Security Policies and Notices
Confusing mail? Ask us to be sure.
Although it is suspicious email that generates the most publicity these days, there are still those occasions when deceiving correspondence arrives the old-fashioned way . . . in your mailbox. Either way is not good. If you ever receive an email or a letter that seems confusing and leaves you wondering if it truly came from Valley Savings Bank, do the smart thing. Call us or bring it into either of our locations. As your banker, we want to help you avoid any confusion over misleading or fraudulent correspondence.
Also good to keep in mind:
- Never give out personal information over the telephone or internet to individuals/organizations you do not know
- Keep your personal information such as social security numbers, account numbers and passwords in a secure location
- Use a shredder when disposing of paperwork containing personal information
And remember, Valley Savings is always available to answer your questions and respond to your concerns.
A skimmer is a criminal tool that can be attached to an ATM to obtain debit card, credit card and/or bank account numbers. Not exclusive to ATMs, skimmers can be added anywhere credit cards are swiped prior to purchase – a gas pump is another good example.
Once account information is obtained, fraudulent individuals use it to make illegal purchases or to encode counterfeit cards. The use of skimmers is not currently widespread and represents only a very small fraction of identity theft incidents, but it is important to realize these devices exist. As a consumer, the more you know – and the more aware you are of your surroundings and your account activity – the better equipped you are to protect your assets and avoid fraud.
The best way to prevent illegal activity is vigilance. Here are some safeguards to keep in mind:
- Rely on online services to keep a close eye on account balances and credit card accounts. If you do not bank online, carefully inspect your statements when they arrive in the mail. Report any fraudulent activity immediately.
- Use your spare hand to cover the keypad when entering your PIN.
- Try to consistently use the same ATM and, when you do, make sure its appearance has not changed in any way.
- Use an ATM that is well lit and in a secure area – a place where criminals would have less opportunity to attach a skimmer.
- Be aware of anyone lingering in the area of an ATM you are using. If you have any fear, it is better to walk away and make your transaction later.
- If you see anyone tampering with an ATM or other device used to scan cards, report the activity to the appropriate authorities.
Valley Savings Bank Enhanced Login Security
This superior security technology protects your accounts from unauthorized access. It identifies you as the true “owner” of your accounts by recognizing not only your password but your computer as well. If we don’t recognize your computer – you’ve logged in from a public computer or one you haven’t used before– we’ll ask you for information that only you will know as an additional line of defense to prevent unauthorized access. With Enhanced Login Security, you’ll be protected from whatever computer you're using, whether you're at home or on the go.
Enhanced Login Security features:
- Defends against identity theft and fraud.
- Provides security from any computer, wherever you are.
- Makes it easy for you to bank online anytime, anywhere.
Just one more way to ensure online fraud prevention, everyday and everywhere!
Following is information about what to do if you become a victim of a phishing scam or identity theft.
Phishing, of course, involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Valley Savings Bank recommends that you never respond to email messages asking you to verify personal information. But accidents happen, and the following information could be useful if you’ve been scammed.
If you have given out your credit, debit or ATM card information:
- Report the incident to the card issuer immediately
- Cancel your account and open a new one
- Review billing statements carefully after the incident
- If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge
Credit Card Loss or Fraudulent Charges
Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.
Your liability depends on how quickly the loss is reported. You risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.
If you have given out your bank account information:
- Report the theft to the bank as quickly as possible
- Cancel your account and open a new one
If you have downloaded a virus or ‘Trojan Horse’:
- Some phishing attacks use viruses and/or a ‘Trojan Horse’ to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
- If this occurs, you likely may not be aware.
- To minimize this risk, you should:
- Install and/or update anti-virus and personal firewall software
- Update all virus definitions and run a full scan
- If your system still appears compromised, fix it and then change your password again.
Check your other accounts – suspects may have accessed different accounts: eBay account, PayPal, your email ISP, online bank accounts, and other e-commerce accounts.
If you have given out your personal identification information:
Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:
- Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
- Request that they place a fraud alert and a victim’s statement in your file
- Request a FREE copy of your credit report to check whether any accounts were opened without your consent
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft
Major Credit Bureaus
Identify Theft Resources:
Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity: If bank accounts were set up without your consent, close them; If your ATM card was stolen, get a new card, account number and PIN; Contact your local police department to file a criminal report; Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information; Notify the Department of Motor Vehicles of your identity theft; Check to see whether an unauthorized license number has been issued in your name; Notify the passport office to watch for anyone ordering a passport in your name; File a complaint with the Federal Trade Commission; Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name"; File a complaint with the Internet Fraud Complaint Center(IFCC).
For victims of Internet fraud, IFCC provides a convenient and easy reporting mechanism that alerts authorities of suspected criminal or civil violations.
Document the names and phone numbers of everyone you speak with regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.
If you see a suspicious-looking email message claiming to be from Valley Savings Bank please let us know. We continually monitor such reports and act on them promptly.
Most likely you’ve seen them: email messages asking you to verify personal information over the Internet.
The scam, popularly called ‘phishing,’ involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Often suspects use urgency or scare tactics, such as threats to close accounts.
We here at Valley Savings Bank will never ask you via email to verify account information.
We will never use email to threaten account closure. Please know this, as one defense against phishing. Other safeguards to help protect you from phishing scams:
- Be suspicious of any email messages that claims to be from us that use an urgent or scare-tactic tone.
- Do not respond to email messages asking you to verify personal information.
- Delete suspicious email messages without opening them. If you do open a suspicious email message, so not open any attachments or click any links.
- Install and regularly update virus protection software.
- Keep your computer operating system and Web browser current.
If you see a suspicious-looking email message claiming to be from Valley Savings Bank, please let us know. We continually monitor such reports and act on them promptly.
The scam popularly known as ‘phishing’ – email messages trying to deceive you into surrendering personal information over the Internet – today is well known. Competing with it more and more for headlines is a newer scam: pharming.
Valley Savings Bank wants to take a moment to offer you information about pharming, in our ongoing effort to keep our customers informed about issues that could impact their online banking experience.
Phishing requires victims to voluntarily visit a criminal’s website; pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the ‘Domain Name Service,’ or ‘DNS.’ Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.valleysavingsbank.com into an IP address, which is a unique number that has been assigned to each web server on the Internet.
To execute pharming, suspects first must gain access to the DNS server used by many people, such as the server of an ISP. Once accessed, the suspect will replace the IP number for the financial institution’s URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be redirected, silently, to the fraudulent website.
The good news is pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or the criminal needs an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.
Please be assured that Valley Savings Bank manages and updates its DNS server’s software to maintain a high level of security. We maintain the highest standards; our customers are protected from pharming that would result from a compromise of our DNS server.
For more information, you can call our Operations Department: 330-923-0454