The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server.
How Encryption Works
When visiting the internet banking sign-on page, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to descramble (decrypt) messages received. The SSL protocol assures privacy, but also ensures no other website can “impersonate” your financial institution’s website, nor alter information sent. To learn whether your browser is in secure mode, look for the secured lock symbol at the bottom of your browser window.
The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message.
For your protection, our servers require the browser to connect at 128-bit encryption (versus the less-secure 40-bit encryption). Users will be unable to access online banking functions at lesser encryption levels. This may require some end users to upgrade their browser to the stronger encryption level.
To determine if your browser supports 128-bit encryption:
Click “Help” in the toolbar of your Internet browser click on “About [browser name]”A pop-up box or window will appear. For Netscape: you should see “This version supports high-grade (128-bit) security with RSA Public Key Cryptography”
If your browser does not support 128-bit encryption, you must upgrade to continue to access the website’s secure pages. Most modern browsers like Microsoft Edge and Google Chrome support 128-bit encryption.
We strongly recommend that any person who wishes to access the bank’s internet banking have installed on their computer a firewall program and a strong anti-virus program. If properly installed and maintained, these programs will help protect your personal information by detecting and stopping malicious software from the Internet.
Identity theft is fraud committed or attempted by using identifying information of another person without authority. Identifying information is any personal information such as your name, Social Security number, date of birth, credit card or bank information. Identity theft is a serious crime that can cause victims loss of time and money to resolve. The thieves use a variety of methods to steal your information, including:
- Skimming: Stealing credit/debit card numbers by using a special device on ATMs or when processing a purchase.
- Phishing: Pretending to be a financial institution or other company and sending email or pop-up messages to get you to reveal your personal information.
- Pretexting: Pretending to be you when they call financial institutions, phone companies and other sources to get additional information.
- Dumpster diving: Rummaging through trash looking for bills or other paper with your personal information on it.
Here are some helpful tips to avoid becoming a victim of identity theft:
- Store personal information in a safe place. Shred financial statements, bank checks, credit card offers, charge receipts and credit applications before discarding them.
- Don’t release personal information. Never disclose account numbers, Social Security numbers and credit card numbers over the phone or email unless you know the person or organization you’re dealing with.
- Guard against mail theft. Deposit outgoing mail into a secure, official U.S. Postal Service collection box. Promptly remove incoming mail after it has been delivered.
- Monitor account information and billing statements. Know your billing cycles and review monthly statements for authorized charges or withdrawals. Missing statements could indicate that someone has filed a change of address notice to divert your mail to his or her address. Consider switching to electronic statements.
- Obtain and review copies of your credit report. Order copies of your credit report yearly to review your file and make certain the information is accurate. The three major credit bureaus are:
Steps to take if you become a victim of identity theft:
- File a police report and call the Federal Trade Commission’s toll-free “Identity Theft Hotline” at 1-877-438-4338.
- Notify the three credit bureau’s fraud departments. Request that a “fraud alert” be placed in your file, as well as a victim’s statement asking that creditors call you before opening any new accounts.
- Request a copy of your credit report. Credit reports are free to fraud victims.
- Contact your creditors for any accounts that have been opened fraudulently. Close your accounts and obtain new credit, debit and ATM cards.
- Report any suspected stolen mail to your local postal inspector and check the post office for unauthorized change of address requests.
Business Identity Theft
Corporate Account Takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats.
- Use a dedicated computer for financial transactional activity. DO NOT use this computer for general web browsing and email.
- Apply operating system and application updates (patches) regularly.
- Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version.
- Have host-based firewall software installed on computers.
- Use latest versions of Internet browsers, such as Edge, Firefox or Google Chrome with “pop-up” blockers and keep patches up to date.
- Turn off your computer when not in use.
- Do not batch approve transactions; be sure to review and approve each one individually.
- Review your banking transactions and your credit report regularly.
- Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks.
Other Security Tips
Online Security Tips
- Use a current web browser.
- Avoid downloading programs from unknown sources.
- Do not use your Social Security number as a username or password.
- Change your passwords regularly and use combinations of upper and lower case letters, numbers, and “special characters” such as “pound (#) and “at” (@) signs.
- Protect your online passwords. Don’t write them down or share them with anyone.
- A different password should be used for each commercial and financial services website.
- Protect your answers to security questions. Select questions and provide answers that are easy for you to remember, but hard for anyone else to guess. Do not write down your security questions or answers or share them with anyone. If you selected security questions on other websites, avoid using the same questions to protect your Wray State Bank, Windsor State Bank, or Brush State Bank account. Please note that we will never ask you to provide answers to your security questions via email.
- Use secure websites for transactions and shopping. Shop with merchants you know and trust. Make sure internet purchases are secured with encryption to protect your account information. Look for “secure transactions” symbols like a lock symbol in the lower right-hand corner of your web browser window, or “https://…..” In the address bar of the website. The “s” indicates “secured” and means the web page uses encryption.
- Always log off from any website after making a purchase with your credit or debit card. If you cannot log off, shut down your browser to prevent unauthorized access to your account information.
- Close your browser when you’re not using the internet.
- Approach all applications and links on all devices (such as personal computers, tablets and cell phones) and delivery channels (such as email, text messages and social media sites) with caution, as cybercriminals often use applications and links as the first step in installing malicious software on devices with which fraudulent acts can be enabled.
- Most Wi-Fi networks do not encrypt information and are not secure. Use caution when conducting any secure financial transactions via an unsecured Wi-Fi connection.
Social Media Security Tips
- The highest available level of privacy and security settings should be selected and activated on any social media site.
- No information that can be used to compromise information security should be viewable on any social media site. Such information includes the names of financial institutions, card companies, commerce websites, Internet service providers, utilities and wireless carriers with which you have accounts. This also includes personal financial information, passwords, phone numbers, email addresses, addresses and dates of significance (for example, birth dates and anniversaries).
- Accept only known and trusted individuals into your social network.
- Do not allow social media sites to scan your address book.
Mobile Device Security Tips
- Mobile phone applications, text messages, instant messages and calls from unfamiliar or suspicious sources that request personal financial information and passwords should be declined and, when appropriate, promptly deleted, and not replied to or forwarded. Any links contained within the message should not be opened.
- Each mobile phone and mobile phone application should be assigned a different password with the maximum allowable number and types of characters.
- Mobile phones should be set to logoff automatically after no more than two minutes of non-use, with a password required to log back into the phone.
- Mobile phones should be locked when not in use and not left in visible unsecured locations.
- Lost or stolen mobile devices should be reported to the carrier promptly.
Computer Security Tips
- Keep your computer operating system up to date to ensure the highest level of protection.
- Install a personal firewall on your computer.
- Install, run, and keep anti-virus software updated. If security software can update automatically, set it to do so.
- Turn your computer off completely when you are finished using it – don’t leave it in sleep mode.
- Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.
Email and Text Security Tips
- Be wary of suspicious emails. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
- If you receive a suspicious email that you think is a phishing email, do not respond or provide any information.
- Personal information and passwords for financial services should not be provided in response to unfamiliar or suspicious websites, emails or text messages.
Bank Account Security Tips
- Report lost or stolen cards and checks immediately.
- Review account statements carefully. Regular account review helps to quickly detect and stop fraudulent activity.
- Ask about suspicious charges.
- With Online Banking you can monitor your account online any time and as frequently as you like.
- Limit the amount of information on checks. Don’t print your driver’s license number or Social Security number on your checks.
- Store new and cancelled checks in a safe and secure location.
- Carry your checkbook with you only when necessary.
Credit Card and Debit Card Security Tips
- Cards should be signed as soon as they arrive.
- Always keep your credit card or debit card in a safe and secure place. Treat it as you would cash or checks. Contact us immediately if your card is lost or stolen, or if you suspect unauthorized use.
- Do not send your card number through email, as it is typically not secure.
- Do not give out your card number over the phone unless you initiated the call.
- Review account statements carefully. Ask about suspicious charges.
- Cancel and cut up unused credit and other cards.
- If you receive a replacement card, destroy your old card.
- When selecting a Personal Identification Number (PIN) don’t use any number or word that appears in your wallet (such as name, birth date, or phone number).
- Ensure no one sees your PIN when you enter it. Memorize your PIN. Don’t write it down anywhere, especially on your card, and never share it with anyone.
- Shop with merchants you know and trust.
- Make sure any internet purchase activity you engage in is secured with encryption to protect your account information. Look for “secure transaction” symbols like a lock symbol in the lower right-hand corner of your web browser window, or “https://…” in the address bar of the website. The “s” indicates “secured” and means the web page uses encryption.
- Always log off from any website after a purchase transaction made with your credit or debit card. If you cannot log off, shut down your browser to prevent unauthorized access to your account information.
- Safe-keep or securely dispose of your transaction receipts.
Use Checks Securely
- Checks should not have Social Security Numbers or driver’s license numbers printed or written on them.
- Checks should not be left visible in unsecured locations.
- Checks that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in a readable form.
- Checks that are tamper resistant are available. These checks include security features such as chemically sensitive paper to deter alterations.
When using your card at an ATM:
- Be aware of your surroundings when withdrawing funds.
- Watch for suspicious persons or activity around the ATM. If you notice anything out of the ordinary, come back later or use an ATM elsewhere. If you observe suspicious persons or circumstances, do not use the ATM at that time. If you are in the middle of a transaction, cancel the transaction, take your card and leave the area, and come back at another time or use an ATM at another location.
- Report all crimes immediately to the operator of the ATM or local law enforcement.
- Consider having someone accompany you when using an ATM after dark.
- Never allow a stranger to assist you with using an ATM.
- When using a drive-up ATM, keep your car doors locked and your engine running.
- Ensure no one sees your PIN when you enter it.
- Refrain from displaying cash, and put it away as soon as your transaction is completed. Wait to count your cash until you’re in the safety of a locked enclosure, such as a car or home.
- Take your receipts with you so potential criminals will not know how much you withdrew or how much money is in your account. After completing your transaction, remember to remove your card, cash and any printed documents such as receipts or statements.
- Safe-keep or securely dispose of your ATM receipts.