The Federal Financial Institutions Examination Council (FFIEC) issued in June, 2011 a Supplement to the 2005 Guidance, Authentication in an Internet Banking Environment.
The purpose of the Supplement is to reinforce the Guidance’s risk management framework and to update the Agencies expectations regarding customer authentication, layered security, or other controls in the increasing hostile online environment. It requires institutions to perform periodic risk assessments, implement controls for those identified risks, and to raise customer awareness to potential risks through their education program. What that means to you is a safer and more secure online environment.
Layered Security and multi-factor authentication
Layered security is characterized by the use of different controls at different points in a process so that a weakness in one control is mitigated by the strength of another control.
With new federal regulatory guidelines we have implemented appropriate authentication measures to keep your online transactions safe and secure. We use a method called multi-factor authentication, where we use at least two basic “factors” to identify you. First would be your password and second would be the image and pass-phrase chosen or questions and answers.
Hopkins Federal or any of its employees will never request personal information from you through the internet or on the telephone. There are fraudulent people or persons who may try to impersonate Hopkins Federal to try to get some of your personal information. Please take steps to safeguard your information.
Ways to Mitigate Your Own Risk
In today’s environment, many threats exist that can harm one’s valuable data. Here are some ways that you can help protect your personal information and your computer from harm.
While you probably can’t prevent identity theft entirely, you can minimize your risk. You can start by managing your personal information wisely, cautiously and with awareness of the issue. Here are some tips to help you.
Order a copy of your credit report from each of the three major credit bureaus once a year. By checking your report on a regular basis you can catch mistakes and fraud before it destroys your credit records.
Equifax www.equifax.com To order your report, call: 800-685-1111
Experian www.experian.com To order your report, call: 888-EXPERIAN (397-3742)
TransUnion www.transunion.com To order your report, call: 800-888-4213
Dont give out personal information on the phone, through the mail, or over the internet unless you’ve initiated the contact or you are sure you know who you are dealing with.
Guard your mail and trash from theft.
Deposit outgoing mail in a post office collection box or at your local post office. Remove your mail promptly from your mail box. If you are going away and are unable to get someone you know to retrieve your mail, call the post office and have them put a hold on your mail until you return.
Any documents that have any personal information on them that you are discarding as waste shred or destroy them. Some identity thieves rummage through garbage or recycling bins to retrieve your personal data.
Only give your SSN# when absolutely necessary and don’t carry your card with you. Leave it in a safe place. Your employer and financial institution will likely need it for wage and tax reporting.
Carry only the credit and debit cards that you will need or will be using that day.
Keep track of billing cycles from your creditors. If you are missing a bill or statement follow up with your creditor. An identity thief could have changed your mailing address.
Never use a link to reach Hopkins Federal’s website. Emails and search engine links should not be trusted. Always type the bank’s website address into the Internet browsers address bar every time.
Never access our website from a public computer at a hotel, library, or public wireless access point.
Do not allow your computer or web browser to save your login names or passwords.
Use anti-virus software and keep it updated. Make sure that you fully understand how to keep your software updated as well as how to check it to make sure that the software is, in fact, updating. Today's anti-virus update will not protect against tomorrow’s virus. If your computer is used in a commercial business, you should consult with your system administrator if you feel that you are not adequately protected.
Keep your computer updated with the latest updates and patches for your operating system. If your computer does not have the proper updates installed, not only can your computer become infected by exposed security holes, you might even help spread the viruses
If your computer is connecting directly to the Internet, which is often the case with DSL or cable modem, you should use personal firewall software or a hardware router/firewall to protect your PC.
If you believe your Password has been lost or stolen and you notify us within two Business Days after you learn of the loss or theft, you can lose no more than $50.00 if someone uses your Password to conduct unauthorized electronic funds transfers without your permission. If you do NOT notify us within two Business Days after you learn of the loss or theft of your Password, and we can prove we could have stopped someone from using your Password to conduct unauthorized electronic funds transfers without your permission if you had told us, you could lose as much as $500.00. After 60 days, you could be legally liable for the full amount.
You may use On–line Banking to conduct transactions to view account information, transfer funds among linked accounts, and initiate bill payments.
NOTE: Because regulations require Hopkins Federal Savings Bank to limit pre-authorized transfers (including On-line Banking transfers), the following limitations apply:
* Statement Savings Account– You can make no more than six (6) transfers per statement period by pre-authorized or automatic transfer, or by telephone or On-line Banking.
* Money Market Savings Account– You can make no more than six (6) transfers per statement period by pre-authorized or automatic transfer or by telephone or On-line Banking.
If You Notice Anything Suspicious
Please notify Hopkins Federal immediately at 410-484-4555, between 8:30 a.m. and 4:00 p.m. EST, Mondays thru Friday and until 6:00 p.m. on Thursday. Telephoning Hopkins Federal is the best way of minimizing your losses. You may also restore the security of your Service by immediately changing your Password. If you have been a victim of identity theft you may also call the FTCs Identity Theft Hotline toll-free 1-877-IDTHEFT (438-4338).
You can also learn more about online safety at these websites:
Some of the above information was provided by the FTC.
134 S. Eaton Street
Baltimore, MD 21224
1726 Reisterstown Road, Suite 101
Baltimore, MD 21208