Customer Security
Cybersecurity Guides
A Bank Customer's Guide to Cybersecurity
A Cybersecurity Guide for Customers
Secure Mobile Registration
- Community Spirit Bank’s Mobile Banking services, including our apps, mobile-web interface, and SMS text message banking, are tied to our online banking system.
- To log into Mobile Banking, customers will use the same user ID and password as they use for Online Banking.
- Mobile Banking only allows one registration per customer. There is no opportunity for a fraudster to create a second account once you have established your security credentials.
- For SMS text message banking, only valid texts sent to a Community Spirit Bank Short-code from a previously activated phone number will work.
Helpful Tips to Maintain Mobile Security
- To help protect your phone from unauthorized use, create a passcode to access the phone.
- Download and apply security updates and patches to your mobile browser whenever they are made available. These are designed to protect you from known security risks.
- To prevent viruses or other unwanted problems, do not open any attachments you receive via text or email from unknown or untrustworthy sources.
- Do not install pirated software or software from unknown sources on your mobile device.
- Limit unauthorized access to your cell phone. Never leave your device unattended during an open mobile banking session.
- Never save your Online Banking user ID and password on your mobile device, in memos, or in your phone's browser.
- Always remember to log off properly using the “Sign Off” button when you have completed your mobile banking activities.
- Be aware of the potential for fraudulent mobile banking apps. Always ensure you’re downloading the legitimate Community Spirit Bank apps. One way to make sure you’re downloading the official apps, is to download them via the app store links on our website.
- If your phone is lost or stolen, contact your wireless carrier immediately to stop your wireless service.
Information on Phishing
Fraudsters are always looking for ways to get your personal or financial information. When they use the Internet to do that, it's called phishing. These scam artists send e-mail or pop-up messages that might alert you to a problem with your account or state that you have a refund waiting. Some of these messages appear to come from legitimate companies. To learn more, read Internet Pirates are Trying to Steal Your Personal Financial Information.
Learn About Identity Theft
Read the Federal Trade Commission's Consumer Information on Identity Theft at http://www.consumer.ftc.gov/features/feature-0014-identity-theft.
Business Customer Awareness
Businesses are not protected under Regulation E; therefore they need to be diligent in reviewing their periodic statements. Businesses also need to have multiple controls in place to monitor their online banking account and users.
http://www.federalreserve.gov/boarddocs/supmanual/cch/efta.pdf
"The Bank will NEVER request personal information by phone, email or text message including account numbers, personal identification information, passwords or any other confidential customer information."
The Bank suggests that commercial online banking customers perform a related risk assessment and controls evaluation periodically. Please contact Donna Purser at (256) 356-5626 for a Sample Risk Assessment.
Suggested Web-Sites for Additional Information:
- Better Business Bureau – Data Security Made Simple
http://www.bbb.org/data-security/ - Bureau of Consumer Protection
https://www.ftc.gov/about-ftc/bureaus-offices/bureau-consumer-protection - Internet Crime Complaint Center
http://www.ic3.gov - NACHA
https://www.nacha.org/content/account-takeover
https://www.nacha.org/content/business-email-compromise - Small Business Information Security
http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf - Sound Business Practices for Companies to Mitigate Corporate Account Takeover
https://www.nacha.org/sites/default/files/2019-04/AccountTakeoverDesc041819.pdf
Consumer Awareness Information
Regulation E
- Banks follow specific rules for electronic transactions issued by the Federal Reserve Board known as Regulation E, the rules cover all kinds of situation revolving around transfers made electronically. Under the consumer protections provided under Reg E, you may be able to recover internet banking losses according to how soon you detect and report them.
- In general, these protections are extended to consumers and consumer accounts.
For a complete detail explanation of protections provided and not provided under regulation E, please visit the following link / links:
- FDIC – Electronic Funds Transfers (Regulation E)
https://www.fdic.gov/regulations/laws/rules/6500-500.html#fdic65001005.1 - Federal Reserve
http://www.federalreserve.gov/boarddocs/supmanual/cch/efta.pdf
Community Spirit Bank recommends you consider implementing these risk control mechanisms to protect your personal banking:
Passwords
- Avoid using personal information
- Create a unique password for online banking that you don’t use elsewhere
- Do not use the password auto-save feature on your browser
- Do not share your passwords or write them down
- Change your password periodically
- The Bank will NEVER ask for your password
Personal Computers
- Always sign out or log off.
- Update software frequently and keep systems current
- Virus software, "definitions" should be updated daily
- Install and activate a personal firewall
- Install and run most recent version of Antivirus software
- Keep your operating system (OS) current
- Activate the automatic update feature
- Set your browser's security level to the default setting or higher
General Best Practices
- Keep your personal information private and secure
- Check your account balance regularly
- Do not access your account from a public location
- If you suspect suspicious activity, take swift action
- Be skeptical of e-mail messages, for example from someone unlikely to send an email such as the IRS.
- Do not open the suspicious emails and do not click on the links, should this happen, stop work and have a diagnostics performed immediately
ID Theft Tips
- Shred receipts, statements, expired cards, and similar documents
- Review statements promptly and carefully
- Be positive of the identity of anyone before you divulge personal information, only if you initiate the contract
- Periodically check your credit report
Websites
- Check your credit report
- Pay using credit cards
- Shred bank account, credit card, physician and other statements with personal information
- Never click on suspicious links
- Only give sensitive information to websites using encryption, verified though the web address "https://" (the "s" is for secure)
- Use social media wisely and don’t reveal too much
Mobile Devices
- Use passcodes
- Avoid storing sensitive information
- Keep software up-to-date
- Install remote wipe if the device is lost or stolen it can be cleared off
Using ATMs Safely
- Protect your ATM card and PIN, if lost report as soon as possible
- Choose a PIN different from your address, telephone #, and birthdate
- Be aware of people and your surroundings
- Put away your card and cash
- Skimming – observe the card reader; if it appears damaged don’t use it.
• "The Bank will NEVER request personal information by phone, email or text message including account numbers, personal identification information, passwords or any other confidential customer information."
• Do not give these credentials to anyone. If you are contracted by someone who states they are calling from the Bank, or you receive an e-mail you should not give them any information. You should contact the Bank in the event you notice suspicious account activity or experience customer information security-related events.
Suggested Web Sites for additional Information:
- Annual Credit Report
http://www.annualcreditreport.com/ - FDIC Safe Internet Banking
https://www.fdic.gov/consumers/consumer/news/april2020.html - FTC- Privacy & Security
https://www.ftc.gov/tips-advice/business-center/privacy-and-security/data-security - ID Theft
http://www.ftc.gov/bcp/edu/microsites/idtheft/ - Internet Crime Complaint Center
http://www.ic3.gov - National Cyber Security Alliance
http://www.staysafeonline.org/ - OnGuardOnline
http://www.onguardonline.gov/ - US-Cert-Cyber Security Tips
https://www.cisa.gov/uscert/ncas/tips/ST04-003