Security features for EDSB Internet Banking

Changes to your EDSB Image and Pass Phrase took place May 19, 2014. You no longer will see an Image and Pass Phrase when logging into Internet Banking.


EDSB has made it easier for you to access your accounts online, all while continuing to protect you and your money with our powerful, multilayered security system.


How the security system works:

 

LOG IN CREDENTIALS


The access process begins with you typing in your correct User ID & Password.








DEVICE CHECK


We check the device you are using - whether it's your computer, mobile phone, or tablet. If it's not recognized, then we may ask you to complete a Security Challenge to ensure your identity.





GEOGRAPHIC LOCATION


We also check geographic indicators. If you're trying to log in from a new location, we may ask additional questions.





Security you can check:

Before answering your password or answering the Security Challenge, check your browser's address bar. An additional layer of security has been added that shows if you are connected to a safe server. If your browser's bar is GREEN, your connection is secure. If it is not GREEN, stop your log in process and contact a Personal Banker at (563) 587-2424.


Here is what your browser should look like with the upgrade:



We want you to know that your EDSB accounts are safe with us. If you have any questions or concerns please feel free to speak with a Personal Banker today.



Fraudulent Telephone Calls Claiming to be from SHAZAM

EDSB has been made aware of an issue where debit cardholders are receiving fraudulent telephone calls from someone claiming to be from SHAZAM, Inc.

During this call the fraudster asks the cardholder for personal information such as a primary account number(PAN) and PIN. EDSB and SHAZAM will never ask for a full PAN or a PIN if we are contacting you. One exception to this is if YOU are contacting EDSB or SHAZAM directly we may ask for this information. 

EDSB encourages our customers to contact a Personal Banker at 563-587-2424 if you receive a fraudulent telephone call.



EDSB's Web Servers Safe from the Heartbleed Security Vulnerability


What is Heartbleed?

Heartbleed is an internet bug that creates an opening in the encryption software used on websites whose addresses start with “https.” This bug makes it possible to scrape information on the server, including user names, passwords and information contained in the account. EDSB’s website has been tested securely and has not been affected, but we wanted to inform all of our customers about the potential threat found on other websites that may not be as secure.

 

What do I do if a website may have been exposed to Heartbleed or hacked and I have an account there?

 

First,confirm through a test site that the site has installed the software update to fix the Heartbleed bug. Depending on the result, here’s what you can do:

1.) If the site has updated its security certificate since April 7: Change your password. It’s also a good idea to clear your cookies and empty your cache. You can do this in a browser under menu options such as“settings” or “options.”


2.) If the site has not updated its certificate: Hold off on changing your password. Otherwise, you could potentially expose your new password and account information. Instead, perform a vulnerability check on the website again in a day or two to see if it has installed the software update. If you think you’ll forget to check, consider setting a reminder for yourself. Don’t change your password until the site has installed the update.

 

  • Check your bank statement and credit card information to make sure there are no unauthorized charges.

  • If you haven’t checked your credit report in a while, get a free credit report that covers the three major credit agencies at www.annualcreditreport.com.


PLEASE NOTE, EDSB customer information is secure, and there HAS NOT been a breach of EDSB’s Online Banking. 



Phishing Alert

EDSB has received a notification from the FBI and the Iowa Division of Banking to be on alert for spear phishing emails.  The FBI has assessed the possibility of US military action in Syria may lead to further escalation of computer network operations by pro-regime or other aligned cyber actors. Every organization is at risk of being the target of a spear phishing email. Malicious actors are crafting emails that appear to be from a legitimate source to lure victims into providing login credentials. The email will contain a hyperlink that appear to be legitimate; however, the user is directed to a credential harvester that looks like a legitimate Outlook Web Access or other login page.


Here are some tips to protect yourself:

Email from a "Friend"

The spear phisher thrives on familiarity. He knows your name,your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.


Passwords That Work

Think about your passwords. Do you use just one or easy to figure out variations on just one? If you do either, you shouldn't, because you're making it easy for a scammer to get access to your personal financial information. Every password for every site you visit should be different. Random letters and numbers work best, and make sure to change them frequently.


Patches, Updates, and Security Software

When you get notices from software vendors to update your software, do it. Most operating system and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date.


Be Smart

If a "friend" or business emails asking for a password or other information, call or email them (in a separate email) to verify that they were really who contacted you. Legitimate businesses won't email you asking for passwords or account numbers. 


As always, EDSB would never ask you for you login credentials via an email. If you should ever have any questions or concerns please contact a personal banker at 563-587-2424.




Do You Know Where Your Personal Information Is?

As consumers of online services, we create digital information through our use of social media, online shopping, and many other activities. Public records are also a source of information, which can get posted online. Be aware that once this data is online, it can be difficult to remove.


See What Information About You Is Available Online

  • Search engines will help you to do a quick search of your public information. You can also take a proactive approach and set up alerts for search terms of your name. 
  • Data services like Spokeo and Pipl have massive amounts of data about individuals compiled from a variety of sources, including public records and social networking sites. this data can be used by credit issuers, criminal profilers, employers, etc.
The first reaction to seeing your data might be,“Oh my, that’s scary,” followed shortly by, “How do I remove this? If you've experienced a similar reaction, take the actions outlined below. Be aware that some information posted about you is within your control, and some of it is not.


Clean Up Data You Can Control

Information that is under your control includes information you have posted, such as your social networking profiles and related information. In addition, there could be information about you on old blog postings, postings on a friend’s website, an old dating profile, a picture sharing account, or any other services that were useful at a point in time for you but are no longer necessary.

Review the accounts to which you have access.You basically have three options:

  1. Remove the data.
  2. Modify the privacy settings.
  3. Request that the account be deleted.

If you are going to request that the account be deleted, remove all of the data first. Be sure to request that the account be deleted rather than deactivated.


Request Clean Up of Data You Do Not Control

Contact website owners:
If the site does not make contact information for the site owners easily available, you can do a query on the WHOis.net website to find an administrative and technical contact for the site.

Opt out of data service providers:
A data service provider is a company or group that will provide lists of contact information to individuals or companies that request it. They often charge a fee for this information. In many cases, data service providers provide individuals with the ability to opt out of having their data published. Keep in mind that these services are aggregators, so the original provider of the information will likely have to be contacted also to remove your information. The Privacy Rights Clearinghouse publishes the opt-out URLs for more than 240 of these types of services.

Use a professional service:
The maintenance of your online data requires discipline and regular review. What if there is misinformation being posted about you that you cannot get removed through the steps discussed above? Then it is time to consider using a professional service. These services will constantly search for, analyze, and remove data that you do not want made public. Review the service terms from these companies carefully to ensure the service you desire is what is being provided.

    The best course of action you can take is to be aggressive about maintaining a cycle of checking your public data and removing items that you don't want shown publicly.


    Resources For More Information






    In today's electronic world, using safe practices is very important.

    When using a debit card, it is always a safer practice to enter a secure pin number instead of signing for a transaction. Because this is safer for you, in the state of Florida where there has been considerable fraudulent transactions, we will be requiring all transactions to be pin based for your protection. What does this mean to you?

    • You will need to know your pin number to be able to conduct transactions in Florida
    • If you do not know your pin number, please let us know and we will create a new pin number for you.

     

    Anytime you travel out of the tri-state area, and will be using your debit card, it is always a good practice to notify EDSB of where you intend to use your card. It is also a good practice to be sure we have your cell phone number listed so if an issue should arise; we have sufficient means to contact you.

     

    As always, contact a Personal Banker at 563.587.2424 with any questions or concerns.