Security Center

• Protecting You

  There is nothing more important to us than ensuring that your transactions are transmitted safely and securely during your Internet banking session, which is why our system employs a complex multi-layered security system. This level of Security is achieved in part by:

  • Protecting the privacy and confidentiality of the communications between your browser and our servers.
  • Verifying that only authorized persons are allowed to access online banking.

  Privacy

  Maintaining privacy of the data communicated between you (your browser) and our servers is ensured by using encryption, which is the most effective means to achieve data security. Encryption involves exchanging numbers between your browser and our online banking server. The numbers serve as keys to "unlock" the connection between browser and server, much like numbers on a combination lock. The higher the number of combinations, the less likely it is that an outside party could decipher the key and access sensitive information. This type of encryption is called Secure Socket Layer (SSL) Encryption that not only ensures privacy, but also ensures that no other web site can "impersonate" our web site, nor alter any information sent. You can determine if a browser is in a secure mode by looking for the secured lock symbol at the bottom of your browser window.

  The browser encryption level required to access our online banking system is 128-bit encryption. You will be unable to access our online banking functions with a lower encryption level.

  How to determine if your browser supports 128-bit encryption

  Click on "Help" in the toolbar of your Internet browser and click on "About [browser name]". A pop-up window will be displayed. For Internet Explorer, next to "Cipher Strength" you should see "128-bit". For Netscape, the following text should appear: "This version supports high-grade (128-bit) security with RSA Public Key Cryptography". If your browser does not support 128-bit encryption, you will need to upgrade to a browser that does in order to view secure pages on our web site.

  Authorization

  It is important to verify that only authorized persons log into online banking. A multifactor authentication process called Online ACCESS Control achieves this. Online ACCESS Control is a security feature that allows us to recognize you as the true owner of your account by recognizing not only your login information but also your computer. If we do not recognize your computer we will request additional information that is only known to you, to ensure authorized access.

  We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e. someone trying to guess your password). You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples:

  Birth dates First names Pet names

  Addresses Phone numbers Social Security numbers

  Never reveal your password to another person. You should periodically change your password in the User Option screen of online banking.

  Security Architecture Overview

  We provide a number of additional security features in online banking. Online banking will "time-out" after a specific period of inactivity. This prevents curious persons from continuing your online banking session in the event you have left your PC unattended without logging out. You may set the time-out period according to your needs; however, we recommend that you always log out when you are done with online banking.

  Our systems security architecture uses industry-standard technology including password-controlled entry, Secure Sockets Layer (SSL) protocol, data encryption, perimeter and internal firewalls, screening and filtering routers, intrusion detection, strict authentication, virus protection, as well as application security. Each security component acts as a layer of protection to safeguard sensitive data from unauthorized users thus providing private and secure online banking.

• How You Can Protect Yourself from Online Fraud

  Internet security does not rely on technology alone. Each of us has a responsibility to protect our own systems and ourselves. The following are some key tips on what you can do to protect yourself:

  • Keep your computer up to date with the latest patches for known vulnerabilities: For Windows users, open your browser, and go to "Tools." Click on "Windows Update," and follow the instructions on downloading the latest patches.
  • Make sure your computer has the most current anti-virus software and run it regularly. Anti-virus software needs frequent updates to guard against new viruses. We recommend that you use a program that automatically upgrades your virus protection on a regular basis. If you currently do not have this automatic upgrade feature, make sure you update your virus detection program daily and when you hear of a new virus.
  • Run anti-spyware software to remove any spyware from your computer. If your anti-virus product doesn't include spyware protection, we recommend that you install a reputable spyware detection product as well. Many commercially available anti-virus software packages can detect adware/spyware programs on your computer. If detected, you should remove them immediately. (Pop-up ads are indications that adware/spyware is most likely running on your machine.)
  • Don't reply to any e-mail that requests your personal information. Be very suspicious of any e-mail from a business or person that asks for your password, Social Security number, or other highly sensitive information. Also beware of any e-mail that sends you personal information and asks you to update or confirm it. Access National Bank will never request sensitive information by e-mail and we will never ask you for your password.
  • Be alert for scam e-mail. These may appear to come from a trusted business or friend, but actually are designed to trick you into downloading a virus or linking to a fraudulent web site and disclosing sensitive information.
  • Open e-mail only when you know the sender. Be especially careful about opening e-mail with an attachment. We advise you to not open attachments unless you are confident that you can trust the source.
  • Carefully review the Privacy Policy for organizations on the Internet that offer "free services" such as Internet acceleration or email virus scanning. Some of these organizations have Privacy Policies that are loosely defined as to allow them to harvest and share information that is universally considered to be personal and highly sensitive. It is very important to read the privacy policy before downloading any software regardless if it is free or purchased.
  • Do not send sensitive personal or financial information unless it is encrypted on a secure web site. Regular e-mails are not encrypted and are more like sending a post card. Anyone can read it. Look for the padlock symbol to ensure that the site is running in secure mode before you enter confidential personal information.
  • When your computer is not in use, shut it down or disconnect it from the Internet.
  • Act quickly if you suspect fraud. If you believe someone is trying to commit fraud and/or if you think you may have provided personal or account information in response to a fraudulent e-mail or Web site, report the incident immediately, change your passwords and monitor your account activity frequently.

• What to do if you are a Victim of Identity Theft

  Access National Bank wants to offer you something we hope you never have to use. This email message offers information about what to do if you become a victim of a phishing scam or identity theft.

  Phishing, of course, involves the use of replicas of existing Web pages to try to deceive you into entering personal, financial or password data. Access National Bank recommends that you never respond to email messages asking you to verify personal information. But accidents happen, and the following information could be useful if you've been scammed.

  If you have given out your credit, debit or ATM card information:

  • Report the incident to the card issuer immediately
  • Cancel your account and open a new one
  • Review billing statements carefully after the incident
  • If the statements show unauthorized charges, send a letter to the card issuer via regular mail (keep a copy) describing each questionable charge

  Credit Card Loss or Fraudulent Charges

  Your maximum liability under federal law for unauthorized use of your credit card is $50 (policies vary). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy. Your liability depends on how quickly the loss is reported. You risk unlimited loss by failing to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.

  If you have given out your bank account information:

  • Report the theft to the bank as quickly as possible
  • Cancel your account and open a new one

  If you have downloaded a virus or 'Trojan Horse':

  • Some phishing attacks use viruses and/or a 'Trojan Horse' to install programs called "key loggers" on your computer. These programs capture and distribute any information you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.
  • If this occurs, you likely may not be aware.
  • To minimize this risk, you should:
    • Install and/or update anti-virus and personal firewall software
    • Update all virus definitions and run a full scan
    • If your system still appears compromised, fix it and then change your password again.

  Check your other accounts - suspects may have accessed different accounts: eBay account, Pay Pal, your email ISP, online bank accounts, and other e-commerce accounts. If you have given out your personal identification information:

  Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given this information to a phisher, you should do the following:

  • Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
  • Request that they place a fraud alert and a victim's statement in your file
  • Request a FREE copy of your credit report to check whether any accounts were opened without your consent
  • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

  Major Credit Bureaus:	Identify Theft Resources:
  Equifax - www.equifax.com Experian - www.experian.com Trans Union - www.transunion.com	www.consumer.gov/idtheft www.identity-theft-help.us www.identitytheft.org

  • Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity: If bank accounts were set up without your consent, close them; If your ATM card was stolen, get a new card, account number and PIN; Contact your local police department to file a criminal report; Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information; Notify the Department of Motor Vehicles of your identity theft; Check to see whether an unauthorized license number has been issued in your name; Notify the passport office to watch for anyone ordering a passport in your name; File a complaint with the Federal Trade Commission; Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name"; File a complaint with the Internet Fraud Complaint Center(IFCC) by visiting their website: http://www.ic3.gov/

  For victims of Internet fraud, IFCC provides a convenient and easy reporting mechanism that alerts authorities of suspected criminal or civil violations.

  Document the names and phone numbers of everyone you speak with regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

  If you see a suspicious-looking email message claiming to be from Access National Bank, please let us know. We continually monitor such reports and act on them promptly. Additionally, also consider contacting the FBI's Internet Fraud Complaint Center at http://www.ic3.gov/.

• How to report 'Phishing' or 'Spoofing'

  We suggest reporting "phishing" or "spoofed" emails to the following groups:

  • Forward the email to reportphishing@antiphishing.com
  • Forward the email to the Federal Trade Commission at spam@uce.gov
  • Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  • When forwarding spoofed messages, always include the entire original email with its original header information intact
  • Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: http://www.ic3.gov/.

• Resources

  • Ways to Avoid E-mail Scams and Deal with Deceptive Spam
  • Information on preventing Internet Pirates from stealing your Personal Financial Information
  • Online Security & Privacy (It's Phishing Season, Don't Get Hooked)
  • Sound Business Controls
  • Cyber Security Guidance

You play a crucial role in ensuring that your financial information remains safe and together we can maintain a safe and secure online banking environment. We hope you find this information helpful and we will continue to provide you with convenient, quality online banking services.