E-Banking Best Practices

Best Practices Guide to Electronic Banking

As banking services have evolved over time, a much higher percentage of customers rely on Electronic Banking. As Online Banking and Mobile Banking usage increases, so will the instances of fraud; therefore the need for controls to minimize risks and prevent and detect fraudulent activity is critical.

Debit Card Fraud Monitoring

We want you to know what we are doing to help protect your account and your money. We continually monitor the activity on your card. If there is suspect activity on your card, our Fraud Monitoring Service will reach out to you by phone, text, or email so you can confirm or deny the transaction. For your protection, if we cannot reach you, we will restrict the card until the transaction is confirmed by you.

Below is best practice guidance that can help protect you against fraud associated with Electronic Banking:

  • User ID and Password Guidelines
  • Create a “strong” password with at least 8 characters that includes a combination of mixed case letters, numbers, and special characters.
  • Change your password frequently.
  • Never share username and password information with third-party providers.
  • Avoid using an automatic login feature that saves username and passwords.

General Guidelines

  • Do not use public or other unsecured computers for logging into Online Banking.
  • Check your last login date/time every time you log in.
  • Review account balances and detail transaction regularly (preferably daily) to confirm payment and other transaction date and immediately report any suspicious transaction to your financial institution.
  • View transaction history available through viewing account activity information.
  • Whenever possible, use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
  • Take advantage of and regularly view system alerts; examples include:
    • Balance alerts
    • Transfer alerts
    • Password change alerts
  • Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
  • Whenever possible, register your computer to avoid having to re-enter challenge question and other authentication information with each login.
  • Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction date.
  • Never leave a computer unattended while using Online Banking.
  • Never conduct banking transactions while multiple browsers are open on your computer.
  • If you notice any suspicious account activity or experience any issues with Online Banking you may contact The Bank of Bennington at 802.442.1640 .
  • If your mobile device is lost you can contact The Bank of Bennington to request your account be disabled.

Tips to Protect Online Payments & Account Data

  • When you have completed a transaction, ensure you log off to close the connection with the financial organization’s computer.
  • Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
  • Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis.

Protections provided under Regulation E- Electronic Funds Transfer Act

Customers should review their monthly account statement for possible errors with electronic funds transfers as they would with any other type of transaction. If you notice an error in an electronic fund transfer relating to your account certain steps must be taken. Please note that Regulation E only applies to retail (non-commercial) customers.

Under the Act the Customer must:

  • Write or call the financial institution immediately if possible. You may contact The Bank of Bennington at 802.442.1640 .
  • Must be no later than 60 days after we sent you the first statement containing the error or problem.
  • Give us your name and account number.
  • Explain the error or the transfer you are unsure about, the type, dollar amount and date.

Under the Act the bank must:

  • Promptly investigate the error and correct any error.
  • If this takes more than 10 business days to do this the bank will re-credit your account for the amount you think is in error.
  • Must notify you of the results of investigation:
    • If there was error- correct or make re-credit final.
    • If no error-explanation in writing notify customer of deducted re-credit.

Tips to Avoid Phishing, Spyware and Malware

  • Do not open e-mail from unknown sources. Be suspicious of e-mail purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious email. Call purported source if you are unsure who sent an e-mail.
  • If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
  • Check your setting and select, at least, a medium level of security for your browsers.
  • Clear the browser cache before starting an online banking session in order to eliminate copies of Web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences menu.

Tips to Protect Mobile Banking Users

  • Place a password on the device to keep it securely locked after timing out.
  • Add The Bank of Bennington short codes and customer service phone number to your contact and only initiate SMS and phone call from your contact list. Do not reply to SMS messages that do not exist in your contact list.
  • Do not click on links in SMS messages unless you initiated the SMS conversation with The Bank of Bennington.
  • Do not call phone numbers not in your contact list. If you are unsure about a phone number, you may text “HELP” to the short code (497-94) and compare the phone numbers. Only call the numbers in your Help response or in your contact list to avoid vishing.
  • Bookmark The Bank of Bennington mobile web site and only use this bookmark to access the site to avoid phishing.
  • Avoid using unsecured, public Wi-Fi networks to access financial accounts with mobile devices.
  • Always use your cellular network when conducting mobile financial services.
  • Only download apps from stores, such as Apple & Android, that are submitted and branded by The Bank of Bennington.
  • Finally, know that bank employees will not ask users to provide confidential information over an email or SMS message.
  • Be aware of the security threats that come with mobile banking:
    • Phishing: Luring unsuspecting customers to provide sensitive personal information or downloading malware through an email.
    • SmiShing: A contraction of “SMS and phishing”, in which criminals pose as FI and use SMS in an attempt to gain access to confidential account information.
    • Vishing: A contraction of “voice and phishing”, in which victims are tricked into disclosing sensitive personal information through a phone call or voice response unit.