As the electronic financial world gets more complex, online criminals become more sophisticated as well. In response, we have taken a comprehensive approach to meeting this growing threat.
We have evaluated the risks and threats listed below.
- Phishing – Fraudulent e-mails, appearing to be from a trusted source, directing you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers, and passwords, just to name a few. These sites are often designed to look exactly like the site they are imitating. The information you provide is then used to hijack your accounts and your identity. E-mails that warn you that your account will be shut down unless you confirm certain information are very likely phishing. Do not respond to phishing e-mails. Instead use a phone number you know to be legitimate to check the source.
- Pharming – or “domain spoofing” is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site. It is different from Phishing in that the attacker does not have to rely on having the user click a link in an e-mail to deceive the user. Even if the user correctly enters a web address into a browsers address bar, the attacker can still redirect the user to a malicious web site.
The solution is Multi-Factor Authentication.
Authentication is the way you identify yourself and the measures that you utilize. The recent authentication changes help make you safer than ever before from account hijacking and identity theft.
Authentication methods involve these basic factors:
- Something the user knows (password or PIN)
- Something the user has (card, token, or computer)
- Something the user is (biometric characteristic or fingerprint)
Single-Factor authentication uses one of these methods. Multi-Factor authentication uses more than one of these methods. When you log on with a password, you are using single-factor authentication. When you use your ATM card with a PIN, you are using multi-factor authentication.
Online Banking uses a process called Multi Factor Authentication. The two methods of authentication are 1) something the user knows: password and 2) something the user has: computer. The password is chosen by the user. It needs to be at least eight characters long with at least two numbers and at least two letters. If the password has been lost or if it may have been compromised, a Bank representative can reset it. Online Security verifies the computer the user is using to log in. It checks the machine forensics such as security cookies and macromedia flash shared objects. If the computer is not recognized, the user will be asked challenge questions to assure the user’s identity.
Online Security helps prevent against phishing and pharming by assuring the user that they are on the correct site before any confidential information (ie. Passwords) are asked for. The program uses pictures and a text phrase that is chosen by the user to identify the bank’s website. If the user does not recognize the picture and text phrase, he or she should not continue with the login process.