Our Commitment to Security
As the number of consumers who fall victim to I. D. theft and electronic fraud increases, the staff and management of Logan Bank & Trust have pledged to take all necessary precautions to safeguard your confidential information, and to give you guidance on how you can protect yourself against ID theft, electronic fraud, and other common threats encountered by today's banking customers.
While we cannot guarantee that your I.D. will never be stolen, we will follow security guidelines to minimize this threat to you, beginning by NEVER requesting personal information by email or text messaging, including account numbers, passwords, personal identification information, or any other confidential customer information.
Fraudulent emails may be designed to appear as though they are originated by Logan Bank & Trust. Do not respond to any email communications which request any type of personal or confidential information, and do not click on any links listed on the email.
Never give out any information that the Bank already has to a caller, text messenger, or email sender. We will never contact you and ask for your debit card number or your full SSN.
If we need to contact you, it will always be done in a manner that protects your personal, confidential information and we will clearly identify ourselves. One of Logan bank & Trust’s top priorities is to safeguard your confidential information and we work diligently to do so.
We work with the local regulatory and law enforcement departments to be certain any type of illegal activity is stopped as soon as possible. We have multi-layer security to protect your confidential information and will continue to be vigilant in protecting it.
Please report any suspicious calls, e-mails, or messages to Logan Bank & Trust by calling (304)752-1166, or by e-mailing firstname.lastname@example.org.
The Internet & You
When shopping online, you should:
Best Practices for Online Protection
Internet Banking Security
In recent years, the banking industry has seen significant changes in the internet banking threat landscape:
Logan bank & Trust's goal in providing this awareness program to our customers is to help protect your online account and transaction information from these types of incidents.
Logan Bank & Trust is committed to protecting your personal information. Our Internet Banking platform uses several different methods to protect your information. In addition to the security features put in place by Logan Bank & Trust, here are some steps you can take to keep your personal information secure:
Below are the protections and liabilities for consumer transactions using Logan Bank & Trust’s internet banking:
If you believe your Internet Banking User Name or Password or other means of access have been lost or stolen, or that someone has used them without your authorization, call us immediately at (304) 752-1166 during normal business hours. After hours you may e-mail us at email@example.com.
Telephoning is the best way of keeping your possible losses down.
Identity theft involves the unlawful acquisition and use of someone's identifying information, such as Name, Address, Date of Birth, Social Security Number, Mother's Maiden Name, Driver's License, Bank or Credit Card Account Numbers. Thieves then use the information to repeatedly commit fraud in an attempt to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, and social security benefits, renting apartments and establishing services with utility and telephone companies. It can have a negative effect on your credit and create a serious financial hassle for you.
How to protect yourself from Identity Theft:
"Phishing" is a tool or method used for identity theft. It's when thieves act as if they are representing an organization and try to hook the consumer into providing personal or financial information. Once the consumer is hooked, the thieves can do lasting damage to a consumer's financial accounts. They can trick customers into providing their Social Security Numbers, Internet Banking Credentials, financial account numbers, and other personal information.
Thieves often pose as:
How it Works
Consumers receive an email from an organization with which they do business. The email typically includes bogus appeals such as problems with an account or billing errors, and asks the consumer to confirm his/her personal information. Most emails ask recipients to follow an embedded link that takes them to an exact replica of the victim company's Web site. Graphics on the counterfeit site are so convincing that even experts often can have a hard time distinguishing the fake site from the real one. Despite the convincing appeals, consumers should not respond to unsolicited emails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally do not request account numbers or passwords unless the consumer initiated the transaction.
Clues to identifying a "Phishing" e-mail
Vishing - "Voice-Phishing"
An offshoot of traditional phishing techniques, "vishing" refers to phish attempts using phone calls or voice-mails. In this case, consumers receive a pre-recorded call identifying a specific local financial institution. The message informs the consumer that his or her personal bank accounts have been frozen. The message advises the consumer to immediately input their ATM or debit card number, expiration date, and PIN to reactivate the affected accounts. The CV2 (3 digit security code) from the back of the card may also be requested. The information obtained by the automated call will be used for unauthorized ATM withdrawals.
Smishing – “SMS-Phishing"
You don't have to use a computer to be vulnerable to online scammers. Increasingly, cell phone and other mobile device users are being targeted with mobile spam that attempts to trick them into revealing personal information.
Known as "smishing," these text messages might ask a recipient to register for an online service- then try to sneak a virus onto the users' device. In addition to virus-like "worms," which can spread through and disrupt a network, other scams are surfacing.
Some messages warn that the consumer will be charged unless he cancels his supposed order by going to a website that then extracts such credit card numbers and other private data.
"Smishing" is derived from the familiar "phishing." The "sm" comes from SMS, the protocol used to transmit text messages via cellular devices.
Debit & Credit Card Fraud
Debit cards and credit cards have become the most convenient form for purchasing our everyday needs. They have replaced the actual need to carry cash and should be treated like cash. With the ever increasing volume of debit cards and credit cards so has fraud. Follow these steps to protect your cards:
Non-electronic Security Tips
Tips for safeguarding your information (from the American Bankers Association) in the real world:
Corporate Account Takeover
There has been a shift in the online criminal world from primarily targeting of individuals to increased targeting of corporations. Financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid online banking credentials belonging to small and medium sized businesses. Eastern European organized crimes groups are believed to be predominantly responsible for the activities that are also employing witting and unwitting accomplices in the United States (money mules) to receive, cash and forward payments from thousands to millions of dollars to overseas locations via popular money and wire transfer services.
How it Works
Typically compromise of the customer is carried out via a phishing e-mail which directly names the recipient correctly and contains either an infected file or a link to an infectious Web site. The e-mail recipient is generally a person within a company who can initiate funds transfers or payments on behalf of the business. Once the user opens the attachment, or clicks the link to open the Web site, malware is installed on the user's computer which usually consists of a Trojan keystroke logger, which harvests the user's corporate online banking credentials. Variations of this method have been used by criminal groups including messages impersonating the Better Business Bureau, US Court System, Microsoft Update, and UPS to name a few
The customer's online credentials are either uploaded to a website from where the fraudster can later download them, or, if the bank and customer are using two factor authentication systems, the Trojan keystroke logger may detect this and immediately send an instant message to the fraudster alerting them of the secure web activity. The fraudster then accesses the financial institution through use of the captured username and password or through hijacking the secure web session.
The fraud is carried out when the fraudster creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as the legitimate user. These transfers have occurred through wire or ACH that are directed to the bank accounts of willing or unwitting individuals. Often within a couple days, or even hours of recruiting money mules and opening accounts, money is deposited and the mule is directed to immediately forward a portion of the money to subjects in Eastern Europe by various means.
How to Prevent It
It is recommended that businesses utilizing Internet Banking for high risk transactions conduct a risk assessment of their individual risks and controls. This threat strongly relies on authorized Internet Banking users' being tricked into releasing their User Name and Password to a fraudster, visiting an infected website, or opening an e-mail containing a virus. Therefore, a comprehensive security training program for employees with wire transfers or ACH authorities is paramount to reduce your business' risk of being a victim of these types of attacks.
If Your Identity Is Stolen
If you become a victim of identity theft, contact:
Order a copy of your credit report from each of the three major credit-reporting agencies every year. Make sure it is accurate and includes only those activities you have authorized. By checking your report on a regular basis you can catch mistakes and fraud before they wreak havoc on your personal finances. Don't underestimate the importance of this step. You can request a free credit report from each of the three major credit bureaus through www.annualcreditreport.com .
The information contained in this Policy is confidential and proprietary information of Logan Bank & Trust, and is intended only for use by Logan Bank & Trust Employees and Customers. Challenge questions can be implemented in a variety of ways that impact their effectiveness as an authentication tool. In its basic form, the user is presented with one or more simple questions from a list that was first presented to the customer when they originally enrolled in the online banking system. These questions can often be easily answered by an impostor who knows the customer or has used an Internet search engine to get information about the customer (e.g., mother's maiden name, high school the customer graduated from, year of graduation from college, etc.). In view of the amount of information about people that is readily available on the Internet and the information that individuals themselves make available on social networking websites, institutions should no longer consider such basic challenge questions, as a primary control, to be an effective risk mitigation technique.
Challenge questions can be implemented more effectively using sophisticated questions. These are commonly referred to as "out of wallet'' questions, that do not rely on information that is often publicly available. They are much more difficult for an impostor to answer correctly. Sophisticated challenge question systems usually require that the customer correctly answer more than one question and often include a "red herring" question that is designed to trick the fraudster, but which the legitimate customer will recognize as nonsensical. The Agencies have also found that the number of challenge questions employed has a significant impact on the effectiveness of this control. Solutions that use multiple challenge questions, without exposing all the questions in one session, are more effective. Although no challenge question method can mitigate all threats, the Agencies believe the use of sophisticated questions as described above can be an effective component of a layered security program.
Customer Awareness and Education
A financial institution's customer awareness and educational efforts should address both retail and commercial account holders and, at a minimum, include the following elements: