BANKING SECURITY CENTER
Banking Security Tips
ATM Safety Tips
Allied Bank And Trust Company (Bahamas) Limited is committed to your safety. The security department has installed the latest in surveillance cameras and DVR at all of our branches. This alone will not guarantee your safety. You need to be proactive in your approach to safety. Listed below are some safety recommendations that you should practice while using an ATM.
Use common sense and be aware of your surroundings before, during, and after you use an ATM.
If you observe or sense suspicious persons or circumstances, do not use the machine at that time.
Notice if anything looks unusual or suspicious about the ATM, indicating it might have been tampered with. If the ATM appears to have any attachments to the card slot or key pad, do not use it and inform the bank. If you suspect that the ATM has been tampered with, do not use the ATM and inform the bank.
If you have dipped your card starting a transaction and have to leave the ATM prior to completing the transaction, always press the cancel key and verify that the ATM comes back to the welcome screen. This will signal the end of your ATM session.
Be careful that no one can see you enter your PIN at the ATM. Use your body to "shield" the ATM keyboard as you enter your PIN into the ATM.
Close the entry door completely upon entering and exiting this facility, when card access was required to enter during non branch banking hours.
Do not permit entrance to any unknown person at any time, if card access was required to enter.
Place withdrawn cash securely upon your person before exiting the ATM facility.
If anyone follows you after you leave the ATM, go immediately to a heavily populated, well-lit area and call the police.
Never write your PIN on your ATM card.
Never give your card or pin to anyone to do a transaction for you.
These tips are meant to make you aware that, although rare, ATM crime can happen. Preventing such a crime must be a cooperative effort between you and your bank. As far as your security is concerned, you can never be too careful, too prepared, or too aware.
Email Scams
Phishing attacks may take on a variety of different forms. In the classic “phishing” attack, a virtual trap is set by cyber thieves that use official-looking emails to lure you to fake websites and trick you into revealing your nonpublic information. Another form of "phishing" is when you receive an official-looking email and are requested to click on a link to download a file or report. Once you click the link, malicious software called “malware” is instantly installed on your PC. The malware is then able to detect and steal your authentication credentials which can be used to log in to your online banking account(s).
Here are some best practices for online security which are outlined below:
Do not open emails from which you do not recognize the sender.
Remember that Allied Bank And Trust Company (Bahamas) Limited will never send you an email with a link asking you to update your nonpublic information.
Do not click on any hyperlinks within an email that ask you to confirm or resubmit financial transactions such as a bill payment, wire, or ACH.
Do not share your security credentials with others.
Contact us as soon as you can if you are receiving suspicious emails purportedly coming from Allied Bank And Trust Company (Bahamas) Limited.
The Federal Deposit Insurance Corporation has released an online multimedia educational tool to assist you in protecting yourself from identity thieves. The presentation features valuable tips to safeguard your computer and personal information, and it provides guidelines on the action to be taken if your personal information has been compromised.
Internet Banking Security
The Internet has made it easier for criminals to deceive individuals into revealing confidential information and clicking on links or attachments that will compromise the security of their computers which ultimately have an impact on Internet banking security. These criminals have continued to use increasingly sophisticated, effective, and malicious methods to fraudulently gain unauthorized access to consumers’ and businesses’ Internet banking accounts.
At Allied Bank And Trust Company (Bahamas) Limited, we understand that security measures are a top priority and of utmost importance for Internet banking. We have implemented a significant level of security features to mitigate the risk of fraudulent Internet activity; however, we strongly encourage both our consumer and business customers using Internet banking and cash management services to be aware of current threats to the security of their Internet banking accounts, and to implement internal preventative and monitoring controls to reduce the risk of compromised access and account takeover.
Allied Bank And Trust Company (Bahamas) Limited will NEVER request a customer’s personal information (debit card number, account number, social security number, personal identification number, or password) through email or by phone on an unsolicited basis. If you ever receive an unsolicited phone call or email claiming to be from Allied Bank And Trust Company (Bahamas) Limited requesting your personal and confidential information, please DO NOT respond. Contact us immediately. As an additional monitoring control, you should review account statements and online account transaction history to ensure all transactions are correct and authorized.
Fraudsters will commonly use a type of Internet piracy called “phishing.” In a typical phishing case, you'll receive an email that appears to be from Allied Bank And Trust Company (Bahamas) Limited. In some cases, the email may appear to come from a government agency or payment network, such as the FDIC or NACHA, respectively. The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to our website. In a phishing scam, you could be redirected to a fictitious website that may look exactly like our site. In other situations, it may be our actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your log-in authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes: your social security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of Identity Theft which can lead to malicious activity such as Internet banking account takeover.
We have implemented strong preventative and monitoring controls within our Internet banking, bill payment, and cash management systems; however, in order to enhance our customers’ internal security, we recommend our customers implement their own controls to mitigate risks. Examples of controls you may want to consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows:
Refrain from opening unsolicited emails and attachments.
Refrain from providing authentication credentials to callers claiming to be representing the financial institution, and from responding to emails requesting information or re-directing you to a website.
Daily account activity monitoring via Internet banking account transaction history review.
Review and monitor your account statements for unauthorized transactions.
Safekeeping and confidentiality of Internet banking authentication credentials.
Maintain up-to-date operating system security patches and have installed updated virus/spyware protection software. Anti-virus and anti-spyware software will help to keep your computer safe from malicious software that could install itself on your computer. Contact your hardware or software supplier for further information.
Install a firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet using established rules to determine if a requested connection is malicious or not.
Implement intrusion detection/prevention software or services.
Prior to disposing, shred all confidential information on hardcopy and on electronic media.
For our business/commercial customers, we also strongly recommend that you perform internal periodic risk assessment and controls evaluations related to the security of your Internet banking/cash management environment. Special attention should be directed to high-risk transactions which involve access to personal financial information or the movement of funds to other parties, such as ACH, wire transfers, and bill payment.
For Personal Banking Customers Only: Allied Bank And Trust Company (Bahamas) Limited is required under Regulation E: Electronic Funds Transfers to provide certain protections to our individual customers relative to electronic funds transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through Allied Bank And Trust Company (Bahamas) Limited’s Internet banking channels, to either order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include but are not limited to debit card transactions, ACH payments, external transfers, and bill payments. For specific applicability and provisions, please refer to Allied Bank And Trust Company (Bahamas) Limited’s Regulation E disclosure in our deposit terms and conditions booklet, which you received when you opened your account with us.
If you notice any suspicious or unauthorized account activity, experience a breach in security of personal information, your log-in credentials or computer security have been compromised, or for more information, please contact us.
Safeguarding Your Online Transactions
Federal financial regulators are now reporting that there has been an increase in Internet threats in recent years, and that Internet-based attacks on personal information and data networks are increasingly sophisticated. Advanced hacking techniques and the increase in cyber-criminal groups are putting additional strain on financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers. Allied Bank And Trust Company (Bahamas) Limited is committed to increasing vigilance and safeguarding your personal information, and we would like you to know:
We will never ask you to confirm your username, password, or other electronic banking credentials over the phone, by email.
Make sure you use an adequately safe username and password—these should mix upper and lower case letters, numbers, and symbols to make the password difficult to guess.
Periodically change your password. You should change it every 90 days at minimum.
Safeguard your username and password information—don’t leave it on a sticky note on your computer monitor or in your wallet.
Make sure your anti-virus software is up to date. If it’s not up to date, renew your subscription.
Make sure you have a firewall in place when conducting your financial transactions.
Log off the system when you’ve finished using online banking or making your financial transactions. Don’t just close the page or “X” out of the system.
Monitor your account activity on a regular basis.
In addition, we sometimes require owners of commercial accounts to perform their own risk assessment and control evaluations.
For example:
Make a detailed listing of the risks related to online transactions that your business faces, such as:
Passwords and log-in credentials being left out in the open.
Use of passwords that do not meet basic security criteria (birthdays, first names, etc.).
Considerations for internal theft and fraud.
The lack of a proper control method for financial transactions. For example, checks and balances to an individual’s access into the system, or rerouting for approval once a transaction has been performed.
An evaluation of the controls your business has in place could include:
Using password-protected software to house passwords.
Conducting employee background checks.
Initiating a policy and process to terminate access for former employees immediately.
Spreading duties among two or more people so no one person has too much access or control over the system.
Using firewalls to protect from outside intrusion, pirates, or hackers.
Federal regulations provide you with some protection in the case of electronic funds transfers. These regulations apply to accounts with Internet access, limiting a consumer’s liability for unauthorized electronic funds transfers. They also outline the steps you’ll need to take to resolve an error with your account. The general rule here is that to take advantage of these protections, you need to act as quickly as possible to notify us if you suspect unauthorized activity on your account. Make sure you notify us immediately if you think your information has been stolen or lost, and remember to review your account periodically for any evidence of errors or unauthorized activity. Please see the Electronic Funds Transfer disclosures that were provided when you opened your account, or contact your nearest branch for a copy of them. Remember, if you become aware of suspicious account activity, you should immediately contact the authorities and notify us RIGHT AWAY.
