Online Security Resources for Consumer and Business

The Federal Financial Institutions Examination Council (FFIEC) has issued supervisory guidance for banks designed to help make online transactions more secure. This was in response to an ever more dangerous online threat environment. Scams and hacking techniques are more sophisticated, new threats are continually being developed and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft.

This means you may begin to see new security features on the websites you visit. Each of our online products has built-in security features which are continually enhanced in response to changing threats. Some of these enhancements are visible to you, the user, but others occur behind the scenes.

This also means you will see more information on how you, as a user of online services, can take action to keep your identity and your financial information and funds secure.


IMPORTANT INFORMATION FOR OUR ONLINE USERS

Your Log-In Credentials

We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer. If you receive such a request, do not provide any information. Contact a Service Specialist at 763-767-2178 to report the incident.


Reporting Suspicous Activity

If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship with 21st Century Bank, call 763-767-2178 and speak to a Service Specialist.


Protect Yourself by Controlling Online Risks

Understand the risks of online transaction processing:

The security tips and links to websites noted below provide important information and news to help you understand online transaction risk and options to help you control these risks. It is important to be informed and proactive.


Password Security Tips:

Do not share your User ID’s or Passwords with another person or provide them to others. Safeguard your Online Banking ID and Password information—never leave the information “lying around” in an unsecured location. Create a unique User ID and Password for each site. Do not use the same identifying information on multiple websites.

Create strong User ID’s and Passwords. In other words, use upper case letter(s), lower case letter(s), and numbers; if the site allows for them, use symbols as well.

Many websites force password changes (i.e. every 60 days). If a website does not do so, take the initiative and change your password on a regular basis.

Avoid posting personally identifiable information on social media sites such as on Facebook and Twitter. Information such as street address, pets’ names, home town and mother’s maiden name can be used to access more secure information.


Website Security Tips:

Monitor account activity. View account activity online on a regular basis and review periodic account statements (monthly and/or quarterly) and reconcile them to your personal records.

Log off from a website; do not just close the page or “X” out.

Secure websites have a web address that includes an “s” (https rather than http). If this feature is lacking, the site may not be genuine. Do not log in or conduct business on these sites.

When completing financial transactions, verify encryption and other security methods are in place, protecting your account and personal information.


Computer / Network Security Tips:

Use quality security monitoring software on your PC that includes anti-virus, anti-malware and firewall functions.
Use your PC’s security features such as individual Log-In accounts.
Keep PC operating system security up-to-date by applying patches and updates.
Password-protect your computer network (physical or wireless).


Mobile Banking Security Tips:

Use your mobile device’s locking function to lock your screen after five minutes or less of inactivity. It’s a simple way to prevent thieves from accessing your information if you leave your device unattended, even for just a few minutes.

Set your mobile device to require a password when powered up. Create a "strong" password (consisting of unusual combinations of upper- and lower-case letters, numbers and symbols) or PIN (with random numbers) and periodically change it. Don’t use the same user ID and password for your financial accounts as you do for other sites.

Keep your passwords, personal information, and bank account numbers private. Avoid storing personal data like credit card information, Social Security numbers, passwords, or other sensitive information directly on your mobile device. The convenience of storing this information in your notes app may be tempting, but it’s an easy target if your device falls into the wrong hands.

Keep your operating system up to date with the latest software and security downloads. Don’t “jailbreak” your device (that is, to remove operating system restrictions in order to access certain apps.) Jailbreaking will strip away the device’s built-in security systems, leaving your private information vulnerable.

Research any app before downloading it, and only download apps that come from a reputable source. Malicious apps can steal your data directly from your device.

Be on guard against unsolicited emails or text messages requesting your account information or personal details. Be careful about messages you receive on social networking sites that contain links. These can sometimes be harmful or fraudulent; if you’re suspicious, don’t click the link. Contact the sender directly to verify the validity of the email.

Limit the amount of personal information you provide on social networking sites. The more information you post, the easier it may be for a criminal to use that information to steal your identity, access your data, or commit other crimes.

Do not conduct financial transactions through an unsecured Wi-Fi network (such as those found at coffee shops), and disable settings that automatically detect and connect your device to Wi-Fi or Bluetooth. This helps prevent your phone from transmitting information without your knowledge.

Enable features that allow you to remotely find your mobile device if you think it may be lost or stolen. Many apps allow you to remotely erase content or turn off access to your device if you believe it is gone for good.


Stay Aware of Current Scams:

The Internet Crime Complaint Center (IC3) website is a partnership between the Federal Bureau of Investigation (FBI) and the National White
Collar Crime Center (NW3C), and contains useful information.
The IC3 website is found here.
IC3 information on gift card scams can be found here.
IC3 information on other scams can be found here.


IDENTITY THEFT

What can you do to avoid becoming a victim of IDENTITY THEFT?


Protecting your indentity:

Never respond to unsolicited requests for your social security number or financial data.
Before discarding, shred credit card, ATM receipts and any pre-approved credit offers you have received, but don't plan to use.
Check all credit card and bank statements for accuracy.
Avoid easy-to-figure out access and personal ID codes.
Obtain a copy of your credit report annually and check it for accuracy.
Use only secure sites when making online purchases. Secure pages begin with "https."
Pay for online purchases by credit card to assure you get what you paid for and to limit your liability.
Safeguard your SSN, and check earnings and benefit statements annually for fraudulent use.


If you have become a victim of Identity Theft, immediately take the following actions:

File a police report.
Contact your bank.
Notify all of those with whom you have a financial relationship.
Tag accounts closed due to fraud, "closed at consumer's request."
Notify credit bureau fraud units.
Establish a password for telephone inquiries on credit card accounts.
Place a fraud alert statement on your credit report.
Request bi-monthly copies of your credit report until your case is resolved (free to fraud victims).
Report theft of checks to your bank.
Check post office for unauthorized change of address requests.
Follow-up contacts with letters and keep copies of all correspondence.

More information about Identity Theft and how to avoid it can be found at: www.ftc.gov/idtheft


Additional Information for Business Users of Online Services for Business Users of Online Services

FFIEC Guidance takes note that business transactions, because of their frequency and dollar value, are inherently more risky than consumer transactions. The FFIEC also notes the steep rise of online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.

Recently, small- to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.


The FFIEC Guidance suggests enhanced controls for businesses:

Business customers should be encouraged to perform a periodic risk assessment and an evaluation of the effectiveness of the controls they have in place to minimize the risks of online transaction processing.

The password, website, computer and network tips above provide a starting point for this process and the web resource links provide additional detailed information.

The FTC Business Center has a great deal of information for businesses at https://business.ftc.gov/privacy-and-security/data-security.

Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.

Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verifications), fraud detection and monitoring systems, and IP reputation–based services. The Guidance encourages establishing layered security processes.


Customer Security Awareness

Request A BrochureComments and SuggestionsFraud Prevention and Your MasterCard Debit Card Identity Theft InfoStatement of Condition
Online Customer Security Awareness User Agreement Real Estate For SalePrivacy PolicyContact Us All Rights Reserved