Home

Print Version

1. brought up and taken down in a short time compared to a real telephone line Identity Theft How You Can Protect Yourself Internet Pirates are trying to steal YOUR personal financial information Want the good news YOU have the power to stop them There is a new type of Internet piracy called Phishing see above definition It s pronounced fishing and that s exactly what these thieves are doing fishing for your personal financial information What they want are account numbers passwords Social Security Numbers and other confidential information that they can use to loot your checking account or run up bills on your credit cards In the worst case you could find yourself a victim of identity theft With the sensitive information obtained from a successful Phishing scam these thieves can take out loans or obtain credit cards and even driver s licenses in YOUR name They can do damage to your financial history and personal reputation that can take years to unravel But if you understand how Phishing works and how to protect yourself you can help stop this crime Please refer to the Phishing section above Protecting Yourself You can protect yourself by never providing your personal information in response to an unsolicited request whether it is over the phone or over the Internet E mails and Internet pages created by phishers may look exactly like the real thing They may even have a fake padlock icon that ordinarily is used to de
2. of their actions A user may be required to accept an End User Licensing Agreement which often does not clearly inform the user about the extent or manner in which information is collected In such cases the software is installed without the user s informed consent Spyware can be installed through the following methods i downloaded with other Internet downloads in a practice called bundling in these cases the licensing agreements may be included in one pop up window that unless read carefully may leave the user unaware of bundled spyware ii directly downloaded by users who were persuaded that the technology offers a benefit some spyware claims to offer increased productivity virus scanning capabilities or other benefits iii installed through an Internet browsing technique called drive by downloads this technique involves spyware being installed when a user simply visits a Web site and the user may be prompted to accept the download believing it is necessary in order to view the Web page or iv automatically downloaded when users open or view unsolicited e mail messages Behaviors Associated With Spyware Spyware can be difficult to detect and remove because it does not always appear as a running program in the Windows Task Manager therefore the user may be unaware that his or her computer is infected Spyware may not include a removal option in the Windows Add Remove Programs function When such an option is present the remov
3. your e mail for a period of time so we can efficiently handle any follow up questions you may have We also do this for legal regulatory and account servicing requirements If you visit our website or engage in any online services that we offer then we may collect and store these categories of Personal Information We will not share the Personal Information you provide us at our website or by e mail except as described below The Personal Information we obtain from you is stored with us if it is to be used on an on going basis Security Procedures We want you to use our website with confidence knowing that the information you submit to us is secure The encryption strength varies depending on the browser you are using however most current browsers offer 128 bit encryption Additionally many browsers display a secured lock symbol to indicate a secure connection Emails that you may send to us outside our online banking service may not be secure unless we advise you that security measures will be in place prior to your transmitting the information For that reason we ask that you do not send confidential information such as social security or account numbers to us through an unsecured email For clients when you login to Internet Banking the Secured Socket Layer SSL protocol is used to establish a secure and encrypted session with our service providers This encryption is designed to ensure the privacy and integrity of the information exchan
4. Online Privacy and Security Policy How We Protect You This CommerceWest Bank Bank Online Security and Privacy Policy explains how we may collect information from you online when you visit our website Our commitment to protect your information and your privacy extends to your online banking While our privacy policies are the same whether you are online or not we have extra measures in place to protect your privacy when you bank online with us How we handle information about you when you visit our website will depend on what you do when visiting the site Visiting If you visit our website to read information and do not use any of our online services then we collect and store only the name of the domain from which you access the Internet the date and time you access our website and the Internet address of the website from which you linked directly to our website We may record the IP address assigned to you by your internet service provider as part of this process We use the information we collect to measure the number of visitors to the different sections of our site and to help us make our website more useful to visitors Using Services When you visit our website or use our electronic banking services there may also be times when you are asked to provide information about yourself that is personally identifiable Personal Information This may include any of the following e your first middle and last name e your home
5. al process may not eliminate all components or it may redirect the user to an Internet site to complete the removal This often results in new or additional infection rather than removal In addition some spyware includes a feature to re install itself when any portion is deleted Spyware may cause a further infestation by installing other spyware programs onto users computers Risks Associated With Spyware Spyware increases the risk by exploiting security vulnerabilities or settings changing the computer configuration to relax security settings or allowing a channel into the computer system by circumventing the firewall The result is that attackers can eavesdrop and intercept sensitive communications by monitoring keystrokes e mail and Internet communications This monitoring may lead to the compromise of sensitive information including user names and passwords Spyware may provide attackers the ability to control corporate computers to send unsolicited junk e mail SPAM or malicious software Malware or to perform denial of service DoS attacks against other organizations Spyware may drain system resources and productivity and consume system resources even when the user is not browsing the Internet such as when adware results in voluminous unwanted pop up advertisements Spyware may even compromise the ability to conduct business by disrupting Internet connections as a result of the improper removal of spyware Spyware may increase
6. ged You can tell whether your browser is in secure mode by looking for the secured lock symbol on your browser window To obtain details about the encryption position your mouse over a blank area on your screen and right click to select properties information about the page being viewed Note the title for properties will vary by browser The properties or page information section will indicate the encryption strength being used to view the secure page We have implemented multifactor and multilayer authentication in addition to online banking user security which requires multiple pieces of information to validate identity while ensuring compliance with regulatory requirements and Federal Financial Institutions Examination Council FFIEC recommendations Multifactor Authentication automatically monitors accounts for unusual activity based on account history and requires customers to verify their identity by answering pre selected challenge questions Token solutions for online banking provide hacker resistant multi factor authentication protection for online transactions Based on time synchronization technology this authentication device solution generates a simple one time authentication code that changes at the push of a button Clients are thus able to access their account online by entering the token code following their existing login credentials resulting in a unique one time use passcode that positively authenticates the c
7. information A cookie is a small data file that can be placed on your hard drive when you visit certain websites We use cookies to store your preference information on the use of our site and to facilitate access to restricted web pages during a single online session A session cookie or session variable is used to authenticate your login information While you are logged on viewing your account information or conducting online transactions with us we recommend that you do not access other websites during your online session Always exit from your online session with us before moving to or accessing other websites and prior to turning off your computer Some browsers allow you to reject cookies However if you set your browser to reject cookies you may find that you are unable to conduct your online transactions with us If you choose to NOT accept cookies while accessing web pages on the Internet we suggest that you enable acceptance of cookies when you are logged onto your online session with us For detailed instructions on enabling and disabling cookies refer to your web browser s online HELP menu or user manual E Mail You may also decide to send us information that personally identifies you for example in an electronic mail e mail message We will use that information to respond to the inquiry and provide accurate information in response to questions We preserve your e mail address our response and the original content of
8. lient and only permits access to online banking if the code is validated Links We are not responsible for practices employed by websites of other companies linked to or from our site nor the information or content contained therein We cannot and do not make any representations about the security practices and policies of these companies and are not responsible in any way for how these companies use cookies or any information you provide to them This remains true even where the linked site appears within the parameters or window frame of our website Often links to other websites are provided solely as pointers to information on topics that may be useful to users of our site Please remember that when you use a link to go from our website to another web site our Online Privacy and Security Policy is no longer in effect Your interaction on any other website including websites which have a link to our site is subject to that website s own rules and policies Please read those rules and policies before proceeding Privacy CommerceWest Bank protects and values your privacy The Bank thanks you for the trust you place in us We want you to know that the information you share with us is treated with care In this Online Privacy and Security Policy we refer to the term Personal Information which includes i information you provide to us to obtain a financial product or service ii information resulting from any transaction involvi
9. ng a financial product or service between you and the Bank or iii information we obtain in connection with providing a financial product or service to you Children s Privacy Our Site is not intended for use by children under the age of 13 We do not knowingly market to nor solicit data from children Reporting Fraud Think You Are a Victim of Fraud Reporting Suspicious Information are you receiving suspicious information such as e mails requesting your online banking User Name or password ATM PIN or telling you your Debit Card has been deactivated Have you received any other security notices or information you think may be suspicious Please contact us at 949 251 6959 to report such information Scams The following scams are commonly reported in today s environment Pharming Pharming pronounced farming is another form of online fraud very similar to phishing see below Pharmers set up bogus websites to obtain confidential information and perpetrate online scams However pharming scams are much more difficult to detect than phishing scams because criminals are not dependent upon the victim accepting a bait email Instead rather than relying on users clicking an enticing link in a fake email message pharmers redirect victims to a bogus website even when they type the correct website address in their browser The criminal then proceeds to load spyware and adware on the victim s computer to collec
10. note a secure site If you did not initiate the communication you should not provide any information If you believe the contact may be legitimate contact the financial institution yourself You can find telephone numbers and Web sites on the monthly statements you receive from your financial institution or you can look the company up in a phone book or on the Internet The key is that you should be the one to initiate the contact using contact information that you have verified yourself Never provide your password over the telephone or in response to an unsolicited Internet request A financial institution would never ask you to verify your account information online Thieves armed with this information and your account number can help themselves to your savings Also review account statements regularly to ensure all charges are correct If your account statement is late in arriving call your financial institution to find out why If your financial institution offers electronic account access periodically review activity If you fall victim to a thief contact your financial institution immediately and alert them of the situation If you have disclosed sensitive information in a Phishing attack you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file which will help prevent thieves from opening a new account in your name The contact information for each credit bureau s fraud di
11. or other physical address including street name and name of a city or town e your e mail address e atelephone number e social security number e account number e date of birth e mother s maiden name and e password or any other identifier that permits physical or online contact with you Personal Information might be needed or requested from you so you can register for banking or other services or to fill out our forms or applications for services for special promotions or contests or to accomplish transactions you request such as bill payment or other banking services This may result in sharing of Personal Information with third parties such as data processors or service bureaus as part of servicing your accounts or transactions When you supply us with your postal or e mail address or telephone number online you may receive periodic mailings or telephone contact from us with information on new products services or upcoming events If you do not wish to receive such mailings or contact please call us or write us at the telephone number or address shown on your account statement Please provide us with your exact name street and e mail address Even if you make this choice we may still send you e mail to deliver your statements which may include marketing materials or give you account related notices or other information Cookies There is a technology called cookies that can collect store and sometimes track
12. ructions that will automatically run on a computer when downloaded by the browser iii carefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand iv maintaining patches to operating systems and browsers and v not opening e mail from untrustworthy sources ATM Safety Your safety is important to us and we would like to encourage you to keep the following tips in mind when using your card at an ATM e Be aware of your surroundings before conducting an ATM transaction If you see someone or something suspicious leave and come back later e When using a walk up ATM park as close as possible and check for suspicious persons or circumstances before leaving the safety of your car e Do not leave your car running or the keys in the ignition while at the ATM As you return to your vehicle have your car keys ready and check around you and under your vehicle e If possible have someone accompany you to the ATM and have your ATM card ready before you approach the machine e Use an ATM located in a highly trafficked area for additional security e Check the card reader to ensure it has not been tampered with e Use your body and hands to shield the screen or keypad when entering your PIN e Do not count your money while at the ATM Put your money receipt and card away immediately and do not linger at the ATM e Do not discard receipts for ATM transactions Verify receip
13. s are guaranteed certain rights and protections Examples of financial elder abuse include embezzlement of money or any other property telemarketing fraud identity theft predatory lending and home improvement and estate planning scams We should all be doing our part to ensure that the elderly are given the opportunity to live with security and dignity whether they live independently with family in an assisted living setting or a long term care facility For more information visit the California Department of Aging Visit http www aging ca gov You can review the Citizen s Guide to Preventing and Reporting Elder Abuse Visit http ag ca gov bmfea pdfs citizens_guide pdf Best Practices on Spyware Prevention and Detection The Internet has become a popular method for both conducting business and managing finances through online banking relationships While most financial institutions and some individuals have taken steps to protect their computers many firewall and anti virus software packages do not protect computers from one of the latest threats Spyware which is a form of software that collects personal and confidential information about a person or organization without their proper knowledge or informed consent and reports it to a third party Spyware Infection Spyware is usually installed without a user s knowledge or permission However users may intentionally install spyware without understanding the full ramifications
14. s in place to protect your account However when you contact CommerceWest Bank our employees may ask for specific information to verify your identity to ensure your privacy and protection If you feel your CommerceWest Bank account has been compromised contact us at 949 251 6959 It is our goal to keep consumers informed and educated in taking the right precautions to avoid becoming a victim of identity theft and account fraud If you have any questions feel free to contact your local regional office Monday thru Friday 9 00 am until 4 00 pm Pacific Time We are closed Saturday and Sunday For more information on Identity Theft and other types of account fraud please visit the following websites e United States Postal Inspection Service https postalinspectors uspis gov e Federal Trade Commission Visit http www ftc gov bcp edu microsites idtheft e United States Secret Service Visit http www secretservice gov e United States Department of Justice Visit http www usdoj gov e Federal Deposit Insurance Corporation Visit http www fdic gov Elder Abuse Elder abuse is one of the most disturbing and rapidly growing areas of crime in our society Abuse comes in many forms physical emotional or financial exploitation The elderly are especially vulnerable to financial abuse that can be devastating and leave them without the finances to provide for their needs Under federal and state law residents in skilled nursing facilitie
15. t personal information and use it to commit fraud or other crimes Phishing Phishing pronounced fishing is a criminal tool employing both social engineering and technical subterfuge to steal a person s personal identity data and financial account credentials Social engineering schemes use spoofed e mails purporting to be from legitimate agencies and businesses to lead consumers to counterfeit Web sites designed to trick recipients into divulging financial data such as user names and passwords Technical subterfuge schemes plant crime ware onto personal computers to steal credentials directly often using systems to intercept consumers online account user names and passwords and to corrupt local navigational infrastructures to misdirect consumers to counterfeit Web sites or authentic Web sites through phisher controlled proxies used to monitor and intercept consumer keystrokes Phishing sometimes called carding or brand spoofing uses e mail messages that purport to come from legitimate businesses that one might have dealings with such as i banks 11 online organizations 11i Internet service providers iv online retailers and v insurance agencies The messages may look quite authentic and may feature corporate logos and formats similar to the ones used for legitimate messages Typically they ask for verification of certain information such as account numbers and passwords allegedly for auditing purposes or securi
16. the incidence of SPAM to e mail accounts And Spyware may compromise confidentiality Certain types of spyware route all Internet communications through their own servers often without the user s knowledge This allows a third party to read sensitive Internet communications even when Secure Socket Layer SSL or other encryption protocols are used Other forms of spyware install an application on the user s computer that monitors and records all Internet communications and sends the report back to the originator Identity thieves may then impersonate the customer using the user names and passwords collected CommerceWest Bank educates clients about the risks associated with spyware and encourages clients to implement steps to prevent and detect spyware on their own computers In addition the Bank advises clients of the risks of using public computers to connect to online banking websites And by implementing multi factor authentication methods the Bank limits the ability of identity thieves to compromise client accounts even when a thief has a clients identification user name password or even account number CommerceWest Bank recommends to our clients that they may prevent and detect spyware by 1 installing and periodically updating anti spyware virus protection and firewall software ii adjusting browser settings to prompt the user whenever a Web site tries to install a new program or Active X control an Active X control is a set of inst
17. the insurance rules and limits apply to a depositor s specific group of deposit accounts what s insured and what portion if any exceeds coverage limits at that bank EDIE also allows the user to print the report for their records For more information visit the FDIC website at https www fdic gov edie index html FDIC Money Saving Tips in the New World of Credit Cards to read more visit the FDIC website at http www fdic gov news news press 2010 pr10121 html FDIC Consumer News FDIC Consumer News is produced quarterly by the FDIC Office of Public Affairs in cooperation with other Divisions and Offices It is intended to present information in a nontechnical way and provide consumers with helpful information about the financial world and up to date with current trends To read more visit the FDIC website at http www fdic gov consumers consumer index html
18. ts against your monthly bank statement and report any discrepancies immediately e If you are followed after using an ATM head to a place where activity people and security can be found Call the police if necessary e If you are followed after using an ATM seek a place where people activity and security can be found If necessary call the police e Do not count your money while at the ATM Put your money receipt and card away quickly Always take your ATM receipt which is stamped with your transaction e When using a walk up ATM park as close as you can to the machine Before leaving the safety of your car check for suspicious persons or circumstances Have your ATM card ready before you approach the machine e Do not leave your car running or the keys in the ignition as you walk up to an ATM As you return after your transaction have your car keys ready and check around and under your vehicle Other things to keep in mind e Treat your ATM card like cash and ALWAYS keep it in a safe place e Keep your Personal Identification Number PIN secret Never write your PIN on our card tell your code to anyone or allow anyone to enter your PIN e Do not give out any information about your ATM card over the telephone The Bank will never ask you for your PIN Other Tools FDIC Information FDIC Insurance Calculator EDIE The FDIC s Electronic Deposit Insurance Estimator EDIE lets consumers and bankers know on a per bank basis how
19. ty concerns of the account Smishing Similar to Phishing Smishing uses cell phone text messages to deliver the bait to get consumers to divulge their personal information The hook the method used to actually capture your information in the text message may be a Web site Uniform Resource Locator URL however it has become more common to see a telephone number that connects to automated voice response system The Smishing message usually contains something that wants your immediate attention Some examples include We re confirming you ve signed up for our dating service You will be charged 2 day unless you cancel your order on this URL www com or Name of popular bank is confirming that you have purchased a 1500 computer from name of popular computer company Visit www com if you did not make this online purchase or Name of a financial institution Your account has been suspended Call HH HHH HHHH immediately to reactivate The hook is a legitimate looking Web site that asks you to confirm or enter your personal financial information such as your credit debit card number CVV code on the back of your credit card your ATM card PIN Social Security Number e mail address or other personal information If the hook is a telephone number it normally directs the person to a legitimate sounding automated voice response system similar to the voice response systems used by many financial institutions
20. vision is e Equifax 800 525 6285 P O Box 740250 Atlanta GA 30374 e Experian 888 397 3742 P O Box 1017 Allen TX 75013 e TransUnion 800 680 7289 P O Box 6790 Fullerton CA 92634 And report all suspicious contacts to the Federal Trade Commission by calling 877 IDTHEFT 1 877 438 4338 or through the Internet at https www ftccomplaintassistant gov In summary never provide personal financial information including your Social Security Number account numbers or passwords over the telephone or the Internet if you did not initiate the contact Never click on the link provided in an e mail you believe is fraudulent It may contain a virus that can contaminate your computer Do not be intimidated by an e mail or caller who suggests dire consequences if you do not immediately provide or verify financial information If you believe the contact is legitimate go to the company s Web site by typing in the site address directly or using a page you have previously book marked instead of a link provided in the e mail If you fall victim to an attack act immediately to protect yourself Alert your financial institution Place fraud alerts on your credit files Monitor your credit files and account statements closely What to do if you believe your CommerceWest Bank account has been compromised CommerceWest Bank does not contact customers to request or verify security information about login id s passwords PIN s or other security measure
21. which will ask for the same personal information This is an example of a Smishing message in current circulation Notice this is an automated message from a local financial institution your ATM card has been suspended To reactivate please call immediately at 866 Ht In many cases the Smishing message will show that it came from 5000 instead of displaying an actual phone number or from a company domain This usually indicates the message was sent via e mail to the cell phone and not sent from another cell phone The information is then used to duplicate ATM credit debit cards There are documented cases where information entered on a fraudulent Web site used in a Phishing Smishing or Vhishing attack was used to create a credit or debit card that was used halfway around the world Vhishing Also called VoIP phishing it is the voice counterpart to Phishing Instead of being directed by e mail to a Web site an e mail message asks the user to make a telephone call The call triggers a voice response system that asks for the user s credit card number The initial bait can also be a telephone call with a recording that instructs the user to telephone a toll free number Whether Phishing or Vhishing because people are used to entering credit card numbers over the telephone this technique may be effective Voice over IP VoIP is used for Vhishing because caller identifications can be spoofed and the entire operation can be

Print Version

Contents

Download Pdf Manuals

Related Search

Related Contents