Customer Security & Education

Online Banking Security

Our Online Banking system uses many lines of defense to protect your account information. From authentication, SSL, exclusive encryption software, high-end firewalls, and automatic sign-off, your information is always safe -- it’s like having a bank vault online.


SSL

SSL stands for "Secure Socket Layer." This technology allows users to establish sessions with secure Internet sites - meaning they have minimal risk of external violation. Once inside the Online Banking site, our use of SSL technology keeps you and your account information secure.


Encryption

Encryption turns meaningful words and phrases into coded language. Everything that you do during your Online Banking session becomes a string of unrecognizable numbers before crossing the Internet. Your account information will read as gibberish to everyone but you and our financial institution. All of your Online Banking sessions will be encrypted. We employ the strongest forms of cryptography that are commercially available for use over the Internet.

We take numerous steps to keep your account information secure. However, you must take precautions as well. Follow these tips to increase your online security:


General Computer/Network Security

  • Update your software frequently to ensure you have the latest security patches. This includes your computer’s operating system and other installed software (e.g. Web Browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
  • Automate software updates, when the software supports it, to ensure updates are not overlooked.
  • Maintain active and up-to-date antivirus protection provided by a reputable vendor. Schedule regular scans of your computer in addition to real-time scanning.
  • If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use security software and/or professional help to find and remove malware.
  • Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smartphones, and tablets).
  • Password-protect your computer network (wired or wireless). Log off or lock your computer when not in use.

General Online Security

  • Never click on suspicious links in emails, tweets, posts, or online advertising. Links can take you to a different web site than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
  • • Only give sensitive information to web sites using encryption so your information is protected as it travels across the Internet. Verify the web address begins with “https://” (the “s” is for secure) rather than just “http://.” Some browsers also display a closed padlock.
  • Do not trust sites with certificate warnings or errors. These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
  • Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
  • Always “sign out” or “log off” of password protected web sites when finished to prevent unauthorized access. Simply closing the browser window may not actually end your session.
  • Be cautious of unsolicited phone calls, emails, or texts directing you to a web site or requesting sensitive information.

Password Best Practices

  • Create a unique password for all the different systems you use. If you don’t, then one breach leaves all your accounts vulnerable.
  • Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it’s probably a scam.
  • Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
  • The longer the password, the tougher it is to crack. Use a password with at least eight characters. Every additional character exponentially strengthens a password.
  • Avoid using obvious passwords such as
    • your name
    • your business name
    • family member names
    • your username
    • birthdates
    • dictionary words
  • Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.

Taylor County Bank and Your Log-In Credentials

We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer.  If you receive such a request, do not provide any information.  Contact us at (270) 465-4196 to report the incident. We may, however, request your access ID, social security number or other personal information to verify your identity if you contact us requesting assistance with online services.

Reporting Suspicious Activity

If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship to Taylor County Bank, call (270) 465-4196 or visit any branch.

Consumer Protection – Regulation E

Regulation E provides rules for error resolution and unauthorized transactions for electronic fund transfers, which includes most transactions processed online. In addition, it establishes limits to your financial liability for unauthorized electronic fund transfers. These limits, however, are directly related to the timeliness of your detection and reporting of issues to Taylor County Bank. For this reason, we encourage you to immediately review your account statements and to regularly monitor your account activity online.

The "Electronic Fund Transfers" disclosure provided to you at the time of account opening provides detailed information. We will provide to you, upon request, a free printed copy of this disclosure.

Note: Regulation E does not apply to business accounts.

Additional Information for Business Users of Online Services

Due to their size and frequency, business transactions are inherently more risky than consumer transactions.  In recent years, there has been an increase in the number of online corporate account takeovers and unauthorized online fund transfers involving business accounts.

Recently, small- to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as those of larger businesses.  Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.

Recommended enhanced controls for businesses:

  • Perform a periodic risk assessment and an evaluation of the effectiveness of the controls in place to minimize the risks of online transaction processing.
  • Business customers should understand the security features of the software and web sites they utilize and take advantage of these features.  Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.

Mobile Banking Safety

As with all technology, mobile banking is subject to certain risks that you need to be aware of and plan for. Following these tips will help you have a safer, more secure mobile banking experience.

  1. Invest in an antivirus application for your mobile device to help protect you when downloading apps or mobile content.
  2. Never provide personal identification or banking information over your mobile device unless you initiate the contact and you know that you are dealing directly with your bank.
  3. Never share your password, account number, PIN or answers to secret questions. Do not save this information anywhere on your phone.
  4. Never set the app, web or client-text service to automatically log you in to your bank account. If your phone is lost or stolen, someone will have free access to your money.
  5. Set the phone to require a password to power on the handset or awake it from sleep mode.
  6. Remember, your bank would never contact or text message you asking for personal or banking information. Assume any unsolicited text request is fraudulent. Giving this information places your finances and privacy at risk.
  7. Immediately tell your mobile operator and your bank if you lose your phone.

For additional information about protecting your cell phone, read our Smartphone Security tips below.

Smartphone Security

  1. Set PINs and passwords. If your phone ends up in the wrong hands, your first line of defense is to require a PIN or password to unlock the screen.
  2. Use anti-virus software apps. Just like your computer, your smartphone is susceptible to viruses and other malware. You need a security app with the same features as the security software on your computer. Look for one that can detect viruses in web sites, texts, e-mail, files and apps.
  3. Install security apps that enable remote location, locking and wiping. Many apps allow you to locate your phone if it is lost or stolen. If you cannot find it, you may want to lock or wipe the data off of it to prevent someone from using it or looking through any personal information you may have stored on it. In many cases, you can find an anti-virus app that includes these features as well.
  4. Do not modify your smartphone’s security settings. You may be tempted to “jailbreak” or “root” your phone to access hidden features and unofficial apps. However, doing this can circumvent many of the safeguards that are built into the phone’s operating system, making it more vulnerable to unforeseen risks.
  5. Backup and secure your data. You should backup all of the data stored on your phone – such as your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased.
  6. Only install apps from trusted sources. Before you install an app, research it and make sure it is legitimate. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents.
  7. Understand app permissions before accepting them. Make sure to check the privacy settings for any app you install on your smartphone. You should be cautious to allow an app access to the personal information you have stored on your phone.
  8. Accept updates and patches to your smartphone’s software. Software, whether on your computer or on your phone, can have flaws that make it vulnerable to malware. As these flaws are discovered, the software developer will release updates to patch them, so it’s important to approve these updates when you see them become available.
  9. Turn off Bluetooth discovery mode. Unless you need to pair your phone to another device, turn this mode off. Leaving it on all the time will cause your phone to continuously advertise itself to other Bluetooth devices which could result in an unauthorized connection.
  10. Avoid public Wi-Fi hotspots. When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.
  11. Wipe data on your old phone before you donate, resell or recycle it. If you do not, you risk exposure of information that you may have forgotten was on your phone.
  12. Report a stolen smartphone. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider. This will provide notice to all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.
  13. Beware of text message spam. Spam can be sent by text message just like by e-mail. Exercise the same caution you would if it was an e-mail. Be very cautious about any texts you receive that contain links. If you do not expect it, you should not open the link. Doing so could expose your phone to unwanted software or unexpected charges on your next bill.

Phishing, Vishing, Smishing, & Pharming

Phishing, vishing, smishing and pharming are all methods used by criminals to fraudulently obtain personal information such as a social security number, bank account information, or credit card information. Each method has its own distinguishing characteristics, but they all have the same goal: stealing your money.

Phishing

Phishing is most commonly attempted through e-mail. A typical phishing message will appear to be from a well-recognized company that might have a need to know your personal information (i.e., a credit card or package delivery company). It generally contains a link to a web site that will either prompt you for your logon information for your account with that company (assuming you have one) or install malicious software on your computer without your knowledge. You may also be asked for financial information under the guise that a security compromise has occurred and the company wants to verify your records. Regardless of who the message appears to be from, you will notice a request for information or action on your part. Phishers will send the same message to hundreds or thousands of recipients knowing that many of them will blindly click any link and provide any requested information without a second thought.

Always use the following guidelines with your e-mail to avoid falling victim to a phishing attack.

  • Look at the sender and the subject of the message. If either looks suspicious, delete it.
  • Be cautious with links contained in any message, especially those from unknown senders. Hover the mouse over the link to check the URL. A link claiming to take you to Amazon.com’s sign-in page should probably contain Amazon.com somewhere in the URL. If it does not, beware.
  • Do not reply to messages requesting personal, sensitive information.
  • Watch for spelling and grammatical errors. These are very common in phishing e-mail.
  • Be extremely cautious with attachments, regardless of the sender. Files that have extensions of .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php and .zip can all install harmful files or software on your computer if you open them.
  • Do not be intimidated or scared into giving up information. Some phishing attempts will try to convince you that you are at risk financially if you do not confirm your account information. The reality is that by providing that information, you are putting yourself at risk.

Vishing

Vishing is the telephone version of phishing. Instead of e-mail messages with suspicious links or attachments, criminals attempt to fool you into giving them the same information in a phone call. Vishing uses social engineering techniques to trick you into providing information that can be used to access and use your financial accounts. For example, the fraudster may claim to be an employee of your bank who wants to warn you of some suspect charges on your credit card. In order to cancel those transactions, he needs you to verify your social security number and account number. This is information your bank should already have, so there is no need for you to provide it again. If you receive a call like this and feel uneasy about what you are being asked for, hang up and call the company back at a number known to be legitimate.

Sometimes criminals will become belligerent or threatening in an attempt to intimidate you into giving them the information they want. Do not be pressured into making this mistake.

To avoid becoming a vishing victim,

  • If you receive an email or phone call asking you to call back and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call.
  • Forward the solicitation email to the customer service or security email address of the organization, asking whether the email is legitimate.

Smishing

Smishing is a form of phishing that uses cell phone text messages instead of e-mail messages. The text message will contain a URL or phone number and will prompt you to take immediate action. If you click the URL, you face all the same risks associated with links in a phishing e-mail. If you call a number in the text, you may get an automated voice response system that will prompt you for sensitive information. Always delete smishing text messages and never reply to them.

Pharming

Pharming is a tactic used by criminals to redirect a legitimate web site to a fraudulent site. Unlike phishing and its variations, pharming does not try to trick you into clicking a URL or talk you into providing sensitive information. Instead, it uses malicious code to redirect you to the criminal’s site without your consent or knowledge, making it more difficult to detect. Also, be careful when entering financial information on a web site. Look for the key or lock symbol at the bottom of the browser. If the Web site looks different than when you last visited, be suspicious and don’t click unless you are absolutely certain the site is safe.