Some internet attacks against banks are merely inconvenient

Reply

Some internet attacks against banks are merely inconvenientIt sounds odd to be writing that statement, and sounds self-serving, but it is in fact true that the recent “DDoS” attacks on bank web sites only make the site inaccessible for customers and employees, and do not mean the bank’s computers are being compromised.

The FDIC recently published a brief story that details what customers should know about criminals’ attempt to disrupt a bank’s internet service. DDoS (Distributed Denial of Service) attacks occur when criminals deploy thousands or more requests to view a bank’s web page at the same time. Such traffic significantly affects the web server’s ability to “serve up” the page for customers. And while you may find this very frustrating, take some comfort in knowing that all that traffic causes the server to be so bogged down with page requests that it can not reliably send any data. Peoples Bank does not keep any customer data on its web server, so there is no risk of all this activity serving as a distraction while a real theft is taking place.

If you are unable to gain access to The Real Peoples Bank web site, here are 3 things you can do:

  1. Check our Twitter feed to get up-to-the-minute updates on the situation at twitter.com/realpeoplesbank.
  2. Check out facebook.com/therealpeoplesbank for our description of what is going on and what we’re doing about it.
  3. Be patient. Our web provider has ways of detecting and mitigating the effects of these types of attacks. It may take some time to re-route traffic and get users to where they want to be.

Read more about DDoS attacks to bank web sites from the FDIC’s article. And talk to a friendly banker at Peoples Bank to learn more about how we strive to ensure your financial information is safe, secure and accessible to you whenever you need it.

Protect yourself – credit card risks

Reply

Protect yourself - credit card riskBy now, most people understand that credit cards are safer to keep on their person than cash. Even my 82-year-old uncle prefers to use a credit card to pay for things now. But credit cards (and their cousin the debit card) have their own set of issues. My uncle was surprised to learn that if somebody steals his credit card, he may still be liable for the charge! So take a few minutes and review the reminders below to take reasonable precautions of protecting you (and your money).

It is important to know that criminals would love to steal any information about you they can find, including your name, your account number and the expiration date and verification code of the credit card. All those pieces of information are printed on credit cards. All but the verification code are contained as machine-readable data on the magnetic stripe. So the physical security of the card is important.

If your card is stolen, you must report this fact within 24 hours. If you don’t, you may be liable for the charges. Generally, the extent of your liability is $50, but only if you report theft quickly, such as within 2 business days. If it takes longer to notify the bank of the card theft, your liability may increase to $500 or more.

Never give out your payment card number in response to an unsolicited email, text message or phone call, no matter who asks for it. Criminals like to create a sense of urgency in their fraudulent attempts to get access to your account information. And be alert to unscrupulous people who may swipe your card through two devices. Some criminals have been known to attempt this posing as an employee at a restaurant or retail shops. Watch that process to the extent possible and monitor the transaction later via your online banking system.

Check your bank statements and credit card bills regularly. If you can access your accounts online, your transactions can be monitored as often as you want, perhaps daily, to make sure that charges made to your account are valid. Regular and frequent monitoring will expose fraudulent transactions well within the time-frame to reduce your personal liability.

Check your credit report at least once a year. You are entitled to at least one free credit report every 12 months from each of the major reporting bureaus. The official free annual credit report site is www.annualcreditreport.com. Your credit report will summarize your credit history and will list all open credit cards or other debts associated with your name and tax identification number. Reviewing these reports will ensure there are no “other” fraudulent debts.

We understand that today’s threats to financial security can cause anxiety, and we want to help. It takes both of us in the fight to protect your data against threats. We strive to do our part by constantly monitoring our own computers and we spend a lot of money to provide good tools for customers to monitor their money online. Talk to a friendly banker at Peoples Bank to learn about online banking and its advantages for keeping track of account activity. Diligence often makes the difference in warding off the effects of fraudulent transactions.

For more information about protecting your financial matters, check out the Peoples Bank “online security” blog posts. The FDIC posts consumer news with specific resources and links, too. Read the FDIC’s Spring 2013 Consumer Newsletter.

Be smart about mobile banking

Mobile banking represents a huge leap forward in the area of banking convenience. It also represents a huge risk to your personal information. Here’s how to minimize the risk and enjoy the convenience.

Balancing risk and reward

Getting up-to-the-minute account information and having immediate access to funds via a mobile device is one of the great technical accomplishments of banking. The problem is that without adequate security precaution, this ease of access can be available to people who have no right to it. To protect yourself, a person does well to do two things:

  1. Think differently. Remember that the easier it is for you to access your private information, the easier it may be for others to access it, too. Never forget that too much of “easy and convenient” can be a bad thing! Thinking in these terms will help you make good decisions in balancing convenience with the security of your personal information.
  2. Develop your own security policy. Now that you think differently about convenience, knowing it can pose a threat, you can impose some security features on your routine. For example, you will choose to use the passcode feature on your mobile device so that no stranger can get access to your phone if you leave it somewhere or he steals it. You may come up with a password formula that is easy for you to remember but hard for others to guess. (Click that link to get an idea of how this could be done.) A person who banks on his or her mobile phone but doesn’t take the effort to protect the device with a passcode is not really acting in their best interest.

Security experts recommend that the password used for mobile banking is different than the password used to protect an email account, and that both passwords should be hard to hack. Remember, if the bad guys get control of your email password, getting control of your other online accounts is much easier. Resources to help you execute a good online security strategy are available from Peoples Bank’s web site.

Getting a text message when your account balance reaches a low balance is an amazingly helpful feature. Giving the bad guys the keys to your account with a poorly protected mobile device that is easily stolen or lost can lead to an amazing headache. If you avoid a casual approach to your mobile banking, chances are it will be a good experience.

Learn more about mobile banking from Peoples Bank. Our new platform has additional security features we are sure will make it a helpful tool.

Your router may be an open door. Close it to protect yourself.

Posted on by

Your router may be an open door. Close it to protect yourself.Just as your home is protected by closing and locking the outside doors, so your online security protected by the device that allows internet traffic, your router. Recent news articles suggest that the threats are real. Do these simple things to make sure your online “door” is closed and locked.

The router is usually installed between your internet provider’s device, such as a cable modem, and your computer. Most businesses and homes today have routers that allow wireless access in addition to a wired connection (Ethernet cable). The router does a lot of work to manage all those bits that travel to and fro with your computer(s). And because of its role in the process, it has information that you don’t want just anybody to know, particularly in regard to vulnerable devices such as computer drives and backup drives.

Taking the steps summarized below will require some basic knowledge of software and the documentation for the router in use. If you do not have the router documentation, find the brand name and model number on the device and do a search using that information and the word “documentation”. Most manufacturers maintain a good library of product documentation on their website. You will also need to have local (physical) access to the router’s management console or application. As a general rule, if you know your “internet gateway”, expressed as an IP address, typing that IP number in your browser window will display the login screen to the management application on the router itself. Get help finding that address on Windows or Mac computers.

Steps to protect your router from snoopers

The steps below are listed in order of descending priority, from “you gotta do this, it’s computing 101” to “I’m paranoid about identity theft.” This list is not comprehensive. Most homeowners require no more than is listed. Homeowners with extensive network infrastructure, such as those with home automation and management controls, or business owners/managers should consult a networking professional to ensure the integrity and security of their router, as well as other elements of the network landscape.

  1. The management console should be protected by a password. In some cases routers come with a standard password, or no password, to make the initial setup and installation easier. Do not let this “easy” password remain in force – change it at your earliest opportunity, and make it a good password. Tip: describe in one sentence the setting of your router, and use the first letter of each word with a ending capital letter and random punctuation mark. For example, if your black and blue router is resting on a small glass table to the left, the router password might be “bablsgT\”. If you are doing this for your home router, it’s probably OK to write the password down on the router itself or better yet, in the manual that you keep filed away. Business operators should have a better way of recording and storing important IT-related access codes.
  2. Encrypt the wireless signal. Most routers these days perform WPA or WPA2 encryption protocols. There is rarely a good reason not to do this.
  3. The router firmware should be kept up-to-date. The management console will help you to do this by explaining what to do and what to expect.
  4. Separate the functions. Many routers today allow managers to separate internet access from access to the router itself or to devices that may be plugged into the router, such as a printer or back-up drive. That’s why you may have noticed routers with a “-Guest” suffix in the name. Deploying this functionality is an easy way to keep intruders away from connected devices while allowing guests (such a visiting family) to browse the web. But do so cautiously, and only if you need to, or when you need to.
  5. Don’t broadcast the router name (the SSID). The router can “broadcast” its name to make it easy for you (and others) to find and connect to it. It may be more prudent to restrict that broadcast. If you do, your device won’t “find” the router automatically; users will need to type the name and password before the computer, tablet or other device can connect to it. See your router or device documentation on how to set this up and how to connect to a router that doesn’t broadcast its name.
  6. Require a wired connection to access the management console. Some routers allow managers to stipulate that router configuration can only be accomplished by a computer that is connected to the router via a wire such as an Ethernet cable. This makes it harder to gain access to the router, and makes it inconvenient in certain installations, all of which is a good thing if you’re worried about some outsider snooping around your private internet communication.
  7. Install MAC filtering. Most routers allow this feature, which restricts access to the router (or its management console) by computer. Each computer’s network card has a unique identifier, Media Access Control (MAC) that is essentially the social security number of the computer world. You can specify allowable MAC addresses such that a computer not on the list will be blocked from accessing the router.
  8. Restrict router traffic types. If you have a simple installation at home, you may wish to restrict the traffic from say, FTP or bit torrent data transfers. An advanced topic, this should be carefully considered by reviewing the documentation and researching the requirements of your network.

Peoples Bank works hard to protect your identity. The bank takes online security very seriously and constantly monitors its own systems and procedures, as well as the news in service to its shareholders and customers. Diligence is required by both parties. The threats, and their complexity, continue to mount. The topic of online security is a regular feature of this blog. Read other posts and subscribe to the RSS feed to learn of additional content as soon as it gets posted.

Please read the recent news article from Ars Technica about
Cisco/Linksys routers’ vulnerability to make sure your home or office, or that of your friends and family, is not at risk.

Get more information: