Security

Ensuring the security of your personal information online is a top priority for us

Consumers National Bank will never request personal information by phone, e-mail, or text message including account numbers, personal identification information, passwords or any other confidential customer information.

When you sign into Internet Banking on our home page, your Log-in ID and Password are secure. The moment you click Go and before your Login and Password leave your computer, we encrypt them using Secure Sockets Layer (SSL) technology.

How to Avoid Identity Theft

Identity theft occurs when someone uses your personal information such as your Social Security number, Account number or Credit Card number, without your consent, to commit fraud or other crimes.  The following are tips to protect you against identity theft:

• Report lost or stolen checks or credit/debit cards immediately.
• Never give out your personal information.
  • Do not share personal information over the phone, through the mail, or over the internet unless you initiated the contact or know the person you are dealing with.
  • Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the e-mail or website may look. Only open e-mails that look like they are from people or organizations you know, and even then, be cautious if they look questionable. Be especially wary of fraudulent e-mails or websites that have typos or other obvious mistakes.
  • Don’t give out valuable personal information in response to unsolicited requests. Social Security numbers, financial account information and your driver’s license number are some of the details that should be kept confidential.
• Choose PINs and passwords that would be difficult to guess and avoid using easily identifiable information such as your mother’s maiden name, birth dates, the last four digits of your social security number, or phone numbers.
  • NEVER share usernames or passwords with ANYONE.
• Pay attention to billing cycles and account statements and contact your provider or bank if you don’t receive a monthly bill or statement since identity thieves often divert account documentation.
• Review account statements thoroughly to ensure all transactions are authorized.
• Guard your mail from theft, promptly remove incoming mail, and do not leave bill payment envelopes in your mailbox with the flag up for pick up by mail carrier.
• Shred all documents that contain confidential information (i.e. bank and credit card statements, receipts, bills and invoices that contain personal information, expired credit cards and pay-stubs, and unused credit card offers
• Use an updated security program to protect your computer; and
• Be careful about where and how you conduct financial transactions, for example don’t use an unsecured Wi-Fi network because someone might be able to access the information you are transmitting or viewing.
• Check your credit report periodically.

Our online banking product requires that you only use an internet browser that supports 128-bit encryption. You may "test" your browsers ability to meet these requirement at www.fortify.net/sslcheck.html.

There are numerous scams presented daily to consumers so you must always exercise caution when it comes to your personal and financial information. The following tips may help prevent you from becoming a fraud victim.

• Be aware of incoming e-mail or text messages that ask you to click on a link because the link may install malware that allows thieves to spy on your computer and gain access to your information.
• Be suspicious of any e-mail or phone requests to update or verify your personal information because a legitimate organization would not solicit updates in an unsecured manner for information it already has.
• Confirm a message is legitimate by contacting the sender (it is best to look up the sender’s contact information yourself instead of using contact information in the message);
• Assume any offer that seems too good to be true, is probably a fraud.
• Be on guard against fraudulent checks, cashier’s checks, money orders, or electronic fund transfers sent to you by unknown sources or with requests for you to wire back part of the money.
• Be wary of unsolicited offers that require you to act fast.
• Check your security settings on social network sites. Make sure they block out people who you don’t want to see your page.
• Be leery of any offers that pressure you to send funds quickly by wire transfer or involve another party who insists on secrecy; and
• Beware of Disaster-Related Financial Scams. Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.

Warning Signs of Fraud or Scams

• You are asked to wire money or send a prepaid money or gift card to a stranger.
• You have won a contest that you have never heard of or entered.
• You are pressured to “act now!”
• You must pay a fee to receive your “prize.”
• Your personal information is requested. 
• You are asked to provide your online banking credentials so that your funds can be “mobile deposited” on your behalf.
• A large down payment is requested.
• The company refuses to provide any information in writing.
• You are asked to keep conversations a secret. You are guaranteed to make money.

If you think you are a victim of a fraud or scam, contact your state, local, or federal consumer protection agency.

Also, a local law enforcement officer may be able to provide advice and assistance. By promptly reporting fraud, you improve your chances of recovering what you have lost and you help law enforcement. The agency you contact first may take action directly or refer you to another agency better positioned to protect you.

Violations of federal laws should be reported to the federal agency responsible for enforcement. Consumer complaints are used to document patterns of abuse, allowing the agency to take action against a company.

People who have no intention of delivering what is sold, who misrepresent items, send counterfeit goods or otherwise try to trick you out of your money are committing fraud. If you suspect fraud, there are some additional steps to take.

• Contact the Federal Trade Commission. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
• If the fraud involved mail or an interstate delivery service, contact the U.S. Postal Inspection Service (https://postalinspectors.uspis.gov/). It is illegal to use the mail to misrepresent or steal money.

FDIC Consumer Protection  http://www.fdic.gov/consumers/

Consumer Action: Complaints  https://www.usa.gov/consumer-complaints#item-212527

US Department of Homeland https://www.cisa.gov/audiences/individuals-and-families

Ohio Attorney General   https://www.ohioattorneygeneral.gov/Individuals-and-Families/Tipster

Protecting Your Business: Start With Security https://www.ftc.gov/news-events/audio-video/business

Federal Communication Commission - Business Cyber-planner:  http://www.fcc.gov/cyberplanner

Consumer Information: Identity Theft https://www.consumer.ftc.gov/features/feature-0014-identity-theft

Federal Trade Commission: Identity Theft by Mobile Phone https://consumer.ftc.gov/unwanted-calls-emails-and-texts/unwanted-emails-texts-and-mail

Federal Trade Commission: Tips for Using Public WiFi Networks https://www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks

Identity Theft/Phishing/Pharming/Email Scams

Phishing attacks use both social engineering and technical activity to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Pharming schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.

To protect yourself against these typical online risks:

• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
• Use anti-virus software and a firewall and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
• Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
• A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
• Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.

Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft website. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk.

If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

Online Banking Security

You can help protect yourself by taking the following actions to stay safe and secure your information:

• Be aware of suspicious emails asking for your personal information.
• NEVER provide any personal information such as Social Security number, Account number phone or the Internet if you did not initiate the contact.
• NEVER share usernames or passwords with ANYONE
• Do not use personal information as your Username or Passwords.
• Create hard-to-guess passwords that include upper- & lower-case letters, number and special characters.
• Change your passwords frequently and do not re-use the same passwords.
• Always sign out or log off your online banking sessions.
• Avoid using public computers and Wi-Fi to access your online banking accounts.
• Ensure your computer has the most recent Anti-Virus software and is being updated daily.
• Ensure your computer or mobile device have the latest software version.

Mobile Banking Safety Tips

Managing your finances using a smartphone or tablet can be very convenient.  However, you should consider these safety tips to protect your account information:

• Be proactive in protecting your smartphone and/or tablet by installing anti-malware software on the device.
• Research any application (app) before you download it. Fraudulent apps are often designed with names that look like real apps. It’s best if you access an app using a link from the provider’s website.
• Create a strong password or PIN for your mobile app and your device.
  • Use at least eight characters
  • Do not use your username, real name or company name
  • Do not use a complete word
  • Make it significantly different from previous passwords
  • Use a character from each of the following categories (some apps may limit symbols)
    • Uppercase letters
    • Lowercase letters
    • Numbers
  • Use an auto-lock or time-out feature so your device will lock when it is left unused for a certain period of time.
  • Do Not share your username or password with anyone.
  • Upgrade your device to the latest operating system version.
  • Do not jailbreak or root your mobile device. Doing so exposes the security controls and makes your device vulnerable to cyber-attacks.
  • Check your account history periodically to make sure there are no fraudulent transactions.
  • Take precautions in case your device is lost or stolen, before your device is lost or stolen.  Avoid leaving your device unattended in public places.
  • Consult your wireless provider to see if they provide a service to remotely erase your device or turn off access to your device and/or account in the event your device is lost or stolen.
  • Always conduct your transactions in a safe environment. Use your cellular service or your own internet provider rather than unsecured/public Wi-Fi networks like those offered at coffee shops. 
  • Don’t send account numbers or PIN in emails or text messages, because those methods are not necessarily secure.

Commercial Banking Online Security

In addition to the information provided regarding “Online Banking Security”, Commercial & Small Business account holders should institute additional measures in order to further protect their online banking information.

• Perform your own annual internal risk assessment & evaluation on all online accounts.
• Establish internal policies regarding employee internet usage.
• Educate your employees on the risks.
• Establish proper user account controls, Do Not share accounts or passwords.
• Review all transactions.
• Ensure all company computers are equipped with up-to-date antivirus protection software and virus definitions are being updated daily.

Consumers National Bank takes Cyber Security and the online security of our customers very seriously. As such, we wanted to inform you that The Federal Trade Commission (FTC) has released new cyber resources for small businesses, including non-profit and charity organizations. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help smaller organizations protect their network and information. I just wanted to take a moment to share these resources with you and your business so that you may be more prepared to deal with the fast paced world of Cyber Security.

The National Cyber Security and Communications Integration Center (NCCIC) encourages small businesses and consumers to review FTC's Cybersecurity Resources for Non-Profits article, FTC's Cybersecurity for Small Business web page, and NCCIC's Resources for Small and Midsize Businesses web page for more information.

Customers can request one free copy of his or her credit report every year. Reviewing your credit report can help you find out if someone has opened unauthorized financial accounts, or taken out unauthorized loans, in your name. To order, visit annualcreditreport.com or call 1-877-322-8228.

Experian
P. O. Box 2002, Allen, TX 75013 
Tel: 888-397-3742

Experian is the largest of the three credit bureaus. When ordering your credit report, you might be asked to provide the following information: First, middle and last name; current address; previous addresses for the past five years; social security number, date of birth; spouse's name. If you are not entitled to a free credit report, you will need to pay them the applicable fee.

Equifax
P. O. Box 740241, Atlanta, GA 30374 
Tel: 800-685-1111

When ordering your credit report, you might be asked to provide the following information: Full legal name, address, social security number, most recent former address. If you are not entitled to a free credit report, you will need to pay them the applicable fee.

Trans Union
P. O. Box 1000, Chester, PA 19022 
Tel: 800-888-4213

When ordering your credit report, you might be asked to provide the following information: First, middle and last name; current address; previous addresses for past two years; social security number, date of birth; current employer; phone number. If you are not entitled to a free credit report, you will need to pay them the applicable fee.

You can learn other ways to avoid email scams and deal with deceptive spam at www.ftc.gov/spam.

A computer virus passes from computer to computer like a biological virus passes from person to person. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Most viruses are a nuisance, but some are quite dangerous.

A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001. A worm usually exploits some sort of security hole in a piece of software or the operating system.

Your best protection from acquiring a computer virus or a computer worm is to use a personal firewall, updated anti-virus software, and monitor emails and web surfing activity of people using your computer.