Security Center

ONLINE BANKING UPDATE....

On December 3, 2014, our Online Banking provider will disable SSLv3 as the protocol has potential for vulnerabilities. If you have issues access Internet Banking, verify you are on the latest browser version (IE, Firefox or Chrome). For IE, if it’s a supported version of IE, check Internet Options -> Advanced Tab -> Under Security and verify they have checked all of the Use TLS 1.0, 1.1, and 1.2.

 

October is National Cyber Security Awareness Month (NCSAM).  The Department of Homeland Security (DHS) in their commitment to assist the industry in protecting the cyber networks of our Nation’s critical infrastructure, has listed the following ways consumers on an individual basis can also play a role in cyber security:

  • Read the privacy policy of a company or vendor before purchasing a product or service.
  • Beware of requests to update or confirm personal information online.  Most organizations – banks, universities, companies, etc. – do not ask for  personal information over e-mail.       
  • Make sure websites that ask for personal information (to pay a utility bill, for example) use encryption to secure their sites.
  • Learn about steps to enhance security and resilience in local businesses and communities, and how to handle certain events.
  • If you run a business, make a plan to help keep your employees and community safe during an emergency and enhance your ability to recover operations quickly.  If you are an employee, ask your management whether there are plans in place and request a copy.
  • Report suspicious activity.
  • Understand what kind of information is being shared and use any security controls available to increase privacy.
  • Make sure your devices are operating on the latest software.
  • Be aware of product recalls for devices you own.

More information regarding cyber security and the above tips can be found on the DHS website.

Password Hints

  • Five passwords you should never use

             o   Password - common password don't use it
             o   Letmein - Recommend that you use passphrases that are memorable.  Just don't use this one. It ranks high on several lists of the most-used passwords.
             o   Monkey - this is very common and it is too short.
             o   Don't use any passwords that are easily guessed, this includes your name, children's name, spouse's name, Date of Birth, address, etc.
             o   12345678 - avoid any sequence of numbers or letters this is easily guessed

  • Don't use the same password for multiple sites. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking sites.
  • Change your passwords frequently.
  • Use strong passwords - these should be no less than 8 characters and  include capitals, special characters and numbers.  The longer the password the harder it is to guess or use algorithms to guess.

Security Alert - Paytime, Inc. Data Breach

We have been made aware that Paytime, Inc., a regional payroll processing company. has experienced a data breach.  Any individuals affected should be notified by their employer and will receive notification from Paytime about free credit monitoring service.

If affected, we recommend you contact your financial institution about all your accounts and take advantage of the free credit monitoring service.

REMINDER:

The same password should not be used on multiple websites and payment networks.  A security breach was recently announced by eBay and they are requesting their users to change their password.  If you are an eBay user and use the same password for your Online Banking access, we recommend that you change your Online Banking password as soon as possible.

 

Online Banking Change

Effective Monday, May 19, 2014, the image and passphrase will no longer be displayed on the password page. You can easily verify this site’s identity and security by verifying https appears and the website address bar is green.   You will continue to log in using your user id, password, and security questions (as applicable).  Your accounts will continue to be protected through advanced device forensics that authenticates your computer and various devices.

 

"Heartbleed"

We recommend that you change your account password and security questions for The First National Bank of Mercersburg’s online banking as soon as possible.  Recent discoveries of the “heartbleed” security issues throughout the internet make most secure computer connections vulnerable.  Any passwords or authentication criteria you use to securely connect to other computers on the internet should be changed as soon as you can confirm that the effected website(s) has been updated.  Our Online Banking was updated to address this vulnerability on April 9, 2014. 

Our Online Banking vendor has been and will continue to monitor any attempts to exploit this specific vulnerability and will notify us immediately if there is any evidence of any attempts.  At this time there has been no evidence that the limited number of systems that were vulnerable were improperly accessed due to this issue.

If you have questions, please contact us at 877-328-3121 or any of our Community Offices.  Thank you for choosing The First National Bank of Mercersburg.

 

 

Tax identity theft awareness week is January 13, 2014 - January 17, 2014, please click the link to the Federal Trade Commission for more information.

 

The First National Bank of Mercersburg will be issuing new debit cards to customers impacted by Target data breach.
The First National Bank of Mercersburg (FIRST) is taking steps to protect you and we are monitoring all accounts that may be affected by this breach.  FIRST will be closing all debit cards that were used in any Target Retail Store during the timeframes listed below and will issue replacement cards with new numbers. 

Frequently Asked Questions:

If I used my FIRST debit card while shopping at Target between Nov. 27 and Dec. 15, 2013, what do I need to do?
FIRST has determined which customers’ cards may have been compromised. A representative at FIRST will be contacting you and will automatically mail new cards and PINs separately to impacted customers.  There is no charge to customers for receiving the new cards; this service is provided by FIRST as part of our commitment to maintaining the security of customers’ accounts.

What should I do as a result of this data breach?
If you shopped at Target during the dates in question, watch your mail for a new FIRST debit card. Be sure to activate your new card immediately, following the instructions included with the card.  Be sure to destroy your old debit card.

What should I do to protect against fraudulent transactions?
FIRST uses technologies to scan for potentially fraudulent transactions. Review any transactions on your accounts – either through online banking or by reading account statements – and immediately report any transactions that you did not make by calling 1-877-328-3121. 

I have a Target REDcard that is linked to my bank account. What should I do?
Questions about REDcards should be directed to Target, which issued the card. 

We are also aware of reports of phishing scams trying to take advantage of this data breach. If you receive an email or social media message claiming to come from Target or a bank, please proceed with extreme caution. It may be a fraudulent message attempting to trick people into releasing personal information. Do not click on links in unexpected emails. Instead, contact the organization using a phone number or separate secure email that you know is safe. Please remember that FIRST will never contact you and ask for account numbers or card numbers.

 

Lost or stolen access device

Report a lost or stolen First National Bank of Mercersburg Debit or ATM card - call 1-800-472-3272

Report a lost or stolen First National Bank of Mercersburg Elan Visa credit card- call 1-866-234-4691

 

Beware of Fraudulent Phone Calls

Beware of fraudulent phone calls asking for personal or account information. The First National Bank of Mercersburg will never call you to ask for personal or other identifying information.  Please feel free to call any of our community office locations to verify any requests for your financial information.

Technology Safety

The Internet = A World of Opportunities

Look what's at your fingertips

  • A way to communicate with friends, family, colleagues
  • Access to information and entertainment
  • A means to learn, meet people and explore

Online Security Versus Online Safety

Security

We must secure our computers with technology in the same way that we secure the doors to our offices

Safety

We must act in ways that protect us against the risks and threats that come with Internet use

Primary Online Risks and Threats

To PC Security

To Personal Information

Viruses

Online fraud and phishing

Worms

Hoaxes

Trojan Horses

Identity theft

Spyware

Spam

Primary Threats to Computer Security

Viruses/Worms

Software programs designed to invade your computer, and copy, damage or delete your data

Trojan Horses

Viruses that pretend to be programs that help you while destroying your data and damaging your computer

Spyware

Software that secretly watches and records your online activities or sends you endless pop-up ads

Primary Threats to Personal Online Safety

Spam

Unwanted e-mail, instant messages, and other online communication

Phishing

Fraudulent e-mails, appearing to be from a trusted source such as your bank, or a government agency, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers and passwords. These sites are often designed to look exactly like the site they are imitating.

  • Never click on the e-mail link that is provided, type in the known URL.
  • Before submitting any financial information look for the "lock" icon on the browser status bar or look for "https" in the web address.
  • Your bank does not need to call you for personal information such as username, or passwords.

Identity Theft

A crime where con artists get your personal information and access your cash and/or credit

Hoaxes

E-mail sent by online criminals to trick you into giving them money

Spoofing

Web spoofing allows an attacker to create a "shadow copy" of any legitimate website. Access to the shadow website is funneled through the attacker's machine, allowing the attacker to monitor all of the victims activities, including any passwords or account numbers the victim enters. Phishing and spoofing often go hand-in-hand in Internet fraud.

  • Be aware of all unsolicited or unexpected e-mails from all sources.
  • If an unsolicited e-mail arrives, treat it as you would a phishing source.

Steps You Can Take

Your computer

  1. Turn on an Internet firewall.
  2. Keep your operating system up to date.
  3. Install and maintain antivirus software.
  4. Install and maintain antispyware software.

Yourself

  1. Practice Internet behavior that lowers your risk.
  2. Manage your personal information carefully.
  3. Use anti-phishing and anti-spam technology built into Windows 8, Windows 7, Windows Vista, Windows XP, SP2, Windows Live, Microsoft Outlook.

Four Steps to Protect Your Computer

Turn on an Internet Firewall

An Internet firewall is like a moat around a castle, creating a barrier between your computer and the Internet

Keep Your Operating System Up-to-date

Install all security updates as soon as they are available. Automatic updates provide the best protection.

Install and Maintain Antivirus Software

Antivirus software can detect and destroy computer viruses before they can cause damage. Just like flu shots, for antivirus software to be effective, you must keep it up to date, don't let it expire.

Install and Maintain Antispyware Software

Use antispyware software so unknown software cannot track your online activity and potentially steal your information.

Other Ways to Protect Your PC

Back Up Your Files

Save to external device regularly
Use a Web-based backup service

Think Before You Click

Don't open e-mail attachments unless you know what they contain and who sent them.
Only download files from websites you trust.

Read Privacy Statements

Understand what you are getting before you agree to download or share your personal information.

Close Pop-ups Using the Red "X"

Always use the red "X" in the corner of a pop-up screen. Never click "Yes," "Accept," "No," or "Cancel" because it could be a trick that installs software on your computer.

Take Steps to Help Protect Your Personal Information

Practice Internet Behaviors that Help Reduce Your Risk

Delete spam, don't open.
Be on the lookout for online scams.
Use strong passwords.

Manage Personal Information Carefully

Do not share personal information in e-mail or instant messages.
Use only secure and trusted Web sites. Make sure you are where you think you are: Web sites can be faked.
Avoid financial transactions over wireless networks.
When in public, stay private.

Use Anti-Phishing and Anti-Spam Technology

Most e-mail providers and many e-mail programs contain Spam Filters. Many browsers include Phishing Filters to help identify and block suspicious sites.

Protect Your Identity

Ways Thieves Steal Your Information:

  • Stealing your purse or wallet looking for driver's license, medical insurance card, credit cards or other items that reflect personal information.
  • Stealing personal mail looking for bank statements, credit card statements, checks and other items that reflect personal information..
  • Dumpster diving by going through your trash cans in search of personal information.
  • Tricking you into providing personal information via email, mail, or phone
  • Posing as someone else or by misusing the name of a legitimate business to obtain personal information
  • Eavesdropping and shoulder surfing by listening to private conversations or watching over your shoulder while entering your PIN number or revealing personal information.
  • Skimming by running an unsuspecting customer's credit card through a bogus reader designed to copy the card number.
  • Pretexting, phishing, scamming, and spoofing thieves pretending to be from businesses with a seemingly good reason for needing your social security number and/or mother's maiden name.
  • Family theft relatives who have access to your financial records, social security number, etc.
  • Corporate data theft thieves hacking their way into corporate and banking databases, and steal physical files.  One method to gain access to account information, thieves will often fill out a change of address form in the victim's name.

Ways To Prevent Your Information From Being Stolen

  • Review your credit report periodically. To order call 1-800-322-8228 or go to website annualcreditreport.com
  • Read your bank, credit card or other statements for mistakes. Contact the business immediately when mistakes are detected or mail has not been received.
  • Shred documents that contain account or personal information.
  • Monitor and be alert for emails, texts, mail or phone calls requesting personal information.
  • Change passwords periodically. When changing or creating a password use a combination of alpha, numerical and special characters.
  • Look for websites that begin with "https" when buying on line. Encryption is used to help protect your financial information.
  • Install anti-virus and anti-spyware software on your computer for added protection.

What To Do If Your Identity Has Been Stolen

  • Contact a nationwide credit reporting company and request a fraud alert to be placed on your credit report.
    • Equifax 1-800-525-6285
    • Experian 1-888-397-3742
    • TransUnion 1-800-680-7289
  • Order your credit report and review for signs of fraud.
  • File a complaint with the FTC at ftc.gov/complaint or call 1-877-438-4338 and contact your local police department.

 

If you have any security questions or concerns, please contact us at 717-328-3121 or 877-328-3121.