• Online Banking Security with the State Bank of Richmond
• Identity Theft
• Online Scams
  • Phishing
  • Pharming
  • Spyware
• How to Practice Safe Computing
• Major Credit Bureaus

Online Security is a top priority with the State Bank of Richmond. We are committed to providing safe and secure access to your accounts through Online Banking and have taken all the precautions necessary to ensure the highest level of protection. You can be sure that access to your account(s) and your account information is private, secure and confidential.

User ID and Password –You will choose your specific Access ID and Initial Password when you enroll for Online Banking. Your password should never be written down or shared with anyone. Passwords are required to be changed every 90 days and need to consist of both alpha and numeric characters. If you forget your Access ID or Password, you can click on the “Forgot Your Password” link and follow the security steps to send a temporary password to the email listed in your Profile, or you can contact us at 320-597-2145 and we will reset your password after we verify your identity. We suggest to always logout or close your browser after completing your online transactions.

Advanced Authentication for Online Banking Security –We provide multifactor authentication for our Online Banking Customers. The first part involves user authentication – how we identify you when you log into Online Banking. For computers that you use regularly to access Online Banking, you will have the opportunity to “register” that computer with us. Logging in using a known computer gives us another way of identifying you. You will be asked to set up a series of Challenge questions, which will be used to help identify you when you are logging into Online Banking from an unknown computer.

The second part involves institution authentication – how you verify that you are entering our legitimate State Bank of Richmond web site. You will have the ability to create your own unique welcome phrase and image, which will appear each time you log in. This will be another way you can tell you are entering our legitimate bank website.

Encrypted Software –Once your Online connection is established your Access ID and Password are encrypted using Secure Socket Layer (SSL) technology. Secure Socket Layer encryption protects information sent over the Internet by scrambling the information into a secret code, keeping your information secure and ensuring that no one else can read it. You can determine that encryption is being used and that you are connected to a secure server by looking for two things:

1. A small key or padlock in the status bar on the bottom of your browser indicates that your session is secure and encrypted. A locked padlock, or a key, indicates a secure connection and an unlocked padlock, or a broken key, indicates an unsecure connection.
2. Another way to verify that your session is secure is to look for https:// in the URL rather than the normal http://. The “s” following http indicates that the session is secure.

Our Privacy Policy – We are serious about protecting your privacy and will follow our procedures to ensure the safety of your account information. Click here to view our Privacy Policy.

Protect Your PC - To prevent computer problems and keep your information safe, it is extremely important to take preventative measures by using anti-virus software and following these guidelines:

1. Install and use virus management software on your computer. Be sure to use it each time you download files.
2. Keep your virus protection software up-to-date (product upgrades, signature files, etc.). Stay current with the latest anti-virus releases and patch levels for the software you use.
3. Only use virus management software from reputable vendors.
4. Use caution when downloading and running programs with executable (.exe) files or those which may contain data that cannot be scanned or filtered by anti-virus software.
5. Be certain that you know the origin of e-mails that contain attachments. Do not open an attachment from an unknown source.

E-mail sent from the State Bank of Richmond – Other than for E-Statement Delivery, we will NEVER send e-mails requesting personal information. We will NEVER ask you to “verify” information. We will NEVER ask you to click on a special site link to do so. While e-mails of this nature may look like they are from us, and even use our logo, they are most likely a “phishing” scam (see “Phishing” description below). DO NOT ANSWER THEM. If you receive an e-mail supposedly from us, please call us to confirm it first.

Identity Theft is when someone steals your personal information to use for illegal purposes – it is a crime that can damage your credit, your reputation, and your peace of mind. You can reduce the possibility of becoming a victim by keeping your personal information secure.

How to Protect Yourself

• If bank accounts were set up without your consent, close them.
• For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, http://www.ftc.gov/bcp/edu/microsites/idtheft/ or toll-free, 877-438-4338. The TTD number is 202-326-2502. Ask for a free copy of Take Charge: Fighting Back Against Identity Theft, a guide that will help you guard against and recover from your theft – and guard against it in the future.
• Contact your local police department to file a criminal report.
• Contact the Social Security Administration’s Fraud Hotline to report unauthorized use of your personal identification information. Their number is 1-800-269-0271 or report online at http://oig.ssa.gov/report-fraud-waste-or-abuse.
• Notify the Department of Motor Vehicles of your identity theft.
• Check to see whether an unauthorized driver’s license number has been issued in your name.
• Notify the passport office to be on the lookout for anyone ordering a passport in your name.
• File a complaint with the Internet Crime Complaint Center (IC3) by visiting their Web site: www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet. For victims of Internet fraud, the Center provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.
• Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

Identity Theft Resources

http://www.ag.state.mn.us/ – Minnesota Attorney General’s Office publication Guarding Your Privacy

http://www.ftc.gov/bcp/edu/microsites/idtheft/ - The Federal Trade Commission’s Identity Theft Site

http://www.justice.gov/criminal/fraud/websites/idtheft.html - Department of Justice Web site

http://www.ic3.gov – Internet Crime Complaint Center

“Pfishing” (FISHing)

Phishing involves the use of seemingly legitimate e-mail messages and Internet Web sites to deceive you into disclosing sensitive information, such as account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PIN’s). In most phishing schemes, the fraudulent e-mail message will request that you “update” or “validate” your personal information in order to maintain their accounts, and direct you to a fraudulent Web site that may look very similar to the Web site of the legitimate business. These Web sites may include copied or “spoofed” pages from legitimate Web sites to further trick the recipient into thinking they are responding to a bona fide request.

Act immediately if you’ve been hooked by a phisher.If you provided account numbers, PIN’s, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, http://www.ftc.gov/bcp/edu/microsites/idtheft/ or toll-free, 877-438-4338. The TTD number is 202-326-2502.

Even if you didn’t get hooked, report Phishing: We suggest reporting phishing e-mails or spoofed Web sites to any of the following groups:

• Forward the e-mail to the Federal trade Commission at spam@uce.gov. Always include the entire original e-mail with its original information intact.
• Notify the Internet Crime Complaint Center of the FBI by filing a complaint on their Web site: www.ic3.gov.

‘Pharming’ – Pharming is the process of redirecting Internet domain requests to false Web sites to collect personal information. Information collected from these sites may be used to commit fraud and identity theft. Online Banking customers should install current versions of virus detection software, firewalls and spyware scanning tools to reduce computer infections, and regularly update these tools to combat new threats.

Spyware - Spyware is a form of software that electronically collects – or can intercept - personal and confidential information about a person without their knowledge or informed consent, and reports it to a third party. The data collected may include account numbers, Social Security numbers, passwords, or other sensitive and personal information that puts privacy at risk.

It may be installed on your computer by being downloaded with other Internet downloads in a practice called “bundling”. In many cases, all the licensing agreements on software you download may be included in one pop-up window that, unless read carefully, may leave the user unaware of “bundled” spyware. It can also be automatically downloaded when a user opens or views unsolicited e-mail messages.

Spyware Detection and Prevention

• Installing and periodically updating anti-spyware, virus protection and firewall software.
• Adjusting browser settings to prompt the user whenever a Web site tries to install a new program.
• Carefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand.
• Maintaining software patches to operating systems and browsers.
• Do not open e-mail from untrustworthy sources.

Here is a list of recommendations to follow in order to avoid becoming a victim of scams:

1. Be suspicious of any e-mails with urgent requests for personal financial information. Phishers have been known to include upsetting or enticing (but false) statements in their e-mails to get people to react immediately. Be suspicious of any e-mail that asks for personal financial information, user names, passwords, credit card numbers, Social Security numbers, etc.
2. Be careful of e-mails that are not personalized and/or may contain spelling errors and/or awkward syntax and phrasing. Many phishing e-mails are sent in great bulk and, therefore, are not personalized. Many also are being sent from other countries from individuals for whom English is a foreign language, thus resulting in misspelled words and awkward syntax and phrasing.
3. Do not use links in an e-mail to get to any Web page. Instead, call the bank on the telephone to confirm the address, or log onto the Web site directly by typing in the Web address in your browser.
4. Only communicate information, such as credit card numbers or account information, via a secure Web site or the telephone. When submitting financial information to a Web site, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with “https”. A secure Web server designation can be found by checking the beginning of the Web address in your browser’s address bar – the address should be begin https://... Rather than just http:// .
5. Memorize your passwords and PIN numbers. Don’t leave them in your wallet or on your desk where someone else could find them.
6. Regularly monitor your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate. One of the real advantages of banking online is being able to regularly review your account for unauthorized or unusual activity. If anything is suspicious, contact us immediately at 320-597-2145.
7. Ensure that your browser is up to date and security patches applied. Always visit your browser’s home page to download the latest security updates even if they don’t alert you to do so.

Order a free copy of your credit report every year from the three credit reporting agencies and make sure all the information is correct, especially your name, address, and Social Security number. Look for indications of fraud, such as unauthorized applications, unfamiliar credit accounts, credit inquiries and defaults and delinquencies that you did not cause.

You can call one number (1-877-322-8228), and request the report from all three credit bureaus at one time or you can call each one separately as listed below. You can also request your free report by visiting the Web site www.annualcreditreport.com.

Equifax – www.equifax.com

• To order your report, call: 800-685-1111 or write: P.O. Box 740241 , Atlanta , GA 30374-0241
• To report fraud, call: 800-525-6285 and write: P.O. Box 740241 , Atlanta , GA 30374-0241
• Hearing impaired call 1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.

Experian – www.experian.com

• To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002 , Allen , TX 75013
• To report fraud, call: 888-EXPERIAN (397-3742) and write: P.O. Box 9530 , Allen , TX 75013 . TDD: 1-800-972-0322

Trans Union – www.transunion.com

• To order your report, call: 800-888-4213 or write: P.O. Box 1000 , Chester , PA 19022
• To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton , CA 92634 TDD: 1-877-553-7803.