Monson Savings Bank :: Special Offers :: Enhanced Login Security Information

Enhanced Login Security FAQ's

What is Enhanced Login Security?

Enhanced Login Security is a new way of logging into your Monson Savings online banking account.

What’s the purpose of Enhanced Login Security?

It’s to make your online banking account even more safe and secure.

It identifies you as the true “owner” of your account. With this new service, not only will your password be recognized, your computer will be recognized as well.

Once in place, if you login from another computer, you will be prompted to answer a challenge question as an additional line of defense against unauthorized access to your account.

How does Enhanced Login Security affect me?

If you have a Monson Savings online banking account and you have not already initiated Enhanced Login Security, you must do so before January 8, 2007. Enhanced Login Security is necessary for your online protection and to comply with requirements from the Federal Financial Institutions Examination Council (FFIEC).

This is what you need to do before January 8, 2007:

Go to the User Options screen within Internet Banking and click on the Enhanced Login Security link.
If you have not already done so, you will be prompted to select and answer a challenge question.
A “cookie” will be placed on your computer which means that your online banking account will recognize that computer as the main computer that you normally use to bank online.
From then on, when you login to your Monson Savings online banking account from any other computer, you will need to answer your challenge question correctly as an additional line of defense against unauthorized access to your account. Please note that it is important for you to remember your challenge question and answer for your convenience.

If you do not initiate Enhanced Login Security before January 8, 2007, you will not be able to access your online banking accounts without assistance from us. In that event, please call Diane Woloshchuk at 413-267-1214 so that Diane can walk you through the process and reset your access.

What if I delete the cookie from my computer?

Some people prefer to delete cookies from their computer. In that case, you’ll simply need to answer the challenge question correctly each time you login.

How does Monson Savings keep my online banking account secure?

Keeping your online financial and personal information secure and confidential is always our top priority. In addition to this new Enhanced Login Security service, we protect you in these ways:

Encryption: The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server.

Password Complexity: It is important to verify that only authorized persons login to online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center.

We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to reinitialize the account. We monitor and record “bad-login” attempts to detect any suspicious activity (i.e. someone trying to guess your password).

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords such as birth dates, first names, pet names, addresses, phone numbers, or social security numbers. Also, never reveal your password to another person. Lastly, you should periodically change your password in the User Option section of Online Banking.

Secure Architecture: The computers storing your actual account information are not linked directly to the Internet.

Transactions initiated through the Internet are received by online banking Web servers.
These servers route your transaction through firewall servers.
Firewall servers act as a traffic cop between segments of our online banking network used to store information, and the public internet.
This configuration isolates the publicly accessible Web servers from data stored on our online banking servers and ensures only authorized requests are processed. Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.

Timeout: This prevents curious persons from continuing your online banking session if you leave your PC unattended without logging out. You may set the timeout period in Online Banking’s User Options screen. We recommend that you always sign off (log out) when done banking online.

e-Statements: e-Statements are facsimiles of traditional bank statements packaged and delivered to you electronically. By eliminating your paper statement, you help stop thieves from stealing your information out of your mailbox. If you haven’t signed up for e-Statements yet, please call any branch or click here.

Alerts: Check clear alerts, payment alerts, and balance alerts are financial tools we provide to help you to monitor your accounts more actively and to detect suspicious activity more easily.

How can I protect myself against identity fraud?

Studies show time and time again that identity fraud happens much more often offline than online. However, we feel it is important that you have the information necessary to safely conduct your personal business online. Follow this guide to learn how to prevent, detect, correct and report online fraud and identity theft.

PREVENT

Prevention is the most critical element to avoiding online fraud. See how many of the following you are currently undertaking – and incorporate the rest into your routine.

Shred all financial documents and paperwork with personal information – do not simply throw them in the trash.
Protect your social security number. Don’t carry your Social Security card in your wallet or write it anywhere. Give it out only if absolutely necessary or ask to use another identifier.
Don’t give out personal information on the phone, through the mail, or over the Internet unless you know who you are dealing with.
Never click on links sent in unsolicited emails; instead, type in a web address you are already familiar with. Use firewalls, anti-spyware, and anti-virus software to protect your home computer – and keep them current.
Create passwords that are unusual; do not use your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
Keep your personal information in a secure place at home, especially if you employ outside help, have roommates or are having work done in your house.
Ordering online? Only use “secure” web pages (a web page is secure if there is a locked padlock in the lower left-hand corner of your browser).
Place a “Fraud Alert” on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The following consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert:
- Equifax: 1-800-525-6285
- Experian: 1-888-EXPERIAN (397-3742)
- TransUnion: 1-800-680-7289
When your computer is not in use, shut it down or disconnect it from the Internet.
Always sign off from your Online Banking session.
Avoid clicking on links provided in e-mails. It is always better to type the address into your browser.
Most computer files have filename extensions, such as “.doc” for documents or “.jpg” for images. Any file that appears to have a double extension, like “heythere.doc.pif” is extremely likely to be a dangerous file and should never be opened.
Never open e-mail attachments that have file endings of .exe, .pif, or .vbs. These are file extensions for executables, and are commonly dangerous files.
Be careful and selective before providing your e-mail address to a questionable website. Sharing your e-mail address makes you more likely to receive fraudulent e-mails.

DETECT

Despite all efforts to prevent it, identity fraud can still occur. The earlier it is detected, however, the easier it will be to rectify the situation. Therefore, it’s important to be alert and take immediate action to the following:

Bills that do not arrive as expected.
Unexpected credit cards or account statements.
Denials of credit for no apparent reason.
Calls or letters about purchases you didn’t make.
Take advantage of free annual credit reports: Credit reports contain information about what accounts you have and your bill paying history. Free copies are required by law from the major nationwide consumer reporting companies – Equifax, Experian, and TransUnion. Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Review your financial and billing statements regularly and look for charges you did not make.
Keep a list of all your credit card numbers and phone numbers in case of theft, and notify each card issuer immediately if theft occurs.

CORRECT

Close any accounts that have been tampered with or established fraudulently.
Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.
Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
Keep copies of documents and records of your conversations about the theft.
File a police report.

REPORT

Report the theft to the Federal Trade Commission. Filing a report helps law enforcement officials across the country in their investigations.

Online: ftc.gov/idtheft
By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580

What do all these terms mean?

We offer the following Glossary of frequently used online identity fraud and internet security terminology:

AntiVirus Software – A computer software program that detects and responds to viruses and worms, blocking access to infected files and performing frequent updates.

Browser – A computer software program that is used to view and interact with Internet material on the World Wide Web. Netscape Navigator and Microsoft Internet Explorer are two of the most common browsers.

Dumpster Diving – Thieves rummage through trash looking for bills or other paper that includes your personal information.

Encryption – A process in which data is scrambled before it is transferred so that it cannot be read by unauthorized parties.

Enhanced Login Security – Provides security at login, no matter what computer you sign in from, using additional end user authentication that helps to protect against online fraud.

Firewall – A gateway supported by hardware or software that limits access between computer networks. Firewalls can protect your home computer from hackers and your family from web sites that may contain offensive material.

Hacker – A person who tries to gain unauthorized access to a computer system. Hackers are known to modify computer programs and security systems that protect home and office computers.

Keystroke Capture – A spyware program or device that records what users type on their computer. Also referred to as Keystroke Logger.

Malware – Also known as “malicious software’, malware is designed to harm, attack or take unauthorized control over a computer system. See Virus, Trojan and Worm.

Opt-In – Permission granted to a business or organization to use your email address for promotional or marketing purposes, or to rent your email address to another organization.

Opt-Out – The opposite of Opt-In. Not granting permission for a business or organization to use your email address for promotional or marketing purposes, or to rent your email address to another organization.

Patch – A new software release created to update a computer software program. Updates may include security, performance, or usability enhancements.

Pharming – Pharming takes place when users type in a valid URL and you are illegally redirected to a web site that is not legitimate in order to capture personal information through the internet such as credit card numbers, bank account information, Social Security number and other sensitive information.

Phishing – The process of seeking to obtain personal information illegally through email or pop-up messages in order to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

Pop-Up Ads – A form of web advertising that appears as a “pop-up” on a computer screen. They are intended to increase web traffic or capture email addresses. However, sometimes pop-up ads are designed with malicious intent like when they appear as a request for personal information from a financial institution.

Privacy Policy – A standard policy included on most corporate websites that explains how personal information collected about visitors to a company’s site is handled.

Service Pack – A software program that updates, fixes and/or enhances a software program found on your computer, typically delivered in the form of a single, installable package.

Skimming – When an unauthorized second copy of a credit or debit card is taken by an employee at a store by using a storage device that copies the details held within the card’s magnetic strip.

Spam – Unsolicited bulk electronic “junk” messages sent to huge numbers of people via email, instant messaging, Usenet newsgroups, and more.

Spoofing – A form of phishing, a way for cyber criminals to send emails that look legitimate, but are not, to falsely represent a legitimate company or organization. The false email from phishing will include a phony link to what closely resembles a legitimate website address. Once clicked upon, the victim is asked to provide personal information which is then forwarded to criminals.

Spyware – Loaded onto your computer unbeknownst to you, spyware is a type of program that watches what users do and forwards information to hackers over the internet.

Trojan Horse – A malicious program that is disguised or embedded within legitimate software programs that, when activated, unwittingly allows hackers to gain unauthorized access to the computer.

Virus – A self-replicating computer program, loaded on to your computer without your knowledge that spreads by making copies of itself and closing up your computer’s memory.

Worm – Similar to a computer virus, a worm attaches itself to, and becomes part of, another executable program. Able to self-propagate, worms generally harm the network and consume bandwidth.