Online Banking Security Tips
Mobile Device Security
- Configure your device to require a Passcode or Personal identification Number (PIN) to gain access if this feature is supported in your device.
- Avoid storing sensitive information. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, bank account numbers, etc.). If sensitive data is stored then encryption should be used to secure it.
- Keep your mobile device's software up-to-date. These devices are small computers running software that needs to be updated just as you would update your PC. Use the automatic update option if one is available.
- Disable features not actively in use such as Bluetooth, WI-Fi, and infrared. Set Bluetooth-enabled devices to non-discoverable when Bluetooth is enabled.
- Delete all information stored on a device before the device changes ownership. Use a "hard factory reset" to permanently erase all content and settings stored on the device.
- "Sign out" or "Log off" when finished with an app rather than just closing it.
- Never click on suspicious links in emails, tweets, posts, nor online advertising. Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
- Only give sensitive information to websites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://". Some browsers also display a closed padlock.
- Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
- Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
- Always "sign out" or "log off" of password protected websites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
- Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.
General PC Security
- Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans to your computer and thumb drives including real-time scanning.
- Update your software frequently to ensure you have the latest security patches. This includes your computer's operating system and other installed software (e.g. Web Browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
- Automate software updates, when the software supports it, to ensure it's not overlooked.
- If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
- Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).
- Require a password to gain access. Log off or lock your computer when not in use.
- Use a cable lock to physically secure laptops, when the device is stored in an un-trusted location.
- Create a unique password for all the different systems you use. If you don't then one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password it's probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and if supported special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password.
- Avoid using obvious passwords such as:
- your name
- your business name
- family member names
- your user name
- dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
To learn more about information security, visit any of the following websites:
Regulation E and Accounts with Internet Access
What is Regulation E?
Regulation E protects individual customers using electronic funds transfers (EFT). Non-consumer accounts are not protected by Regulation E.
What is an EFT?
An electronic funds transfer (EFT) is any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account. The term includes but is not limited to:
- Point of sale (POS) Debit/ATM Card transactions
- Automated teller machine transfers (ATM)
- Direct deposits or withdrawals of funds
- Transfers initiated by telephone
- Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal
- Transfers initiated through internet banking and bill pay
How does Regulation E apply to a consumer using internet banking and/or bill pay?
Regulation E is a consumer protection law for accounts such as checking or savings, established primarily for personal, family, or household purposes. Non-consumer accounts, such as Corporations, Trusts, Partnerships, LLCs, etc., are excluded from coverage. Regulation E provides consumers a means to notify their financial institution that an EFT has been made to their account without their permission. If you are unsure if your account is protected by Regulation E contact us.
What protections are provided to consumers under Regulation E for consumers who use internet banking and/or bill pay?
If you believe an unauthorized EFT has been made to your account, contact us immediately. If you notify us within two business days after you learn of the unauthorized transaction the most you can lose is $50. Failure to notify the bank within two business days may result in losses up to $500.
No liability limit:
Unlimited loss to a consumer account can occur if:
- The periodic statement you receive reflects an unauthorized transfer of money from your account, and
- You don't report the unauthorized transfer to the bank within 60 days after the statement was mailed, and
- The loss could have been avoided if you had given timely notice.
How does Regulation E apply to a non-consumer using EFT/POS, internet banking and/or bill pay?
A non-consumer using POS/ATM, Online Banking and/or Bill Payment is not protected under Regulation E. Because the customer is not protected by Regulation E special consideration should be made by the customer to review the controls in place to ensure that they are commensurate of the risk level that the customer is willing to accept.
What precautions should a non-consumer take because they are not protected by Regulation E?
As a non-consumer customer you should perform a risk assessment and periodically evaluate the controls you have in place. The risk assessment should be used to determine the risk level associated with any internet activities you perform and any controls in place to mitigate these risks.
Visit a branch near you or call 1-800-562-6896 for our Electronic Banking Department or email us at firstname.lastname@example.org. Note: If using email to contact us, do not include any of your personal information.
Security and You
First Financial Bank understands that the security of your personal account information is important to you. We also understand that our continued success as a financial institution relies on both our ability to offer banking services to you in a secure manner as well as your responsibility in keeping any access codes, passwords or PINs secure. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures, which are described below. These measures allow us, among other benefits, to properly authenticate your identity when you access these services and protect your information as it travels between your PC and First Financial Bank. With the proper safety measures in place, your online banking transactions remain safe and secure. The following measures have been taken to ensure your privacy, as well as some steps you can take.
Unique ID and Password
In order to access your accounts online you must enter a unique User ID and Password. We strongly recommend that you choose a Password that you can remember (without writing it down) but does not use information that can be easily guessed by someone. Avoid the use of birthdays, children's names, etc. Do not reveal your User ID or Password to anyone.
Three (3) Strikes and You're Out
If an unauthorized person attempts entry into your online banking account by trying to guess a Log-In ID or Password, the bank will disable the password on the third incorrect attempt, thus invalidating the Log-In combination. If you accidentally activate this security feature by unintentionally miss-keying a password three times, you would need to call the Bank to reestablish the password for that account. For example, a common mistake made by the end user is having the CAPS-LOCK on while keying in a password.
To further protect you, a timeout feature is used. This feature will automatically log you out of your current financial service session after a 15-minute inactivity period on our site.
Please remember that e-mail is not secure against interception, and you should be cautious when sending e-mail with personal information. If your information is very sensitive, or includes personal or confidential information-such as your bank account, charge card or Social Security number-you need to contact us by postal mail or telephone. For a secure email sent to FFB please utilize our Contact Us option on our website.
How You Can Protect Your Internet Security
While First Financial Bank works to protect your banking privacy, you will also play an important role in protecting your accounts. There are a number of steps you can take to ensure that your First Financial Bank account information is protected, including:
- Keep your User ID to yourself.
- Do not share your Password and change it if you feel it has been compromised.
- Remain at your computer until your online banking transactions are completed and log out.
- Log out of online banking prior to visiting other Internet sites.
- If you notice suspicious or unusual activity on your online banking accounts, contact the bank immediately.
- Keep up-to-date anti-virus software, malware and spyware on your computer to prevent your information from being stolen.
Visit a branch near you or call 1-800-562-6896 for our Electronic Banking Department or email us at Notification@ffb1.com. Note: If using email to contact us, do not include any of your personal information.