Benefits and Risk of Online Banking

Online and Computer Security Tips

To provide our customers with secure online access, Young Americans Bank continually works to maintain and improve our online security. To help you protect your own security Young Americans Bank has comprised a list of tips to help you protect your computer and your account information.

• Keep your computer operating systems up to date.
  If your computer is more than five years old, its operating system (e.g. Windows 98) may not offer the same level of protection as newer systems. Manufacturers provide updates that help make your system more secure. Some updates are supplied automatically through email or your Internet connection. You can also check your operating system’s web site.
• Always use a current web browser.
  When you are working online make sure that you are always using a current web browser. If you are using an older browser it may not be able to protect the transactions on internet banking. You may need to upgrade your browser.
• Install personal firewall.
  Though many office networks include a firewall protection, many home computers do not have the necessary security to protect you. Check with your operating system to see if a firewall is already included before purchasing a separate one.
• Install and update anti-virus software.
  Anti-virus software helps protect your computer by reducing the risk of your computer contracting computer viruses. These viruses can compromise your security, and the anti-virus software program offers upgrades to protect against the latest computer viruses.
• Activate a pop-up blocker.
  Many companies offer free pop-blocker online. You should make sure that these programs are from legitimate companies before downloading. This can protect you against fake email sites. When you have the pop-up blocker activated you may need to turn off the blocker to view some information that only comes on pop-up windows.
• Scan your computer for spyware.
  Spyware and adware are programs that look in on your Web activity and could potential relay information to a disreputable source. Search the internet for free spyware or adware removal programs. Make sure that the removal program is from a legitimate company.
• Use secure web sites for transactions and shopping.
  Be sure the web page you are browsing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your internet window. Also the web address you are viewing may begin with “ https://…”. The “s” means that the web address is a secure address and uses encryption.
• Avoid Downloading from unknown sources.
  Downloads from unfamiliar sources may have hidden programs or viruses that can affect your computer’s security.
• Disconnect from the Internet when not in use.
  DSL and high- speed cable provide a constant connection between your computer and the internet. Disconnect the internet to avoid unwanted access to the information on your computer.

Best Practices for Safe Mobile Device Usage

Online security is a top priority at Young Americans Bank (YAB). We want to provide crucial information, tips, and tricks to help protect your secure information.

Mobile Banking is constantly changing, making it difficult to identify all possible risks, but this comprehensive set of guidelines will give you knowledge to protect yourself and utilize mobile banking with confidence.

If you are using a mobile banking application, such as TouchBanking, your smartphone could be a target for malicious individuals who want to steal your identity or those you lend your device to.

What is a Smartphone?

A smartphone is a cellular phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications, more commonly known as apps.

On which smartphones can I install Touch Banking app?

TouchBanking Application is currently available for download on Apple® & Android™ devices including tablets with Apple & Android operating systems.

Key items to keep in mind

• Always treat your cell phone like your wallet or purse.
• Be cautious of who you let use or “borrow” your device – they could quickly download fraudulent apps.
• Keep your device up-to-date with software releases and update and protect it with antivirus software (AVS).
• When you text someone, the message is stored on your cell phone, at least one server somewhere, and the receiver’s cell phone. It will be around forever.
• Text messages, emails, alerts from YAB never contain any personally sensitive information (account numbers, username, passwords). YAB will never ask for this information to be submitted through any channel. Never send this secure information to anyone.
• You should review your account information via multiple channels on a regular basis to ensure consistency.

Lost or Stolen Device

In order to safeguard yourself, there are several best practices you can follow BEFORE losing device:

• Most smartphones offer a feature allowing you to select a PIN, pattern recognition password or biometrics in order to unlock the device for use. This feature should be turned on not only when you power-on your device but anytime you turn your screen on.
• Create “strong” passwords (of unusual combinations of upper-and lower case letters, numbers, and symbols) or PIN (random numbers instead of, say, 1234 or the last four digits of your Social Security number) and periodically change them.
• Do not store your username or password in your device’s notebook, contacts, or any other apps for easy retrieval.
• Check with your mobile carrier about remote wiping. Often times you can wipe the data from your phone either online or through the help of your carrier. This prevents the information from being accessed from anyone who may find or steal your device.

What else should I be aware of?

Social engineering

There are serious social engineering threats that users need to be aware of when engaging in mobile banking practices:

Malware

The intent of malware is to covertly compromise the confidentiality, integrity, or availability of the victim’s data, application, or operating system. The highest risk in a mobile banking setting is from downloading rogue apps or clicking on links contained within certain websites and/or text messages. Just because the picture of an application appears to be backed by a legitimate financial institution doesn’t mean it is secure.

SMiShing

The act of retrieving information via text message. Attackers pose as a financial institution and use SMS (texting) to ask for sensitive information. Your response and information is routed to an unauthorized individual.

Phishing

This has been around since the birth of Internet banking and is still applicable to mobile banking. Phishing is an attack used by tricking the victim into downloading malware or disclosing personal information.

Vishing

Using SMiShing and Phishing to evoke a victim into disclosing information by responding to a bogus phone number and talking to an attacker.

Man-in-the-middle attack

A form of active eavesdropping when the attacker makes independent connections with the victims and relays messages between them, making them believe they are talking directly to each other over a private connection, when actually the entire conversation is controlled by the attacker.

Cloning

The transfer of identity between one mobile telephone and another.

Hijacking

The attacker takes control of a phone conversation and masquerades as one of them. This could give the hacker access to the victim’s financial accounts.

NEVER “Jailbreak” your Device

Smartphones and tablets can be “jailbroken” by installing modified software that unlocks the restrictions of the device’s core operating system. “Jailbreaking” or otherwise altering your device could void your warranties, violate your provider’s terms of service, or even damage your device. Since jailbreaking methods are unsanctioned by manufacturers and forgo most security protocols, they can make your device unstable, susceptible to viruses, and vulnerable to exploits that feed hackers your personal information.

Fraudulent Applications

Research any application (“app”) before downloading it. Just because the name of an app resembles the name of your bank – or of another company you’re familiar with – don’t assume that it is the official one of that bank or company.

Take the time to read the “small print” when installing an app on any smartphone. Evaluate the information the app requires access to and consider if this information is necessary for it to run successfully. If you cannot see a reason for the app to have access to the information, you should reconsider installing it.

The iPhone app store is the only marketplace that controls “application distribution” meaning they review and restrict applications prior to allowing them to enter the app store.

Even with the strict app design controls, fraudsters may attempt to mimic the applications in order to create a “spoof” app. When an unsuspecting person downloads the fraudulent app and enters their log-in credentials, it is immediately sent to the fraudsters. They could then use your username and password to log-in to your account.

What We Do

How does Young Americans Bank protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

We also maintain other physical, electronic and procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.