Online Security

• Banks follow specific rules for electronic transactions issued by the Federal Reserve Board
  known as Regulation E. These rules cover all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Regulation E, you may be able to recover internet banking losses according to how soon you detect and report them.
• In general, these protections are extended to consumers and consumer accounts.
• If you report the losses within two days of receiving your statement, you can be liable for the first $50. After two days, the amount increases to $500. After 60 days, you could be legally liable for the full amount. These protections can be modified by state law or by policies at your bank, so be sure to ask your banker how these protections apply to your particular situation.
• Regulation E protects individual consumers engaging in electronic fund transfers (EFT). Nonconsumer (or business) accounts are not protected by Regulation E.
• Regulation E is a consumer protection law for accounts established primarily for personal,
  family, or household purposes. Non-consumer accounts, such as Corporations, Partnerships, Trusts, etc., are excluded from coverage. Regulation E gives consumers a way to notify their bank that an EFT has been made on their account(s) without their permission.

Union State Bank will NEVER request personal information by phone, email or text message including account numbers, personal identification information, passwords or any other confidential customer information. Below are some points to remember:

• Do not give your login credentials to anyone. If you are contacted by someone who states they are calling from the Bank, or you receive an e-mail you should not give them any information. You should contact the Bank in the event you notice suspicious account activity or experience customer information security-related events.
• Never provide Personal Financial Information including your Social Security number, account number or passwords, over the phone or the Internet if you did not initiate the contact.
• Never click in the link provided in an E-Mail you believe is fraudulent. It may contain some type of malicious software that can contaminate your computer.
• Do not be intimidated by an E-Mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.
• If you believe the contact is legitimate, go to the company’s website by typing in the site
  address directly or using a page you have previously book marked, instead of a link provided in the E-Mail.
• If you fall victim to an attack, act immediately to protect yourself. Alert your financial
  institution as soon as possible. Place fraud alerts on your credit files. Monitor your credit files and monthly statements very closely.
• Report suspicious E-Mails or calls to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft, or by calling 1-877-ID-THEFT.

It is suggested that commercial online banking customers perform risk assessments and controls evaluations periodically to help identify potential threats and to determine the strength of their controls. This can be done as follows:

• Identify possible risks in the online banking environment.
• Educate your employees on the risks.
• Create and maintain proper user account controls.
• Review all transactions.
• Install and maintain proper antivirus/security software on all systems/networks that access
online banking.

Alternative Risk Control Mechanisms
Customers may also implement additional control mechanisms to help alleviate their risk. Some
examples are as follows:

Passwords:
• Avoid using personal information.
• Create a unique password for online banking that you don’t use elsewhere.
• Do not use the password auto-save feature on your browser.
• Do not share your passwords or write them down.
• Change your password periodically.
• The Bank will NEVER ask for your password.

Personal Computers:
• Always sign out or log off.
• Update software frequently and keep systems current.
• Virus software, “definitions’ should be updated daily.
• Install and activate a personal firewall.
• Install and run most recent version of Antivirus software.
• Keep your operating system (OS) current.
• Activate the automatic update feature.
• Set your browser’s security level to the default setting or higher.

General Best Practices
• Keep your personal information private and secure.
• Check your account balance regularly.
• Do not access your account from a public location.
• If you suspect suspicious activity, take swift action.
• Be skeptical of e-mail messages, for example from someone unlikely to send an email such as
the IRS.
• Do not open the suspicious emails and do not click on the links, should this happen, stop work
and have a diagnostics performed immediately.

ID Theft Tips
• Shred receipts, statements, expired cards, and similar documents.
• Review statements promptly and carefully.
• Be positive of the identity of anyone before you divulge personal information, only if you initiate the contract.
• Periodically check your credit report.

Websites:
• Check your credit report.
• Pay using credit cards.
• Shred bank account, credit card, physician and other statements with personal information.
• Never click on suspicious links
• Only give sensitive information to websites using encryption, verified though the web address
“https:// (the “s” is for secure).
• Use social media wisely and don’t reveal too much.

Mobile Devices:
• Use passcodes.
• Avoid storing sensitive information.
• Keep software up-to-date.
• Install remote wipe if the device is lost or stolen it can be cleared off.

Using ATM’s safely:
• Protect your ATM card and PIN, if lost report as soon as possible.
• Choose a PIN different from your address, telephone #, and birthdate.
• Be aware of people and your surroundings.
• Put away your card and cash.
• Skimming – observe the card reader; if it appears damaged don’t use it.