Federal financial regulators are now reporting that there has been an increase in Internet threats in recent years, and that Internet-based attacks on personal information and data networks are increasingly sophisticated. Advanced hacking techniques and the increase in cyber-criminal groups are putting additional strain on financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers. Amalgamated Bank is committed to increasing vigilance and safeguarding your personal information, and we would like you to know:
- We will never ask you to confirm your username, password, or other electronic banking credentials over the phone, by email, or otherwise.
- Make sure you use an adequately safe username and password—these should mix upper and lower case letters, numbers, and symbols to make the password difficult to guess.
- Periodically change your password. You should change it every 90 days at minimum.
- Safeguard your username and password information—don’t leave it on a sticky note on your computer monitor or in your wallet.
- Make sure your anti-virus software is up to date. If it’s not up to date, renew your subscription.
- Make sure you have a firewall in place when conducting your financial transactions.
- Log off the system when you’ve finished using online banking or making your financial transactions. Don’t just close the page or “X” out of the system.
- Monitor your account activity on a regular basis.
In addition, we sometimes require owners of commercial accounts to perform their own risk assessment and control evaluations.
Make a detailed listing of the risks related to online transactions that your business faces, such as:
- Passwords and log-in credentials being left out in the open.
- Use of passwords that do not meet basic security criteria (birthdays, first names, etc.).
- Considerations for internal theft and fraud.
- The lack of a proper control method for financial transactions. For example, checks and balances to an individual’s access into the system, or rerouting for approval once a transaction has been performed.
- An evaluation of the controls your business has in place could include:
- Using password-protected software to house passwords.
- Conducting employee background checks.
- Initiating a policy and process to terminate access for former employees immediately.
- Spreading duties among two or more people so no one person has too much access or control over the system.
- Using firewalls to protect from outside intrusion, pirates, or hackers.
Federal regulations provide you with some protection in the case of electronic funds transfers. These regulations apply to accounts with Internet access, limiting a consumer’s liability for unauthorized electronic funds transfers. They also outline the steps you’ll need to take to resolve an error with your account. The general rule here is that to take advantage of these protections, you need to act as quickly as possible to notify us if you suspect unauthorized activity on your account. Make sure you notify us immediately if you think your information has been stolen or lost, and remember to review your account periodically for any evidence of errors or unauthorized activity. Please see the Electronic Funds Transfer disclosures that were provided when you opened your account, or contact your nearest branch for a copy of them. Remember, if you become aware of suspicious account activity, you should immediately contact the authorities and notify us at 800-662-0860 RIGHT AWAY.