Online Banking Safety – What You Should Know


Fraudsters are using increased sophistication to gain control of your account and transfer funds beyond the reach of any recovery. These schemes not only target individual consumers, but also target businesses hoping to transfer larger amounts and mask their fraudulent transfers with the normal business activity.

Threats

Phishing
There's a new type of Internet piracy called "phishing." It's pronounced "fishing," and that's exactly what these thieves are doing: "fishing" for your personal information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your bank account or run up bills on your credit cards.

In a typical case, you'll receive an e-mail that appears to come from a reputable company that you recognize and do business with. In some cases, the e-mail may appear to come from a government agency.
The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account." The e-mail will then encourage you to click on a button to go to the institution's website.

In a phishing scam, you could be redirected to a phony website that may look exactly like the real thing. Sometimes, in fact, it may be the company's actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information. In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a company representative, such as your mother's maiden name or your place of birth.

Malware
Short for malicious software - consists of software that is designed to gather information that leads to loss of privacy or gain unauthorized access to system resources. Malware includes computer viruses and is sometimes referred to as worms, Trojan horses, spyware, and other malicious and unwanted software or program.
Malware can be installed without detection on your PC by simply visiting an infected website, banner, or email attachment.

Keylogging
Is [malware] software that records keystrokes entered on your PC and transfers stolen information such as your logon ID, password, and challenge question answers to a fraudster over the Internet. This information can enable fraudsters to log into your account and transfer funds to accounts controlled by the fraudster. This can be done through bill pay service, ACH transactions, or even a wire request.
Keyloggers can be installed as with any other malware, but also can be accomplished by a hardware device plugged into your PC which stores the information for later use.

Man-in-the middle (MIM)
In a MIM attack, the fraudster, using sophisticated malware, inserts themselves between you and your banking service over the Internet and hijacks the online banking session. The fraudster can steal your information used to sign on to your Internet banking and log into your account or change and insert additional data into your transactions for the purpose of transferring funds to the fraudsters account. The fraudster conceals their actions by directing you to a fraudulent website that is a mirror image of the financial institution.

How to Protect Yourself
If you are suspicious of any contact you receive, do not respond. If you want to contact the sender, you should initiate the contact through a channel that you have verified, such as a publicly known website or telephone number.
Maintain virus protection or anti-malware software on any computer connected to the Internet to provide a defense against keyloggers and MIM attacks.
Always install current updates for your computers operating system.
Disconnect your computer from the Internet and properly log off when not in use.
Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. If you did not initiate the communication, you should not provide any information. If Merchants Bank was to contact you about suspicious transactions, we would be providing the transaction information, and only for the purpose of verifying that you authorized it. We would not ask you to provide information.
If you believe a contact from Merchants Bank is suspicious, contact us immediately at 610-588-0981, toll free at 1-877-678-6622.
Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call us at 610-588-0981, toll free 1-877-678-6622 to find out why. Use your online access to review your account and catch suspicious activity.
Never click on the link provided in an e-mail you believe is fraudulent. It may contain a virus that can contaminate your computer.

Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.

What to do if you fall victim:

• Alert us by calling 610-588-0981, toll free at 1-877-678-6622.

• If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:

Experian (www.experian.com)
888-397-3742

TransUnion (www.transunion.com)
800-680-7289
You can learn more about ID theft or report the loss of your personal information to the Federal Trade Commission through their website at www.consumer.gov/idtheft.

Consumer Protections Provided for Electronic Funds Transfers (EFT)

The Federal Government has established rights and responsibilities for certain EFTs initiated by a consumer through an electronic terminal, including a computer, under a law know as the Electronic Funds Transfer Act implemented by Regulation E. To limit your liability under the law for unauthorized transaction, you must notify us promptly of suspicious activity, but no later than 60 days after we send the first statement on which a problem or error appears.
Refer to the EFT disclosure given to you at account opening, or visit your local Merchants Bank office for additional information.

Risk Assessment
The Federal protections afforded consumers for electronic funds transfers do not apply to business accounts. Additionally business accounts can be more susceptible to frauds because of the higher volume and higher dollar value of transactions. Therefore, in addition to the protection measures previously mentioned, it is suggested that commercial customers perform a risk assessment and control evaluations of their online functions. Consider the following factors:

• Internal and external threat environment such as recent publicized security breaches, identity theft, or fraud, and the threats described above.
• Changes in your operation, especially the use of electronic transactions service, such as Online Banking, ACH origination, and other Internet services.
• Changes in staffing, such as the amount of turnover; and staff procedures related to downloading information from the Internet or handling unsolicited requests for information.
• Dual control procedures for critical transaction, such as transfers to a third party.
• Physical security over computer equipment, passwords, keys, and other access devices or security information.
• How frequently banking transactions or account balances are verified for accuracy.