Online Banking Fraud Prevention Best Practices
General Guidelines
- Do not use public or other unsecured computers for logging into CBT Online Banking.
- Users should check the last login date every time they log in.
- Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to us.
- View transfer history available through viewing account activity information.
- Take advantage of and regularly view system alerts; examples include: Balance alerts, Transfer alerts, Password change alerts
- Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
- Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
- Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
- Never leave a computer unattended while using CBT Online Banking.
- Never conduct banking transactions while multiple browsers are open on your computer.
User ID and Password Guidelines
- Create a unique password for all the different systems you use. If you don’t, then one breach leaves all your accounts vulnerable.
- Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it’s probably a scam.
- Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
- The longer the password, the tougher it is to crack. Use a password with at least 8 characters. Every additional character exponentially strengthens a password.
- Avoid using obvious passwords such as:
- your name
- your business name
- family member names
- your user name
- birthdates
- dictionary words
- Choose a password you can remember without writing it down. If you do choose to write it down, store it in a secure location.
- Avoid using an automatic login feature that saves usernames and passwords.
Tips to Avoid Phishing, Spyware and Malware
- Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
- Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
- If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate. Commerce Bank Texas will never ask for your User ID and Password in either an e-mail or over the phone.
- Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
- Ensure computers are patched regularly, particularly operating system and key applications.
- Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
- Check your settings and select, at least, a medium level of security for your browser.
- Clear the browser cache before starting any CBT Online Banking session to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences menu.
- CBT Online Banking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.
- CBT Online Banking never displays pop-up messages indicating that you cannot use your current browser.
- CBT Online Banking error messages never include an amount of time to wait before trying to login again.
- Be advised that repeatedly being asked to enter your user ID or password are signs of potentially harmful activity.
- Being asked challenge questions if your computer was previously registered is a sign of potentially harmful activity.
Tips for Wireless Network Management
- Wireless networks can provide an unintended open door to your network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:
- Change the wireless network hardware (router /access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
- Disable remote administration of the wireless network hardware (router / access point).
- If possible, disable broadcasting the network SSID.
- If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.
- If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.
To learn more about information security:
Visit any of the following websites:
- OnGuardOnline.gov
- StaySafeOnline.org
- BBB.org/Data-Security
- US-CERT.gov
Contacts
Should you notice any suspicious account activity or experience customer information security related issues, please call us at 830-996-3125.