Online Security

    When you use online banking, you can rest easy knowing that having a safe and secure online and mobile banking environment is our number one priority. We provide the information here to educate you on ways that Monson Savings ensures the security of your account data and log in information.

    Safe Online Banking

    Online Banking, Data Security & You

    Partnering for online security

    Online banking has grown rapidly into a major new way to bank. Some surveys show that more people prefer to bank online than in the traditional ways. This phenomenal growth has been accompanied by increases in the safety and security measures undertaken by banks and their customers. But cyber-criminals are always looking for new ways to electronically break into the bank and steal your money.

    Safe online banking depends on continuing and strengthening this partnership for safe online banking:

    Banks invest substantially in security

    Lawmakers, regulators and the banking industry have forged substantive standards for safeguarding customers’ personal information.

    Uniform examination procedures are in place to monitor and enforce these standards, and bank examiners regularly go on-site to assess how bank security measures are being implemented, understanding that each bank has a different menu of products and services, and therefore differing security requirements. Some of the areas they look at include:

    • Access controls ensuring customer information can be accessed only by authorized persons, including use of multi-factor authentication when warranted.
    • Physical restrictions at computer facilities that permit access to authorized persons only.
    • Data encryption of electronically transmitted and stored customer information.
    • Modification procedures to ensure that changes are consistent with the approved security program.
    • Dual control procedures, segregation of duties, and employee background checks.
    • Monitoring procedures to detect actual and attempted intrusions into customer information.
    • Response programs specifying actions to be taken by specific individuals when the institution suspects unauthorized access.
    • Environmental hazard protections against physical damage or technology failures.

    Banks partner with you, the customer

    Your bank has security measures to protect your account information, but they can’t be effective without your help and cooperation. Many account hijacking attempts come as a result of hacking into individual user accounts, and from there electronically breaking into the bank using your information and security codes.

    Some common sense and easily implemented precautions can help you safeguard your personal information:

    • Strong passwords—advise against using easily guessed passwords such as birthdays or home addresses.
    • Anti-virus protections —Make sure the anti-virus software on your computer is current and scans your email as it is received.
    • Email safety—Email is generally not encrypted so be wary of sending any sensitive information such as account numbers or other personal information in this way.
    • Sign off and log out —Always log off by following the bank’s secured area exit procedures.
    • Don’t get phished—Crooks are always trying to get your personal information, and they employ some ingenious methods. Don’t respond to any unusual email requests for personal information—when you opened your bank accounts you already gave it. When in doubt, call your bank.
    • Monitor your accounts —When you check your accounts regularly, you can let your bank know immediately if you encounter anything that does not seem right.

    Helpful Hint: Studies show that those who monitor their accounts online often detect fraud earlier than those who rely solely on paper statements.

    Free credit reports your best tool

    When it comes to guarding against cyber-fraud, one of the most important tools at your disposal is your credit report. It details all of your credit transaction accounts, and will be the first place that unusual charges or entirely new accounts will appear. And you can monitor your report for FREE.

    Since Federal law permits consumers to obtain a free report annually from each of the three major credit reporting agencies, cyber-security experts advise that you to get a free report from a different agency every four months. Doing so will allow you to monitor your personal online security all year long.


    To order your free credit report,
    go to the only authorized source
    www.annualcreditreport.com
    1-877-322-8228

    Online and mobile threats

    Cyber-fraudsters want to earn their money the easy way—by stealing yours.

    Understanding how criminals try to trap you is your first line of defense:

    • Phishing —This is the criminal attempt to steal your personal information through fraudulent emails or smart-phone texts. They are often very believable, luring the victim to a site that asks them to provide (or “verify”) personal financial details such as account numbers and social security numbers. A variation is called Spear Phishing, which are electronic messages that appear to come especially to victims from their employer, usually a large corporation. Cyber-security experts often term the mobile phone version of phishing Smishing, playing off the SMS, or Short Message Service terminology used in text messaging. Remember: your bank will not send emails asking for your personal information—they already have it.
    • Card Skimming —This is a criminal’s attempt to gain a victim’s personal information by tampering with ATM machines. Fraudsters set up a device that can capture magnetic stripe and keypad information, such as PINs and account numbers. Using ATMs you know and trust—as well as examining the machine closely—can help thwart this type of theft.
    • Spyware—This is the term used for criminal software that a victim unknowingly loads on a personal computer. Once there, the spyware collects personal information and sends it to the criminal. Up-to-date security software is the best defense.

    Helpful Hint: Cyber-criminals often prey on those who are most vulnerable, such as senior citizens or young adults, who may not be as aware of the technical aspects of the threats. Make sure you alert any friends or family members who might be in this category. They’ll appreciate it!

    Resources

    Internet Crime Complaint Center: www.ic3.gov
    Consumer Fraud (Department of Justice Homepage): www.usdoj.gov
    Federal Trade Commission (FTC) Consumer Response Center: www.ftc.gov
    Consumer Guides and Protection:www.usa.gov
    Financial Fraud Enforcement Task Force: www.stopfraud.gov
    On Guard Online: www.onguardonline.gov
    U.S. Computer Emergency Readiness Team (US-CERT): www.us-cert.gov/ncas/tips


    Privacy and Security

    The privacy and security of the communications between you (your computer or mobile device's internet browser) and our servers is ensured using cryptography. Cryptography scrambles data exchanged between your browser and our online banking server. Encryption happens as follows:

    • When you go to the sign-on page for online banking, your browser establishes a secure session with our server. This secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption.
    • This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your Internet browser and our online banking server.
    • After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the data sent between your browser and our server. Both sides require the keys because the data needs to be de-scrambled (unencrypted) when it is received.

    The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the data that is transmitted. You can tell whether your browser is in secure mode by looking for a lock symbol at the bottom of your browser window.

    The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations increases, it becomes less likely that anyone or any other computer would be able to match the combination in order to decrypt the message. Internet browsers offer 40-bit or 128-bit encryption. Both result in a large number of combinations, 2 to the 40th and 2 to the 128th power. Our online banking servers require the use of 256-bit encryption to ensure the highest level of security for your data.

    An additional level of security is achieved through the use of proxy-based firewalls which route only authorized traffic, your log in attempt and requests for account data, to our online banking servers. These firewalls isolate your account data from the outside world and protect it from all unauthorized traffic.

    Effective May 2014, an Extended Validation Certificate (EV) will replace the pass phrase/image feature for access to Internet Banking. The certificate will change the Online Banking website URL address bar to green, providing customers with a visual confirmation that they are on a valid website. Additionally the name FISERV, Inc will appear in a new field to the right of the URL address bar.

    Information Collected on the Internet

    Monson Savings Bank does not require you to provide any personal information to obtain access to our website (except for information obtained through "cookies" as described below). Personal information from visitors to our website is often provided on a voluntary basis. For example, you may provide information to apply for a product or to use our online banking service. We do not disclose any personal information about visitors to our website except in accordance with our general privacy policy that is provided to our customers, or as otherwise permitted by law.

    The law requires parental consent to collect or use information from a child under 13. We do not knowingly collect personal information from children under the age of 13. Please do not provide us with any personal information if you are under the age of 13.

    The Monson Savings Bank website and our Internet Banking system may, from time to time, contain links to other sites. Monson Savings Bank is not responsible for the privacy or security practices employed by these third party sites. We recommend that you review their privacy policy before you provide any personal information.

    Monson Savings Bank may also collect non-personal information about you or your online activities whenever you visit our web site. We may use standard software to collect non-identifying information about our visitors, such as:

    • Date and time our site was accessed
    • IP address (A numeric address given to servers connected
    • Web browser used
    • City, state, and country

    The information detailed below may be collected and used to measure the number of visitors (but only in an aggregate and non-personally-identifiable form) to Monson Savings Bank's web sites and web pages, and to help make the web site more useful.

    • Use of any financial tools and calculators on our web site
    • The dates and times that you access a Monson Savings Bank web site
    • the web pages you visit
    • If you link to a Monson Savings Bank web site from other web sites, the address(s) of the other web sites
    • The types and versions of browser and operating systems you use to access a Monson Savings Bank web site
    • The Internet Service Providers ("ISP") and Internet Protocol ("IP") addresses from which you access a Monson Savings Bank web site (an IP address is a number that is automatically assigned to your computer whenever you are surfing the web)
    • The actions you try to perform (for example, downloading a document) and whether you are successful

    Monson Savings Bank may place "cookies" on your computer when you visit our web site. These are files that enable our web site to recognize return visitors. Cookies are lines of text that are transmitted to your web browser when you click on a link. Your browser stores the information on your hard drive and when you return to that site later, the cookie is transmitted back to the server that originally sent it to you. If you are an online banking customer and you choose to accept your computer as a secure device, a cookie will be placed on the device so you do not have to answer the security questions every time you log in. This is the only information stored and it is only stored on your personal device. Monson Savings Bank does not store any of your personal information in our cookies. The cookies we use are only for site management purposes and do not contain any sensitive information such as your password or account number.

    Authorization

    One of the most important security aspects of online banking is ensuring only authorized users log into online banking. We do this by requiring each user to create their own customer ID and password. When you submit your information to log in, it is compared to the data we have in our secure online banking server and either grant or deny you access to your account information. After a number of unsuccessful log in attempts, your account access becomes "locked" and cannot be accessed again until you call us to reinitialize your account. We monitor bad log in attempts to prevent someone from trying to guess your customer ID and password.

    Remember, you play a crucial role in preventing unauthorized access to your online banking:

    • Never use customer IDs or passwords that are easy to guess, such as:
    • Names, addresses, and phone numbers
    • Birth dates, social security numbers, etc.
    • Never reveal your customer ID and password to anyone
    • Do not let others watch you enter your customer ID and password
    • Always use the log off button instead of just closing the browser
    • Ensure the wireless network you use is password-protected, and choose a strong password and update it frequently for your work and home wireless networks. Likewise, always use a passcode on your mobile phone or tablet to stop an unauthorized user from accessing your device.
    • Never respond to text messages, emails or phone calls from companies alleging to be your bank, government officials or business representatives that request your banking ID, account numbers, user name or password. We will NEVER call or e-mail you to ask for this information.

    We recommend that you change your customer ID and password periodically by using the appropriate function in the User Options of your online banking.

    Security Pledge

    Monson Savings Bank stands behind the security of our Online Banking product and that is why we offer you this pledge:

    You will not be held liable for any funds improperly removed from your account as a result of online theft of your customer ID and password. This especially includes any loss due to the security features of Monson Savings Bank's Online Banking being compromised.

    You are, of course, responsible for keeping your customer ID and password, and any other personal financial information, confidential. Monson Savings Bank is not responsible for losses incurred due to the misuse of this confidential information.

    If you have additional security questions or need to contact us about stolen information or fraudulent activity, please call 413-267-4646.

    Business Online Security