Security and Fraud

Here at Ann Arbor State Bank we handle privacy and the security of your financial data with the utmost care. We encourage you to use the following practices to protect your financial data from scams and identity theft.

Most Ann Arbor State Bank customers take advantage of our online banking services. Working together we can help ensure your financial information stays protected. Please consider the following online security tips.

Update your online banking password regularly

This is probably the easiest precaution you can take. While changing your password is not required we strongly recommend you change it on a regular basis. This will help keep your accounts secure should someone obtain your user ID and/or password.

Secure password guidelines

  • Choose a unique password that would be difficult to guess
  • Choose one that is at least 10 characters in length consisting of upper- and lower-case letters, numeric characters, and special characters
  • Never share your password with anyone else

To change your password

  • Login to online banking
  • Select the ‘Options’ tab
  • Select ‘Personal Data’
  • Enter current and new password and submit

Verify your last login date

Your most recent login date and time appears under “Customer Summary Information” on the startup page when you log into your account. If this date doesn’t correspond to the last time you remember logging into your account, please call us immediately at (734) 761-1475.

Beware of misleading emails

Ann Arbor State Bank never solicits account information through email. Hackers will attempt to get personal information by sending you emails asking for verification of account information. These deceptive messages might claim your bank account has been closed due to fraudulent activity or that it needs to be verified. If you receive an email of this nature do not open the attached files, and do not provide any personal information.

If you receive an email from anyone requesting personal or account information, please treat it as fraudulent and call us at (734) 761-1475.

Install a firewall

A firewall is your computer’s first line of defense because it protects your machine from intruders. A firewall is a software program that guards the entrance to your private network and keeps out unauthorized and unwanted traffic. It acts as a buffer between your computer and the Internet.

Most firewall programs allow you to set the level of security protection you desire. We suggest starting with the highest protection setting and then relaxing them as necessary. You should also be able to select from features such as email attachment protection, advertisement blocking, popup-window protection, and other automatic functions.

If you’re unsure whether you have a firewall or not, consult with your Internet service provider (ISP), such as Comcast, Time Warner, or AT&T.

Use anti-virus software

Anti-virus software protects your computer against viruses, which are unauthorized computer scripts that attach to a program or portions of a computer system. Viruses reproduce and spread from one computer to another destroying stored information and interrupting operations. An anti-virus program can detect and destroy these unauthorized codes. With new viruses emerging daily, you need to have your anti-virus program updated regularly. Software manufacturers often sell their anti-virus programs with their firewall as a package since the components work better together.

Use anti-spyware software

Spyware is a software program that aids in gathering information electronically about people or organizations without their knowledge or consent. It then relays that information to an unauthorized third party. Users most often open the door to spyware unwittingly by downloading free software indiscriminately or by clicking on popups or dialogue boxes.

Some kinds of spyware will redirect your browser to a new home page (not of your choosing). Others generate multiple popup ads that can make web surfing a chore. Another type of spyware, known as a keystroke logger, can cause the most damage, because this type of program records a copy of each character you type (such as user names and passwords to secure websites) and sends that information to an unauthorized party who can then steal your personal information.

Read your user licensing agreements

It’s possible for you to inadvertently agree to accept spyware with a program you’re downloading. So be sure to thoroughly read any agreement included with applications or software you’re about to install. Complete the installation only if you recognize the additional programs included and you know they are safe. Always deal with companies you know or that are recommended by others you trust.

Examine browser security settings

Make sure the security settings in your browser (Internet Explorer, for example) are set to provide an appropriate level of protection. Browser-based attacks can occur when a user visits a web page containing hidden code intended to sabotage a computer or compromise your privacy. Use the ‘Help’ feature of your Internet browser to familiarize yourself with the security features available for your particular browser, or visit the browser manufacturer’s website for more information.

To edit your security settings in Internet Explorer

  • Click on ‘Tools’ in the main menu bar
  • Select ‘Internet Options’ from the pull-down menu
  • Select ‘Security’

Take advantage of security updates

Your Internet browser software manufacturer (for example, Microsoft – Internet Explorer) and your operating system manufacturer (for example, Microsoft – Windows 8.1) periodically issue security updates. These updates are often include patch holes that previously allowed viruses to get through. Many reputable software manufacturers dedicate sections of their websites to security updates of this kind. If you don’t utilize automatic update mechanisms in your software it’s a good idea to visit the manufacturers’ websites regularly to make sure you have the latest fixes.

Use a computer that is secured at all times, even when traveling

Even if you follow all the steps outlined here for your home computer, none of it will matter if you use a different computer that isn’t secured. Be especially aware of this if you’re traveling, for instance, or whenever you’re using a work or personal computer that you typically don’t use. If you must use a computer other than your own, first make sure that it has all of the items on this checklist installed and updated on its system. For the same reasons it’s also recommended you avoid letting unfamiliar people have access to your computer. Whenever you’re not using the Internet, we recommend disconnecting your Internet access.

The percentage of banking customers using mobile devices to access their financial data is climbing, and the fraudsters will not be far behind. Please use the following tips to secure your mobile device:

  • Use a unique PIN code to lock your device that only you know
  • Always maintain your phone in a safe location
  • Only download applications or data from a trusted source
  • Only use wireless networks that require a password. Open networks are often vulnerable to security breaches
  • Always maintain the most up-to-date software and firmware available for your device
  • Delete text messages or emails from your bank on your mobile device
  • Never send confidential information such as account numbers via a text message
  • Do not hack, jailbreak, or otherwise modify your device, as this will leave it susceptible to infection from malware, viruses, or trojans

Dispose of printed account statements. Store your ATM receipts, store and restaurant receipts and other documents containing your account information in a secure location. Shred or tear up papers with account or other personal information. Many identity thieves have obtained the information they needed by going through the victim’s trash.

Do not leave statements or other documents with your personal information lying around where others can see them.

Minimize the amount of personal information a criminal can steal. Don’t carry extra credit cards, your Social Security card, birth certificate or passport.

Sign the back of your credit and debit cards as soon as you receive them.

Keep a list of all your credit cards, loans, account numbers and expiration dates in a safe place so you can notify creditors in case of theft or loss.

Never give a credit card number or loan account information over the phone unless you initiated the call.

Check your credit report for accuracy at least once a year.

Take care when using ATM machines to shield the keyboard from view when you enter your PIN. Someone could look over your shoulder, memorize your PIN, and use it to gain access to your information later.

Be aware of who is listening when you give personal information over the phone, whether at your desk at work, or in public on a pay phone or cell phone.

“Social engineering” is the practice used by fraudsters to obtain confidential information by manipulating the behaviors of legitimate users. It uses vulnerabilities in human behavior to gather personal and financial information from unwitting victims. Thieves who employ social engineering are highly skilled in psychological persuasion and use it to their advantage to gain your trust.

Identity thieves use the phone, the Internet, and will even go through your trash (or “dumpster dive”) in order to obtain your sensitive information.

Over the phone they’ll employ a well-rehearsed script and pretend to be someone important or official in order to gather your private information. Identity thieves gain their victims’ trust to coax out important information such as their Social Security numbers, bank account numbers, and passwords.

Online, thieves use official-looking emails with attachments that try to convince you to open them, but these can contain malicious software programs that can record your keystrokes (including usernames and passwords) and send the information to identity thieves without your knowledge.

Phishing

Follow three simple rules when you see emails that may be part of a phishing scheme:

1.) Stop

Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind. They want people to react immediately to that false information, by clicking on the link and inputting the requested data before they take time to think through what they are doing. Resist that impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.

2.) Look

Look more closely at the claims made in the email and think about whether those claims make sense. Be highly suspicious if it asks for numerous items of your personal information such as account numbers, usernames, or passwords. For example:

If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers’ account numbers in their records. Even if the email says a customer’s account is being locked or terminated, the real bank or financial institution will still have that customer’s account number and identifying information.

If the email says you’ve won a prize but asks for financial or personal data there is good reason to be suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you’re entitled to receive it.

3.) Call

If the email or website purports to be from a legitimate company or financial institution, call or email that company directly and ask whether the email or website is really from them. To be sure you’re contacting the real company or institution where you have an account, use the toll-free phone numbers from statements or the backs of your cards. Don’t rely on a telephone number contained in the suspect email.

Identity theft and fraud are serious crimes that can wreak havoc on your finances, credit history, and reputation—and can take time, money, and patience to resolve.

Identity fraud is usually limited to an isolated attempt to steal money from an existing account such as a charge on a stolen credit card.

With identity theft, a thief uses stolen personal information, such as a Social Security number or bank account number, to open accounts or initiate several transactions in your name. This may cause financial loss or damaged credit. In general, identity theft is more extensive than identity fraud. If fraudulent transactions occur on your account, it does not automatically mean your identity was stolen. It may be an isolated incident of theft that can be quickly resolved.

The best detector of fraud or identity theft is you. Through proactive monitoring and best practices–including shredding of all important documents before tossing them–you can become more vigilant and act fast before any real damage is done.

Banking online gives you quick access to your accounts, so fraudulent activities can be detected sooner. Additionally, by taking advantage of online banking and bill pay, e-statements, and good old-fashioned paper shredding, you can reduce the chances of identity theft via dumpster diving.

What should I do if I believe my identity has been stolen?

If you suspect you are a victim of identity theft, follow these steps:

Immediately contact your bank and credit card providers by calling the phone numbers listed on your statements. Close all accounts and open new accounts with new account numbers.

Contact the Federal Trade Commission (FTC) by one of the following methods:

  • By Internet: http://www.ftc.gov/bcp/edu/microsites/idtheft/
  • By phone: Toll-free 1-877-ID-THEFT (438-4338); TDD: 202-326-2502
  • By mail: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave, NW, Washington, DC 20580

Contact the three major credit reporting agencies to put yourself on ‘fraud alert’ and request a copy of your credit report:

  • Equifax® – PO Box 740250, Atlanta, GA 30374-0241, 1-800-525-6285, equifax.com
  • Experian® – PO Box 1017, Allen, TX 75013, 1-888-EXPERIAN (888-397-3742), experian.com
  • TransUnion – PO Box 6790, Fullerton, CA 92634, 1-800-680-7289, transunion.com
  • Contact your local law enforcement agency.

If your mail has been stolen contact the U.S. Postal Service.

Contact the Department of Motor Vehicles to find out if a new license has been requested or issued in your name.

Keep detailed records of your efforts to resolve any theft of your identity, including:

  • Log the date, time and amount of any unauthorized activity on your accounts.
  • Log the date, time, duration and cost of any phone calls.
  • Log the date and cost of any mailings.

Learn more about identity theft and credit fraud

If you want to know more about identity theft and credit fraud, the following nonprofit websites are excellent sources of information and additional contact information.

U.S. Government’s website for identity theft

Social Security Administration/Office of the Inspector – General Fraud website

The Internet Crime Complaint Center