Security is a very important issue for all of us here at Princeville State Bank and customer education is also important. Today’s security issues can be both challenging and frightening at times. We have included the following information for you to get a better understanding of some of the security issues that we all face from day to day.
LOST OR STOLEN DEBIT CARDS
Report immediately!!! Please call...
309-385-4375 Princeville State Bank (During Normal Business Hours)
IDENTITY THEFT RESOURCE GUIDE
LOST OR STOLEN VISA / MASTERCARD CREDIT CARDS
Latest Security News and Updates
Princeville State Bank is aware of several malware threats to financial institutions. To avoid any issues, PSB would like to remind customers to always type in our complete web address when accessing your online banking accounts, or to access directly through our PSB app. Some types of malware have targeted the Google Search engine. Some malware infects Google Search results which will push false bank-related results to the top of the search. The fake results will even show a high rating and positive reviews. Once clicking on the link, you will receive a pop up asking you to enable editing, content and/or macros. Enabling these changes will then infect your system. Our customers safety and security of their information is our top priority at PSB. If you ever see something questionable when accessing your online accounts, please notify us immediately at 309-385-4375.
Compromised Debit Cards
At Princeville State Bank, the safety and security of our customer's financial information is our first priority.
What is a compromised card?
A compromised card is a card that is at risk of being used fraudulently.
How long does PSB react to compromise notifications?
PSB acts immediately. We take every compromise seriously and require issuance of new cards for affected cardholders. Those cardholders will receive phone and/or written notification if their card data has been compromised and new cards will be re-ordered.
Does this mean that I have fraud on my account?
Not necessarily. In fact, among the list of card numbers we periodically receive, rarely has anyone been affected by fraud. Take the opportunity to review your monthly statements.
What do I need to do if I discover fraud on my account?
Call PSB immediately. The number that you can reach our fraud department is 309-385-4375 extension 209 and 210.
How long does it take to receive my new debit card?
Most cards are received 10-14 days from the date of order. The new PIN number will be shipped out separately.
Is there a charge for the new card?
As a courtesy to our customers, under these circumstances, we do not charge the normal $5.00 replacement card fee.
What can I do to keep this from recurring?
Unfortunately, we have no way of stopping criminals from hacking into databases of merchants. While the possibility of a card being used fraudulently is low, we recognize the aggravation customers face in acquiring a replacement card or to have fraudulent activity removed from their account. In all situations, PSB reminds customers to always have a back-up method of payment and to check their activity on their accounts, often.
What do I need to do once my card is compromised?
Contact any company/merchant that has recurring debits taken from your debit card account (example; Mediacom, Frontier, Verizon) and inform them that you have a new debit card number. Most importantly, check your account activity.
Any other questions or concerns, please call PSB at (309)-385-4375.
When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
Examples of Phishing Messages
You open an email or text, and see a message like this:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
The senders are phishing for your information so they can use it to commit fraud.
How to Deal with Phishing Scams
Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.
Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." But a local area code doesn’t guarantee that the caller is local.
If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
You can take steps to avoid a phishing attack:
Report Phishing Emails
Forward phishing emails to email@example.com – and to the company, bank, or organization impersonated in the email. You also may report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
If you might have been tricked by a phishing email:
What is Social Engineering?
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
Security is all about knowing who and what to trust. Knowing when, and when not to, to take a person at their word; when to trust that the person you are communicating with is indeed the person you think you are communicating with; when to trust that a website is or isn’t legitimate; when to trust that the person on the phone is or isn’t legitimate; when providing your information is or isn’t a good idea.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.
Common social engineering attacks
Email from a friend. If a criminal manages to hack or socially engineer one person’s email password they have access to that person’s contact list–and because most people use one password everywhere, they probably have access to that person’s social networking contacts as well.
Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends.
These messages may use your trust and curiosity:
These messages may create a compelling story or pretext:
Phishing attempts. Typically, a phisher sends an e-mail, IM, comment, or text message that appears to come from a legitimate, popular company, bank, school, or institution.
These messages usually have a scenario or story:
Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie, or music. But the schemes are also found on social networking sites, malicious websites you find through search results, and so on.
Or, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).
People who take the bait may be infected with malicious software that can generate any number of new exploits against themselves and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.
Response to a question you never had. Criminals may pretend to be responding to your ’request for help’ from a company while also offering more help. They pick companies that millions of people use like a software company or bank. If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you probably do want help with a problem.
For example, even though you know you didn’t originally ask a question you probably a problem with your computer’s operating system and you seize on this opportunity to get it fixed. For free! The moment you respond you have bought the crook’s story, given them your trust and opened yourself up for exploitation.
The representative, who is actually a criminal, will need to ’authenticate you’, have you log into ’their system’ or, have you log into your computer and either give them remote access to your computer so they can ’fix’ it for you, or tell you the commands so you can fix it yourself with their help–where some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.
Creating distrust. Some social engineering, is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a hero and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.
This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.
There are literally thousands of variations to social engineering attacks. The only limit to the number of ways they can socially engineer users through this kind of exploit is the criminal’s imagination. And you may experience multiple forms of exploits in a single attack. Then the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on as criminals leverage people’s misplaced trust.
Don’t become a victim
- Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
- Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
- Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
- Don’t let a link in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email; it is easy for a scammer to pretend you’re talking to a bank teller.
- Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control someone’s email account they prey on the trust of all the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
- Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
- Foreign offers are fake. If you receive email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look under your settings options, and set these high–just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ’spam filters’.
- Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks.
Financial Information Protection
Help protect your financial information in five easy steps.
- Double-check monthly statements to ensure they match your records.
- Shred personal and financial information before discarding it.
- Don't give out account numbers or other personal information, unless you initiated the call.
- Review your credit report annually. You're entitled to a free credit report every year. Simply contact one of the three main credit reporting bureaus.
Equifax Experian TransUnion
800-525-6285 888-397-3742 800-680-7289
equifax.com experian.com transunion.com
- Sign up for Verified by Visa: It's a free service that gives you extra password protection online at participating merchants. Visit www.visa.com/verified today.
How to Protect Yourself From Identity Theft
The Independent Community Bankers of America (ICBA) offers the following tips to help consumers guard against identity theft.
“Community banks are careful guardians of our customers’ personal data and information, but our customers must also play a role and practice caution in stores, online and as they go about their business every day,” said Jim MacPhee, ICBA chairman and CEO of Kalamazoo County State Bank in Kalamazoo, Mich.
The following tips can help lower your risk of becoming a victim of identity theft:
“No method is foolproof,” said MacPhee. “Identity thieves are devising new schemes all the time. But when you see how long it takes for someone to restore their good credit after being victimized, then you know that any steps you can take to prevent identity theft are definitely worth the extra time.”
For more information, visit the Identify Theft Web page at www.icba.org.
Preventing Elder Financial Abuse
Tips for Preventing Elder Financial Abuse
June 15 is World Elder Abuse Awareness Day and the Independent Community Bankers of America® (ICBA), the Senior Housing Crime Prevention Foundation (SHCPF) and Princeville State Bank are providing tips for preventing the disturbing trend of elder financial abuse.
“Community bankers nationwide serve a vital role in protecting members of our communities, including the elderly who are all too often targets of financial abuse,” said ICBA Chairman John H. Buhrmaster, president and CEO of 1st National Bank of Scotia, N.Y. “It’s important for all Americans to be aware of this very real issue and learn about ways to help prevent elder financial abuse from happening to themselves or their loved ones. If you have questions or concerns about the safety and security of your finances, you should speak to your local community banker right away.”
ICBA, SHCPF and Princeville State Bank offer the following suggestions on ways to prevent elder financial abuse:
Fake Check Scams
It’s your lucky day! You just won a foreign lottery! The letter says so. And the cashier’s check to cover the taxes and fees is included. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You’re guaranteed that when they get your payment, you’ll get your prize.
There’s just one catch: this is a scam. The check is no good, even though it appears to be a legitimate cashier’s check. The lottery angle is a trick to get you to wire money to someone you don’t know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. And you’re out the money because the money you wired can’t be retrieved, and you’re responsible for the checks you deposit — even though you don’t know they’re fake. This is just one example of a counterfeit check scam that could leave you scratching your head.
The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake. These fakes come in many forms, from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.
Fake Checks: Variations on a Scheme
Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams, check overpayment scams, Internet auction scams, and secret shopper scams.
Check overpayment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks. Here’s how it happens:
A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.
In secret shopper scams, the consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.
Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.
You and Your Bank — Who is Responsible for What?
Under federal law, banks generally must make funds available to you from U.S. Treasury checks, most other governmental checks, and official bank checks (cashier’s checks, certified checks, and teller’s checks), a business day after you deposit the check. For other checks, banks must make the first $200 available the day after you deposit the check, and the remaining funds must be made available on the second business day after the deposit.
However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.
Here’s how to avoid a counterfeit check scam:
- Throw away any offer that asks you to pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.
- Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
- Know who you’re dealing with, and never wire money to strangers.
- If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don’t send the merchandise.
- If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.
- If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.
- Resist any pressure to “act now.” If the buyer’s offer is good now, it should be good after the check clears.
If You Think You’re a Victim
If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:
This article was previously available as Giving the Bounce to Counterfeit Check Scams
Bank Account Scams
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.
The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "email@example.com," "firstname.lastname@example.org," or "email@example.com."
They have subject lines that read: "FDIC: Your business account" or "FDIC: About Your Business Account."
The e-mails are addressed to "Business Customer" or "Business Owner" and state "We have important information about your bank" or "…financial institution." They then ask recipients to "Please click here to find details."
They conclude with, "This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership."
These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.
For your reference, FDIC Special Alerts may be accessed from the FDIC's website. To learn how to automatically receive FDIC Special Alerts through email, please visit the subscription page of the FDIC website.
Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed here.
Sandra L. Thompson
Division of Supervision and Consumer Protection
Distribution: FDIC-Supervised Banks (Commercial and Savings)
Paper copies of FDIC Special Alerts may be obtained through the FDIC's Public Information Center, 1-877-275-3342 or 703-562-2200).
Cell Phone Text Scam
Don't believe a cell phone text message saying there's a problem with your bank account, said the Delaware Attorney General's office in a consumer alert.
The state's Consumer Protection Unit issued the alert recently on what it calls a new scam -- actually a new twist on the more common e-mail "phishing" scam. Here's how it works: A text message, also called an SMS (for short message service), arrives on your cell phone with the news there's a problem with a bank account. The text message also includes a toll-free number to call or a 4 digit reply text number.
The message looks legitimate, but the phone number will connect you with a scammer who tries to get your personal information. The scam is known as "SMiShing."
The agency recommended consumers contact the customer service number of the company that sent the message to verify if it's legitimate, instead of trusting that the number is real. The Consumer Protection Unit urged Delaware residents to file a complaint with the state if they fall for the scam.
Here is another example of a Cell Phone Scam
You receive a text message or an automated phone call on your cell phone saying there’s a problem with your bankaccount. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bankaccount number, PIN, or credit card number—to fix the problem.
But beware: It could be a “smishing”or “vishing” scam…and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they’re becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
“Smishing”—a combination of SMS texting and phishing—and “Vishing”—voice and phishing—are two of the scams the FBI’s Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren’t just for computers anymore.
Here’s how smishing and vishing scams work: criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.
Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.
Here are a couple of recent smishing case examples:
Online Banking Customer Awareness and Education
• Be aware of suspicious emails asking for your personal information.
• Never provide any personal information such as Social Security number, Account number, Usernames or Passwords over the phone or the Internet if you did not initiate the contact.
• Do not use personal information as your Username or Passwords.
• Create hard-to-guess passwords that include upper and lower case letters, number and special characters.
• Change your passwords frequently and don’t re-use the same passwords.
• Always sign out or log off of your online banking sessions.
• Avoid using public computers and Wi-Fi to access your online banking accounts.
• Ensure your computer has the most recent Anti-Virus software and is being updated daily.
• Ensure your computer or mobile device have the latest software version.
Commercial Banking Online Security
In addition to the information provided regarding “Online Banking Security”, Commercial and Small Business account holders should institute additional measures in order to further protect their online banking information.
• Perform your own annual internal risk assessment and evaluation on all online accounts.
• Establish internal policies regarding employee internet usage.
• Educate your employees on the risks.
• Establish proper user account controls.
• Review all transactions.
• Ensure all company computers are equipped with up-to-date antivirus protection software and virus definitions are being updated daily.
Identity theft occurs when someone uses your personal information such as your Social Security number, Account number or Credit Card number, without your consent, to commit fraud or other crimes. The following are tips to protect you against identity theft:
• Report lost or stolen checks or credit/debit cards immediately.
• Never give out your personal information.
• Review statements promptly and carefully.
• Shred all documents that contain confidential information (i.e. bank and credit card statements, bills and invoices that contain personal information, expired credit cards and pay-stubs.
• Check your credit report periodically.
Check Your Credit
Consumers can request one free copy of his or her credit report every year. Reviewing your credit report can help you find out if someone has opened unauthorized financial accounts, or taken out unauthorized loans, in your name.
• Equifax - 1-800-685-1111
• Experian - 1-888-397-3742
• Transunion - 1-877-322-8228
Electronic Funds Transfer Act (Regulation E)
Regulation E is a consumer protection law for accounts established primarily for personal, family, or household purposes. Regulation E gives consumers a way to notify their financial institution that an EFT has been made on their account without their permission.
Non-consumer accounts, such as Corporations, Partnerships, Trusts, etc. are excluded from coverage. A non-consumer (business account) customer using internet banking and/or bill pay is not protected under Regulation E. As such, special consideration should be made by the business customer to ensure adequate internal security controls are in place that commensurate with the risk level that the customer is willing to accept.
As a non-consumer customer you should perform periodic assessments to evaluate the security and risk controls you have in place. The risk assessment should be used to determine the risk level associated with any internet activities you perform and any controls you have in place to mitigate these risks.
Definition of EFT
An EFT is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions initiated through electronic-based systems. The term includes, but is not limited to:
• Point-of-sale transfers
• Automated Teller Machine transfers (ATM)
• Direct deposits or withdrawal of funds
• Transfers initiated by telephone
• Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal
• Transfer initiated through internet banking/bill pay
Protections provided under Regulation E for consumers who use internet banking/bill pay
If you believe an unauthorized EFT has been made on your account, contact us immediately. If you notify us within 2 business days after you learn of the loss or theft of your ATM/debit card or Personal Identification Number (PIN), the most you can lose is $50. Failure to notify the bank within 2 business days may result in additional losses.
Unlimited loss to a consumer account can occur if:
• The periodic statement reflects an unauthorized transfer of money from your account, and you fail to report the unauthorized transfer to us within 60 days after we mailed your first statement on which the problem or error appeared.
Exclusions from Protection
The term EFT does not include:
• Checks - Any transfer of funds originated by check, draft or similar paper instrument or any payment made by check, draft or similar paper instrument at an electronic terminal
• Check Guarantee or Authorization - Any transfer of funds that guarantees payment or authorizes acceptance of a check, draft or similar paper instrument but does not directly result in a debit or credit to a consumer’s account
• Wire or other similar transfers - Any transfer of funds through a wire transfer system that is used primarily for transfers between financial institutions or between businesses
• Securities and Commodities Transfers - Any transfer of funds for the primary purpose of the purchase or sale of a security or commodity, if the security or commodity is:
o Regulated by the Securities and Exchange Commission or the Commodity Futures Trading
o Purchased or sold through a broker-dealer regulated by the Securities and Exchange Commission or through a futures commission merchant regulated by the Commodity Futures Trading Commission
o Held in Book-entry form by a Federal Reserve Bank or federal agency
• Automatic transfers by account-holding institution - Any transfer of funds under an agreement between a consumer and a financial institution which provides that the institution will initiate individual transfers without a specific request from the consumer:
o Between a consumer’s accounts within the financial institution
o From a consumer’s account to an account of a member of the consumer’s family held in the same financial institution
o Between a consumer’s account and an account of the financial institution, except that these transfers remain subject to § 205.10(e) regarding compulsory use and sections 915 and 916 of the act regarding civil and criminal liability. (Refer to “Coverage in Detail” section below.)
• Telephone-initiated transfers - Any transfer of funds that:
o Is initiated by a telephone communication between a consumer and financial institution making the transfer; and
o Does not take place under a telephone bill payment or other written plan in which periodic or recurring transfers are contemplated.
Regulation E - Coverage in Detail
For a complete detailed explanation of protections provided under Regulation E, please visit the Consumer Financial Protection Bureau’s (CFPB’s) website:
• CFPB - Electronic Funds Transfers Act (Regulations E) http://www.consumerfinance.gove/eregulations/1005
Mobile Banking Safety Tips
Managing your finances using a smartphone or tablet can be very convenient. However, you should consider these safety tips to protect your account information:
• Be proactive in protecting your smartphone and/or tablet by installing anti-malware software on the device.
• Research any application (app) before you download it. Fraudulent apps are often designed with names that look like real apps. It’s best if you access an app using a link from the provider’s website.
• Create a strong password or PIN for your mobile app and your device.
o Use at least eight characters
o Do not use your username, real name or company name
o Do not use a complete word
o Make it significantly different from previous passwords
o Use a character from each of the following categories (some apps may limit symbols)
• Use an auto-lock or time-out feature so your device will lock when it is left unused for a certain period of time.
• Upgrade your device to the latest operating system version.
• Do not jailbreak or root your mobile device. Doing so exposes the security controls and makes your device vulnerable to cyber-attacks.
• Check your account history periodically to make sure there are no fraudulent transactions.
• Take precautions in case your device is lost or stolen, before your device is lost or stolen. Avoid leaving your device unattended in public places.
• Consult your wireless provider to see if they provide a service to remotely erase your device or turn off access to your device and/or account in the event your device is lost or stolen.
• Always conduct your transactions in a safe environment. Use your cellular service or your own internet provider rather than unsecured/public Wi-Fi networks like those offered at coffee shops.
• Don’t send account numbers or PIN in emails or text messages, because those methods are not necessarily secure
Contacting the Bank
Please contact Princeville State Bank at our toll free number 1-888-385-4375 or directly by email at firstname.lastname@example.org with any questions or concerns you may have. If you believe your online banking account has been compromised or you receive suspicious or fraudulent mail, email or websites related to Princeville State Bank, please contact us immediately.
Other References to Assist You:
FDIC Consumer Protection http://www.fdic.gov/consumers/
Consumer Action: Complaints https://www.usa.gov/consumer-complaints#item-212527
US Department of Homeland Security http://www.us-cert.gov/home-and-business/
Protecting Your Business: Start With Security https://www.ftc.gov/news-events/audio-video/business
NACHA Fraud Resources https://www.nacha.org/Fraud-Phishing-Resources
Consumer Information: Wiring Money https://www.consumer.ftc.gov/media/audio-0048-wiring-money
Federal Communication Commission - Business Cyber-planner: http://www.fcc.gov/cyberplanner
Consumer Information: Identity Theft https://www.consumer.ftc.gov/features/feature-0014-identity-theft
Federal Trade Commission: Identity Theft by Mobile Phone https://www.consumer.ftc.gov/blog/identity-theft-mobile-phone
Federal Trade Commission: Tips for Using Public WiFi Networks https://www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks