Security Center & Fraud Prevention

Your phone rings and you see your bank’s name in the caller ID so you answer.

The caller says they’re from the institution’s customer service department and that there is a problem with your account that needs immediate attention, but you get nervous when they start asking for personal things like your PIN or account password. What should you do?

Hang up because it’s probably a scam in which the caller is using caller ID ‘spoofing,’ where they use technology to disguise the number they are calling from and make it look like the name and number of your bank.

This scam is designed to trick you into divulging important information that could be used to drain your account or be used to sell to crooks.

Here are some important things to know and do if this should happen to you:

• Financial institutions won’t contact you out of the blue unless there is a major problem, and they won’t ask for your account number, password or PIN. Don’t give them out even if the caller threatens penalties.
• If you have even a small suspicion that the call is a scam, hang up. Look for the toll-free number on the back of your bank card or look up your branch’s official phone number and call it. Tell the customer service representative who answers what happened and ask if there is really a problem with your account.
• The same thing can happen via email or text. If someone claiming to be your bank asks for personal information don’t call any included number or click on any link in them.

Knowing danger signs to look for and staying alert for phone or email scams can keep your money safe from crooks.

You may not be aware of it, but you have round-the-clock protection against the increasingly savvy perpetrators of card fraud. That’s because the debit cards we issue are protected by our Fraud Detection Department.

Rio Bank utilizes a fraud prevention and monitoring system called EnFact. Through an important partner of ours, Fiserv, we provide industry-leading technology, tools and proven expertise to manage fraud. Experienced “Fraud Prevention Services” analyst’s monitors card activity 24 hours a day, 7 days a week.

If unusual or suspicious activity occurs on your debit card, a Fraud Detection representative may call you on behalf of Rio Bank. If they are unable to reach you, your account may be blocked to avoid additional potential fraud until you are reached. If you are asked to call them back, be sure call them back only at the number listed below (must provide Fraud Case Number).

Fraud Detection Department
1-833-735-1894 (English)
1-833-735-1898 (Spanish)

You should never provide your debit card number, PIN, or other personal information to anyone that contacts you by phone, text, or email.

• Rio Bank or our fraud detection representatives will never contact you (by phone, email or text) and ask you to provide information that we should already have on our system. They should only ask you to verify the information. Tell them to tell you what they have as information and that you will tell them if it is correct or not.
• If you are ever contacted regarding your account or debit card, we encourage you to end the call and call them back using only the phone numbers you know belong to the Rio Bank. These phone numbers can be found on your statements, our website, or the back of your card.
• It's a good idea to document or make copies of all your debit cards, credit cards, ID cards, licenses and everything in your wallet before your information goes missing. Make sure you list your account numbers, and toll free phone numbers you'd need to call to report them missing. Be sure and keep the list or photocopies in a separate, safe place.

If you plan to use your debit card while traveling, we recommend alerting your local Rio Bank banker prior to departure.

This information does not mean that your debit card may not be blocked for security purposes, but having that information available may help us reach you and make a decision about your debit card.

We monitor your ATM/debit card to protect your accounts from potentially fraudulent activity which may include a sudden change in purchasing patterns, transactions performed outside of your normal spending area, a sudden string of costly purchases, or any other pattern associated with new fraud trends around the world.

When potentially fraudulent activity is detected, full use of your debit card may be restricted. Our goal, quite simply, is to provide outstanding customer service while protecting your banking relationship and mitigating losses due to fraudulent activity.

To minimize your risk of restricted use of your debit card while traveling, please notify us when you plan to be out of town.

For more information, or to notify us of your travel plans, you may:

• Log into your Online Banking and click on Travel Plans
• Contact us at (956) 631-7890 or toll free at (877) 631-7890.
• Stop by any of our Rio Bank Locations (click here for branch hours and locations);

Rio Bank will request the following information from you:

• Customer name- Provide your first and last name (company name, if applicable)
• Debit card number- Last 4 digits of your debit card number
• Travel start date- Provide the approximate start date for your travels.
• Travel return date- Provide the approximate return date from your travels.
• Description of travel- Provide the location(s) in which you will be traveling. Be sure to include any planned stops along the way.

Always carry an alternate payment method. We will do all in our power to help you when you run into payment difficulties, but having multiple options for payment at all times is a wise idea, especially when traveling.

ATM Safety Best Practices

• Always observe your surroundings before conducting an ATM transaction
• Treat your ATM card like cash. Always keep your card in a safe place. It's a good idea to store your card in a card sleeve. The sleeve protects the card's magnetic strip and helps ensure that the card functions properly.
• Keep your PIN number a secret. Never write it on your card or store it with the card. Never tell your PIN to anyone. And never let someone else enter your code for you.
• Take your ATM receipt with you. Do not leave it at or near the ATM.
• Report a lost or stolen card at once. Promptly report a lost or stolen card to reduce the chance that it will be used improperly.
• Check your receipts against your monthly statement to guard against ATM fraud
• ATM Safety Brochure

Drive Up ATM Security

• Keep your engine running, the doors locked and the windows up at all times when waiting in line at a drive-up ATM
• When possible, leave enough room between cars to allow for a quick exit should it become necessary
• If an ATM is poorly lit, go to another ATM
• Before rolling down the window to use the ATM, observe the entire area around the ATM
• Have your card out before you approach the ATM
• If anyone follows you after making an ATM transaction, call the police.

Walk up ATM Security

• Be observant of your surroundings
• Minimize time spent at the ATM
• Only use well lit ATMs
• Be cautious if strangers offer to help at an ATM. Do not allow anyone to distract you while at the ATM.

Under a federal law enacted by Congress, every consumer in the United States can now obtain one free credit report every 12 months from each of the three major credit bureaus.

Recommendations

• Obtain your free credit reports by mail, by phone or online from a service that is run jointly by the three credit bureaus
• If you order your credit report online, you must print it or save it to your computer, or it will be unavailable once you leave the screen
• The free program applies only to the credit report itself. Credit scores are not included in the free credit report but they can be purchased from the credit bureaus for a fee
• Experts strongly recommend that consumers obtain their free credit reports and review them for completeness and accuracy in order to learn about their credit, check for errors in their credit information and detect identity theft
• If something is wrong on a credit report, you can dispute it directly with the credit bureau. When a dispute is filed, the credit bureau has 45 days to respond to the consumer

You can obtain your free credit report as follows:

Online www.annualcreditreport.com

By Phone:
877-322-8228

By Mail:
Credit Report Request Service
P. O. Box 105281
Atlanta, GA 30348-5281

Corporate Account Takeover is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to the web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers' accounts.

As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize threats which can affect your business. Below are some tips to help you keep your business account safe.

Recommendations

• Use a dedicated computer for financial transactional type of activity. DO NOT use this computer for general browsing and email
• Apply operating system and application updates (Patches) regularly
• Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version
• Have host-based firewall software installed on all computers in your network
• Use the latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with "pop-up" blockers and keep patches up to date
• Turn off your computer when not in use
• Review your banking transactions and your credit report regularly (See "Check your Credit Report section")
• Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks
• Call us immediately at 956-631-7890 if you believe your Rio Bank account has been compromised
• Take our interactive Commercial E-Banking Risk Assessment and Controls Evaluation

eMail Scams

Protect yourself from the Internet and eMail scams by keeping your private information secure.

At Rio Bank, your privacy is very important to us. That's why we want to provide you with information regarding a technique fraudsters use to lure online consumers to fake corporate Web sites through links sent via eMail. This scam on the Internet is called "phishing" (pronounced fishing).

The message in the eMail often warns consumers that their account will be closed if their information is not updated or "verified". The links within the eMail are often pointed to Web forms to ask for bank account information, such as routing numbers, account numbers, PIN numbers, passwords and Social Security numbers. It is Rio Bank's policy to not send or request confidential account information through eMail because it is not a secure form of communication. You should never enter private, personal information in a form that was sent to you by eMail.

Recommendations

• Never click on links in unexpected eMails that request confidential information. If updates to information are needed, always type the address for the institution's website into your browser
• Before submitting confidential information through forms, make sure you are using a secure Internet connection. There are two ways of determining if your connection to a Web site is secure
  • Look at the address bar at the top of your browser
  • If the Web site address begins with https://, then you have an established secure connection
  • If the Website address begins with http://, then the connection is NOT secure
  • Look for a "lock" icon in your browser's status bar at the bottom right hand corner of your browser. The lock verifies your connection to the Website is secure
• Make sure you have installed and run updated anti-virus and anti-spyware software which will keep your computer safe from malicious software that might have installed itself on your computer. Both viruses and spyware can leave your computer vulnerable to attack and intrusion
• Install a Firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet by determining if a requested connection is malicious or not. A firewall is especially important if you are using a broadband Internet connection like DSL, cable, or satellite
• Keep your Internet browser, anti-virus, anti-spyware and firewall up to date by visiting the manufacturers website and checking regularly for software and security updates
• Review and monitor your checking account, debit card, credit card statements and your credit report regularly to be sure all transactions are legitimate
• Watch for misspelling or grammatical errors on forms requesting confidential information. Hackers often make errors while rushing to get bogus Websites in place. If something doesn't look right, there is a good chance that it's not
• If you should ever receive an email or phone call requesting your personal, confidential information that appears to be from Rio Bank, DO NOT respond and contact the bank immediately at 956-631-7890

Lottery Scams

In the lottery scam, you receive an eMail notification claiming you have won an international lottery (Jamaican Lottery, Spanish Lottery, etc.). In order to claim your winnings, you must contact the claims agent, typically by an eMail address that is most often from a free provider (e.g., Yahoo, Hotmail, etc.). The agent then sends you a claim form to verify your identity. You must then return the form with your personal details, along with copies of your passport and/or driver's license to "verify your true identity". The fraudsters now have enough information to duplicate your identity. In addition, in order to claim winnings, you are required to wire funds to the fraudsters to cover the transaction, insurance, tax and legal fees associated with receiving their winnings. The victims are required to transfer the money requested via Western Union. You are now out of the funds you have wired to the fraudsters and, the fraudsters have your personal identification to continue to commit fraud.

Check Scams

There are many variations of check scams. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an "advance" on a sweepstakes you've supposedly won, or pay the first installment on the millions that you'll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping. Whatever the pitch, the person may sound quite believable.

Things to look out for:

• Fake check scammers hunt for victims. They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. They place their own ads for people to contact them. They also call or send emails to people randomly, knowing that some will take the bait
• They often claim to be in another country. The scammers say it's too difficult and complicated to send you the money directly from their country, so they will arrange for someone in the U. S. to send you a check
• They tell you to wire money to them after you've deposited the check
• The checks are fake but they look real
• You don't have to wait long to use the money, but that doesn't mean the check is good
• You are responsible for the checks you deposit
• There is NO legitimate reason for someone who is giving you money to ask you to wire money back

What can you do?

• If you receive a check in the mail that you are not expecting, DO NOT CASH IT. You should call the issuing bank directly to verify that the account is valid and the check is real.
• If you are a victim of a counterfeit check cashing scam, eMail the FDIC's Special Activities Section at: alert@fdic.gov
• If you believe you may have fallen victim to this type of scam and wish to report it, please file a complaint with the U. S. Government Internet Crime Complaint Center at: http://www.ic3.gov

Or contact them at:
FDIC's Cyber Fraud and Financial Crimes Section
550 17th Street, NW, Room F-4040
Washington, DC 20429

Identity Theft is one of today's fastest growing crimes. It occurs when someone steals your personal information and identification. They may open credit card accounts, apply for loans, rent apartments and purchase phone services, all in your name. In many cases, they request address changes so you never see the bills for their activity. These impersonators spend your money as quickly as possible. Most victims never know it until they apply for credit or receive a call from a collection agency. Clearing your name and erasing the effects of identity theft can be a nightmare and take a great deal of time. You can spend months or even years re-establishing your credit worthiness.

Helpful Tips

• Store personal information in a safe place
• Shred financial statements, bank checks, credit card offers, charge receipts and credit applications before discarding them
• Don't release personal information
• Never disclose account numbers, Social Security numbers and credit card numbers over the phone or eMail unless you know the person or organization you are dealing with
• Guard against mail theft. Promptly remove incoming mail after it has been delivered
• Deposit outgoing mail into a secure, official U.S. Postal Service collection box
• Be suspicious of any offer made by telephone, on a Website or in an eMail that seems too good to be true

Are you a victim of identity theft?

Using your mobile device to check the balances of your accounts or to process a simple transaction is convenient and can save you time, but how do you make sure it is also secure?

Ways to protect your information while using your mobile device:

• Configure your device to require a passcode to gain access if this feature is supported in your device
• Avoid storing sensitive information. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, bank account numbers, etc.). If sensitive data is stored then encryption should be used to secure it
• Keep your mobile device's software up-to-date. Mobile devices are small computers running software that needs to be updated just as you would update your PC. Use the automatic update option if one is available
• Review the privacy policy and data access of any applications (apps) before installing them
• Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to "non-discoverable" when Bluetooth is enabled
• Delete all information stored on a device before the device changes ownership. Use a "hard factory reset" to permanently erase all content and settings stored on the device
• "Sign out" or "Log off" when finished with an app rather than just closing it

Password Security

Almost every website you visit today requires a username and password to be entered. Just when you manage to memorize one, you are forced to change it. As annoying as this may seem, the reality is that we sometimes take passwords for granted. The main purpose for a password is to serve as the first and sometimes the only line of defense to protect important information. Passwords keep unauthorized users from accessing financial information, health data, private and company documents. They are also what identifies you on a particular system.

Password Do's

• Create a unique password for all the different systems you use. If you don't, then one breach leaves all your accounts vulnerable
• Use unpredictable passwords with a combination of lowercase, uppercase, numbers and special characters. Use a password that is at least 8 characters in length if possible
• Change password regularly at a minimum at least quarterly, and whenever they may have become compromised

Password Don'ts

• Don't give your password to anyone for any reason
• Don't write your password near your PC
  • Anywhere near your PC
  • In your laptop bag
  • In user manuals
  • Electronically in Word documents
  • Sent in eMails
• Don't use personal information in your password such as: your name, your friends name, pets name, addresses, social security number, phone number, license plate number, important dates such as birthdays or anniversaries
• Do not use easy to spot passwords such as "123456" or "Password01"

Social Engineering is a technique used to obtain or attempt to obtain secure information by tricking an individual into revealing the information. Normally, social engineering is quite successful, because most targets (or victims) want to trust people and provide as much help as possible. Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task. The basic goal of social engineering is to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt and compromise computer systems.

Common Techniques of Social Engineering

• Social Engineering by Phone – Pretexting
• Dumpster Diving
• On-Line Social Engineering – Phishing, Vishing, SMiShing, Pharming, Website Spoofing
• Shoulder Smurfing – Looking over a shoulder to see what they are typing

What should you do?

• Never share your user name or password with anyone
• Rio Bank will NEVER call you and ask you for your user name and password
• Report fraud/spam on our website. Contact Us now.
• Always be aware of your surroundings

Helpful Websites

• www.OnGuardOnline.gov
• www.StaySafeOnline.org
• www.BBB.org/Data-Security
• www.US-CERT.gov