Personal Privacy & Security
At Clinton Savings Bank your privacy and security are our highest priority. As such, we strongly advise that you never relay any personal and confidential information of any sort such as your social security, account numbers, login and/or passwords. If you should ever be contacted by some means (a phone call, an email or mail) asking for your banking information or notice a transaction on your account that you did not make, we advise you to call us as soon as possible informing us of the incident.
When accessing websites or online banking that require a login and password, always ensure that you see a padlock or key icon to the left of the URL (the website address) is correct and begins with https://. The ‘s’ in the link ensures that all data passed between the web server and browsers remain private. As in CSB’s clintonsavings.com website example below:
Also related to awareness of website types is being mindful of your Wi-Fi/hot spot connections. It is important to know that when you are on a public Wi-Fi connection you should be reluctant to input personal information on any site.
Clinton Savings Bank’s tools to help fight personal fraud:
A good practice to use Online/Mobile Banking to check the transactions on your account on a daily basis to ensure that nothing out of the ordinary has occurred. Also, be sure to sign up for text or email alerts offered by CSB’s Online & Mobile Banking to warn of suspicious activity on your account.
CSB also partnered with the CardValet ® app to work with your CSB Debit card empowering you to be able to turn your card on or off and set up spending alerts, assisting in fraud protection by way of:
- Real-time alerts keep you informed when your cards are used
- Transaction controls allow your cards to work only in specific locations or geographic areas
- When your cards are "off," no withdrawals or purchases will be approved
In addition, Clinton Savings Bank automatically implements a security alert system on all CSB Debit Cards, that provides you with the opportunity to validate or decline out of the ordinary transactions simply by replying to a text message.
A great resource for learning more to protect yourself is at mass.gov's Financial Cybersecurity for Consumers page.
In addition, education is the best defense and here are a few current topics on fraud protection and cyber security that are helpful to know:
What is phishing?
Phishing – pronounced “fishing” – is a type of scam criminals use to coerce consumers into sharing personal and financial information. Fraudsters create spoofed emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them. The email can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business. It often urges the consumer to act quickly, hinting that their account may be compromised in some way.
Types of phishing scams
There are a number of different phishing techniques, and each one is becoming increasingly sophisticated. The most common type is a fake email or text message (“smishing”) urging the reader to provide his or her credentials in order to update or verify account information. Another method, also through email or text message, encourages the recipient to click on a link, which often looks like a legitimate website, and provide personal information. Or, by clicking on the link the user downloads malware onto their computer or mobile device, allowing the phisher to steal information. There are many phishing websites, which are often fake bank websites offering credit cards or loans at a very low rate.
Scammers also attempt to steal information with a basic phone call, also known as “vishing.”
According to the Anti-Phishing Working Group, the financial services sector is one of the most targeted industries. Bank customers are attractive targets for criminals. They often send emails and create websites that are becoming increasingly sophisticated. Fortunately, the financial services sector is also one of the most prepared and proactive sectors due to their own diligence and regulatory requirements.
Bank customers can protect themselves by following a few simple rules:
- Never give out your personal financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
- Do not respond to an email that may warn of dire consequences if you do not validate your information immediately.
- When submitting financial information on a website, look for the padlock or key icon.
- If you believe you have responded to a spoofed email, contact your bank immediately.
What is a Data Breach?
Data breaches can fall into two categories: unintentional and intentional. An unintentional breach—often due to the negligence of an employee who mishandles or inadvertently exposes data—does not always lead to fraud. Intentional breaches occur when data is accessed, viewed, stolen or used by someone who is not authorized to do so. These types of breaches are often committed by criminals who target the company in an attempt to steal consumers’ personal and financial information. The criminal may use it to commit fraud or sell it to others. This often leads to new financial accounts in the victims’ names (also known as account fraud), counterfeit cards and phishing scams.
Where Data Breaches Occur
The Identity Theft Resource Center reported more than 900 breaches in 2016. The two sectors that reported the highest number of breaches were business (44 percent) and healthcare (36 percent). The financial services industry experienced the smallest number of breaches (4.5 percent). [For the latest statistics on data breaches, go to the Identity Theft Resource Center’s website at www.idtheftcenter.org/Data-Breaches/data-breaches.html]
Banks have a long history of safeguarding sensitive customer information. Unfortunately, the growth of the internet and electronic commerce have made storing, compiling and selling sensitive personal information easier for a large number of companies. In fact, unlike other businesses that have experienced security breaches, banks already have a regulatory system in place requiring them to address cyber threats and notify their customers when a data breach occurs. Also, Federal and state regulators have issued rules telling banks what to do if they have a data breach, including when to notify customers.
Clinton Savings Bank takes data breaches very seriously and uses many different systems to protect our customers’ information. We use a combination of safeguards to protect customer information—such as employee training, employee accountability, strict privacy policies, rigorous security standards, encryption, and fraud monitoring and detection software.
Our customers’ trust in Clinton Savings Bank is our most valuable asset. When a customer reports an unauthorized transaction, the bank will take measures to recover your loss and protect the account. We are committed to continuing the banking industry’s tradition of safeguarding confidential financial information.
CSB’s Online Banking Internet Security Policy
Online/Cyber security is a real concern in today's world. Our personal Online Banking service platform supports TLS 1.2 and employ the highest level of encryption depending on your device of access and, in most cases, utilize 256-bit encryption. When you enroll for Online Banking, you will create your own User name and Password during the self-enrollment process. As an added security measure, we recommend that you change your password every 90 days, however, you can change your password as often as you wish. In addition, repeated failed attempts will lock the service, and you must contact CSB during business hours at 888-744-4272 to reactivate the service.
Business Online Banking Security
Incidents of online fraud are on the rise in number and audacity. Clinton Savings Bank strongly suggests that best industry practices be employed to mitigate the risks associated with online fraud. There are strains of malicious software (malware) being introduced onto a computer system without the owner's knowledge or consent that may be undetected by anti-virus software. Some malicious software has the ability to lay dormant on a victim's computer until the victim accesses a banking website. Fraudsters intentionally target Small Businesses because they often lack proper defensive controls. Businesses are particularly encouraged to review the following recommended best practices for more ways to protect against online fraud:
- Use the most robust anti-virus and security software available and make sure it is active and automatically updated by the vendor on all computer workstations and laptops that are used to conduct Online Banking business
- Be aware of public Wi-Fi networks
- Educate your employees at least annually
- Monitor account activity often
- Review online activity by user and IP address
- Reconcile your accounts in a timely manner
- NEVER share company/user names and passwords or PINs (Personal Identification Number)
- Change passwords regularly - at a minimum every 90 days
- Use strong passwords that include numbers, symbols and/or capital letters
- Do not use the same password on multiple websites
- Avoid saving passwords to a computer
- NEVER access the Bank's website for online banking from a public computer at a hotel, library, coffee house or other public wireless access point
- Secure your Browser
- Use a Dedicated PC for online banking – no access to email or web surfing
- Utilize Dual Control features for outgoing monetary transactions (ACH & Wires)
- Set Online Alerts if available
- Log out when not in use
- Document your Policy and Procedures with regards to online banking
- Review your Policy and Procedures with your employees at least annually
- Should fraud be detected, have documented procedures in place. Include key contact information and steps to alert appropriate parties
- Consult your Insurance Agent for information regarding Cyber Liability Coverage
- Open a separate account for incoming wires and other instances in which you may need to give out your business account number
Summary of CSB’s Helpful Consumer Cybersecurity Tips:
- Update passwords. If you use the same password across multiple sites, be sure to update your passwords with unique passwords for different sites.
- Never give out your personal or financial information in response to an unsolicited phone call, text or email, no matter how official it may seem.
- Do not respond to an email that may warn of dire consequences or click on a suspicious link or popup.
- Contact the company to confirm the email’s validity using a telephone number or website you know to be genuine. Clicking on a link could give a criminal access to your personal information or direct you to a malicious site that encourages you to provide sensitive information.
- Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Report discrepancies immediately.
- When submitting financial information on a website, look for the padlock or key icon at the top or bottom of your browser, and make sure the internet address begins with "https." This signals that your information is secure during transmission.
- Report suspicious activity to the Internet Crime Complaint Center, a partnership between the FBI and the National White-Collar Crime Center at www.ic3.gov. If you believe you have responded to a spoofed email, contact your bank immediately so they can protect your account and your identity. For information on identity theft, visit the American Bankers Association's consumer page on identity theft and see additional resources on phishing at aba.com/consumers.