Security Resources

Debit card/ATM

SAFETY TIPS

PREVENTING CARD FRAUD

  • Memorize your PIN. Don't write it on your card or anything you carry near your card.
  • Don't tell anyone your PIN or account number.
  • Don't loan anyone your card.
  • Report a lost stolen cards immediately. You may be liable for activity on your card if you do not report it as lost or stolen.
  • Report a suspected card compromise immediately, even if you still have the card in your possession.
  • NEVER give your debit card number or PIN over the phone, especially cellular phones.
  • NEVER respond to a link or phone number in an e-mail message requesting personal information. Phishers often use this scam to trick you into divulging personal data.
  • Only open email messages from a known or trusted source. Look for phishing red flags, such as poor grammar, misspelled words, vague instructions and generic greetings.
  • Report suspicious phone calls, messages or websites to the bank immediately to verify if they are legitimate.

NOW AVAILABLE: Shazam Brella

The Shazam Brella app is available in the Apple and Google Play Stores. Cardholders can set up alerts to quickly identify potentially fraudulent transactions. These alerts include:

  • Purchases exceeding cardholder-defined thresholds
  • Card-not-present debit transactions via phone, internet or mail
  • Suspicious or high-risk transactions (with the help of Shazam Falcon Fraud Monitoring)

The app also provides instant transaction control. Cardholders can instantly “pause” their card, without affecting previous transactions, if their card is lost, stolen or goes missing. If they find their card, they can easily unblock or “un-pause” their card. Faster than writing a check and safer than carrying cash.

Approaching the ATM

  • Avoid facilities in dark or remote locations.
  • If you see people lurking around the ATM or any other situation that makes you uncomfortable, find a different machine.
  • Take another person with you whenever possible.
  • Have your card ready.
  • Keep your doors locked and all passenger windows closed at a drive-up facility.

Using the ATM

  • Block the view of others by cupping your hand over the keypad as you enter your PIN and by standing between the terminal and any person who is waiting.
  • Remove your cash, receipt and card from the ATM after every transaction.
  • Pocket cash immediately when you make a withdrawal.

Caring for your card

  • Don't expose the magnetic strip to other magnetic objects, which can deactivate your card.
  • Record and file the name and phone numbers of your card's issuer for reporting loss or theft

ATM card safety provided by www.shazam.net.

The Bank of Tioga online

Personal banking best practices

Is my computer as secure as possible?

  • Be sure your computer is current with all operating system and application software updates.
  • Install anti-virus and desktop firewall software on all computer systems. Ensure virus protection and security software are updated regularly. Anti-virus is only secure if it has the most recent signatures and updates.
  • Watch for signs of spyware. This includes frequent pop-ups, unexpected icons on your desktop, random error messages and sluggish computer performance. Run a full system anti-virus and anti-spyware scan to safely remove any spyware.
  • Ensure computers are patched regularly with security patches, especially operating system and key applications.
  • Create a login password for your computer.
  • Always logoff when you are done working and close your browser session.
  • Never access bank, brokerage or other financial services information at internet cafes, airports, hotels, public libraries or any other networks that you do not control. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.
  • Subscribe to the FDIC Consumer News. This provides practical guidance on how to become a smarter, safer user of financial services. You can also read prior issues. To subscribe or view prior newsletters go to www.FDIC.gov, and in the search engine put "FDIC Consumer News."

Is my connection to the Internet as secure as possible?

  • Install a personal firewall to minimize your risks by blocking malicious traffic. New computers may be shipped with it on by default so please make sure it is on and receiving regular updates.
  • Look for the https:// in the URL bar and check for the lock icon when entering sensitive information onto a website. This indicates your communications are encrypted.
  • Keep the browser you use to connect to the Internet updated.
  • If you use a wireless router to connect to the internet, remember to change the default network name and password that came with the router.
  • Standard email is not a secure means of sending sensitive data such as account numbers, social security numbers, etc. Please provide these by mail, fax or telephone rather than by email.

Is my password as secure as possible?

The most effective passwords are at least 10 characters and use a mix of uppercase and lowercase letters, numeric or special characters. Do not use birth dates, names or other easily guessed information.

  • Each online account should have its own strong password so if one is compromised, the attacker does not have automatic access to your other accounts.
  • Do not use the same passwords for personal computing use that you use for business purposes.
  • Do not write your password or PIN down and do not share these with anyone.
  • Never check the "Remember Me" or "Remember Password" box if prompted.
  • Change the password a few times each year, perhaps even more than the required amount.

How do I recognize a scam?

A phishing scam typically consists on an email that tries to entice the recipient to "click" a link or download an attachment. A phishing scam targeting your financial accounts may consist of an email message notifying you of a "problem" with your account and ask you to click on a link to your "financial institutions" website and submit personal information. This personal information could consist of your social security number, debit card number, credit card number, account number, etc. and/or it may download malicious software onto your computer. The message often threatens a dire consequence if you do not respond immediately.

  • Never click on links or call phone numbers found within suspicious emails.
  • Open attachments from trusted sources only. If you are in doubt, do not open the attachment.
  • Be protective of your personal information. TS Bank will never ask you to provide sensitive information in a normal email.

Where can I find additional tips on staying safe online?

Find additional information on how to stay safe while online at staysafeonline.org. Their goal is to help make the internet safer and more secure for everyone.

Cash management best practices

Account controls and recommendations

Clients should be proactive about learning about account features that may protect their accounts, such as daily transaction limits, security alerts and secure access codes.

  • Recommend reconciliation of all banking transactions on a daily basis, preferably at beginning and end of day.
  • Recommend customers initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer, using separate computers.
  • Recommend out of band authentication at the transaction level. This requires a token and is currently an available option.
  • Review online banking user ID's and access levels with bank on a regular basis (ensures correct additions/deletions, etc.)
  • Do not have user ID's that contain sensitive information, such as account number or social security number.
  • TS Bank online users are provided a password generating token that uses eight numerical digits that change every 30 seconds. Users create a four digit PIN in combination with the eight digits from the token from their password.
  • Do not share usernames and passwords.
  • Change the password a few times each year, perhaps even more than the required amount.
  • Clients must familiarize themselves with the institution's account agreement and with the customer's liability for fraud under the agreement.
  • Immediately escalate any suspicious transactions to the financial institution, especially ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent further loss.

Internet controls and recommendations

  • Never access bank, brokerage or other financial services information at internet cafes, airports, hotels, public libraries or any other networks that you do not control. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.
  • Encrypt any wi-fi connections you may be using onsite.
  • Online banking users should question the authenticity of every email. Phishing email often appears to be from a financial institution, IRS, FDIC, NACHA, FBI or other government agency.
  • They may also appear to be from a known source, such as UPS, Fed Ex, etc. It may request account information or verification of banking credentials. We will not send you an email stating that our website is down, or your credentials have expired. Do not open the email. Opening file attachments or clicking on links could expose the system to malicious code that could hijack your computer.
  • Use a unique password for each website that you access. Using the same password for Online Banking that you use for other online accounts may put your account at risk if someone is able to capture that password.
  • Verify use of a secure session (https not http) in the browser for all online banking or when submitting or dealing with sensitive information online.
  • Avoid using an automatic login feature that saves usernames and passwords for online banking.
  • After using online banking, be sure to log out of the session and close out the Internet browser. Never leave a computer unattended while accessing online accounts.
  • Watch out for sudden pop-up windows asking for personal information or warning of a virus, or a warning of virus protection that has expired. This is called "scareware" because it frightens people into providing information, downloading malicious software or paying for removal.
  • Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers often will indicate if you are visiting a suspicious website.
  • Be careful if you download software onto a cell phone. Software download to a phone has the potential to contain spyware or malicious code, which could allow a hacker access to your online banking application. Before downloading online banking software, check with the financial institution to make sure this option is safe and supported.
  • Consider purchasing Cyber fraud insurance and "session protection" technology, such as those provided by Trusteer and Prevx.
  • Subscribe to the FDIC Consumer News. This provides practical guidance on how to become a smarter, safer user of financial services. You can also read prior issues. To subscribe or view prior newsletters go to www.FDIC.gov, and in the search engine put "FDIC Consumer News."

System controls and recommendations

  • Conduct all online banking activities from a dedicated, hardened and completely locked down computer. Do not allow access to any email or websites other than the online banking site.
  • Remove administrator rights on users' workstations to help prevent the inadvertent installation of malware or viruses.
  • Install anti-virus and desktop firewall software on all computer systems. Ensure virus protection and security software are updated regularly. Anti-virus is only secure if it has the most recent signatures and updates.
  • Consider a dedicated, actively managed hardware firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable.
  • Ensure computers are patched regularly with security patches, especially operating system and key applications.
  • Create a login password for your computer.
  • Always logoff when you are done working.
  • Do not write your password or PIN down.
  • If you outsource IT work, make sure you choose a reputable company and or qualified technical professional to manage your computer systems and network. The security of all of your company's data and information is dependent on the capabilities of the IT staff who maintains it.

If you have any questions about any of these suggestions/best practices, please refer to your company IT department or IT consultant. These recommendations were developed by multiple sources of industry professionals including the FDIC and NACHA for business customers that want to protect their online banking credentials and strengthen ACH and wire security. They in no way guarantee that you will not become a victim of corporate account takeover.

Mobile banking

Best practices

  • Consider a screen lock on your mobile device. Many mobile phones offer this option, as well as other customizable security settings.
  • Do not use your full or partial Social Security Number as your screen lock password.
  • Do not store sensitive account information in your phone.
  • Keep your operating system and all applications up to date with the latest software and security downloads. These may be referred to as "patches" or "security packs" and should be installed as soon as possible.
  • Do not open attachments or install free software from unknown sources.
  • Call your bank immediately if your phone is lost or stolen and change all account passwords from a computer as soon as possible.