Online and Mobile

Email and Texting

  • Be aware of phishing emails. Normally they will require you to click a link or open an attachment to verify or change your account. First Merchants will not send emails of this type, and you should delete them.
  • Do not click on links in emails, particularly forwarded emails or emails you were not expecting. If you trust the site, type the address in your browser; do not copy and paste the address.
  • Do not answer text messages requesting your account information. First Merchants will not send these texts and you should delete them.
  • Be suspicious of email headers including the email sender's identity, which can be forged easily.
  • Do not fill out forms in an email, because it can be difficult or impossible to tell where the information will actually be sent.
  • Spam emails should be immediately deleted. These can be forwarded from friends or from people you do not know. Many times they offer something “too good to be true” or other enticing offers.

Your Computer

  • Install anti-virus/anti-spyware software. Configure it to update automatically and schedule regular scans of your hard drive.
  • Ensure you have a firewall installed and active to help prevent intrusion on your PC.
  • Keep your operating systems, applications, and Internet browsers updated regularly.
  • Patches and updates can be configured to install automatically or you may do it manually, but the trick is to make sure it is done consistently. This will help to keep your software secure against intrusions.
  • If you have a wireless network, ensure it is set up with industry standard protections.
  • Consider turning off your PC when not needed.

Mobile Banking

Convenience is the driving factor in the rise of mobile banking. It opens the doors to consumer choice and access to banking options. But, as mobile devices like smartphones and iPads become more popular, hackers are finding savvy ways to steal information. Consumers are urged to be cautious when using mobile devices to do their banking.

It's important to take a common sense approach to mobile banking. Use caution on your phone just like you would a computer. If you’re careful, you can really enjoy mobile banking benefits safely and securely. You should treat a smartphone like a computer that can make phone calls and treat tablets like computers, because that is what they are.

Following a few simple steps can prevent a big headache later. The following tips are considered best practices to protect your information:        

  • Avoid storing sensitive information like passwords and social security numbers on your mobile device.
  • Password protect your mobile device and lock it when you’re not using it.
  • Be aware of your surroundings. Don’t type any sensitive information if others around you can see.
  • Log out completely when you complete a mobile banking session.
  • Protect your phone from viruses and malware just like you do for your computer by installing mobile security software.
  • Download the updates for your phone and mobile apps.
  • Use discretion when downloading apps.
  • If you change your phone number or lose you mobile device, let your financial institution know right away.
  • Monitor your accounts regularly and report suspicious activity to your financial institution immediately.

Businesses

  • Use a dedicated PC for conducting financial transactions, and turn it off when not in use. To reduce your risk of exposure to fraud, don't perform other online activities on this PC (do not use to check email or access websites).
  • Always protect your Online Banking log on credentials, and choose passwords that are difficult to guess, with a coumbination of letters, numbers, and special characters.
  • Monitor all account activity daily via Business Online Banking
  • Use dual authorization or out of band authentication for Online Banking transactions
  • Set computers to time out and automatically lock after a certain amount of time
  • Reconcile all accounts and statements quickly
  • Tighten internal controls
  • Maintain up-to-date anti-virus/anti-spyware software and perform regular scans
  • Implement a firewall and configure it correctly
  • Restrict employee access to hardware such as CD burners and USB ports
  • Implement strict policies for confidential information storage and destruction
  • Use cross-cut shredders
  • Invest in employee training
  • Investigate purchasing insurance to reduce the risk of loss should fraud occur

External Controls

  • Penetration testing - Hire a professional hacker to infiltrate your network
  • Perform a “social” engineering test to obtain data from your employees
  • Review vendors frequently to insure compliance with your confidentiality policies
  • Use encrypted emails when confidential data is sent