Florence Bank

Business Online Security

While Florence Bank has taken the necessary steps to secure your online banking, there are additional steps that you should take to safeguard your computer and online transactions. Together we can ensure that your financial information will remain safe and secure, while providing you with convenient, quality online banking services.


Keep your computer safe

  • Maintain active, up-to-date anti-virus, anti-spyware and firewall protection.
  • Keep your operating system, browser and other applications updated with the latest security patches.
  • Do not open emails from unknown sources.
  • Never respond to or click on any hyperlink within a suspicious email.
  • Educate your staff about current scams and loss-prevention steps.
  • When your computer is not in use, shut it down or disconnect it from the Internet.
  • Consult with IT experts on how to best secure the computers in your business environment.

Know who you are doing business with

  • Check website addresses carefully. Never click on a website link from within an email.
  • If you land on a site that looks suspicious, close out of it immediately.
  • Beware of free websites and downloads.
  • Be alert for scam emails, even if they appear to come from a trusted source.
  • Open email attachments only when you know the sender and are expecting an attachment.
  • Never respond to an email that requests your login credentials or personal information.
  • Do not send sensitive personal or financial information via email or through a website unless it is encrypted. 

Safeguard your online banking

  • Use Dual Control for all ACH and wire transactions OR designate and restrict one computer dedicated to online banking transactions.
  • Review ACH and/or wire limits periodically to ensure they are appropriate for your activity level.
  • Monitor emails for ACH and wire transfer confirmations. Immediately report any unauthorized activity to the Bank.
  • Use a strong password and change it regularly.
  • Use a different password for each website.
  • Never reveal your confidential login IDs, passwords or answers to security questions to anyone who initiates contact with you. Never respond to a request for this information over the phone, by email or enter it online at an untrusted site.
  • Regularly review authorized users and update online banking functions. Ensure authorized users are deleted from the system when job functions change or users leave the company.
  • Ensure the online banking website you are logging into is secure and starts with https://
  • Check website addresses carefully and set up favorites for frequently accessed websites.
  • Never use someone else's computer to access your account unless it has anti-virus protection.
  • Avoid logging into online banking at wireless hotspots and internet cafés.
  • Always use the sign off button to end your online banking session.
  • Check your account activity daily. Report any unauthorized transactions immediately.
Florence Bank will NEVER call or email you and ask for your passwords, account numbers, or other confidential information. Do not respond to these types of requests. Call the Bank immediately. 


Report Fraud

If you suspect your Florence Bank account has been compromised, contact us immediately at 413-586-1300 or reportfraud@florencebank.com immediately.  

Debit Card Fraud 

If you suspect your debit card has been compromised, call us during regular banking hours at 413-586-1300 or after hours at 800-264-5578 to immediately disable your card. If you use online or Mobile Banking you can deactivate your card to prevent further unauthorized debit transactions.

Email Fraud 

If you have provided information about your Florence Bank account in response to an email, call us at 413-586-1300. If you specifically provided information about your ATM or Debit Card, call us during regular banking hours at 413-586-1300 or after hours at 800-264-5578 to immediately disable your card.

Check Fraud 

If your checks have been lost or stolen, you didn't receive your bank statement, or you see check transactions on your statement or online banking account history you did not make, contact us immediately at 413-586-1300.

Identity Theft 

If you provided personal information or believe your personal information has been stolen, visit the Identity Theft section at OnGuardOnline.com for steps you should take. If one or more of your Florence Bank accounts have been compromised as a result of Identity Theft, please contact Florence Bank as soon as possible.
About Reporting Fraud


Warning Signs

Warning signs that your system/network may have been compromised include:

  1. Inability to log into online banking (thieves could be blocking customer access so the customer won't see the theft until the criminals have control of the money)
  2. Dramatic loss of computer speed
  3. Changes in the way things appear on the screen
  4. Computer locks up so the user is unable to perform any functions
  5. Unexpected rebooting or restarting of the computer
  6. Unexpected request for a one time password (or token) in the middle of an online session
  7. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
  8. New or unexpected toolbars and/or icons
  9. Inability to shut down or restart the computer
  10. Email account flooded with spam
  11. Unexpected email alerts related to password changes, new payees, or ACH/Wire initiation/approvals.

Incident Response Plan

Business Risk Assessment and Layered Security

Florence Bank joins FFIEC and the financial regulatory agencies in strongly urging business account holders to conduct internal assessments to ensure the highest level of security possible for your transactions. To ensure the safety and security of your account, we urge business account holders to:

  • Conduct periodic assessments of your internal controls
  • Use layered security for system administrators
  • Initiate enhanced controls for high-dollar transactions
  • Provide increased levels of security as transaction risks increase
  • Take advantage of additional verification procedures offered by the Bank
Business customers are also urged to create an incident response plan in the event fraud does occur. The incident response plan will be unique to each business, but at a minimum should include:

  • The direct contact numbers of key bank employees;
  • Steps the business should consider to limit further unauthorized transactions, such as:
  • Changing passwords;
  • Disconnecting computers used for Internet banking; and
  • Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
  • Information the business will provide to assist the bank in recovering their money;
  • Contacting their insurance carrier; and
  • Working with computer forensic specialists and law enforcement to review appropriate equipment.

While urging business account holders to conduct additional assessments and incident response plans, rest assured that Florence Bank uses multi-factor authentication to protect your online account(s). Whenever increased risk to your transaction security might warrant it, we have additional verification procedures such as:

  • Fraud detection and monitoring
  • Dual customer authorization
  • Out-of-wallet challenge questions for high risk transactions
  • Transaction value thresholds
  • Internet protocol reputation based tools
  • Policies and practices for addressing customer devices
  • Account maintenance controls
If you notice suspicious activity within your account or experience security-related events, please contact us immediately.

Types of Fraud

Internet fraud is the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them. Internet crime schemes steal millions of dollars each year from victims and continue to plague the Internet through various methods. Several high-profile methods include the following:
 

Phishing – The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise to scam the user into surrendering private information that will be used for identity theft. This also includes more targeted attacks such as spear phishing and whaling.

Vishing – The telephone equivalent of phishing. Vishing is the act of using the telephone to scam the user into surrendering private information that will be used for identity theft.

Spamming – Electronic junk mail or junk newsgroup postings.

Spoofing – A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

Ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid.

ATM Skimming - A method used by criminals to capture data from the magnetic stripe on the back of an ATM card. Devices used are smaller than a deck of cards and are often fastened in close proximity to, or over the top of the ATM's factory-installed card reader. ATM skimming is a world-wide problem.

Debit Card Fraud - Debit card fraud occurs when a criminal gains access to a customer’s debit card number and, in some cases, PIN, to make unauthorized purchases and/or withdraw cash from the customer’s account.

Smishing - A compound of 'phishing' and 'SMS'. SMiShing (SMS phishing) is a type of a phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone.


Resources 

For more ways to learn about online safety and security, visit these websites:



The Small Business Administration's (SBA) website (Type the key word “cybersecurity” within the search tool of the website. )

The Federal Trade Commission's (FTC) - interactive business guide for protecting data

NACHA – The Electronic Payments Association's website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers

ICC Cyber Security Guide for Businesses (Guide can be accessed and downloaded by clicking here.)

Information Security Laws and Standards Affecting Business Owners

In addition to securing their own data and systems, businesses are also required to safeguard their own customers' sensitive information. There are two major information security laws and standards affecting business owners today.

1. Effective March 1, 2010, the Office of Consumer Affairs and Business Regulation required full compliance with regulation 201 CMR 17.00 which sets out the standards for the protection of personal information of Massachusetts residents. Businesses that store, maintain, process or otherwise have access to personal information acquired in connection with employment or with the provision of goods or services to a Massachusetts resident have a duty to protect that information. Businesses are required to develop and maintain a Written Information Security Program ("WISP") to safeguard such information. For more information about this regulation, click here.

2. The Payment Card Industry Security Standards Council was launched in 2006 to manage security standards related to card processing. Any merchant that accepts credit or debit cards for payment is required to secure their data based on the standards developed by the council. The PCI Security Standards Council's website notes that noncompliance may lead to lawsuits, cancelled accounts, and monetary fines. The website provides information for small business compliance.