Online
Security

Business Best Practices for Online Banking

• Recommend reconciliation of all banking transactions on a daily basis.
• Recommend customers initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
• If possible, and in particular for customers that originate ACH or wires or large numbers of online transactions, recommend commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which email, web browsing and access to your company network are not possible.
• Be suspicious of emails purporting to be from a financial institution, government departments or other agencies requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes, answers to challenge questions and similar information. Opening file attachments or clicking on web links in suspicious emails could expose your computer network to malicious code that could hijack your private information, online banking credentials, and more.
• Never process payment instruction changes from clients, vendors or employees that have not been directly verified.
• Install a dedicated, actively managed firewall, if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
• Create strong passwords that include a combination of characters. The latest guidance suggests using a passphrase such as a favorite line from a movie or a series of associated words rather than a traditional password. The idea is to create a passphrase that can be remembered easily and protect the account — for example, $unWalkRainDriv3.
• Prohibit the use of “shared” usernames and passwords for online banking systems.
• Use a different password for each website that is accessed and change your passwords several times each year.
• Never share username and password information for online services with third-party providers.
• Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
• Install commercial anti-virus, spyware detection and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
• Ensure security suite software pages and computer programs are patched regularly, particularly operating systems and key applications, such as Adobe products. It is recommended that you utilize the built in automatic software updates available for most operating systems and software programs.
• Recommend clearing the browser cache before starting an online banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's options or settings menu.
• Recommend customers verify use of a secure session (https not http) in the browser for all online banking and financial services and the site has a valid digital security certificate.
• Avoid using automatic login features that save usernames and passwords for online banking. This includes using Internet browsers to store password information.
• Never leave a computer unattended, especially when logged into online banking or financial service sites.
• Never access bank, brokerage or other financial services information sites using public Wi-Fi, such as at Internet cafes, public libraries, airports, etc. Using public Wi-Fi increases the potential for unauthorized software to be installed to trap account and sign on information.
• Recommend customers familiarize themselves with the institution’s account agreement and with the customer’s liability for fraud under the agreement pursuant to the Uniform Commercial Code Article 4A as adopted in the state of Nebraska.
• Recommend developing written security procedures designed to protect your company’s network from infection or breach and it is also recommended that you include regular security training for all employees. This is required for ACH origination clients.
• Stay in touch with other businesses to share information regarding suspected fraud activity. It is recommended that you subscribe to fraud alerts available from sources such as antivirus software companies, credit card processors, government agencies, etc. Also, become familiar with the services your financial institution provides regarding the latest fraud threats and fraud mitigation tips.
• Immediately escalate any suspicious transactions to the financial institution, particularly ACH or wire transfers. There is a limited recovery window for business transactions and immediate escalation may prevent further loss.

Some recommendations listed above may be required specific to services provided in accordance to your product agreement. Information provided by NACHA, EPCOR and FS-ISAC (Financial Services Information Sharing and Analysis Center).

Recommendations for Online Fraud Victims

In the event the customer is a victim of fraud, there are a number of immediate recommendations they should take to help protect their financial interests. A few general suggestions include:

• Immediately cease all activity from computer systems that may be compromised. Unplug the Ethernet or cable modem connections to isolate the system from remote access.
• Immediately contact their financial institution so that the following actions may be taken as a priority to contain the incident:
  • Online access to the accounts be disabled.
  • Online Banking passwords changed.
  • New account(s) opened as appropriate.
  • Request the financial institution’s agent review all recent transactions and electronic authorizations on the account.
  • Additionally, ensure that no one has requested an address change, title change, PIN change or ordered new cards, checks or other account documents be sent to another address.
• Customers can generally find customer service or fraud prevention contact telephone numbers on monthly statements. Recommending they have this information readily available will often facilitate a call.A customer suffering from fraud should file a police report with the local police department and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer’s name taking the report or involved in the subsequent investigation. Having a police report on file will often facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.
• The customer should maintain a written chronology of what happened, what was lost and the steps the customer took to report the incident to the various agencies, banks and firms impacted. Be sure to record the date, time, contact telephone number, person spoken to, and any relevant report or reference number and instructions.
• Realize that if the customer carries out personal online banking from the business computer system, there are also potential identify theft aspects to the compromise. Recommend the customer review the recommendation at the Federal Trade Commission’s Identity Theft website.
• Dependent on law enforcement investigative and forensic considerations, recommend the customer have their network and systems reviewed by a qualified computer forensic/information security professional.

Information provided by NACHA and FS-ISAC (Financial Services Information Sharing and Analysis Center)

Have you been affected by the recent Equifax Data Breach? Check out the Federal Trade Commission’s recommendations on what to do: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

Mobile Phone Security

To ensure the safety and privacy of your account information, we provide some key security features in Mobile Banking:

• Unique Activation Code for the WAP and SMS versions - We send you a unique activation code to verify your phone number. This code associates your mobile phone with your account. This verification also lets you know your mobile phone number has been successfully registered in our system.
• Authentication—You are authenticated for every interaction with Mobile Banking.
• Encryption—We use 128-bit encryption for all transactions.
• Fraud Detection—We incorporate mechanisms such as transaction validation and transaction reconciliation processes to detect fraud.
• Audit-ability—We provide full audit capabilities through event logs and event-based reporting.
• No Identifiable Information—We don't return any personally identifiable information in a text message, such as your full account number, e-mail address, or personal address. We never ask for or include your user ID or password in any message we send.

Here are some recommended tips to help you secure your mobile device.

• Treat your Smartphone with the same care regarding passwords and security as your PC.
• Keep smartphones within your sight at all times.
• Activate phone locking after a period of inactivity and use strong passwords or PINs for reactivation.
• Utilize your phone's auto wipe feature if someone repeatedly enters incorrect passwords.
• Back up Smartphone applications and content regularly.
• Report Smartphone theft immediately so remote locking or remote wiping can be activated.
• Avoid using smartphones over unsecure Wi-Fi networks.
• Keep Bluetooth out of discovery mode when not in use.
• Avoid clicking on links in SMS and Email messages unless you have verified the sender.
• Do not use a jail-broken phone or attempt to jailbreak your phone.
• Only download approved apps for your device.
• Only download apps you will use and research the credibility of any App you are not familiar with - look out for applications that seek access to things like contacts or location unnecessarily and to carefully read user application ratings before downloading.
• Keep your phone's operating system and installed apps up to date.

5 Scams to Look Out For

Though you shouldn’t be living in fear, it’s important to be aware of all the potential dangers that lurk out there in the world. Scammers are out there, and they’ll try anything to steal your money or precious information. The best way to combat them is simply to be prepared.

When you educate yourself about the ways that scammers are most likely to strike, you know what to look out for and are less likely to fall victim to their scams. Below are 5 types of scams that you should be aware of this year.

• Identity theft. This is one of the most prominent forms of financial fraud today. With a few key pieces of information, thieves can assume a person’s identity and do massive amounts of damage to their finances. The most important thing you can do to combat identity theft is to keep your personal information completely safe at all times! Never give out your social security number or other personal financial information to anyone. Always keep important financial documents in a safe, locked location.
• Impersonating an institution. With the rise of digital communication, it’s not always easy for people to tell who is on the other end of the phone or email. Scammers will take advantage of this fact by pretending to be someone (or something) they are not. And many of them can be quite convincing, telling you that they need some piece of your personal financial information or some bad thing will happen to you. Government organizations like the IRS will never contact you via telephone or email. Disregard and report anyone claiming to represent them needing your financials.
• Impersonating a family member. This type of scam happens most frequently to seniors. Often a scammer will call an elderly person claiming to be a relative in need of money. They will say that there has been an emergency or they are in jail and need some amount of money wired right away. Many people get tricked into sending the money because of the urgency of the call and the fear they feel for their loved one. Make sure your elderly family members are educated about this type of scam and tell them to contact you first if they ever receive this kind of call.
• Phishing. Phishing is a type of scam where scammers will send out an email attempting to get you to click on a link. That link will then access your information without your knowledge, implant malware on your computer, or take some other harmful action against you. These emails are often very well disguised so your best bet is to maintain a vigilant attitude when reading through your emails. Double check the address of the sender to make sure it is from who you think it is from. And never click a link that you have even the slightest suspicion about.

• Credit card magnetic strip fraud. This is a newer example of scamming tactics. Some scammers have figured out a way to place a device in certain credit card readers (especially at gas stations or big box stores) that automatically store your credit card information when the magnetic strip is swiped through. Though it may be nearly impossible to identify a credit card machine that has been tampered with, you can always avoid credit card machines that are unattended, pay for certain things like gas in cash, or upgrade to a new EMV chip card.

Cyber Security 101: Reducing Your Risk of Identity Theft

Identity theft is a growing concern. As people do more of their personal business online, cybercriminals are becoming more resourceful in order to steal their valuable personal information. SNB takes every possible measure to protect you and your identity, but you may want to know what other steps you can take to safeguard your activity online.

Below are a few things you can do to protect your identity from cybercriminals.

• Pay attention to your accounts. One of the worst things you could do is take a “set it and forget it” approach to your finances. In a world of direct deposit and auto-pay, it can be easy to do that. But ignoring your bank statements could leave the door open for unauthorized activity to go unnoticed. The best way to stay on top of all of your financial activity is to make a habit of checking in on all of your accounts on a regular basis. Our SNB mobile app makes it easy to keep tabs on your finances. Our banking app makes it easy for you to monitor your accounts wherever you are. Additionally, we also recommend utilizing our Account eAlerts service, available in online banking. eAlerts can be setup to send messages to your mobile device or email when a transaction posts to your account. You can find eAlerts by logging into online banking and clicking on the Alerts menu item at the top of the online banking landing page. Remember eAlerts must be setup using our full site and, at this time, cannot be setup using our mobile app.
• Vary your passwords. When it comes to deterring cybercriminals, you have to make it difficult for them. Don’t make it easier by using the exact same password for everything you need to access online. If you make them all the same and your password for one site gets compromised, the cybercriminal immediately has access to all of your passwords. Though it may seem like a hassle, this potentially very bad situation could be avoided if you create unique passwords for each site you use. Changing your passwords on a regular basis is also a good idea.
• Be wary of suspicious emails. Some scammers accomplish their crimes by fooling people into thinking they are legitimate, or someone they actually are not. Be vigilant when reading emails and don’t be afraid to disregard or report anything that seems suspicious. Most important of all, never send money to anyone who asks through email. Know that the IRS and other government organizations will never contact you via email requesting personal or account information, nor will SNB. Do not respond to anyone claiming to need your personal information.

Identity theft is a real concern. But with a little vigilance you can help reduce your chances of becoming a victim.

If you feel you have fallen victim to online fraud theft, follow these recommended steps immediately.

Have you been affected by the recent Equifax Data Breach? Check out the Federal Trade Commission’s recommendations on what to do:

https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.

Sharing is NOT always Caring - Be Mindful of "Romance Scams"

"Romance Scams" are one of the most common forms of financial fraud and can be the hardest to recognize. Often the fraudster just asks for a favor or needs a little help to get them through a tough time.

Please, do not give out your account information and do not send or accept money from someone you've met online. If you are asked to do so, please reach out to a banker at your branch and ask for help. We can help determine if it's part of a scam: 402-344-7300.

Common Red Flags:

• The friendship or relationship escalated very quickly.
• You've only talked to this person over the phone, text or email.
• Face-to-face meetings are postponed or not possible due to extreme distance.
• They don't always ask you for your money! A fraudster may ask you to accept money on their behalf and withdraw cash or transfer it on.
• When they ask for money or a favor, it is always an emergency or includes a sad story to 'tug at your heart strings'.

Remember - Fraudsters are good at what they do! Don't let your guard down. Contact us if you are experiencing any of these scenarios: 402-344-7300