Customer Awareness and Education
Customer Awareness and Education
Every customer receives an Electronic Funds Transfer disclosure and an Identity Theft brochure at account opening. The Universal Associate explains the protections of Regulation E to the customer.
There would never be a situation where an employee of Eclipse Bank would contact a customer on an unsolicited basis and request customers' provision of electronic banking credentials.
Below are alternative Risk Control mechanisms customers should consider using to mitigate their risk:
- Take care of your ATM Debit Card. Know where it is at all times; if you lose it, report it as soon as possible
- Choose a PIN for your ATM or debit card that is different from your address, telephone number, Social Security number, or birth date.
- Keep and compare your receipts for all types of EFT transactions with your periodic statement.
- Make sure you know and trust a merchant before you share any bank account information.
Online Banking Tips
- Avoid using personal information in your password such as birth dates, or names of family members and pets.
- Do not use the same password that you use for other sites.
- Do not use the password autoâsave feature on your browser.
- Do not write your password down.
- Do not share your password.
- Change your password periodically.
Personal Computer Tips:
- Maintaining your computer by applying the proper security settings, installing adequate security software, and keeping your systems current will help protect your personal information. Here are some essential items to consider.
- Install and run antiâvirus software. Activate the automatic updates and automatic scan feature.
- Install and run antiâspyware software.
- Install and activate a personal firewall.
- Keep your operating system current. Activate the automatic update feature.
- Activate the popâup blocker on your browser.
- Set your browser's security level to the default setting or higher.
Identity Theft Tips
- Use passwords on all accounts and your PC that are difficult to guess
- Do not keep passwords on you, and don't write such information on debit or ATM cards.
- Be careful what you throw in the trash
- Shred receipts, credit card solicitations, expired cards, statements, marketing solicitations and similar documents.
- Carry only the identificationand bank/credit cards you actually need.
- Review your monthly statements promptly and carefully
- Secure confidential information you keep at home.
- Call your credit card company if a new credit card does not arrive.
- Cancel old or unwanted cards.
- Don't give private information to anyone unless you are positive you know the person and they have legitimate reason for asking.
- Never lend your password to anyone
- Guard your mail
- Be positive of the identity of anyone telephoning or e-mailing you to request personal information.
- Only give personal information if you intiated the contact
- Periodically check your credit report
- Never write down PINs
- Guard your social security number
- Be careful who is around you at ATMs and when using phone cards
- Do not allow your credit card out of your sight while paying for products and services
- Do not leave your wallet/purse/checkbook in your car
Customer Awareness and Education
Businesses are not protected under Reg E, therefore they need to be diligent in reviewing their periodic statements. Businesses also need to have multiple controls in place to monitor their online banking account and users.
Commercial Online Banking Risk Assessment
The following risk assessment and controls evaluation is provided to assist commercial online banking users in identifying threats and measure the strength of their controls. This assessment should be completed at hire date, and at least annually.
Risk Assessment Questions
For each question, select the answer that best represents your environment. Following the assessment, use the "Control Evaluation â Tips" to evaluate your environment.
- Are your employees required to sign an acceptable use policy?
- Does each employee who uses Internet banking go through security awareness training?
- Do you run background checks on employees prior to hire?
Computer System Security:
- Do computer systems have up-to-date antivirus software?
- Is there processes in place to ensure software updates and patches are applied (e.g. Microsoft, web browser, Adobe products, etc.)?
- Do users run as local Administrators on their computer systems?
- Is a firewall in place to protect the network?
- Do you have an Intrusion Detection/Prevention System (IDS/IPS) in place to monitor and protect the network?
- Is internet content filtering being used?
- Is e-mail SPAM filtering being used?
- Are users of the Internet Banking system trained to manually lock their workstations when they leave them?
- Is wireless technology used on the network with the Internet Banking system?
- Are critical systems (including systems used to access Internet banking) located in a secure area?
- How are passwords protected?
Core Evaluation Tips:
- Create an Acceptable Use Policy (AUP), if you don't already have one, and require your employees sign it at least annually.
An Acceptable Use Policy (AUP) details the permitted user activities and consequences of noncompliance. Examples of elements included in an AUP are: purpose and scope of network activity; devices that can be used to access the network, bans on attempting to break into accounts, crack passwords, circumvent controls or disrupt services; expected user behavior; and consequences of noncompliance.
- Require each employee who uses Internet banking to go through security awareness training at least annually.
Security Awareness Training (SAT) for Internet banking users, at a minimum, should include a review of the acceptable use policy, desktop security, log-on requirements, password administration guidelines, social engineering tactics, etc.
- Run background checks on all employees prior to hire.
Companies should have a process to verify job application information on all new employees. The sensitivity of a particular position or job junction may warrant additional background and credit checks. After employment, companies should remain alert to changes in employees' circumstances that could increase incentives for abuse or fraud.
- Ensure all computer systems have up-to-date antivirus software.
Companies should maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
- Implement a process to ensure software updates and patches are applied frequently.
This includes a computer's operating system and other installed software (e.g. web browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.). In many cases, it is best to automate software updates when the software supports it.
- Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).
- Implement an Intrusion Detection/Prevention System (IDS/IPS) to protect your network.
An IDS/IPS is used to monitor network/Internet traffic and report or respond to potential attacks.
- Restrict Internet traffic on the systems used for Internet banking activities.
Filter web traffic to restrict potentially harmful or unwanted Internet sites from being accessed by computer systems. For "high risk" systems, it is best to limit Internet sites to only those business sites that are required.
- Implement an e-mail SPAM filter to help eliminate potentially harmful or unwanted e-mail messages from making it to end users' inboxes.
- Configure workstations to auto-lock after a period of inactivity along with training users to manually lock their work stations when they leave them.
Systems should be locked (requiring a password to reconnect) when users walk away from their desks to prevent unauthorized access to the system.
- Secure wireless traffic using industry-approved encryption (e.g. WPA).
Wireless networks are considered public networks because they use radio waves to communicate. Radio waves are not confined to specific areas and are easily intercepted by unauthorized individuals. Therefore, if wireless is used, security controls such as encryption, authentication, and segregation are necessary to ensure confidentiality and integrity.
- Locate critical systems (including systems used to access Internet banking) in a secure area.
Only allow approved employees access to the critical systems.
- Ensure passwords are securely stored and kept confidential.
Passwords should never be left out for unauthorized individuals to gain access.
The Fair Credit Reporting Act requires each of the nationwide consumer reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months. AnnualCreditReport.com is a centralized service for consumers to request free annual credit reports. It was created by the three nationwide consumer credit reporting companies â Equifax, Experian and TransUnion.
This website was created by the federal government to help people be safe, secure, and responsible online. This website is part of the National Initiative for Cyber security Education.
National Cyber Security Alliance staysafeonline.org
NCSA's mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school. This website provides information and educational programs for protecting the technology individuals use, the networks they connect to, and their digital assets.
US-Cert- Cyber Security Tips www.us-cert.gov/cas/tips/
This website is published by the United States Computer Emergency Readiness Team (US-CERT) and describes and offers advice about common security issues for non-technical computer users.
FTC- Privacy & Security www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm
The Federal Trade Commission (FTC) website contains a Privacy & Security section containing a list of facts for consumers, articles, consumer alerts, and more.
FTC- Deter, Detect, and Defend Against Identity TheftM
This website, published by the Federal Trade Commission (FTC), is a national resource to learn more about the crime of identity theft. On this site, consumers can learn how to avoid identity theft and learn what to do if their identity is stolen.
Bureau of Consumer Protection- Data Security www.business.ftc.gov/privacy-and-security/data-security
The Bureau of Consumer Protection Business Center website contains a data security section with material to help people learn how to secure their information. The website section contains a list of educational documents discussing information security, information about data security related laws, reports, workshops, and more. It also has an interactive tutorial over protecting personal information.
BBB Data Security www.bbb.org/data-security/
The Better Business Bureau (BBB) created this website specifically to educate small businesses on the most common data security issues they face. Data security guidelines and suggestions are presented to help improve the security posture of small businesses.
Small Business Information Security http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf
This guide was published by the National Institute of Standards and Technology (NIST). The guide identifies recommend practices to improve information security in small businesses.
Sound Business Practices for Companies to Mitigate Corporate Account Takeover https://www.nacha.org/userfiles/File/Sound%20Business%20PracticesBusinessesFinal042811.pdf
This document was created by the National Automated Clearing House Association (NACHA) to help companies mitigate the risk of corporate account takeover. The document was developed for companies of all sizes and outlines business processes to consider when reviewing and implementing security procedures.
Equifax-To order your report, call: 800-685-1111, or to report fraud, call: 800-525-6285/ TDD: 800-255-0056
Experian- To order your report, call: 888-EXPERIAN (397-3742), or to report fraud, call: 888-EXPERIAN (397-3742)/ TDD: 800-972-0322
TransUnion- To order your report, call: 800-916-8800, or to report fraud, call: 800-680-7289
FTC- Identity theft hotline 1-877-IDTHEFT (438-4338)
Eclipse Bank Contacts:
Vice President, Retail Banking
Assistant Vice President, Retail Banking
Assistant Vice President, Retail Banking