and using that information to establish or take over a credit, deposit, or other financial account.
Identity Theft falls into one of two categories:
1. True name fraud: Establishing (or attempting to establish) an account or accounts using another person’s name.
2. Account takeover: Establishing (or attempting to establish) control of an existing account or authority of the account holder. Account takeover does not solely include the posting of transactions against an existing account, such as forged-maker signature, counterfeit or misuse.
Phishing – Phishers use fraudulent e-mails or pop-up Web pages that appear legitimate and are designed to capture the sharing of personal or account information.
Pharming – Pharming occurs when you type in a Web address and it redirects you to a fraudulent Web site where you will be asked to provide knowledge or consent. The Web site will try and look similar to the legitimate site in hopes of capturing confidential information.
Credit Card Fraud – Credit Card Fraud can occur when someone takes your card and uses it without your permission.
Phone Solicitations – Scammers will attempt to randomly call people with hopes to lure them with cash gifts or prizes to obtain personal or account information.
Print Fraud – Scammers will use local and community newspapers by publishing fake advertisements with special promotions; when clients call, they are asked for personal information and an advance payment before the transaction can be completed.
Check Scams – Scammers will overpay for an item purchased and ask that the difference be wired back. Most times, these checks are counterfeit or forged for a higher amount.
Mail Fraud – Mail Fraud occurs when scammers illegally intercept your mail or when you receive unrealistic offers.
Health Insurance Fraud – Scammers obtain your insurance card and go to a clinic or hospital that does not require a photo id.
Smartphones aren’t just smart, they are personal computers. Unlike a desktop or even a laptop PC, smartphones and other mobile phones can easily slip out of a pocket or purse, be left in a taxi, or get snatched off a table. They let you store photos, access e-mails, receive text messages, and put you one browser click away from potentially malicious Web sites.
As you travel, shop, and live with your smartphone, follow these easy tips to stay safe:
1. Set a password on your phone. People tend to lose their phones in various public places. Setting a password is the simplest way to keep your data safe if your phone is lost. Make sure your password is strong enough so that a thief can’t easily guess it. Consider using a service that can immediately lock or wipe your phone remotely should it become lost.
2. Always keep an eye on your phone while traveling. As you are going through airport security, watch your phone as it is enters the x-ray machine and retrieve it immediately when it comes out. Thieves will often steal phones during the few seconds where people don’t pay attention as they go through the metal detector. If you set your phone down on a counter or table don’t let it out of your sight.
3. Don’t click on links in text messages from people you do not know or trust. As they do with e-mail, spammers use text messages to install spyware and steal or “phish” your information. Make sure that whenever you click on a link in a text message, you trust the person who sent it. Be especially careful if you are traveling to Europe or Asia, where there is a much higher rate of text message spam.
4. Keep Wi-Fi and Bluetooth off when you aren’t using them. Hackers can use Wi-Fi and Bluetooth to attack phones and steal information. The easiest way to stay safe (and conserve battery) is to turn Wi-Fi and Bluetooth off when you aren’t using them. When you use Bluetooth, make sure it is in non-discoverable mode. When you use Wi-Fi, always try to use an encrypted network or use a VPN if your work has one, otherwise, hackers can easily “sniff” your data out of the air.
5. Back up your data. Before leaving on a trip, be sure to back up your data. If you happen to lose your phone or accidentally drop it in liquid, you will be up and running in no time.
6. Apply software/firmware updates from your carrier or phone vendor. Carriers and phone manufacturers routinely provide software or firmware updates to fix security vulnerabilities that hackers can use to attack your phone. Even if you get a brand new phone, it may be out of date. Check the carrier or phone manufacturer’s Web site for any available updates and be sure to apply updates as soon as possible to protect your phone from hackers and viruses.
7. Only download applications from reputable sources. Getting a new phone? The first thing you will likely do is download apps – lots of them. You will probably download more apps on your phone than you have on your computer. Make sure to download responsibly: it is safer to use application marketplaces provided by your carrier or phone vendor than to download directly from the web. Malware and spyware can still sneak in to marketplaces, so be careful, especially with applications from unknown developers that have poor ratings or low download numbers.
8. Clear the Inbox and Outbox regularly. The inbox and outbox for text messages is currently the most dangerous threat. To protect your identity, never disclose personal information in a text message that could be used by an identity thief, such as account numbers, ID codes, and birthdates.
9. Block unsolicited spam phone calls. Register your mobile numbers with the U.S. Federal Trade Commission’s Do Not Call Registry.
10. Install Antivirus/Antispyware on your mobile phone. Viruses, worms and Trojans can arrive via e-mail but can also spread via SMS and other means. Mobile phone users should be diligent in installing security software for their devices. Don’t jailbreak your phone. Jailbreaking is freeing your phone from limitations imposed on it by the manufacturer and your carrier (e.g., iPhone and Droid smartphones). Jailbreaking breaks all the security. If you simply must jailbreak it, you should change the default root password and not install SSH (SecureShell network protocol).
What You Can Do to Protect Your Identity
There are steps you can take to protect yourself and your identity. Below are some basic reminders, including how to protect yourself online:
• Monitor your credit report at least annually for inquiries and accounts that you are unfamiliar with. You are entitled to receive one free credit file disclosure every 12 months from each of the nationwide consumer credit reporting agencies – Equifax, Experian and TransUnion. This free credit file can be requested through Annual Credit Report or by calling (877) 322-8228.
• Use Precautions With Your Mail. Make a habit of placing outgoing mail in a collection box or at your local Post Office. If you are going to be out of town or unable to pick up your incoming mail, ask a friend to pick up your mail or request your Post Office to hold it for you.
• Use Precautions With Your Trash. Consider investing in a shredder. Do not make the mistake of carelessly tossing statements, credit card offers, mail or any other documents that may contain personal information. Shred these items or tear them up finely so a “dumpster diver” will not be able to glean any facts from your trash.
• Know Your Caller. Remember that identity thieves are skilled criminals who may use many different methods to obtain information over the phone. They may pose as someone from your bank, utility company, or other company that you are known to frequent. Unless you initiate the call, do not give out personal information over the phone.
• Safeguard Your Personal Information. Your Social Security Number (SSN), credit card numbers and other sensitive information are key pieces of information sought by identity thieves. Use good judgment in where and when you carry this information with you. For example, you may only need to carry one credit card instead of multiple cards. Consider storing unneeded information in a secure location such as your safe deposit box rather than in your purse or wallet.
• User IDs and Passwords. Never provide your Internet password(s) over the phone or in response to an unsolicited Internet request. Web site user IDs and passwords are highly confidential and should never be given out. Make sure that you choose ones that will be easy for you to remember but very difficult for someone else to guess, and never write your password down on a piece of paper. Do not use your personal information as your user ID. If someone has learned, or you suspect someone has learned, your password, change it immediately.
• Monitor your “Cookies.” “Cookies” are small files that Web sites place on the hard drive of your computer to access the next time you visit their site. For sites that you visit frequently, “cookies” keep track of what you have done there before and to make your browsing preferences more automated. “Cookies” sometimes keep a record of credit card numbers when used to make purchases online. It is good practice to delete “Cookies” before and after any online transactions.
• Browse the Internet Securely. Browsers are simply computer programs that your computer uses to communicate with Web servers and display Web pages. Information that you access on Web sites travel between your computer and a Web server through a series of computers and it is not known to you which computers are going to handle your information. Therefore, several protection mechanisms have been created to ensure the secure transmission of your sensitive data. Digital certificates are one way of safeguarding your information when transmitted over the Internet.
How Do Digital Certificates Work? A digital certificate is a set of unique identification information that is typically put at the end of a file or that is associated with a computer communication. Its purpose is to show that the source of the file or communication is legitimate. The information is encrypted by a private “key” and a public “key” is used to decrypt the information. This method is used to ensure that the original encrypted digital signature is from an authentic source, while at the same time allowing many other sources to use the public key to decrypt it.
Web browsers use either 40-bit or 128-bit encryption. With 40-bit encryption there are billions of possible key combinations to unlock the code for each unique transmission but only one key works. With 128-bit encryption, it is a trillion times more difficult to break than 40-bit and would take today’s ultra-powerful computers a very, very long time to figure out the key necessary to decrypt a message. Colony uses 128-bit encryption throughout our Web site.
• How Do I Check For Encryption? Microsoft Internet Explorer 5.0 (upgraded), 6.0, 7.0 and Netscape Navigator 4.6 (or higher) use 128-bit encryption and let you know when encryption is in use by displaying a padlock icon along the bottom of the browser window and the letters “https” in the browser address bar.
Colony has implemented an Extended Validation Certificate on our Internet Banking site. If you have Internet Explorer 7 you will notice a difference. The security lock that is normally located in the lower right-hand corner of the browser window has been moved to the address bar at the top of the page. The address bar will now appear in light green. Also, beside the lock, the text will rotate between Colony Bankcorp and VeriSign. This is a security enhancement for Web site validation to let you know that you are truly on Colony’s Web site and not a fraudulent site.
• More Browser Safety Tips:
Never open more than one browser or visit another, non-secure Web site while engaging in a secure online transaction.
Always close and restart your browser before and after using a secure session.
For Internet Explorer users, use the following link to learn how to keep your computer safe: http://www.microsoft.com/protect/default.mspx.
Disconnect from the Internet when you are not actively using it. Leaving your connection open is like leaving your front door wide open all day and all night. Remember, if you leave an Internet session open, anything can come in, anytime.
• Control Spyware. Spyware is a hidden program that is installed on a computer without the consent of the user and is used to secretly gather personal data. The information can then be used by advertisers and hackers. Spyware can monitor your keystrokes, passwords, credit card numbers, Web sites visited and more. Virtually anything on your computer is available to spyware if you do not protect yourself. It is very common that spyware programs are poorly written and in many instances contain bugs that cause malfunctions on your computer such as unexpected crashes or slowdowns in performance. One way of protecting your computer is to uninstall software you are no longer using. This is a good practice and will enable you to notice any software that was installed without your authorization. Another way of protecting your computer is to install Anti-spyware protection on your computer. This software will periodically scan your computer for spyware and remove any known spyware related vulnerabilities. Antivirus software should also be installed on your computer. This software will actively monitor any files opened, closed or transferred to your computer from external media. It should also be set to periodically scan all files on your computer.
• Shopping On the Internet. Know the Internet. Purchase from only those companies that you feel comfortable with and those that take extra steps to communicate their honest intentions to you through displayed policies and seals from consumer organizations. The Federal Trade Commission maintains a web site, http://www.consumer.gov, which includes buyer’s guides and links to helpful resources. Use a credit card. It is a good practice to pay with credit cards, because under federal law (and your credit card agreement) your liability for an unauthorized charge is limited to $50.00. When using a credit card online, do not give your credit card number unless you are entering it into a Web page that will encrypt the data.
• Banking On the Internet. Bank Web sites are usually divided into two sections: the public Web site that anyone can access and the secure Web site that requires some combination of identification such as username/access id and passwords and can only be accessed by customers of the bank. As mentioned before in the section on Browsers, if you are viewing or sending private information, look for the secure or encrypted connections signaled by the “https” in the address bar of your browser and the closed padlock icon in your browser window. Make sure you never pass any personal information except through a secure connection. If you do, you run the risk that someone else may intercept that information. Before moving to another Web site, be sure to end your Internet Banking session by logging out. If you open another site without logging out, your session remains active until it times out; this could take several minutes. This is true of other web sites as well. In some cases, if you leave a Web site without logging out, your information can still be accessed by clicking on the Back button in the browser. This can be particularly dangerous if you leave these sessions open and walk away from your computer.
• Pay Bills Online. You should pay your bills only through a secure Internet connection. As long as you protect your username and password, the system is designed to be secure.
For answers to specific questions or concerns, call or visit your local Colony Bank office.
Third Party Links
While visiting the Colony Bank web site, you may be directed to visit other sites. The links are not endorsed by Colony Bank but are included for your convenience. Colony Bank did not participate in the development of these sites nor do we exercise control over the external sites you may enter. If you click on any of the links you will be leaving the Colony Bank website, and the bank is not responsible for the accuracy, copyright compliance, legality, or decency of material contained in external sites.
Colony Bank will never send you an e-mail message requesting confidential information such as your account numbers, social security number, passwords or PIN numbers.
If you receive an email requesting this information DO NOT reply OR click on any link in the email. Report the fraudulent e-mail to us by contacting your local branch, customer support at 1-800-873-6404, or e-mail firstname.lastname@example.org.*
*Please do not include sensitive information (account numbers or personal data) within unsecure email.
Never give out personal financial information to anyone unless you have initiated the call, e-mail or contact. If you have recently shared your credit card or bank information in response to an unsolicited e-mail or telephone marketer, you should notify us immediately.