First Capital Bank’s Security Corner
By Michael T. Mercatante, Jr.
Security and Internet Banking Officer
On this page, I will provide information on what you can do to better protect yourself online from various security threats, hoaxes, identity theft, etc. As online security is an ever-evolving issue, I urge you to check back from time to time.
First off, let’s start with a few types of online fraud.
Phishing – When a fraudster sends you an e-mail attempting to have you provide confidential information such as your user name and password, ATM/Debit card # and PIN, Account Number, Social Security Number, etc.
Smishing – When a fraudster sends you an SMS/Text attempting to have you provide confidential information such as your user name and password, ATM/Debit card # and PIN, Account Number, Social Security Number, etc.
Vishing – When a fraudster calls you attempting to have you provide confidential information such as your user name and password, ATM/Debit card # and PIN, Account Number, Social Security Number, etc.
Pharming – When a fraudster attempts to replicate a website and have you log in. Many times you will not notice the site is pharmed as the fraudster will capture and then ‘pass through’ your login credentials to the real website allowing you to continue with your activity.
As you can see, in all of the above cases, the fraudster is attempting to obtain personal, confidential information. The fraudster may use the information himself, or sell it to someone else who will try to use the information.
What can be done to prevent this from happening? The easiest and simplest thing is to NEVER give out confidential information to anyone, even if they claim to be from a business you deal with on a regular basis. If you have to have that kind of discussion, call the business yourself at a number you already know or have and then have your discussion.
There are a number of steps you can take that will help keep you safe online.
Passwords – Use strong passwords. A strong password is a minimum of 8 characters long, uses upper and lower case letters, numbers and special characters. A password should not be:
- · Any part of your name
- · A family member’s name
- · Pet’s name
- · Social Security Number
- · Account Number
- · Phone Number
- · Address
- · Anyone’s birth date
- · Other easily guessed password (something easy to find out about you; something you may carry in your wallet)
- · Any word found in the dictionary
- · Any of these items spelled backwards
- · Sequences such as 123456, abcdefg, 444444
A good suggestion is to shorten a phrase that means something to you. For example, let’s take the phrase First Capital Bank is great! If we change a few things around, we can make a strong password like this: 1stCapBkisGr8!
So now that you’ve got a strong password, where do you use this password? Do you use the same password for your banking sites as you do for your Facebook page or Twitter account? You shouldn’t. Segregate your passwords into different groups such as financial, social media, blogs, forums, etc. This way, if one of the less secure sites gets hacked, your financial passwords are still safe.
Automatic Updates – Configure your pc to automatically download and install operating system, browser, and other software updates. As vendors discover security holes, they patch them. Be sure to stay on top of those patches.
Anti-Malware – Download, install and configure, at a minimum, Anti-Virus software. Be sure that you’re A/V software gets updated at least once a day, if not more frequently and that it performs at least a weekly scan. Consider downloading, installing and configuring some additional security software that helps protect and detect the malware that A/V software isn’t designed to catch.
Some free Anti-Virus software includes:
Some free Anti-Malware software includes:
*First Capital Bank does not endorse nor guarantee any of these products. They are simply presented for reference.
Verify the Site You’re Visiting
When visiting a website, be sure to look at the address bar. In newer browse versions, the address bar will be green at a secure website. Also, look for the ‘https’ in the address bar. ‘http’ stands for ‘Hyper-Text Transfer Protocol’, and the ‘s’ stands for ‘Secure’, so be sure that the ‘s’ is present in the address bar at a secure site.
Also, look for the ‘lock’ which also indicates a secure site.
If you click on the ‘lock’, you should receive some more details about the site.
First Capital Bank’s Online Banking Security
How does First Capital Bank help to protect you online? FCB requires your user name and password. Your password can’t be your Social Security Number or all numbers. Additionally, your password needs to be a strong password. We also require something called Multi-Factor Authentication (MFA), or what we call Enhanced Login Security (ELS). MFA, or ELS, means that in order for you to log in to our systems, we require something you know and something you have. Something you know is your user name and password. Something you have is the cookie that we install on your pc the first time you logged in and had to retrieve a code from your registered e-mail address. Once you entered that code and registered your pc, our systems look for that cookie. If it’s present, you’re logged right in. If it’s missing, you have to go through the process of retrieving that code from your e-mail again.
First Capital Bank also:
- Has a session timeout
- Will only speak with the account owner when you need help
- Will never ask for your password
- Will verify you before providing you information
- Owns several website names that could be confused with www.1capitalbank.com
- Monitors your Internet Banking activity for anomalous activity. Don’t be surprised if you receive a call from us!
Everyone uses e-mail to communicate. It’s a great, instantaneous way to connect and share information. However, it can also be used to obtain confidential information. Here are a few tips when using e-mail:
- Never send confidential information via e-mail:
- Account Numbers
- Social Security Numbers
- Encrypt or password protect confidential attachment
- Confidential information is anything you can’t search for on the internet
Responding to a Problem
If you believe your Internet Banking account has been compromised, immediately call us at (804) 273-1250. We will lock you out until the situation can be resolved. Run anti-virus/anti-malware scans on any p.c. that you’ve used to connect to our Internet Banking. Review account activity for suspicious or unusual transactions. Review other bank activity too. Your login may have been compromised there too! Maintain a written log of everything that has happened, who you spoke to, when you spoke with them, and what was said. Notify your local law enforcement. Complete necessary affidavits, if applicable. Notify other banks/financial institutions too.
While this all sounds scary, the internet is still a wonderful place where you can obtain information about anything, connect with friends, family and co-workers, and yes, even conduct financial transactions. With the right frame of mind and the proper preventative measures in place, you can visit the internet without much to worry about.
First Capital Bank is happy to provide a few short videos for you to view. They provide some additional information regarding security.
Phishing: Don't Take the Bait!
Identity Theft: Protect Yourself!
Internet Fraud: If it sounds too good to be true, it probably is!
Social Media: Be Careful Who You Trust
Play it Safe with Portable Devices