Online Fraud & Security
How to Protect Yourself
Whether you use a computer, laptop, phone or tablet to access your account information, make sure your device is secure and you are familiar with all types of frauds and scams.
- Keep your access device up-to-date with the latest patches and security updates.
- Review anti-virus, anti-spyware, and firewall software for current updates. Most security programs can be set to update automatically.
- Protect your personal information, account numbers, User ID & password, card numbers and PINs.
- Use caution when providing this information to persons/entities over the Internet or the phone.
- Only give out this information if you know how it will be used or shared and you have initiated the contact.
- Only provide the last four digits of your Social Security Number or Driver's License number when absolutely necessary.
- Install and update anti-virus software regularly. To learn more about computer security visit the FTC's Information Security website. (http://www.ftc.gov/infosecurity/)
- Make sure your computer/phone/tablet is updated with the most recent security updates. On most computers you can set updates to be completed automatically. This includes virus protection, malware protection, spyware protection and firewalls.
- Never send personal or account information using your personal email. To send this information to us, use the messaging feature in Internet Banking under the User Services tab.
- Immediately delete any emails from an unknown source prior to opening it. If you open a suspicious email, do not click on a links or attachments provided in the email.
- Be cautious of emails or pop-ups that warn you that your account may be at risk, fraudulent activity or charges exist on your account or convey a sense of urgency. These often include details of the suspicious activity requesting you respond to the email or 'click here' to visit their site to update your information.
- Prior to sending confidential information or financial transactions through a website, look for the lock icon on your status bar in the lower right corner. This signifies information is secure during transmission. By double clicking the padlock, you can view the security certificate. Also, look for the “s” in the "https" of the URL in your Web browser when engaging in financial transactions. This indicates scrambling or encryption of the communication.
- Keep your password confidential. Change passwords regularly using a combination of numbers, letters and special characters. Avoid using obvious passwords like mother's maiden name, children or pet names, Social Security Number or date of birth.
- Be careful when using a computer in a public area where someone could watch you enter your User ID and password. Do not use a public computer to access your account information.
- Review your account statements promptly and report any discrepancies or suspicious transactions immediately.
- Regularly delete your cookies and history from your computer.
- Do not keep unnecessary information you do not need in your wallet or purse.
- Check your credit report at least once a year.
- Shred or tear up statements, checks, credit card solicitations, charge receipts, expired cards and documents containing personal identifying information.
- Promptly pick up delivered mail and deposit outgoing mail at a postal mailbox or the post office.
- Erase the hard drive of a computer before disposing of it.
How can you make your password more secure?
Criminals will always gravitate towards the easiest money. The more barriers that you can put into place, the more likely the criminal will go elsewhere. The reason all financial institutions implemented new login procedures (known as multifactor authentication) a few years ago was to add a layer of security and deter criminals from your online account. Criminals adjust and so should you. Here are some easy DO’s and DON’Ts that you can use to steer criminals elsewhere:
- Install a reputable antivirus software program on all computer, tablets and phones and keep them current. This is the single most important thing you can do to protect yourself. While we do not endorse or recommend a particular product, some good solutions are Internet Security packages available from makers such as: Norton, McAfee, or Kaspersky; for phone apps you can choose Lookout, CM Security Antivirus, Avast, as well as others.
- Make your password as long and complex as possible. Our online banking system will require you to create a password at least 8 characters long.
- Make it easy to remember, but hard to guess. Use a combination of letters and numbers that you know, but that wouldn’t make sense to others. Combine initials and important numbers and, if you are feeling particularly adventurous, a special character such as @ or # or $ or & or *. A good password could be 17dg*Wm4. How can you make a similar combination work for you?
- Use more than one password. Use a generic password for low-risk situations such as a newspaper website where there is little risk to you if someone figures it out. Not every website warrants the same level of protection as your online banking website. To make your ever-growing list of passwords more manageable, consider using a general-purpose password for websites that do not contain personal or financial information, and creating a unique, secure password for each website that does, such as online Banking
- Use trustworthy computers. Shared public computers like those in airport lounges, Internet cafes, public libraries, and hotel lobbies could be connected to keystroke loggers or infected with password-stealing viruses. Don’t use them to access online banking or other websites containing confidential information about you.
- Never e-mail your password or respond to an e-mailed request for your password or other confidential information. We will never ask you to submit confidential information in an e-mail. E-mail travels the Internet in much the same way as a postcard travels through the U.S. Mail. There is no “envelope” to protect the contents from prying eyes. There is no reason for anyone but you to know your password ever. Requests for your passwords via e-mail are certainly scams.
- Do not include your login name in your password. Similarly, any part of your login name is a poor choice for a password.
- Avoid predictable sequences of characters, such as "1234" or "abcd", in your password. Automated password crackers often start by guessing predictable sequences such as these.
- Avoid dictionary words or names. Words in any language can be determined by automated password crackers that also contain multi-lingual dictionaries. Similarly, password crackers also contain lists of names used as possible passwords. No one else may remember the name of your high school sweetheart, but if his or her name is on the list, your password may be vulnerable.
Identity Theft and Fraud
At FCNB, we are committed to providing quality service to you, whether you visit us online, by telephone, or in person at one of our banking centers. We are dedicated to the responsible use and protection of your personal information. The policies below outline our commitment to protecting your privacy, regardless of how you conduct business with us.
Learn about identity theft, types of fraud and the latest scams aimed at obtaining your personal financial information and how to keep from becoming a victim. Review the How to Protect Yourself section above for more information.
Identity theft is when fraud is attempted or committed using identifying information of another person without their authority such as name, date of birth, social security number, or mother's maiden name. Fraud is committed when these criminals:
- Conduct unauthorized transactions on existing accounts.
- Take over an existing account through prolonged use or by emptying an account.
- Establish or attempt to establish new accounts (credit cards, loans, etc.) using acquired information.
Reporting Identity Theft
Contact your local FCNB branch immediately if you suspect identity theft has occurred.
Contact the three main credit bureaus to report fraud and request copies of your credit report. Fraud flags and statements will be added to your report saying that all potential creditors should contact you to verify credit applications.
- Equifax - to report fraud, call 1-800-525-6285. To request a copy of your credit report, call 1-800-685-1111.
- Experian - to report fraud or request a copy of your credit report, call 1-888-397-3742.
- TransUnion - to report fraud, call 1-800-680-7289. To request a copy of your credit report, call 1-800-916-8800.
Phishing involves the use of fraudulent email or internet browser pop-up messages that appear to be from a legitimate source, often using a company name, logo and/or graphic. A typical scam consists of:
- Receipt of an email message stating you need to update or validate your account information.
- The message suggests a dire consequence, such as your online access expiring or being suspended, if you do not respond.
- Via a link in the message, it directs you to a Website that looks legitimate, but it is not.
- THE INTENT IS TO TRICK YOU INTO DIVULGING YOUR PERSONAL INFORMATION, such as your account number, social security number, User ID or Password so they can commit crimes of a monetary nature or identity theft. It may also be an attempt to deliver and install malicious code (malware) that can harm your computer.
Reporting a Fraudulent Email
If you receive a suspicious email that appears to be coming from FCNB, please forward a copy of the suspicious email to firstname.lastname@example.org. If you discover a potentially phony Fayette County National Bank web site, please forward the Web address (URL) to email@example.com.
To report unauthorized transactions on your account, contact our Bookkeeping Department at 304-574-1212.
Lottery/Sweepstake scams offer recipients a percentage of the money transferred as compensation for their help. Individuals or companies who respond are asked to provide their account information in order to have the money transferred to them.
International scams involve unsolicited letters and emails that individuals or companies receive offering the recipient large sums of money for assistance in transferring millions of dollars to American banks. Once these scam artists have your account information, they not only don't transfer money to the account, they use the account information to steal money from the individuals or companies. These offers are originated out of the country, often from Canada and Nigeria.
One of the newest scams is the Account Manager or Money Transfer Agent. Recipients receive an email or advertisement on the web trying to recruit them to be an account manager or transfer agent for a fictitious company. These scam artists steal money from an unsuspecting person's account, then transfer the money into the manager/agents' account. The criminals then ask that the money be sent back to them. Again, the compensation the manager/agent gets to keep is a percentage of the money, as their 'commission'. This opens the personal accounts of the manager/agent up to fraud - and if the account is used in an online scheme, the owner can be liable for lost funds.
The Secret Service, which handles complaints related to these types of schemes, believes many people have responded to these requests for assistance and sent money, but did not reported their losses due to embarrassment.
Please keep in mind, there is NO legitimate reason for someone to give you money (in any form including money order, check or wire transfer) only to ask you to send the money back. It's illegal for a company to require you to buy something or pay a fee in order to win or claim a prize. Should you receive one of these letters, please do not reply, but report the letter to the Internet Fraud Complaint Center. (http://www.ic3.gov/default.aspx)
Fayette County National Bank will never ask a customer to provide, verify or update your personal information, account number, card number and PIN, User ID and Password, or other financial information via email, live or automated phone call, or text message. If you are contacted by any of these methods requesting personally identifiable or account information, do not respond.
Note: Remember, we may call you to verify card activity that appears suspicious or to provide you with information about products and services we offer.
To protect your account, your Visa Check Card transactions are monitored for potentially fraudulent activity which may include a sudden change in locale (such as when your card is used unexpectedly outside of WV or overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the US or the world. The Bank may choose to temporarily restrict the card until the activity can be validated. By informing us up front, you can prevent unnecessary inconveniences while traveling. Before you travel, please contact us to discuss your travel plans and for tips to assist with uninterrupted card transactions
If fraudulent Visa Check Card use is suspected, you will be called to validate the legitimacy of your transactions. Your participation in responding to our call is critical to prevent potential risk and avoid restrictions we may place on the use of your card.
- Our goal is to minimize your exposure to risk and the impact of any fraud to your account. To ensure we can continue to reach you whenever potential fraud is detected, please keep us informed of your correct phone number and address at all times.
Card Data Compromises
Many news reports have recently surfaced surrounding banks and merchants whose systems are hacked and card data is obtained. Fayette County National Bank takes an active role in reviewing these instances and is taking action to protect your account. If we receive a report that includes your information, we will:
- Immediately review your account activity and contact you if we find something suspicious.
- Send you a new card if the data obtained puts your account at risk. If we do this, we will allow you to continue using your existing card for a period of time until you receive your new card. During this interim period, we will continuously review your account activity and look for suspicious transaction activity.
Fayette County National Bank monitors your transaction activity and looks for suspicious transactions that might fall outside of your normal spending patterns. If we find something suspicious, we will temporarily restrict your card and make attempts to contact you. Once we're able to validate the legitimacy of your transaction, we'll reinstate your card. In addition to this, we recommend the following things to help keep your personal information and accounts safe:
If your debit card is lost or stolen, contact our Debit Card Department as soon as possible at (304) 574-1212 to close the card. If you need to report a lost or stolen debit card after our business hours, please call 1-800-264-4274. After you card is closed, please come to the bank in person to apply for a new debit card.
You will never be contacted directly by companies like MasterCard® or Visa® to verify personal or card information, your PIN or to request that you transfer funds or process transactions to protect your account.
- Make a list of debit card, credit card, and bank account numbers, as well as the customer service telephone numbers for each. Keep this list in a safe and secure place so you can easily notify the necessary companies in case you lose your wallet or purse. This will also mitigate the risk of fraud.
- Whether at home or traveling carry only credit and debit cards that are necessary.
- Memorize your Personal Identification Number (PIN). Never write it on the card or anywhere else it could be compromised.
- It's not a good idea to use the last four digits of your social security number, date of birth, address or numbers that may be easily obtained by identify thieves as your PIN.
- Never give out your credit or debit card numbers over the telephone or on the internet unless you have a trusted business relationship with the person or company.
- Never leave credit or debit cards lying around where anyone has access to them.
- Always keep your receipts for card purchases or withdrawals. Never throw them in a public trash container where they could eventually be found.
Be aware if a merchant takes your card out of your sight for an extended period of time. Most merchants will process transactions within your view. If you become suspicious, contact the bank or your credit card financial institution to warn of possible fraud on your account.
Always carefully review credit card and bank statements upon receipt. If there is suspicious activity on your account, notify the Bank or Credit Card Company immediately.
"Skimming" is a method by which thieves capture the magnetic stripe data from your card and use it to create a new, counterfeit card. These counterfeit cards are then used to process unauthorized transactions against your account. There are two main methods of skimming card information:
- A small device that appears to be a part of the machine is placed over the card insertion slot of an ATM, gas pump, or other self-service kiosk. As you slide your card into the ATM, this device "reads" the data on the stripe and either stores it or transmits it to a nearby location. Often times, there is also a small, hidden camera that captures your keystrokes as you input your PIN into the machine.
- The device is carried by an employee in a merchant's store location. When the employee walks away with your card to complete your transaction, they swipe the card through the skimming device and capture the magnetic stripe data.
How to Protect Yourself:
- Look at the ATM, gas pump or self-service kiosk before using it. If it doesn't look right, don't use it.
- If you see an attachment on an ATM that looks suspicious, don't use the ATM. Notify the institution that owns the machine as soon as possible. If it's a FCNB ATM, notify the affected branch or contact us at 304-574-1212.
- Never give your PIN to anyone or write it on your card.
- Review your monthly statements immediately and notify us of any discrepancy by contacting our Bookkeeping Department at 304-574-1212.
Reporting ATM or Debit Card Fraud
To report suspicious activity on your card or account, contact us immediately at (713)-666-2511during regular business hours. To report fraud or a lost or stolen debit card after hours, call (800) 554-8969.
Telephone/Cell Phone Fraud
Fayette County National Bank will never ask a customer to provide, verify or update their personal information, account number, card number and PIN, User ID and Password, or other financial information via email, live or automated phone call, or text message. If you are contacted by any of these methods requesting personally identifiable or account information, do not respond.
Note: Remember, we may call you to verify card activity that appears suspicious or to provide you with information about products and services we offer.
"Vishing" stands for voice-phishing. Vishing involves the use of email, voice messages, automated calls, or text messages that appear to be from a legitimate source, such as a debit or credit card issuer, financial institution, police department, etc., but are, in fact, criminals that are attempting to gain information to be used for illegitimate purposes.
A scam often consists of:
- Receiving an email, voice mail, or text message which asks the recipient to call a phone number; you are directed to an automated system or customer service representative that asks you to enter your account number, debit card and PIN, Social Security Number, or other personally identifiable or financial information.
- Receipt of a text message asking the recipient to reply to the message in order to:
- Activate an account or newly issued debit/credit card by entering the account number or the card number and/or PIN
- Verify that a debit/credit card is in their possession by entering the 3 digit verification number on the back of the credit card or card number and/or PIN
- To reactivate their account or debit/credit card, commonly used to make people think that it's recently been suspended or deactivated
- Receipt of an automated call stating the recipients account or card has been blocked. They are directed to select a menu option and asked to enter account number, debit/credit card and PIN, Social Security Number, or other personally identifiable or financial information.
THE INTENT IS TO TRICK YOU INTO DIVULGING YOUR PERSONAL INFORMATION, such as your account number, social security number, User ID or Password so they can commit crimes of a monetary nature or identity theft. If you believe the call may be legitimate, tell them that you will call them back, call the bank or the customer service number provided by the financial institution at the time the account was opened or the number on the back of the debit/credit card.
If you do not know who is making a request for personal information, delete the text message/email/voice mail or hang up.
Never give out personal information, such as your social security numbers, bank account numbers or ATM/debit/credit card numbers, to anyone you do not know.
Criminals set up an automated system to text people in an area code. The victims receive messages like: "There's a problem with your account," or "Your ATM card needs to be reactivated," and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims' bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.
Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing attacks may become even more attractive and lucrative for cyber criminals.
Don't respond to text messages from unknown or blocked numbers on your mobile phone.
Treat your mobile/smart phone like you would your computer…don't download anything unless you trust the source.
Don't respond to unsolicited e-mails or texts or phone calls requesting personal information, and never click on links or attachments contained within unsolicited e-mails or texts.
"Phone-by" Download Scam
Criminals try to get users to Download Malware from a malicious website. Phone scammers try to convince you to install a piece of software that would allow them to remotely monitor and control your computer.
While you are using your PC, you receive a call from a "call center" telling you that your PC was about to crash and that they were calling to assist you. The call center representative advises you to log onto a website and provides the web address. Then the criminal tells you to click on a link on that website called 'Remote Assistance' which would enable them to have access to your PC.
Another variation of the scam consists of someone calling and saying they were "technical support" from the user's Internet Service Provider, and emphasized that it was not a sales call. The caller asked if users' computer had been running slow lately, or if you had seen "404 or 403 errors" when surfing the web, etc. The caller asks: "Can you turn on your computer, and bring up a web browser? You respond "It's already up?" Now go to this website ... and click on the 'Remote Assistance' icon." The "Remote Assistance" icon is a link to a file which contains malware to monitor and control your PC.
- Be suspicious of unsolicited phone calls/messages or email from individuals asking about your computer or you, or soliciting personal or sensitive client or confidential company information.
- If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not reveal personal or financial information, and do not respond to email solicitations for this information. This includes following links given by unknown individuals or sent in emails or opening attachments.
- If you do not know who is making a request for personal information, delete the text message/email/voice mail or hang up.
ATM Safety Precautions
As with all financial transactions, please exercise discretion when using an ATM or night deposit facility. The following suggestions may be helpful.
- Be aware of your surroundings, particularly at night.
- Consider having someone accompany you when the automated teller machine is used after dark.
- Refrain from displaying your cash at the ATM. As soon as your transaction is completed, place your money in your purse or wallet. Count the cash later in the safety of your car or home. Do not leave your receipt at or near the ATM.
- It is appropriate to politely ask someone who is uncomfortably close to you to step back before you complete your transaction.
- Consider using another automated teller machine or coming back later if you notice anything suspicious. If you are in the middle of a transaction and you notice something suspicious, cancel the transaction, pocket your ATM card and leave.
- Go to the nearest public area where people are located if you are followed after making a transaction.
- Do not reveal your Personal Identification Number (PIN) to others. Avoid allowing others to view your PIN entry into an ATM. Memorize your PIN and do not write your personal identification number or code on your ATM Card.
- Report all crimes to law enforcement officials immediately.