The Internet has made it easier for criminals to deceive individuals into revealing confidential information and clicking on links or attachments that will compromise the security of their computers which ultimately have an impact on Internet banking security. These criminals have continued to use increasingly sophisticated, effective, and malicious methods to fraudulently gain unauthorized access to consumers’ Internet banking accounts.
At BCT we understand that security measures are a top priority and of utmost importance for Internet banking. BCT has implemented a significant level of security features to mitigate the risk of fraudulent Internet activity. However, we strongly encourage both our consumer and business customers using Internet banking and cash management services to be aware of current threats to the security of their Internet banking accounts, and to implement internal preventative and monitoring controls to reduce the risk of compromised access and account takeover.
BCT is required under Regulation E: Electronic Fund Transfers to provide certain protections to our customers relative to electronic fund transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through BCT’s Internet banking and cash management channels, to either order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include but are not limited to ACH payments, external transfers, and bill payments. For specific applicability and provisions, please refer to BCT’s EFT disclosure which is available within your NetTeller Account by clicking “Info” in the upper right corner.
BCT will NEVER request a customer’s personal information (debit card number, account number, social security number, personal identification number or password) through email or by phone. If you ever receive an unsolicited phone call or email claiming to be from BCT requesting your personal and confidential information, please DO NOT respond. Contact us immediately by calling 304-725-8431. As an additional monitoring control, you should review account statements and online account transaction history to ensure all transactions are correct and authorized.
Fraudsters will commonly use a type of Internet piracy called "phishing." In a typical Phishing case, you'll receive an e-mail that appears to be from BCT. In some cases, the e-mail may appear to come from a government agency, including the FDIC. The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail will then encourage you to click on a button to go to the Bank’s web site. In a phishing scam, you could be redirected to a fictitious web site that may look exactly like the Bank’s site. In other situations, it may be the Bank's actual web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your login authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of identity theft which can lead to malicious activity such as Internet banking account takeover.
Personally Selected Account Names
BCT does not display your account numbers over the Internet. Instead, we ask you to choose a "pseudo" name for each of your accounts. An example of a pseudo name would be vacation account, checking account, and savings account. You can change your "pseudo" account name under the "Options" section of our online banking service.
Unique ID and Password
In order to access your accounts online, you must enter a unique NetTeller ID and Password. We strongly recommend that you choose a Password that you can remember (without writing it down) but does not use information that can be easily guessed by someone. Avoid the use of birthdays, children's names, etc. Do not reveal your NetTeller ID or Password to anyone.
Three (3) strikes and you're out
If an unauthorized person attempts entry into an end user's account by trying to guess a Log-In ID, the bank will disable the password on the third incorrect attempt, thus invalidating the Log-In combination. If you accidentally activate this security feature by unintentionally mis-keying a password three times, you would need to contact the Bank to reestablish the password for that account. For example, a common mistake made by the end user is having the CAPS-LOCK on while keying in a password.
To further protect you, a timeout feature is used. This feature will automatically log you out of your current financial service session after a 10-minute inactivity period on our site.
BCT requires that you change your Password every 120 days. This step provides additional security should someone guess your current Password.
During your use of the Service, our Internet Banking Service Provider will pass an cookie to your computer in order to identify your computer during the session. This cookie enables us to process multiple transactions during the session without having to provide an Access ID and Passcode for each individual transaction. Users must accept this cookie to use the Service. This cookie does not contain any personal information; it simply provides another level of security for our Internet banking product. The cookie is stored on your computer’s hard-drive, identifying your computer while you are logged on. When you log off, close your browser, or turn off your machine, the cookie will be destroyed. A new cookie is used for each session; thus, no one can use the prior cookie to access your account.
How You Can Protect Your Internet Security
BCT is required through its banking regulators to conduct regular periodic risk assessments of their electronic banking products and services to identify security threats, and controls in place related to internal and external security, changes in customer functionality offered through electronic banking, and actual incidents of security breaches, ID theft, or fraud experienced internally or within the industry. As a proactive measure, we strongly suggest to our business or commercial customers to also perform a periodic risk assessment and controls evaluation related to security of their Internet banking / cash management environment. Special attention should be directed to high risk transactions which involve access to personal financial information or the movement of funds to other parties such as ACH, wire transfers, and bill payment.
BCT has implemented strong preventative and monitoring controls within its Internet banking, bill payment, and cash management systems. However, in order to enhance our customer's internal security we recommend our customers implement their own controls to mitigate risks. Examples of controls you may want to consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows:
- Maintain up-to-date operating system security patches and have installed updated virus/spyware protection software. Viruses and spyware can leave your computer vulnerable to attack and intrusion. Anti-virus and anti-spyware software will help to keep your computer safe from malicious software that could install itself or may try to install itself on your computer.
- Install a Firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet using established rules to determine if a requested connection is malicious or not.
- Implement intrusion detection/prevention software or services
- Safekeeping and confidentiality of Internet banking authentication credentials
- For business customers, implement dual control for initiating and approving high risk Cash Management transactions such as ACH origination and wire transfers
- Daily account activity monitoring via Internet banking account transaction history review
- Review and monitor your checking account, debit card, and credit card statements for unauthorized transactions.
- Refrain from opening unsolicited email and attachments
- Refrain from providing authentication credentials to callers claiming to be representing the financial institution and from responding to emails requesting information or re-directing you to a website.
If you notice any suspicious or unauthorized account activity, experience a breach in security of personal information, your login credentials or computer security have been compromised, or for more information please contact BCT's Deposit Operations Team at firstname.lastname@example.org or call BCT at 304-725-8431
What to do if it happens to you
This guide provides victims of identity theft with the major resources to contact. Unfortunately, at this time victims themselves are burdened with resolving the problem. You must act quickly and assertively to minimize the damage.
In dealing with the authorities and financial institutions, keep a log of all conversations, including dates, names, and phone numbers. Note time spent and any expenses incurred, in case you are able to request restitution in a later judgment or conviction against the thief. Confirm conversations in writing. Send correspondence by certified mail, return receipt requested. Keep copies of all letters and documents.
1. Credit Bureaus
Immediately call the fraud units of the three credit reporting companies:
Equifax: P.O. Box 105069, Atlanta, GA 30348
Report fraud: Call (800) 525-6285 and write to address above.
Order credit report: (800) 685-1111. Web: www.equifax.com
Experian (formerly TRW): P.O. Box 9532, Allen, TX 75013
Report fraud: Call (888) 397-3742) and write to address above. Fax: (800) 301-7196
Order credit report: (888) 397-3742. Web: www.experian.com
Trans Union: P.O. Box 1426, Buffalo, NY 14231
Report fraud: (800) 680-7289 and write to address above.
Order credit report: (800) 632-1765. Web: www.transunion.com
Report the theft of your credit cards or numbers and request a credit report (free to identity theft victims). Ask that your file be flagged with a fraud alert. Add a victim's statement to your report. ("My ID has been used to apply for credit fraudulently. Contact me at [your phone number] to verify all applications.") Ask how long the fraud alert is posted on your file, and how you can extend it if necessary.
Be aware that these measures may not entirely stop new fraudulent accounts from being opened by the imposter. Request a free copy of your credit report every few months so you can monitor any new fraudulent activity.
Ask the credit bureaus for names and phone numbers of credit grantors with whom fraudulent accounts have been opened. Ask the credit bureaus to remove inquiries that have been generated due to the fraudulent access. You may also ask the credit bureaus to notify those who have received your credit report in the last six months in order to alert them to the disputed and erroneous information (two years for employers). When you provide your police report to the credit bureaus, they must remove the fraudulent accounts from you credit report. (See #3 below.)
Contact all creditors immediately with whom your name has been used fraudulently, by phone and in writing. You may be asked to fill out fraud affidavits. (No law requires these to be notarized at your own expense.) Get replacement cards with new account numbers for your own accounts that have been used fraudulently. Ask that old accounts be processed as "account closed at consumer's request" (better than "card lost or stolen" because it can be interpreted as blaming you.) Monitor your mail and bills for evidence of new fraudulent activity. Report it immediately to credit grantors.
3. Law Enforcement
Report the crime to your local police or sheriff's department. You might also need to report it to police departments where the crime occurred. Give them as much documented evidence as possible. Make sure the police report lists the fraud accounts. Get a copy of the report. Keep the phone number of your investigator handy and give it to creditors and others who require verification of your case. Credit card companies and banks may require you to show the report in order to verify the crime. It is a violation of federal law (18 USC 1028) and the laws of many states to assume someone's identity for fraudulent purposes. Some police departments do not write reports on such crimes, so be persistent! Also, report to the Federal Trade Commission at (877) IDTHEFT. Web: www.identitytheft.gov
4. Stolen Checks
If you have had checks stolen or bank/credit union accounts set up fraudulently; report it to the appropriate check verification companies (see below). Put stop payments on any outstanding checks that you are unsure of. Cancel your checking and savings accounts and obtain new account numbers. Give the bank a secret password for your account (not mother's maiden name). If your own checks are rejected at stores where you shop, contact the check verification company that the merchant uses.
5. ATM/Debit Cards
If your ATM or debit card has been stolen or compromised, report it immediately. Get a new card, account number and password. Do not use your old password. When creating a password, do not use common numbers like the last four digits of your SSN or your birth date. Monitor your account statement. You may be liable if fraud is not reported quickly.
6. Fraudulent Change of Address
Notify the local Postal Inspector if you suspect an identity thief has filed a change of your address with the post office or has used the mail to commit fraud. (Call the U.S. Post Office to obtain the phone number). Find out where fraudulent credit cards were sent. Notify the local Postmaster for that address to forward all mail in your name to your own address. You may also need to talk with the mail carrier. Web: www.usps.gov/websites/depart/inspect
7. Secret Service Jurisdiction
The Secret Service has jurisdiction over financial fraud but, based on U.S. Attorney guidelines, it usually does not investigate individual cases unless the dollar amount is high or you are one of many victims of a fraud ring. To interest the Secret Service in your case, you may want to ask the fraud department of the credit card companies, banks and/or credit unions as well as the police investigator, to notify the Secret Service agent they work with. Web: www.treas.gov
8. Social Security Number (SSN) Misuse
Call the Social Security Administration to report fraudulent use of your SSN. As a last resort, you might want to try to change your number, although we do not recommend it except for the most serious cases. The SSA will only change the number if you fit their fraud victim criteria. Also, order a copy of your Personal Earnings and Benefits Statement and check it for accuracy. The thief might be using your SSN for employment purposes. Web: www.ssa.gov
Whether you have a passport or not, write the passport office to alert them to anyone ordering a passport fraudulently.
10. Phone Service
If your long distance calling card has been stolen or there are fraudulent charges on the bill, cancel the account and open a new one. Provide a password that must be used any time the account is changed.
11. Driver's License Number Misuse
You may need to change your driver's license number if someone is using yours as ID on bad checks or for other types of fraud. Call the state office of the Department of Motor Vehicles (DMV) to see if another license was issued in your name. Put a fraud alert on your license. Go to your local DMV to request a new number. Fill out the DMV's complaint form to begin the investigation process. Send supporting documents with the completed form to the nearest DMV investigation office.
12. Victim Statements
If the imposter is apprehended by law enforcement and stands trial, write a victim impact letter to the judge handling the case. Contact the victim-witness assistance program in your area for further information on how to make your voice heard in the legal proceedings.
To opt out of pre-approved offers of credit for all three bureaus, call (888) 5OPTOUT. You may choose a two year opt-out period or permanent opt-out status.
Remember, you are entitled to a free credit report if you are a victim of identity theft, if you have been denied credit, if you receive welfare benefits, or if you are unemployed.
Social Security Administration - Report fraud: (800) 269-0271. Order Earnings & Benefits Statement: (800) 772-1213. Web: www.ssa.gov
To remove your name from mail and phone lists
Direct Marketing Association (Web: www.thedma.org )
- Mail Preference Service, P.O. Box 9008, Farmingdale, NY 11735.
- Telephone Preference Service, P.O. Box 9014, Farmingdale, NY 11735
To report fraudulent use of your checks
- CheckRite: (800) 766-2748
- Chexsystems: (800) 428-9623
- CrossCheck: (800) 843-0760
- Equifax: (800) 437-5120
- International Check Services: (800) 526-5380
- SCAN: (800) 262-7771
- TeleCheck: (800) 710-9898
Everyone is entitled to a free credit report from each of the three national credit reporting bureaus at least annually. Info here.