Frequently Asked Questions
What measures can I take to further protect my personal information?
In addition to technology deployed by bankESB to ensure customer safety, Users should utilize these additional security guidelines:
- Consider conducting online banking from a PC that is not used for internet or e-mail access.
- Review and reconcile your accounts on a daily basis and report any suspicious activity to bankESB immediately.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Easthampton Savings Bank will never call you and ask for personal or business information over the telephone or request information via e-mail.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Create a strong password with at least 5 characters, 1 uppercase character and with at least one number.
- Prohibit the use of “shared” usernames and passwords.
- Change your password periodically throughout the year.
- Never share or write down your usernames and/or passwords.
- Install anti-virus software and ensure it is updated regularly.
- Complete a periodic scan of your PC using your anti-virus software.
- Ensure computer updates are completed regularly or as requested, particularly operating systems and key applications. It is often possible to sign up for automatic updates or update notifications for your operating system and many applications.
- Consider installing a spyware detection program or software.
- Verify use of a secure session by noting the https (not http) in the browser’s web address bar and looking for the picture of the lock in the bottom right hand corner of your browser.
- Avoid using automatic login features that save usernames and passwords for online banking.
- Never leave a computer unattended while using any online banking.
- Never register a computer to use your bankESB Online Banking at Internet cafes, public libraries, etc.
How does https work to secure my information?
Web browsers will encrypt text automatically when connected to a secure server, evidenced by an address beginning with https. The server decrypts the text upon its arrival. This process protects against anyone "listening in." They would only see unreadable gibberish. bankESB deploys https in all areas where private information is input or accessed.
How can I prevent becoming a victim of fraud or identity theft?
The number and sophistication of fraudulent activity will continue to increase. As a general rule you should be very careful about giving out your personal information over the Internet.
- Be suspicious of any e-mail with urgent requests for personal financial information.
- Don't click the links in an e-mail, instant message or chat if you suspect the message might not be authentic or you don't recognize the sender or user's address.
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser. Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line as well.
- Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- Ensure that your browser is up-to-date and security patches have been applied.
- Always report "phishing" or "spoofed" e-mails.
What is Phishing?
Phishing is a type of fraud. The term "phishing" (pronounced fishing) refers to a scam that tries to obtain and use an individual’s personal or financial information in a fraudulent manner. Generally a person will experience the following process from a fraudster conducting a phishing scam:
- A consumer receives an e-mail, which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site actually belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
How can I protect my Online Banking User Name and Password from being compromised?
Your User Name and Password can be compromised in a variety of ways, by responding to a phishing e-mail, via a keylogger or Trojan horse virus that was installed on your PC through a fraudulent e-mail or by someone with whom you may have shared your User Name and Password. Your User Name and Password are critical components of securing your data therefore to protect them from being compromised you should never share them with anyone or write them down.
What is a keylogger or Trojan horse?
Keylogger access is often downloaded inadvertently by users clicking on links in fraudulent e-mails and poses a dangerous threat to user privacy. A keylogger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a pre-determined remote location. It also can capture screenshots of the user activity, log-in passwords, record online chat conversations or take different actions in order to find out what a user is doing.
Trojan horse programs (including Remote Access Trojans or RATS) can be hidden in games, videos, music files or programs downloaded from the Internet or e-mail. The download installs a malicious program on the target's computer. Many anti-virus programs will detect and remove Trojan horse programs, but must be regularly updated to be effective.
Does bankESB provide further security services?
bankESB provides other security services to assist in your personal information protection. These services include ID Theft 911 and FraudWatch Plus. For further information on either of these services please visit the bankESB Security Center at bankesb.com.
What security does bankESB provide for online banking and mobile services?
ESB’s provides layers of security protection by deploying the following functionality in online banking:
- Use of https 128 Bit encryption
- Multi-Factor Authentication functionality
- Challenge questions, secure access codes, and/or one time passwords via SMS
- Anti-phishing functionality
- Security & Account Alerts
ESB deploys a risk and fraud analytics program which monitors online banking behavior and identifies transaction irregularities. This service provides the opportunity to identify and provide a quicker response to attempts to commit fraudulent activity.
Mobile banking is a fast and convenient way to access account information and make transfers on the go. Mobile devices are however often easily lost or stolen. To ensure the protection of your information some functionality is not available in the mobile banking environment such as:
- Password Changes.
- Security Information Changes which includes the Challenge Questions and the Challenge Picture for Multifactor Authentication.
- User ID Changes.
- Contact Information Changes including email address.
- Payee Creation or Changes.
It is also important to note that there is no data stored on your mobile device aside from a cookie that holds information on the device itself.
I keep hearing a lot about encryption? What exactly is it, and why does it make everything more secure?
Encryption refers to complex algorithmic schemes that encode plain text into non-readable form or cyphertext. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form. The key is the trigger mechanism to the algorithm, all communication from you to the system, and from the system to you, is encrypted using a maximum of 128 bits which is the current standard for encryption.
Is it ok to send my personal or account information via e-mail?
No. Regular e-mail is not secure. Never e-mail personal financial information such as account numbers or your Social Security number.
Is it ok to provide my PIN or password when asked?
No. Easthampton Savings Bank will never ask for your PIN or password. We have implemented alternative methods of verifying your identity.
Does bankESB use https as a way for me to identify that I am on a secure site?
Yes bankESB uses https for any secure areas on its website and for online banking and online account services.
What are some tips to keep my mobile banking experience safe?
Here are some tips and general good practices for banking on your mobile device:
- Download and apply security updates and patches to your mobile browser when they are made available by your wireless provider. These are designed to provide you with protection from known possible security problems.
- Research your mobile device to determine its vulnerability as some devices are more vulnerable than others.
- To prevent viruses or other unwanted problems, do not open attachments from unknown or untrustworthy sources.
- Do not install pirated software or software from unknown sources.
- Limit unauthorized access to your mobile phone. Do not leave your mobile phone unattended during an open mobile banking session.
- Never save your User ID and Password in the mobile phone, in memos, or anywhere on your device.
- Always remember to log off properly using the "Sign Off" button when you have completed your mobile banking activities.
- Be aware of the potential for fraudulent mobile banking apps.
What if I suspect I've been "phished" or how do I report Identity Theft?
If you suspect that your accounts have been compromised report the incident right away by calling an bankESB Representative at 855-527-4111. You may also contact bankESB’s Identity Theft 911 Services at 1-877-432-7463 if you are a subscriber.
Not a subscriber? Find out more information.