Customer Security and Education Center
Online security is top priority!
If you use Online or Mobile Banking, you will be interested to learn that six federal financial industry regulators teamed up to make your accounts more secure. New supervisory guidance for the Federal Financial Institutions Examination Council (FFIEC) will help banks strengthen their vigilance and make sure that the person signing into your account is actually you. The supervisory guidance is designed to make online transactions of virtually all types safer and more secure.
New financial standards will assist banks and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds transfers.
One of the most important tips for you to remember is that Catskill Hudson Bank will never contact you to solicit your account or other personal identification information via e-mail, text messages or over the phone.
Keep up with the latest threats that may affect you.
Debit and Credit Card Fraud
Use these easy tips to help reduce the chance of debit or credit card fraud.
Watched over is more like it. In fact, we’re “watching” your ATM and debit card transactions – day and night – with a high-tech, high-touch monitoring solution that protects your accounts using state-of-the-art intelligence technology and skilled fraud experts. If suspicious transactions are detected, a fraud specialist will attempt to contact you right away. Your card will be disabled immediately if fraud is confirmed, and if you aren’t available, your card will be assigned a special “watch” status until we know all is well.
It’s hard to put a price on peace-of-mind, but luckily you don’t have to. This innovative service is absolutely FREE.
What should I do if I have lost my debit card?
If your ATM or Debit card is lost or stolen, please contact us immediately. To report a lost or stolen ATM or Debit card after business hours, please call (866) 546-8273.
How does debit or credit card fraud occur?
Card fraud is theft and fraud committed using a credit or debit card. The fraudster may use the card to obtain products or services or to withdraw money from your account. Credit and debit card information is most often obtained through phishing and skimming.
Phishing is exactly what it sounds like… ‘phishing’ for your information. Phishing typically comes in the form of an email. You open it thinking it’s legitimate business from your bank, or another business, asking for you to enter and verify your debit/credit card number, Social Security Number, or some other confidential information. You click on a link and are then routed to a legitimate looking website to enter your information. These scams can be very clever and realistic. The fraudulent website may even have the same logos and color schemes as the real one they are purporting to be.
Remember, Catskill Hudson Bank will NEVER contact you to ask you for your information – we already have it! Just ignore these emails and contact us if you have questions about any online correspondence.
Skimming is done by crooks setting up a device that captures the data on the magnetic strip and keypad information of a debit or credit card. The scammers try to steal your details so they can access your accounts. Once scammers have skimmed your card, they can create a fake or ‘cloned’ card with your details on it. The scammer is then able to run up charges on your account. Card skimming is also a way for scammers to steal your identity and use it to commit identity fraud.
Pop up ads are not only annoying, but may pose a threat to your bank account. One way fraudsters con you out of cash is immediately after you make an online purchase, a pop-up ad will appear offering you cash-back rewards just by clicking on the ad. Before you know it, you are being charged monthly for a membership service. It can be extremely difficult and time consuming to cancel the membership and receive refunds. Pop up ads may also house spyware or other harmful malware designed to infiltrate or damage your computer.
What can I do to protect myself from card fraud?
- Sign the back of your card as soon as you receive it.
- Get e-Statements instead of paper statements to ensure a more secure delivery.
- Review your statements immediately for any activity that you do not recognize.
- Be sure that all websites onto which you put your card information are secure. The URL should start with https; not http.
- Protect your cards like you would cash.
- Shred credit card applications you receive in the mail.
- Keep a record of account numbers, expiration dates, phone numbers and addresses for each card in a secure place.
- Never give your card number over the phone unless you initiated the call and are dealing with a trusted source.
- Do not keep your PIN with your debit card.
- When at an ATM machine, be careful when putting in your PIN number as there may be someone watching you.
- If you are using an ATM, take the time to check that there is nothing suspicious about the machine. If an ATM looks suspicious, do not use it and alert the ATM owner.
Protect Yourself – Customer Education
We are all at risk for potential fraud, account hijacking and unauthorized funds transfers. However, there are many ways you can help protect yourself and your computer with these resources.
Catskill Hudson Bank Customer Education & Protection
Identity theft is one of the fastest-growing types of financial fraud. Without stealing your wallet, a crook can steal your financial identity with as little information as your Social Security Number. The practice is also known as "account-takeover fraud" or "true-name fraud," and it involves crooks' assuming your identity by applying for credit, running up huge bills and not paying the creditors - all in your name.
- Monthly bank and credit card statements, and other regular documents stop arriving in the mail.
- You start receiving bills from companies you don’t recognize.
- Credit collection agencies try to collect on debts that do not belong to you.
How do I protect myself from identity theft?
- Order copies of your credit report once a year to ensure they are accurate. You can call each of the three national credit reporting agencies because each may contain different aspects of your credit history, or you can contact AnnualCreditReport.com for one free credit report each year.
- If you have been denied credit in the past 60 days, the credit reporting agency that sent the report to your prospective creditor must provide you with a copy of the report for free. However, it will not be sent automatically so you have to request a copy from the credit reporting agency.
- Keep an eye on your accounts throughout the year by reading your monthly/periodic statements thoroughly. That's an easy way for you to be sure that all of the activity in your accounts was initiated by you.
- Tear up or shred pre-approved credit offers, receipts and other personal information that link your name to account numbers. Don't leave your ATM, debit or credit card receipt in public trash cans. Crooks (a.k.a dumpster divers) are known to go through trash to get account numbers and other items that will give them just enough information to get credit in your name.
If your credit card or other bills are more than two weeks late, you should do the following:
- Contact the US Postal Service to see if someone has forwarded your mail to another address.
- Contact your bank to ask if the statement or card has been mailed.
- Contact the businesses that send you bills.
- When paying your bills, don't put them in your mailbox with the red flag up. That's a quick way to have someone steal your mail. Use a locked mailbox, the post office or pay them online.
- Protect your account information. Don't write your PIN on your ATM or debit card. Don't write your Social Security Number or credit card account number on a check. Cover your hand when you are entering your PIN number at an ATM or point of sale machine.
- Don't carry your Social Security card, passport or birth certificate unless you need it that day. Take all but one or two credit cards out of your wallet, and keep a secured list at home of your account information and customer service telephone numbers.
- Never provide personal and/or confidential information over the phone, unless you initiated the call.
- Do not use simple passwords or PINs (e.e., your last name, 12345, mother’s maiden name, etc.). Mix capital letters, numbers, and characters to create your passwords/PINs and make sure to change them frequently.
I know or am suspicious that my identity has been stolen. What do I need to do?
- Call your local police department and report the theft. Identity theft and financial fraud is a crime.
- Contact Catskill Hudson Bank at (845) 794-9203 as soon as possible. We can help you obtain new account numbers for all of your Catskill Hudson Bank accounts.
- Close all of your credit card accounts and open with new account numbers.
- Contact the fraud units of all three credit bureaus. Ask them to flag your account, which tells creditors that you are a victim of identity theft. Also, add a victim's statement to each of your credit bureau reports that asks creditors to contact you in person to verify all applications made in your name. You can reach the fraud units of the credit bureaus at:
- Call the Federal Trade Commission's ID Theft hotline at (877) IDTHEFT. The hotline is staffed by counselors trained to help identity theft victims.
- If you suspect mail theft, notify the US Postal Inspector through the following website : https://postalinspectors.uspis.gov/forms/MailFraudComplaint.aspx
- If you suspect your Social Security Number was taken, contact the Social Security Administration at (800) 772-1213 or the website http://www.ssa.gov/pubs/10064.html
- You also may want to contact your telephone, long distance, water, gas and electrical companies to alert them that someone may try to open an account in your name.
- Maintain a log of all the contacts you make with authorities regarding the matter. Write down each person's name, title, and phone number in case you need to contact them again or refer to them in future correspondence.
Online Banking & Security
Online banking for both Consumer and Business customers makes it easy to attend to financial matters while traveling or during nontraditional bank hours. Catskill Hudson Bank uses state-of-the-art technology that encrypts data traveling between your computer and the Bank. We also utilize layered security so there are different controls at different points in a transaction. This technology is important because a weakness in one control is generally compensated for by the strength of another. This allows us to authenticate our customers upon login and detect and respond to any suspicious activity related to that login.
Catskill Hudson Bank also conducts ongoing internal assessments regarding the risks associated with online banking. These assessments include, but are not limited, the assessment of changes in our customer base over time, changes in the functionality of our products, changes in the internal and external threat environment, and any actual events experienced by the Bank or in our industry.
You can also help protect yourself by following these security tips:
- Make sure the anti-virus software on your computer is up-to-date.
- Install and update anti-spyware and malware software.
- Use a strong password – not one that can be easily figured out by a hacker. A strong password contains a combination of letters, numbers and characters. Make sure to change your passwords often.
- Do not open or respond to email from people you don’t know and never send your personal or account information via email.
- Always “exit” or “log off” after you are finished with your online business.
- Use your own computer to conduct business online. Never use a public computer or wireless “hot spot” to make online purchases or to send personal information.
- If you receive an email from your financial institution relating to an “urgent problem” or other matter pertaining to your account, call your bank to ask if it’s legitimate.
- Properly erase your data before disposing of an old computer.
A good way to protect yourself from hackers and their reconnaissance is to use a personal firewall. A personal firewall is a device or software package that can actively monitor Internet traffic to and from your computer, provide detailed logs of hacking attempts against your computer, and can be configured to block traffic that you don't want to receive. Firewalls can significantly hinder a hacker's ability to acquire information about your computer and subsequently hinder their ability to wreak their havoc.
- Block ports that viruses, worms, and Trojans use to communicate with other machines on the Internet.
- Prevent unwanted sharing of your files and computer resources such as printers.
- Prevent applications on your computer from connecting to the Internet if they don't need to.
- Block illegitimate traffic sent by your computer or illegitimate traffic sent to your computer.
- Significantly increase the difficulty for hackers to access and subsequently exploit un-patched network applications and services on your computer.
- Detect or disable computer viruses and worms if they are already on your computer.
- Stop you from opening e-mail with dangerous attachments.
- Block spam or unsolicited e-mail from appearing in your inbox.
Malware, short for malicious software, is software written for ill-intended purposes. The term malware is used to describe viruses, worms, Trojan horses, adware, spyware, ransomware, crimeware, rootkits, and other unwanted and potentially dangerous software.
How do I help protect myself from malware?
- Install good quality anti-malware software from a reputable vendor. If you are unsure as to what software to obtain, contact a professional computer services company.
- Keep your computer’s and device's operating systems (OS) up to date with the latest security patches. You should also keep all software that resides on your devices up to date with the latest security patches.
- Visit only websites by reputable companies. Browsing questionable websites will increase your risk of being infected with malware.
- Ensure you are using a firewall and that it’s configured to allow access only to needed ports and applications.
Phishing is a combination social engineering and high-tech tactic that uses fake e-mail, fraudulent Internet addresses, imposter websites, and "pop-ups" to impersonate a financial institution. Identity thieves send mass e-mails purported to be from a reputable institution. These e-mails direct you to a site where you are asked to divulge information such as usernames, passwords, account numbers, etc. While fraudulent e-mails vary in content, they generally carry a common theme essential to their success; i.e. you must take action immediately or risk losing access to your account. Criminals will try to make their site look exactly like that of your bank.
How do I help protect myself from phishing?
- Do not respond to e-mails that ask for confidential information. Catskill Hudson Bank will never request personal information such as usernames, passwords, etc. through an e-mail.
- Install good quality anti-malware software from a reputable vendor. If unsure what software to obtain, contact a professional computer services company.
- When on Catskill Hudson Bank’s website, you can help insure you’re on the correct site by verifying that web address is correct and in a secure session (https).
How do I report phishing activity?
- Call the Catskill Hudson Bank Operations Department at (845)794-9203.
- Forward the e-mail to Catskill Hudson Bank at firstname.lastname@example.org.
- Forward the e-mail to the Anti Phishing Working Group at email@example.com
- Forward the e-mail to the Federal Trade Commission at firstname.lastname@example.org.
- Notify the Internet Crime Complaint Center of the FBI by filing a complaint.
If you can answer “yes” to any of the following questions involving a check you have received, please contact a Catskill Hudson Bank customer service representative immediately. You could have a counterfeit check.
- Are the check proceeds for an item you sold on the internet such as a car, boat, jewelry, etc.?
- Is the amount of the check more than the selling price of the item?
- Have you been instructed to send funds to another person as soon as possible?
- Is the check from an individual you have communicated with via e-mail?
- Is the check drawn on a business or individual different from the person buying your item or product?
- Have you been informed that you were the winner in a lottery that you did not enter?
- Have you been asked to assist in the distribution of money from another country?
How Fake Check Scams Work
Fraudsters may claim that it’s too difficult to pay you direct because they are out of the country so they’ll tell you that they have someone in the U.S. who owes them money to send you a check or a money order.
When you receive the check or money order, it may be for more than you are owed. You’ll be instructed to deposit the item and then to wire the extra money back to the scammer, or to someone else. In the case of an “advance” or “sweepstakes,” the scammer will send you a check and ask you to wire part of it back to pay a fee to claim your “winnings.”
Sometimes, the scammer will tell you they will transfer the money direct to your account. They’ll ask you to provide your bank account information and they’ll send a ‘fake’ transfer to your bank (it looks real). When you check your balance, the fake money looks like it is there and you’ll be asked to wire money back to the scammer.
The Unfortunate Consequences of Fake Check Scams
Whether a scammer sends you a check or transfers money direct to your account, the outcome is often the same. After you wire the money back to the scammer, the check or transfer is found to be a fake. In the end, it is the victim (you) that pays for the money lost.
How Can I Protect Myself?
One of the best ways to protect yourself is to use your common sense. It does not make sense for someone to send you ‘too much’ money and ask for you to wire some of it back. This is clearly a scam!
Forgeries can sometimes take weeks to discover. If you think you have a potential fake-check scam situation, do not deposit the check given to you and never wire out money or give out your account information. You should immediately contact your bank for assistance or questions.
Do not fall victim to these clever schemes - learn more at www.fakechecks.org about the most common fake check scams and watch interviews with actual victims.
Telephone & Cell Phone Fraud
Fraudsters still use some of the "old tricks of the trade," including calling you up on the telephone to get your information. Think about these points next time you are in doubt of a telemarketer:
- Always ask for more information (in writing) about the organization calling or the offer being presented.
- Never feel obligated to provide your credit/debit card number over the phone.
- Educate yourself about the cost of "900" calls and how you can block such calls from getting through.
- Get as many details as you can. The fewer the questions the caller can answer, the less likely he or she is legitimate.
- Get a call-back number so you can initiate the call yourself, or because you may need to report it later.
- If you get a call from someone posing as a representative from your financial institution and asking for your account or personal information, hang up immediately and call your bank to verify any claims. Remember, they will NEVER ask for your personal or account information - they already have it.
- If a telemarketer offers you a "get-rich-quick" opportunity, the best response is to hang up.
- Avoid offers informing you that you've won a prize. Typically, respondents are asked to pay for "shipping", "an application fee", or a "deposit" for a prize that does not exist.
- Be wary of calls soliciting contributions to charitable causes, particularly those regarding disaster relief. Many times these solicitors are not legitimate and you are better off choosing a worthy cause and contacting them yourself than to respond to a random request.
Cell Phone Spyware
Did you know spy software can be installed on your cell phone? Imagine someone can actually tap into your cell phone and listen to your conversations, read text messages, and track your movements. While cell phone spyware is illegal in the U.S. and spying via cell phone is a federal crime, you should still be aware of ways to protect the information you pass through on your cell phone.
- Always know the location of your cell phone so it cannot be removed from your possession in order to download damaging spyware onto it.
- Install a security password on your cell phone to restrict others from using it.
- If you do not need a phone that has internet access, do not get one. Typically phones that have internet capability are more vulnerable.
Your protections under Regulation E
Banks follow very specific rules regarding electronic transactions issued by the Federal Reserve Board. These are known as Regulation E. Under this regulation certain protections are generally extended only to consumer customers and consumer accounts. The regulation says you can recover Internet banking losses based on how soon they are detected by the consumer and when they are reported. The Federal rules require the following:
- If you report any losses within two days of receiving your statement you can only be liable for the first $50.00.
- After two days the amount increases to $500.00.
- After 60 days you could be legally liable for the full amount of the transaction(s) in question.
- Please consult our CHB Account Products disclosure for more details.
If You Fall Victim
If you notice any suspicious activity on your accounts, or experience any security-related events such as Phishing, follow these steps to start mitigation:
- Contact your financial institution immediately. We can be reached at (845) 794-9203.
- File a police report.
- Report suspicious contacts to the Federal Trade Commission or the Internet Fraud Complaint Center.
- Contact each of the three following credit bureaus and place a fraud alert statement on your credit information.
Federal Trade Commission (FTC) – (877) 382-4357 www.ftc.gov
Consumer Fraud – www.usdoj.gov
Internet Crime Complaint Center (IC3) – www.ic3.gov
Social Security Administration – (800) 269-0271 www.ssa.gov
Identity Theft Resource Center – (858) 693-7935 www.idtheftcenter.org
Privacy Rights Clearing House – (619) 298-3396 www.privacyrights.org
Unlawful Internet Gambling Enforcement Act (UIGEA) of 2006
As defined in Regulation GG, unlawful gambling means to "place, receive or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made".
As a customer of Catskill Hudson Bank, these restricted transactions are prohibited from being processed through your account or banking relationship with us.
Additional Business Education & Protection
Use of Second Computer
The FBI is warning small business owners to use one computer to handle online banking activities and another entirely to surf the web and for email. This approach is the best way to prevent malicious software from infecting the computer and makes it much harder to manipulate electronic transfers. Catskill Hudson Bank strongly recommends this approach in an effort to reduce the chances of online theft, especially for higher risk transactions such as ACH and wire transfers.
Business Identity Theft and Enhanced Business Controls
Businesses fall victim to identity theft too. It’s important for you to protect key information, not only for your customers, but for your employees as well. Here are some proactive steps to help avoid fraud and identity theft.
- There should be a reasonable separation of duties between employees granted priviledges for authorizing transactions, recording transactions, and maintaining company bank accounts and computer systems. You should conduct a periodic assessment of your own operating environment and controls to ensure your controls are adequate based on the products you utilize at the Bank.
- Develop a process to screen employees who have access to personal information, even if they are part-time. This also goes for cleaning services and temporary firms you use.
- Encrypt all personal and confidential information on computers. Make sure your systems administrator checks on a regular basis that your system is hacker-proof.
- Checkbooks, signature stamps and deposit slips should be kept in a secured place and checked on a regular unscheduled basis by owners. It should be in a place where others could witness if an employee is gaining access frequently.
- Pay close attention to employee spending habits that seem out of the ordinary.
- You can make your computers safer by installing and regularly updating anti-virus software, anti-malware programs, firewalls, and keeping operating patches and updates current.
- Adopt secure methods for disposing of business and personal information, such as using shredders.
- Consider doing your banking online so you can access or review your accounts immediately whenever you need to. You may also consider receiving your billing, account statements, and notices electronically versus waiting for them in the mail.
Identifying Counterfeit Money
Money counterfeiters can be just as clever as other fraudsters when producing fake money. If a business receives counterfeit bills - they are out that cash. Make sure you and your employees are aware of these tips from the U.S. Secret Service to identify potential counterfeit bills.
- Paper: Genuine currency paper has tiny red and blue fibers embedded throughout. Often counterfeiters try to simulate these fibers by printing tiny red and blue lines on their paper. Close inspection reveals, however, that on the counterfeit note the lines are printed on the surface, not embedded in the paper. It is illegal to reproduce the distinctive paper used in the manufacturing of United States currency.
Raised Notes: Genuine paper currency is sometimes altered in an attempt to increase its face value. One common method is to glue numerals from higher denomination notes to the corners of lower denomination notes.
These bills are also considered counterfeit, and those who produce them are subject to the same penalties as other counterfeiters. If you suspect you are in possession of a raised note:
- Compare the denomination numerals on each corner with the denomination written out at the bottom of the note (front and back) and through the Treasury seal.
- Compare the suspect note to a genuine note of the same denomination and series year, paying particular attention to the portrait, vignette and denomination numerals.
- Watermark: Beginning with Series 1996, each denomination bears a watermark depicting the same historical figure as the portrait, positioned to the right of the portrait. Hold the bill to the light to see the watermark.
Inscribed Security Thread: A clear, inscribed polyester thread has been incorporated into the paper of genuine currency. The thread is embedded in the paper and runs vertically through the clear field to the left of the Federal Reserve Seal.
Printed on the thread is a denomination identifier. On $100 and $50 denominations, the security thread has "USA 100" or "USA 50" repeated along the entire length of the thread. Lower denominations (i.e. $20, $10 and $5) have "USA" followed by the written denomination. For example, "USA TWENTY USA TWENTY" is repeated along the entire length of the thread. The inscriptions are printed so that they can be read from either the face or the back of the note. The thread and the printing can only be seen by holding the note up to a light source.
*Note - the security thread indicating the bill's denomination is now located in a different position on each denomination. The inscribed security thread in the 1996 series $20 and $50 also includes a flag.
If You Fall Victim
The Better Business Bureau recommends small business owners take the following steps to avoid harm if your business identity has been stolen.
- Immediately alert your financial institution. Catskill Hudson Bank can be reached at (845) 794-9203. If fraudsters are accessing the business’s credit or bank accounts, forging company checks or opening up new lines of credit, it’s important for a business owner to notify financial institutions involved in order to limit any further unauthorized transactions. Check with law enforcement first before closing any accounts so as not to foil any ongoing investigations.
- File a police report.
- Review your credit report (sole proprietor). If your business is a sole proprietorship, then the same consumer protections apply as if an individual’s ID were stolen – such as access to free credit reports and the ability to place a fraud alert on the report.
In addition to resources in our Security Center, the FDIC has posted an Identity Theft and Fraud page on their website.