Protecting Your Information

First Fiat Private Bank is committed to client protection and to helping you keep your identity and information secure.

We have compiled a description of bank security practices and actions you can take to help protect you and your personal information. If you believe you have been a victim of identity theft, please contact your Private Banker immediately.

First Fiat Private Bank believes keeping your personal, business, and account information secure is of utmost importance to our valued clients.

We have built a number of security features into our Online Banking services to ensure the protection of your data and keep you worry free.

Secure Access and Verification of User Authenticity

• To begin an Online Banking session, you must key in a user ID and password. The user ID and password are on separate pages and encrypted for security purposes.
• Our system has technology to recognize if your computer has attempted to make access. We can validate your device (PC, laptop, mobile phone, tablet) user name and password.
• You may be asked to validate your identity through a one-time security code via a phone call or SMS (text) message. If a phone is unavailable, you will be asked to answer a series of questions obtained from public records to validate your identity.
• Our system also uses a “three strikes and you are out” lockout mechanism to deter users from repeated login attempts. You must contact the bank to have your account unlocked.
• When using Online Banking, account numbers will be masked (only the last four numbers of the account number are shown) for security purposes.
• To provide additional protection, a timeout feature automatically logs a user out of Online Banking after an extended period of inactivity on the site.

Secure Data Transmission

After the server session is established, the user and the server are in a secure environment. Because the server has been certified as a 128-bit secure server (the highest level commercially available), data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. SSL utilizes highly effective cryptography techniques between your browser and our server to ensure the information being passed is authentic, cannot be deciphered, and has not been altered en route. Your browser will indicate when you are in a secure session with a closed padlock icon. You will also see https:// in your browser’s URL address bar, indicating that you have established a secure link.

Router and Firewall

All requests for information must filter through a router and firewall before they are permitted to reach the server. A router (a piece of hardware) works in conjunction with the firewall (a piece of software and hardware) to control traffic and authorize legitimate transactions passing over the network. You can feel secure knowing that our firewall protects your personal information from unauthorized access. The system is monitored 24 hours a day, 7 days a week for a wide range of anomalies to determine if attempts are being made to breach our security network. As an additional measure of security, our servers reside in a secure data center.

User Responsibilities

While First Fiat Private Bank continues to evaluate and implement the latest improvements in internet security technology, users of our Online Banking services also have a responsibility for the security of their information and should follow the recommendations listed below:

• Keep your password, user ID, security questions, and any other personal information confidential to prevent unauthorized access to your account(s).
• Do not use your Social Security Number, birth date, or other personal data that would be easy for someone else to guess as your password.
• Change your password often and contact us immediately at +1 (254)2245086  if you believe your login information has been compromised. An e-mail will be sent to your e-mail address on record and posted to your Online Banking message inbox to inform you of any password changes made.
• Never leave your computer unattended while logged on to the Online Banking system.
• Check to ensure the website address begins with https:// and that a closed padlock icon appears to ensure your session is secure.
• When you are finished with your transactions, always click the “Sign Off” button to exit your Online Banking session and prevent further access to your account(s).
• Only use the secure e-mail service provided within our Online Banking (click Customer Service, Contact Us) when sending or requesting account or personal information. Do not send confidential information via a general or public e-mail system.
• Install and update virus protection software to reduce the risk of computer viruses. Never allow a virus to remain on your computer while accessing the Online Banking system. Use extreme caution when opening e-mails from unknown sources and pay special attention to any links or attachments. If you suspect an e-mail may contain a virus, delete the e-mail immediately.
• Check your account and transaction history details regularly. Immediately report any unauthorized Online Banking transactions or password compromises to First Fiat Private Bank.

Liability Limitations

The Electronic Fund Transfers Act, in conjunction with Regulation E, limits the liability for unauthorized electronic fund transfers that occur in your account if you notify the bank within certain timeframes. Regulation E applies for accounts owned by natural persons for personal, family, or household purposes. It does not cover accounts established for business purposes.

We reserve the right to revise this Security Statement at any time by posting a new Security Statement to alert you of the changes.

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING AN ACCOUNT WITH First Fiat Private Bank

To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

When you open an account, we will ask for your name, physical address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents. We apologize for any inconvenience this may cause; however, federal law prohibits us from waiving these requirements.

We proudly support all efforts to maintain our customers’ confidentiality and to protect our country.

Identity theft is the fastest growing crime in America

What is Identity Theft?

Identity theft occurs when someone uses your personal information, such as your name, Social Security Number, or bank account number without your permission to commit fraud or other crimes. Examples include the use of your name and personal information to open new credit card accounts, establish new bank accounts, forge checks, and even apply for loans. Some clues that could indicate your identity may have been stolen include failing to receive bills or other expected mail, receiving credit cards for which you did not apply, denial of credit for reasons that are not apparent, or receiving calls from debt collectors or companies about merchandise or services you did not purchase. While you can’t entirely control whether you will become a victim, there are steps you can take to minimize your risk. Many of these steps also can pertain to business practices.

How Does Identity Theft Occur?

Skilled identity thieves use a variety of methods to steal your personal information, including:

• Dumpster Diving. Thieves rummage through trash looking for bills or other documents containing personal information.
• Skimming. A credit/debit card number is stolen when processing your card using a special storage device.
• Phishing. A high-tech scam that uses spam or pop-up messages to deceive you into disclosing personal information.
• Address Changes. Thieves frequently divert billing statements to another location by completing a false “change of address” form.
• Physical Theft. This is committed by stealing wallets, purses, and mail, such as pre-approved credit card offers, bank statements, or new check orders.
• Pretexting. This is a form of social engineering in which a thief lies about his identity or purpose to obtain an individual’s personal information.

What Can You Do To Help Fight Identity Theft?

First Fiat Private Bank has strict procedures for protecting and monitoring our clients’ accounts and personal information. The following are a few tips you can use to reduce the risk of identity theft:

• Protect Your Social Security Number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only when absolutely necessary.
• Shred Documents. Shred financial documents and personal information before discarding.
• Review Your Credit Report. Federal law requires the major nationwide credit reporting companies (Equifax, Experian, and TransUnion) to provide you with a free copy of your credit report every 12 months upon your request. Visit www.AnnualCreditReport.com or call 1-877-322-8228 to request your free copy.
• Never Click on Links in Unsolicited E-Mails. E-mails requesting account information and passwords should be scrutinized carefully, particularly if the information is needed to “award a prize,” “verify a statement,” or “verify information on file.” These may be phishing scams. Use updated firewalls, as well as anti-spyware and anti-virus software to protect your home and business computers from viruses.
• Protect Your Passwords. Use passwords that are hard to guess and memorize them. Avoid using predictable codes such as your birth date, mother’s maiden name, or Social Security number.
• Keep Personal Information Secure.
  • Personal information not secured at home can be at risk, especially if you have roommates, employ outside help, or are having work done in your house.
  • Do not give out personal information on the phone, through the mail, or over the Internet unless you initiated the contact and know who you are dealing with.
  • Avoid disclosing personal information when using public wireless connections.
  • Deposit outgoing mail in post office collection boxes rather than in your curbside mailbox.
  • Additional tips can be found under ATM & Debit Card Safety Precautions in the Client Protection section of this website.
• Monitor Financial Statements. Carefully monitor bank and credit card accounts regularly for unauthorized charges by checking account information over the phone, at ATMs, or on the Internet. Immediately report any suspicious activity to your financial institution. If you do not receive a statement or bill as scheduled, contact the company to determine why, as it may have been diverted by an identity thief.

Other Fraud-Related Resources

The following is a list of links that may provide additional information on common fraud schemes:

Federal Bureau of Investigation
Go to http://www.fbi.gov/scams-safety for more information.

Federal Reserve Bank
Go to http://www.richmondfed.org/banking/education_for_bankers/fraud_awareness/index.cfm for more information.

LooksTooGoodToBeTrue
Go to http://www.lookstoogoodtobetrue.com for more information.

Internet Crime Complaint Center
Go to http://www.ic3.gov/default.aspx for more information.

BankersOnline
Go to https://www.bankersonline.com/articles/107233 for more information.

Consumer Federation of America
Go to http://www.consumerfed.org/index.php/consumer-privacy/fraud for more information.

What Should You Do If You Are a Victim of Identity Theft?

First Fiat Private Bank is ready to assist you where needed if you are an identity theft victim. Please ask us for an “Identity Theft Tool Kit” to help you get the process started. It is recommended that you follow these steps where necessary as soon as you become aware of identity theft:

• Contact Financial Institutions. Contact First Fiat Private Bank immediately if the fraudulent activity is related to your bank account(s). Review the activity on all of your accounts, including checking and savings accounts, debit cards, loans, and other banking accounts and look for changed addresses, changed Personal Identification Numbers (PINs), or new cards ordered. Notify the fraud departments of credit card companies, as well as other banks and lenders, of the potential fraud. Close the accounts that you know or believe have been tampered with or opened fraudulently. Change your Online Banking username and password immediately.
• Contact the Police. Immediately call the local police or the police in the community where the identity theft occurred and file a report. The police can initiate an investigation and you can obtain information from the police report, which you will likely need to address credit report and account issues.
• Complete an Affidavit Form. First Fiat Private Bank, as well as many financial institutions and law enforcement agencies, may require you to complete an “Identity Theft Victim’s Complaint and Affidavit” form. The Federal Trade Commission (FTC) developed the Affidavit form for use by victims of identity theft.
• Contact Credit Bureaus. Contact the toll-free number of any of the three consumer reporting agencies below to place a “fraud alert” on your credit report. You only need to contact one of the three agencies, because the first agency you contact is required to report the alert to the other two, which will then place an alert on their versions of your report.

           Equifax:   1-800-525-6285    http://www.equifax.com
           Experian:   1-888-397-3742    http://www.experian.com
           TransUnion:   1-800-680-7289    http://www.transunion.com

Request a statement be shown on the report whereby creditors contact you to verify future credit applications. Once a fraud alert is placed, you are entitled to one free copy of your credit report from each of the agencies. Review each credit report carefully once received. Look for inquiries from companies you have not contacted, accounts you did not open, and debts on your accounts that you cannot explain. Continue to check your credit reports periodically to ensure no new fraudulent activity has occurred.

Protect yourself from phishing and other online scams

What is “Phishing”?

“Phishing” is a scam that uses email, pop-up messages, fraudulent websites, or spam (junk email) to deceive you into disclosing personal financial information such as credit card numbers, Social Security Numbers, bank accounts, passwords, and other sensitive information.

Many of these fraudulent emails contain links directing one to a fake website that may resemble one’s bank website or some other trusted entity.  The fake website is designed to trick a person into entering his or her personal information.  The message may ask the person to “update” or “verify” account information.

Certain attachments and links could infect a personal computer with viruses, worms or Trojan Horses that allow criminals to capture keystrokes or other confidential information.

Customer Guidelines to Avoid Becoming a Victim of Phishing

• Our bank will never contact you via email to request personal and/or security information.
• Never enter your social security number or any other personal financial information in response to an email request.
• Never send personal or financial information via unprotected email.
• Never give your personal or financial information over the telephone, unless you initiated the call.
• Review your account statements regularly, online and on paper.
• Use security solutions on your computer to protect you from Internet threats. Anti-virus software, anti-malware software and a firewall are basic solutions.  If you have a broadband (cable modem, DSL, T-1) Internet connection, it is especially important that you have these security solutions.
• Use anti-spyware and anti-adware solutions to keep your computer clean.
• Don’t use easily-guessed or cracked passwords. Use unique combinations of upper- and lower-case letters, and add numbers and symbols.  Change your passwords regularly and don’t use the same password for multiple sites.
• Never click on links in a suspicious email. Instead, open your browser and enter the web site’s domain name (e.g., www.abcbank.com).
• “Patch” your computer operating system (Windows) regularly to close security holes that might be exploited.
• If you have a wireless Internet connection, change the default admin password, do not broadcast your SSID (Service Set Identifier), enable your WEP (Wired Equivalent Privacy) key security (change your WEP key frequently) and implement MAC (Media Access Control) address filtering as four fundamental security measures.
• Always be suspicious of email attachments and web links, even if they appear to be from a trusted source.
• When making purchases online, always make sure the session is encrypted by looking for the “https” in your browser address bar. This indicates Secure Sockets Layer (SSL) encryption is present.
• For further protection when making purchases online, sign up for your credit card provider’s service that requires a personal password to complete online purchases. This way your credit card number cannot be used for online purchases without your password being entered.
• If any websites that you access offer multi-factor authentication at login, utilize this security feature, to prevent anyone, who has access to your login credentials, from logging into your account.

Notify the Credit Reporting Agencies

If you believe you have been a victim of identity theft, notify one of the three major credit bureaus, ask them to place a “fraud alert” on your credit report, and send you a copy of your credit file.  The fraud alert will ask creditors to contact you before opening any new accounts or making any changes to your existing accounts.

• Equifax – 1-800-525-6285
  P. O. Box 740241
  Atlanta GA 30347-0241
  Equifax | Credit Bureau | Check Your Credit Report & Credit Score
• Experian – 1-888-397-3742
  P. O. Box 9530
  Allen TX 75013
  Check Your Free Credit Report & FICO® Score – Experian
• TransUnion – 1-800-680-7289
  Fraud Victim Assistance Division
  P. O. Box 6790
  Fullerton CA 92634-6790
  Credit Scores, Credit Reports & Credit Check | TransUnion

It is a good practice to review your credit reports periodically, whether you have been scammed or not, to ensure the information being reported is accurate.

Notify the Bank

Banks might maintain a special email address to help their customers in these instances.  The email in question could be forwarded to the special email address.

If customers have responded to such an email and provided information about their account(s), the affected customers could call First Fiat Private Bank ’s main telephone number for assistance – (800) 847-7454.

Notify the Proper Authorities

Forward your suspected phishing email to [email protected]

If you believe you’ve been scammed, file your complaint at ReportFraud.ftc.gov

Call the FTC toll-free at 1-877-FTC-HELP (1-877-382-4357)

Contact your local police department and file a report.  Get a report number or copy of the report.  Also, be sure to file the proper affidavits.

You can also file a complaint with the FBI’s Internet Fraud Complaint Center at Internet Crime Complaint Center(IC3) | Home Page

For more information on how to avoid becoming a victim of identity theft, go to Identity Theft | FTC Consumer Information  or call toll-free 1-877-438-4338.

This site also allows you to report your identity theft to the FTC’s Identity Theft Clearinghouse – a government database of identity theft complaints.

You can mail your information to:

Identity Theft Data Clearinghouse
Federal Trade Commission
600 Pennsylvania Ave. NW
Washington DC 20580

This information is shared with consumer reporting agencies, other government agencies and companies where the fraud occurred.

Other Scams

“You’ve won a free gift or the lottery, but…”

Sweepstake and Lottery Scams

Congratulations! You have just won the lottery and will be receiving a certified check for $200,000 U.S. CASH! Many lottery and sweepstake letters, e-mails, or phone calls are not legitimate and often based in international locations such as Canada or Nigeria. Con artists will generally convince consumers to send in money to claim a “prize” and the only thing that separates them from their “winnings” is a fee (for administration, processing, taxes, etc.) and proof of identity. Some general tips to recognize a scam include:

• • You did not buy a ticket. You HAVE to buy a ticket to win a lottery.
  • You do not live in or are not a citizen of the lottery country. Most lotteries are only open to residents of the country or state in which the game is played. It is illegal for U.S. citizens to enter foreign lotteries.
  • You cannot find the lottery name except on sites listing scam e-mails.
  • The e-mail or requestor asks for bank account information, driver’s license numbers, or other personal information.
  • To claim your prize, you might be required to travel overseas at your own expense (and personal risk).

Further information on sweepstake and lottery scams can be located through the Federal Trade Commission – http://www.consumer.ftc.gov/articles/0086-international-lottery-scams or a simple “lottery scams” Internet search will provide other helpful advice and a listing of fake lottery companies.

Nigerian Advance Fee Fraud

This type of fraud first started in Nigeria, but is now prevalent in many countries. You receive an “urgent” letter or e-mail from an alleged “official” representing a foreign government or agency offering the recipient an “opportunity” to share in a percentage of millions of dollars. Common forms of this type of fraud include: disbursement of money from wills, purchase of real estate, transfer of funds from over-invoiced contracts, sale of goods, found monies, or contest/lottery winnings.

The fraudster may offer to transfer large sums of money into a victim’s personal bank account, which would necessitate the victim providing personal information (and possibly future identity theft). Another scheme may require the victim to deposit a check into their account and immediately wire a portion of the money to a third party outside of the country. These are generally counterfeit checks and the victim ends up with nothing but a loss of funds. Further information regarding this type of advance, up-front fee scheme can be found in the following links:

United States Department of State
Go to http://www.state.gov/documents/organization/2189.pdf for more information.

Local Secret Service Office (if you have suffered a significant loss)
Go to http://www.secretservice.gov/field_offices.shtml for more information.

Fake Check Scams

Fake check scams start when someone gives you a realistic-looking check or money order and asks you to wire them money in return. The check is phony and it may take weeks to discover. The bank cannot be sure the check is valid and now wants the money back after the check is returned as a counterfeit. You are responsible for checks or money orders that you deposit, even if they are fake. There is no legitimate reason why anyone would give you a check or money order and ask you to wire money in return. Learn more at http://www.fakechecks.org where you can take a fraud test, review videos, and learn prevention tips. The Federal Trade Commission’s Money Matters at http://www.ftc.gov/bcp/edu/microsites/moneymatters/scam-watch-wiring-money.shtml, also provides helpful advice on avoiding money wiring scams.

What is Smishing?

With “smishing,” instead of a scam e-mail, a bogus text message is received. This is the latest twist on stealing your identity. You may get a text message (or an automated voicemail scam called “vishing”) stating that your account has been suspended (or debit/credit card blocked) and asking you to call a 1-800 number where your account number, PIN, and other data may be requested. Do not respond until you verify the legitimacy of the message by contacting your financial institution directly using phone numbers you are certain about, such as the customer service number on your statement or on the back of your credit card.

Other Fraud-Related Resources

The following is a list of links that may provide additional information on common fraud schemes:

Federal Bureau of Investigation
Go to http://www.fbi.gov/scams-safety for more information.

Federal Reserve Bank
Go to http://www.richmondfed.org/banking/education_for_bankers/fraud_awareness/index.cfm for more information.

LooksTooGoodToBeTrue
Go to http://www.lookstoogoodtobetrue.com for more information.

Internet Crime Complaint Center
Go to http://www.ic3.gov/default.aspx for more information.

BankersOnline
Go to http://https://www.bankersonline.com/articles/107233 for more information.

Consumer Federation of America
Go to http://www.consumerfed.org/index.php/consumer-privacy/fraud for more information.

Automated Teller Machines (ATMs) provide a fast and convenient banking alternative for accountholders.

To ensure your safety when using an ATM, please follow these important safety precautions.

Before you go to an ATM:

• Have your ATM card out and ready to use.
• Protect your Personal Identification Number (PIN) and memorize it. Do not write your PIN on the card or carry it with you, and do not share your PIN with anyone, including family and friends.
• Consider having someone accompany you when the ATM is used after dark.

Choosing an ATM:

• Be alert and aware of your surroundings and use an ATM that is located in an open space with bright lights.
• If someone appears to be loitering around the ATM, go to another location.
• If anything looks suspicious, consider canceling the transaction and leave the area at once.
• If the ATM looks different or appears to have any alterations or attachments to the card slot or PIN pad, do not use it. Immediately report anything suspicious to the bank that operates the ATM.

At the ATM:

• Focus on what you are doing. Don’t use a cell phone or do anything else that diverts your attention.
• Never allow a stranger to assist you in conducting an ATM transaction, even if you have trouble.
• If the ATM retains your card, notify the branch as soon as possible.
• Prevent others from seeing your PIN entry by using your body or hand to shield the ATM keypad.
• If you are in a vehicle at a drive-up ATM, only open your window when you are ready to make a transaction. Keep your doors locked and the engine running.
• When you are finished, put your receipt, card, and money away quickly. Count cash later in the safety of your vehicle, home, or other secure area.
• As you return to your vehicle after your transaction, have your car keys ready and observe the area around your vehicle.
• Go to the nearest public area where people are located if you are followed after making a transaction and call the police.
• If someone does approach you and demands your money, do not resist. Remember everything you can about the person and call the police immediately.

Debit Card Safety Precautions

Debit cards provide added convenience in accessing your accounts. Please consider the aforementioned safety precautions and additional protections listed below when using a debit card.

• Sign your card on the signature panel as soon as you receive it. Always keep the card in a safe place.
• When selecting a PIN, do not use your birth date, telephone number, or Social Security number.
• Never disclose your PIN to anyone. No one should ask for your PIN, including representatives from First Fiat Private Bank.
• Do not disclose information about your card in response to an unsolicited e-mail or request.
• If traveling internationally and using your debit card, contact your local branch to have a bank representative flag your account to avoid interruption in service.
• Look for secure transaction symbols (https:// and a closed padlock icon) when shopping online to ensure your account information is protected. Consider using a credit card instead of a debit card for online purchases, as it may take more time to resolve unauthorized transactions or disputes with debit card fraud and money can be taken directly out of your checking account.
• Block the view of others when using a point-of-sale (POS) terminal in making debit card purchases.
• Check the purchase amounts on the sales receipt before signing. If the amount is different than the amount you owe, let the sales clerk know. Do not sign the receipt if the amount shown is erroneous.
• Review your bank statements or check your account history online regularly to verify if any unauthorized transactions are shown. Always keep your statements in a safe place.
• Report lost or stolen cards or unauthorized transactions on your account to First Fiat Private Bank immediately by contacting your local branch during business hours. After hours, call (800) 500-1044 to report a lost or stolen card. Providing prompt notice will limit your potential liability. For additional tips on dealing with a lost or stolen debit card, the Federal Trade Commission provides helpful information on “Lost or Stolen Credit, ATM, and Debit Cards.” Go to http://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards for more information.
• If we suspect fraudulent debit card use, a bank representative will call you to validate the legitimacy of your transactions. Your participation is critical to prevent potential risk and avoid restrictions on your card.
• Destroy expired cards by cutting through the account number and signature area.

The upward trend of customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime!

Due to many banks having more sophisticated IT security systems, criminals are turning away from tightly secured bank computers and are instead looking toward the potentially weaker computer systems of bank clients. More and more attacks are also being committed against small and medium-sized businesses. Some of the most common approaches for criminals to compromise end-user data are to take advantage of users visiting unsecured networks or compromised websites, not having up-to-date virus protection and security patches, or opening attachments with embedded malware or Trojan software.

First Fiat Private Bank has the expectation that each customer will take any and all reasonable precautions to reduce the likelihood of computer-related fraud. There is not one best approach for online security, but we would like to offer several recommendations:

1. Anti-Virus Software. Be sure to install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. You may need to have a professional scan and repair your computer for viruses, malware, and Trojans if your computer has been infected.
2. Computer Updates. Make sure the computer you are using has the most current updates and patches released by Microsoft, Java, and Adobe. Most of the updates are security patches for browsers such as Internet Explorer, Mozilla Firefox, and other software that could potentially expose the computer to hacking.
3. Secure Site. Make sure your banking site (URL) starts with https:// and not http://. The “s” indicates a secure transaction using a different method of communication than standard Internet traffic. A security icon that looks like a closed padlock or key appears when the site is authenticated.
4. Do Not Use Links. Never use a link to reach a financial institution’s website. Type in your bank’s website address into the Internet browser’s address bar every time.
5. Public Computer. Never access your financial institution’s website from a public computer at a hotel, library, airport, or public wireless access point.
6. Website Familiarity. Know what your financial institution’s website looks like and which questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A user can sometimes spot these attacks by noticing slight modifications to the bank’s standard page, such as extra security questions, poor grammar, misspellings, a fuzzy or older bank logo, or a change to the location of each feature. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing. Online Banking sites will not be down for maintenance during normal business hours. If the site is down for any reason, you will see that message in advance and the log in screen will not be accessible.
7. Suspicious E-Mails. Be extremely suspicious of e-mails purporting to be from your financial institution, a government agency, or any suspicious e-mails from unknown sources. Financial institutions should never contact you via e-mail to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the e-mail; instead, type the website address of your financial institution into your Internet browser’s address bar or contact your financial institution at a phone number you know is valid. Likewise, NEVER open links, attachments, images, or macro features in unsolicited e-mails/documents or reply to unknown e-mail communication since they may contain viruses.
8. Online Purchase Transactions. Avoid using debit cards for online transactions, as this provides direct access to your bank account. If you use a credit card to shop online, use only one credit card with a low credit limit. Monitor the activity on the card as often as possible.
9. Log Off Properly. Properly log out of all financial institution websites before closing the browser window.
10. Shut Off Computer. Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).
11. Passwords. Use strong passwords (at least 10 characters combining uppercase and lowercase letters, numbers, and symbols) and change them frequently. Do not allow your computer to save your login names or passwords and keep them confidential. Do not use your login or password for your financial institution on any other website or software. First Fiat Private Bank will never request login user names, passwords, or answers to security questions from our clients on an unsolicited basis under any circumstances.
12. Use Different Computer. Do not use the same computer for financial transactions that children or non-savvy Internet users utilize for regular Internet access.
13. Posting Personal Information. Do not post your personal information on the Internet. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information. In addition, never send confidential information, such as your account number, Social Security number, etc., in an Internet e-mail or over an unsecure website.
14. Alerts. Check with your financial institution about enabling “Alerts” and other security measures that may be available. First Fiat Private Bank does have Online Banking alerts for such areas as minimum balance, maximum balance, transfers, deposits completed, checks completed, and CD maturity.
15. Report Suspicious Activity. Regularly login to your online accounts and check your bank and credit card statements to ensure transactions are legitimate. Immediately report any suspicious activity on your account(s). There is a limited recovery window and a rapid response may prevent additional losses.

Links to additional security suggestions can be found on the Client Protection page of this website.

Business Fraud Protection Best Practices

Billions of dollars are lost to business fraud each year, with smaller businesses tending to suffer disproportionately larger losses. Many of the aforementioned security best practices can also be applied to your business to reduce the risk of fraud. It also is suggested that your business conduct a risk assessment and identify controls and safeguards that can be implemented to minimize fraud, which may include the protections listed below:

1. Establish Internal Controls
   • Limit electronic access to financial information or sensitive documents.
   • Develop procedures that control how financial transactions are made and implement review and authorization procedures.
   • Utilize dual control and dual approval for any functions that move money out of an account, such as ACH or wires.
   • Review and reconcile accounts daily.
2. Secure and Maintain Computer Systems
   • Maintain appropriate network user access security if computers are networked and educate all personnel on good cyber security practices.
   • Ensure firewalls, anti-virus software and spyware prevention software is installed and kept up-to date on all computers. Consider installation of a firewall and install all computer operating system patches and updates.
   • Maintain the physical security of computers and limit access to those computers that are used for sensitive functions.
   • Limit Internet access on business computers to business requirements. Consider using a dedicated computer for all of your financial transactions and avoid the use of public computers.
   • Do not download or install software from unknown third parties or open e-mail or e-mail attachments from an unknown source.
   • If you suspect malware is lurking on your computer, stop banking and other online activities that involve user names, passwords, and other sensitive information. Malware could be sending your personal information to identity thieves. You may want to call in professional help to diagnose and correct any problems.
3. Supervise and Monitor Financial Transactions
   • Adequately supervise all employees who take part in business finances.
   • Continually review wires, transfers, payroll, and business checks or use an automated monitoring system.
   • Consider using bank “positive pay” arrangements and/or “ACH debit block” service to minimize fraud.
   • Personally review your bank statements and restrict access to financial documents, checks, credit cards, and cash.
   • Carefully review your business’ bank account(s) for fraudulent activity. If anything suspicious is detected, immediately call your bank representative.

Additional Resources

NACHA
Go to Corporate Account Takeovers Can Lead to Fraudulent Transactions | Nacha for more information.

OnGuard Online
Go to OnGuardOnline | FTC Consumer Information for more information.

Stay Safe Online
Go to National Cyber Security Alliance: Homepage (staysafeonline.org) for more information.

Internet Crime Complaint Center
Go to Internet Crime Complaint Center(IC3) | Home Page  for more information.

FTC Start with Security : A Guide for Business
Go to Start with Security: A Guide for Business | Federal Trade Commission (ftc.gov) for more information.