Online Banking Security Awareness & Training
Protections provided under Regulation E – Electronic Funds Transfer Act:
All customers should review their monthly account statement for possible errors involving electronic funds transfers just as you would with any other type of transaction. If you believe that an error has occurred in your account which involves an electronic funds transfer certain steps must be taken by the customer and the Bank. Regulation E is applicable to retail (non-commercial) customers.
Steps to be taken by the Customer:
- You must write or call the Bank as soon as possible. Contact numbers for Bank Departments are listed at the end of this document.
- If you notify the Bank by phone of a suspected error, the Bank may require that you send us your complaint in writing within (10) business days.
- You must notify the Bank of a suspected error no later than 60 days after we sent you the first statement detailing the suspected error or problem.
- You must provide your name and account number.
- You must describe the suspected error you are concerned about and explain as clearly as you can why you believe it is an error.
- You must tell us the dollar amount of the suspected error.
Steps to be taken by the Bank:
- We will promptly investigate suspected errors and correct any errors found.
- If it takes more than 10 days to investigate the suspected error the Bank will provisionally credit your account for the amount of the suspected error.
- The Bank will notify you if an error was found and will credit your account for any funds you are due.
- The Bank will notify you in writing if an error was NOT found.
Customer communications with Sabine State Bank:
The Bank will not ask you for confidential information via email. Confidential information includes, but is not limited to: account number, social security number, date of birth, user-name, password, or any other sensitive information. However, internet banking customers may send secure emails to the Bank by logging in to the Bank’s internet banking system, clicking on ‘Customer Service’, ‘Requests & Messages’, then ‘Ask A Question / Send A Message’. The Bank may also send secure messages via the internet banking system to our customers.
Warning Signs of a Potentially Compromised Computer System:
- Inability to log into online banking (thieves could be blocking access so that you would not see the theft until the criminal has control of your money)
- Sudden and dramatic loss of computer speed
- Changes in the way things appear on the screen
- Computer locks up so the user is unable to perform any functions
- Unexpected rebooting or restarting of the computer
- Unexpected request for a one-time password (or token) in the middle of an online session
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
- New or unexpected toolbars and/or icons
- Inability to shut down or restart the computer
- Numerous unexpected emails
Suggested guidelines for commercial internet banking customers:
Use pre-notification transactions to verify that account numbers and bank routing numbers within your ACH transactions are correct.
- Use limits for monetary transactions.
- Review transaction reports daily to confirm the validity of transactions originated.
- Use the ‘alert’ function of internet banking to verify daily activity.
- Delete or request that the Bank delete the user-names for terminated employees.
- Assign dual control responsibilities whenever practical for all electronic origination activities.
- Periodically review the risks your company takes when originating electronic transactions and take action to reduce identified risks.
- Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risks related to their duties.
- Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking
- Adopt advanced security measures by working with consultants or dedicated IT staff
- Utilize resources provided by trade organizations and agencies that specialize in helping small businesses
Suggested guidelines for all internet banking customers:
- Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as user-names, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
- If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
- Install anti-virus, anti-spyware, and anti-malware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Update all of your computers regularly with the latest versions and patches of anti-virus, anti-spyware, and anti-malware software.
- Ensure that computer software is patched regularly, particularly operating system and key applications.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the internet, such as DSL, cable, or satellite. A firewall limits the potential for unauthorized access to your network and computers.
- Check your internet settings and select, at least, a medium level of security for your internet browsers.
- Clear the browser cache before starting an internet banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences or tools menu.
- Use the on-line help system by clicking on the ‘How do I...’ link located on each page of the Internet Banking system if you have questions about a particular function in the Internet Banking system.
- Use the ‘Communication Center – Requests and Messages’ located in the ‘Customer Service’ tab in the Internet Banking system to send a question directly to the Internet Banking Department or to locate contact information.
- Consider developing an incident response plan in the event you believe that your confidential information has been compromised.
Suggested guidelines for wireless network management:
- Change the wireless network hardware (router/ access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
- Disable remote administration of the wireless network hardware (router / access point).
- If possible, disable broadcasting of the network SSID.
- If your device offers WPA encryption, secure your wireless network by enabling WPA encryption. If your device does not support WPA encryption, enable WEP encryption.
- If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.
Other resources for detecting and preventing identity theft:
Sabine State Bank Contact Numbers:
- ATM card and Debit card problems or questions – (318) 256-7870
- Sabine State Bank Bookkeeping Department – (318) 256-7023
- Sabine State Bank Security Officer Richard Martone – (318) 256-7861
- Sabine State Bank Internet Banking Department – (318) 256-9160