Your online security is of utmost importance to Northmark Bank. We use industry-standard security techniques to ensure that your personal and financial information remains confidential. Among the techniques used by our Online Banking and Online BillPay systems are User ID, PIN, watermark verification, multi-factor authentication, encryption, and firewalls. In addition, we require you to use a secure browser to access our online applications.
You also play an important role in protecting yourself online. Learn more about the ways you can protect yourself:
If your ATM or Debit Card is lost or stolen, click here to get information on how to notify us and cancel your card.
Our Online Banking application will require you to change your PIN frequently. You will be required to utilize complex PINs (letters and numbers). There are other important steps that you can take to ensure that your PIN remains safe:
- We will provide you with a temporary PIN when you sign up for Online Banking or when you forget your PIN. Change your temporary PIN as soon as possible.
- Use a PIN that you can easily remember so you do not have to write it down.
- Do NOT use number sequences that can be easily guessed by someone who has your personal information (numbers related to birthdays, phone numbers, social security numbers, license plate, etc.).
- Choose a unique PIN. Do NOT use your Northmark Bank User ID and PIN for any other purpose.
- Do NOT store your PIN in a place where someone can easily find it (such as on a sticky-note near your computer)
- Do NOT save your User ID and PIN in your Internet browser.
- Remember that we will NEVER contact you via phone or e-mail asking you to furnish your PIN. There are no pop-up windows on our web site that request such information. If you receive such a request it is not legitimate; please contact our Online Banking department immediately. You should never tell anyone else your PIN.
- Do NOT provide your User ID and PIN to other programs or websites that offer to aggregate your account balances by automatically signing onto your online banking account.
Phishing (pronounced “fishing”) is the process of attempting to acquire personal information (such as User ID, PIN, social security number, credit card number, date of birth, etc.) by pretending to be a trustworthy source. Phishing is typically initiated by electronic means such as e-mail, text message or instant message. The electronic message typically directs users to enter personal information at a fraudulent website that looks almost identical to the legitimate one.
Phishing is one of the most popular tools used by identity thieves. By convincing users to enter their personal information into fake websites, the thieves obtain crucial personal information needed to perpetrate identity theft.
Security vendors, software vendors and law enforcement agencies around the world have come together to form The Anti-Phishing Working Group. This organization is focused on eliminating the fraud and identity theft that result from phishing and e-mail spoofing of all types. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of phishing scams.
Identity theft is a term used to describe several types of crimes in which the thief wrongfully obtains and uses another person's personal information (i.e. social security number, credit card information, date of birth, User ID and PIN, etc) through fraudulent means and uses the information for economic gain.
If you believe that you have been the victim of Identity Theft, you should act immediately to minimize the potential damage to your financial accounts and your reputation. There are several important steps you should take:
Call us immediately at (978) 686-9100 to notify us.
Contact all creditors with whom your name or identifying data have been fraudulently used. For example, you may need to contact your long-distance telephone company if your long-distance calling card has been stolen or you find fraudulent charges on your bill.
Contact any other financial institutions where you have accounts that an identity thief has taken over or that have been created in your name but without your knowledge. You may need to cancel those accounts, place stop-payment orders on any outstanding checks that may not have cleared, and change your Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN).
Contact the Federal Trade Commission (FTC) to report the situation. The FTC is responsible for receiving and processing complaints from people who believe they may be victims of identity theft, providing informational materials to those people, and referring those complaints to appropriate entities.
Contact the fraud departments of the national credit bureaus to place a fraud alert on your account and obtain a free copy of your credit report:
- Equifax – Call (800) 525-6285
- Experian – Call (888) 397-3742
- Trans Union – Call (800) 680-7289
You may also need to contact other agencies for other types of identity theft:
- Your local office of the Postal Inspection Service if you believe that an identity thief may have submitted a change-of-address form with the Post Office to redirect your mail, or has used the mail to commit frauds involving your identity;
- The Social Security Administration if you suspect that your Social Security number is being fraudulently used (call 800-269-0271 to report the fraud);
- The Internal Revenue Service if you suspect the improper use of identification information in connection with tax violations (call 800-829-0433 to report the violations).
Corporate Account Takeover (also called CATO) is a name given to a variety of schemes where criminals attempt to steal funds from a company’s bank account. Law enforcement and news media have reported a number of different techniques – some are very sophisticated, while others are very low tech. In several reported cases, criminals obtained access to company online banking credentials and initiated fraudulent transfers. Some thieves have impersonated a principal of the company in telephone conversations with the company’s bank. Other criminals have initiated fraudulent written or email correspondence with a bank. In other cases, criminals have taken over the email persona of the company’s President and sent an email to the Controller instructing the Controller to initiate fraudulent wire transfers (a scheme called “Business Email Compromise”).
Regardless of the means of attack, the criminal’s objective is to fraudulently transfer money out of the company’s bank accounts and into accounts controlled by the criminals at other financial institutions. Most often, the money is gone and is not recoverable.
There are a number of things you can do to defend against CATO attacks:
- Monitor your bank accounts every day using Online Banking or Mobile Banking technology.
- Your best defense is to educate yourself and your staff about general cybersecurity issues. Make sure that you know how to protect your confidential data. Many CATO attacks have been successful because an employee clicked a malicious link in an email or opened an infected document attached to an email. Employees visiting suspicious websites or using infected flash drives have also allowed cyber criminals to plant malicious on company computer systems. These programs can gain access to online banking credentials. Here are some resources to help with your computer security program:
- FDIC’s Cybersecurity Awareness Basics
- US Chamber of Commerce Internet Security Essentials for Business
- FCC’s Small Business Cyber Planner
- National Automated Clearing House Association’s guide on Sound Business Practices for Companies to Mitigate Corporate Account Takeover
- American Bankers Association’s Small Business Guide to Corporate Account Takeover
- Train your staff not to initiate risky transactions based upon email instructions.
- Insure yourself against the risks of these attacks. Ask your insurance agent whether computer crime coverage would be a good option for your business.
Here are a variety of resources where you can learn more about protecting yourself and your personal information:
- Report a computer crime at www.ic3.gov
- FDIC Consumer News
- Cybersecurity Guide for Businesses
- Cybersecurity Guide for Financial Institution Customers
- FDIC’s video: “Don’t Be an On-Line Victim”
- FTC Website on Identity Theft Prevention and Recovery
- FTC Website on Computer Security
- Federal Government’s OnGuard Online website
- Resources from the National Center on Elder Abuse
- MasterCard® ATM Safety Tips
- FBI’s Scams and Safety website
- Financial Fraud Enforcement Task Force’s StopFraud website