Online Security & Privacy
Tompkins Supports Cyber security Awareness Month (NCSAM)
How We Protect You
The following security features implemented at Tompkins VIST Bank provide another layer of protection against criminals targeting ACH, wire transfers, and online banking:
- Trusteer Rapport (Endpoint-centric fraud protection)
- Online Banking account fraud and identity theft protection
- LookingGlass Protected - Third-party service providing 24/7 security event monitoring and alerting
- Fraudulent ACH transaction controls
- Positive Pay
- Debit Card Protection
Multiple Levels of Authentication
The use of Multiple Levels of Authentication protects the privacy and the security of your personal information. This security feature uses a unique image together with a unique phrase to help certify that you are entering the bank’s website, and not a fraudulent look-a-like site. Additionally, this security feature provides you with added safety by helping us to identify you and prevent unauthorized access to your accounts.
When you visit your branch office, you can identify us and we can identify you. Your unique image and phrase enables you to identify us over the Internet. When you enroll in multi-factor authentication, you select both an image and a phrase known only to you. Whenever you log in, the image and phrase are displayed so you can be sure that you are accessing our real website, and not an impostor site.
We can identify you by checking any computer that you are using to access our website. Typically, you access our website from one or two computers, such as your work and home machines. Either way, our website will remember your computer, preventing potential fraudsters from logging in to your account even if they acquire or guess your login ID and password. Should you need to login from a different computer, such as from an Internet café, additional steps are taken to verify your identity through a series of challenge questions that you set up during enrollment.
Above all, this security feature provides a significant increase in the security of your online banking over standard login ID and password authentication.
Logging in to Online Banking
If you mistype your password, or make another login error, three times the system will lock you out. This feature is a security item that helps protect the system, the financial institution, and your data. If this happens to you, contact your financial institution representative.
Warning: If you do not recognize your Login Image and Phrase, do NOT enter your Password.
The LookingGlass Protected Seal is a trust mark displayed on the Web sites of organizations that utilize LookingGlass Anti-Phishing™ to provide early detection and immediate take down of malicious phishing sites. The seal indicates to consumers and site visitors that the organization is serious about proactively protecting its customers from online fraud and identity theft.
For criminals, phishing has become one of the most common and effective online scams. The schemes are varied, typically involving some combination of spoofed junk (spam) email, malicious software (malware), and fake Web pages to harvest personal information from consumers.
To address the phishing threat, leading organizations are using an intelligence-led approach to security – one that provides early warning of phishing attacks and other risks to protect their customers from online fraud. LookingGlass Anti-Phishing enables organizations to quickly identify, shut down and recover from online scams that mislead customers through fraudulent use of their corporate identity.
The protection of your bank information is our highest priority at Tompkins VIST Bank. In today's environment of increased fraud and data breaches at major retailers, we are continually reviewing procedures to assure the security of your finances. Here are some things to keep in mind when using your debit card:
- It is always best to do a signature based transaction with your Tompkins VIST Bank debit card. However, if your card is declined but you know you have the funds available, please try your transaction again as a debit transaction and use your PIN (Personal Identification Number.)
- Planning to travel? If you are going away on vacation or business, please notify us. This will avoid a service interruption that may be generated by our fraud protection service.
For any issues with your debit card, please contact Card Services at 877-282-0444.
Don’t be Scammed
Some customers have reported receiving automated phone calls requesting account information. Tompkins VIST Bank will never use an automated phone system, text or email to solicit personal, account or card information. As a reminder, do not reply to (or link from) an email, text, phone call or letter requesting sensitive data – even if it seems legitimate – as this could potentially send your information right into the hands of scammers.
Phishing Using Email
We caution consumers to be on the lookout for phishing scams in which various fraudulent emails, claiming to come from the bank, that ask you to click on links to update account or personal information. These are not legitimate emails from the bank; instead, they are fraudulent emails sent as part of a scam in which criminals try to trick people into divulging their confidential information. Do not click on any links in these emails or respond with any confidential information such as account numbers, debit card numbers or Social Security Numbers. Clicking on a link in this type of email could expose a computer to malicious software that could track keystrokes, potentially giving the scammers private information such as account passwords. Fraudulent emails such as these may look official, sometimes including the company logo.
Please contact us if you have questions about whether a communication you’ve received is legitimate.
Phishing Using Phones
Some phishing scams use phone calls to gather confidential information, via automated phone call or email saying an account or debit card has been compromised. The scam asks that a phone number be called to resolve the issue, which requests private information is entered in to the phone to verify identity. These types of phone-phishing scams, sometimes called “vishing,” have become more common with the increasing popularity of Voice over Internet Protocol (VoIP), which allows telephone calls to be made from computers instead of from traditional phones. Once the information is entered it is compromised and the scammer moves onto his next victim.
Phishing Using Surveys
These phishers send out a survey, claiming that they represent a bank or another company. The survey may start out with harmless questions to get you comfortable with responding, but then they ask for confidential information. Often, people are told they will receive a gift certificate or other reward for participating. This technique has been used over the phone in the past, but is now being used online as well. The bank will never ask for private or account information via survey.
Phishing Using Customer Authentication
This scam usually involves an email saying that your Online Banking account has been accessed from multiple computers and will be shut down unless you click on a link, which then asks you to input your account number and password. If you receive this type of email, it is a scam; delete it without clicking on the link or responding.
In another variation, you may receive an email telling you that you need to click on a link to set up “challenge questions” that the bank would then use to confirm your identity during any future logins. The bank does ask you to establish security questions and answers, but only AFTER you’ve logged into Online Banking and confirmed your identity.
Unlike phishing, scammers using a technique called “pharming” don’t lure their victims with emails. Instead, they install malicious software or use other techniques to re-direct a user to a fraudulent website – even if the user types the correct address into their browser or uses an existing bookmark for their bank’s website. So how can users protect themselves? If you’re going to enter confidential information on a website, first check to be sure the site has a valid certificate from a service such as VeriSign®. Click on the padlock icon in the browser’s status bar to see the certificate, and check to be sure the name on the certificate matches the website.
Regularly run anti-virus and anti-spyware software to update your computer with the latest security patches and a firewall. If you notice something suspiciously different about the way your Online Banking is functioning, call the bank to verify that you are using the correct site.
A new scam gaining popularity among criminals involves “key logging.” Key logging software records everything that is typed on your computer, including password information, and sends the information to an outside party. The unwanted software, sometimes referred to as “spyware,” “adware” or “key logging software,” usually infects a computer in the form of a virus attached to an e-mail or other type of download. Many times, these downloads are bundled with free program offers. If you click to install a free program and click “Agree” to the End User License Agreement without reading it fully, you may be unknowingly granting permission to download spyware along with the free program.
Some signs that your PC may be infected by unwanted software include:
- A slowing of your computer, both offline and online
- An unexpected increase in unsolicited e-mail or messages sent without your knowledge
- Strange browser behavior, such as increased pop-ups or unexplained changes to your home page settings and website favorites.
To lessen your risk of key logging, avoid downloading software from sources that you do not know and trust. Also, make sure you have up-to-date antivirus protection installed on your PC. Antivirus software provides protection against viruses that compromise your computer’s security. Once installed, make sure you keep your antivirus software updated. Click here to learn more about Trojans and Keystroke Logging.
Tips To Protect Your Personal Information Online
Whether you are banking online or not, you should always take the necessary steps to prevent theft of your financial information. By staying knowledgeable about possible Internet and e-mail scams, you will be better prepared to protect yourself. Here are tips to protect your personal information online.
- Keep all of your passwords private and do not share them with anyone.
- Refrain from disclosing your personal information through unsolicited e-mails and telephone calls. Beware of e-mails that may warn of dire consequences unless you validate your information immediately. Contact the sending company to confirm the e-mail’s validity using a phone number or Web address you know to be genuine.
- Always use the logout button to discontinue your Online Banking session and then close your browser.
- Immediately leave any site that appears suspicious or seems to not perform the function that it claims to provide. Carefully check the spelling of a web address so as not to be fooled by a fraudulent site that is identical to the legitimate site. Often fraudulent site URLs can differ from legitimate site URLs by only one stroke or character.
- Be careful about what you install or download to your computer. Avoid downloading software from sources that you do not know and trust.
- Read the complete End User License Agreement before clicking “Agree” when downloading any software.
- Be suspicious of any information collecting webpage that does not have a home page or a home page with an “under construction” message.
- When using an online site for banking or other consumer activities, carefully read the site’s privacy and security statements. Always look for the padlock icon on your Internet browser.
- Maintain up-to-date virus protection and use a personal firewall on your PC. If you use MS Windows, install up-to-date service packs.
- Review your online credit card and bank accounts to make sure there are no unauthorized charges. Also, review all account statements as soon as they arrive by mail or are available online.
- If you notice any unauthorized activity on your accounts, please contact us immediately so we can take steps to protect your bank accounts.
- If you believe you have responded to a fraudulent email or website, please send a copy of the email and/or a link to the suspicious site to ibankVIST@tompkinsfinancial.com
For more information on Internet/e-mail scams and identity theft issues, visit the Federal Deposit Insurance Corporation, Federal Trade Commission, the National Consumers League, or the OCC Consumer Protection News.
With rigorous safeguards and controls in place, Tompkins VIST Bank is doing everything in its power to protect your identity. Unfortunately, however, the privacy and security of our customers' information can be compromised in a number of different ways other than through your bank. For this reason, here are some tips on how you can take steps to lower your risk of identity theft and fraud.
Secure Your Social Security
Don't carry your social security card in your wallet. If a company utilizes your social security number as your customer number, ask them to change it. Avoid giving out your social security number unless it is absolutely necessary - such as to a government organization or when obtaining a new job - and always ask why providing your social security number is required.
If someone posing as a bank, store or other enterprise contacts you to provide/verify sensitive information such as account numbers or passwords, be wary. Legitimate companies do not request this type of information through solicitations. If you receive such a request, contact (or visit if possible) the bank, company or website directly and verify why the information is required. Do not directly reply to (or link from) an email, phone call or letter requesting sensitive data - even if it seems legitimate - as this could potentially send your information right into the hands of scammers.
IMPORTANT: Tompkins VIST Bank will never email you to solicit personal, account or card information.
Use a micro-cut, cross-cut or "confetti" shredder to dispose of bank statements, credit card bills, convenience checks, old credit cards and other items with personal information. Scammers use these items to open new accounts in your name or withdraw on your existing accounts.
Guard Your Cards
Make a phone list of your credit card issuers (usually found on the back of each card) and store in a safe place. In the event that your cards are lost or stolen, having these phone numbers will enable you to contact the card issuer quickly, minimizing your liability. Also, be sure to shred any "pre-approved" card offers before disposing of them. You can minimize the number of pre-approved offers you receive by calling 1-888-5-0PT-OUT (1-888-567-8688). Finally, never write your full credit card number on a check. Instead, write "ends in" and then the last 4 digits of your card number. This is all companies need to match you to your payment.
Carefully review your credit card statements as soon as they arrive, checking to ensure that you made all of the charges that are listed. If there are any discrepancies or suspicious charges, contact your credit card company immediately.
Keep your social security card, passport, birth certificate and other important cards and documents in a locked location, such as safe-deposit box or locked file cabinet. Carry only what you need when going out, leaving extra credit/debit cards at home.
Manage Your Mail
Be sure to collect your mail as soon as possible. A box bulging with letters, bills and catalogs are an identity thief's dream and your worst nightmare. If you are not able to pick up your mail for an extended period of time, have a neighbor collect it or request that the post office hold it for you. Bring any outgoing mail to the post office or drop it into a secure drop box - placing bill payments in your personal mailbox can provide identity thieves easy access to all the information they need to start racking up fraudulent charges in your name. If you must place outgoing mail in your box, do not raise your mailbox's flag - your letter carrier will know to collect your outgoing mail even if the flag isn't used.
Computer passwords should be at least 8 characters, utilizing a combination of letters and numbers. Protect your computer with a firewall and spyware detection and virus protection software. Update and run spyware detection and virus protection software at least once a month. Do not open emails or files - or click on hyperlinks - that come from unknown sources.
When disposing of an old computer, be sure to wipe or destroy the hard drive first. Properly wiping the data from a hard drive requires special software, as simply deleting files - and even formatting the drive - leaves your data intact enough that even a novice thief could recover your information. If you do not have the adequate "wiping" program, then remove your hard drive from the system and destroy it... open the old drive, tear it apart, scratch and break the hard disk, etc. The key is to sufficiently destroy the disc and its contents to render them completely unrecoverable.
Don't be a victim of Social Engineering!
What is Social Engineering?
Social Engineering is a method used to steal personal or secure information by tricking or convincing you into revealing it. This information is then leveraged to access bank accounts, personal records, etc. Things such as online IDs and passwords, your mother's maiden name, your social security number, previous addresses, where you have your mortgage, how much is the payment, who you work for and how you get your paycheck, what your first dog's name was, where you were born, etc.
When they call and say they are from your bank. If they really are from your bank, they DON'T need this information.
All these pieces of information can be leveraged to get more information such as passwords from other sources, such as your bank, or to access your accounts through the internet.
Social engineering is usually successful because you want to trust people and provide as much help as possible when you're being asked questions. Then when it happens, you don't even realize you were robbed of personal information.
Historically, social engineering was used to cause problems or obtain notoriety by the hacker, but today it's typically to access financial systems to steal your money.
There are several common tricks to access information, such as:
- Dumpster Diving, Looking through your trash
- Social Engineering – phone, texts, emails, mailers
- Deception – Trying to convince you that they need information
- Shoulder Surfing – Looking over your shoulder to see what they are typing.
- Social Networks – Facebook and Twitter
Key Points to Remember
- Don't give out personal information, such as best friends name, your first dog, the color of your first car, your first job, where you were born, or where you live to strangers or to people who say they are contacting you from a known company.
- NEVER share your user name or password, Social Security Number or Account numbers with anyone.
- Our Bank will NEVER call for your user name or password.
- Report spam/fraud to ibankVIST@tompkinsfinancial.com
- Be alert to anyone that might be trying to watch or listen to the information you’re communicating, if related to personal data or financial topics
Protect Your Personal Information.
At Tompkins VIST Bank the security of your personal information is important to us. As you may be aware, scammers are posing as Microsoft employees in an effort to steal your hard-earned money.
The first major tech scam of 2016 starts like this: you receive a phone call from a blocked or international number and the caller claims to work for Microsoft. They say that you have viruses or malware on your Windows PC and it needs to be fixed. They then demand payment by credit card or another online payment system. If you resist, they become threatening and say they will destroy data. If you receive calls like this, be sure to hang up right away.
Although this scam is done over the phone, it is important to be mindful of your emails as well. As always, be very careful with any email claiming to be from Microsoft. Do not click on any link or open any attachment. If you would like to read more regarding this tech scam and other information, visit Microsoft's tip page.
Situations like this are why we have partnered with Trusteer Rapport, a leading expert in financial security, to offer online fraud protection software. The software is customized to protect users of Tompkins VIST Bank Online Banking - at no cost to you. We provide this service for free to keep your online banking experience safe and secure.
Trusteer Rapport is online fraud and identity theft protection software that protects your User ID, password, and other information from fraudsters. It also helps prevent malware and fraudulent websites from stealing this sensitive information. Visit our Trusteer Rapport page to learn more.