Security - Let's work together to fight fraud.
Since 1870, Androscoggin Bank has continually taken steps to help protect our customers' security - a mission that has grown in importance especially with the advent of online banking. To help you have a safe, secure online experience, we have provided the following information, along with some useful tips, which should help you better understand how you can join with us in protecting your account information from unauthorized access. By adhering to some basic security practices, we can work together to help fight fraud - and help keep your information safe from thieves. Please take a few minutes now to learn more about these important security and fraud issues.
How we protect you.
At Androscoggin Bank, technology plays a key role in helping us ensure that your account information is kept as safe and secure as possible. We use multi-factor authentication to confirm to you that you are on our legitimate website and not a fraudulent one. Additionally, we use firewalls, intrusion detection systems and other security best practices and measures that demonstrate how serious we are about protecting the confidentiality and security of your account.
Please be aware that Androscoggin Bank will never contact you on an unsolicited basis and ask that you provide your confidential information, including your social security number and online banking credentials. If anyone claiming to represent Androscoggin Bank does contact you and requests your personal information, please notify us immediately using the below contact information.
Special alert on recent text scams.
Nationwide, fraudulent text messages are being sent to consumers in an effort to steal personally identifiable information. This is done by broadcasting automated texts that warn consumers to call certain numbers to reactivate their payment cards. An example of this is “Federal Credit Union ALERT: Your CheckCard has been temporarily LOCKED. Please call Card Services line (407) 555-5555". These text messages do not reference a particular brand but they may vaguely refer to a credit union or bank.
Do not respond to these texts! It is against Androscoggin Bank (and most other reputable banks') procedures to send out texts in this way.
Identity theft is the practice of someone else using your personal information to open bank accounts, obtain credit cards, loans or conduct other fraudulent acts. Once identity theft occurs the victim may find they are unable to obtain credit or secure loans due to damaged credit. The victim may even face legal problems due to the fraud committed by the criminal. It can take months and sometimes years to correct all the fraudulent activity and regain your normal credit history.
Recently, Anthem reported a major security breach where the personal information of its current and past clients may have been compromised. Remember, Anthem will only notify you by USPS, not over the phone or through email. If you think you are a victim of identity theft, click here for tips to protect your accounts at Androscoggin Bank.
- Do not carry your social security card or other document that has your SSN with you. Keep it in a safe place separate from other personally identifying information.
- Shred statements and other documents that contain account numbers or other personal information before they are thrown out.
- Review your statements for any suspicious activity or transactions. Inquire with your bank or credit card provider if you do not receive a statement when expected.
- Report lost or stolen cards as soon as possible.
- Verify your User Authenticity - When you sign up for On-line banking the system will prompt you to create your own personal password. Do not use words; make sure you use a variety of letters, numbers and symbols.
- Protect your Password - Do not give your password to anyone. Financial institutions will not initiate contact with you and ask for your social security number or your password. If you do not remember your password after three attempts the system will lock you out. The bank will have to reset your account and you will be required to create a new password.
If you feel that your identity has been stolen, it is important that you take immediate action.
- Notify your financial institution.
- Review your credit report for accuracy - you may obtain one free report from each agency per year by going to annualcreditreport.com
- Notify the three major credit bureaus - Experian, Equifax, and Transunion. You can request to establish fraud alerts, extended fraud alerts, and additional protective measures.
- Report the incident to local law enforcement.
- Report the incident to the Federal Trade Commission (FTC). The FTC maintains a log of all identity theft cases, which is used by law enforcement to monitor for trends and catch the bad guys.
The following Federal Government agencies maintain web sites for reporting and defending yourself against identity theft.
- US Department of Justice
- President's Identity Theft Task Force
To write a letter to the Federal Trade Commission regarding Identity Theft, send it to the following address:
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Ave. N.W.
Washington D.C. 20580
Call 800-IDTHEFT (438-4338)
Common internet scams.
Key Logging - Key logging software can be deployed on computers to record every key stroke. There are legitimate uses for such software, for example, when companies need to audit the use of their computers or parents want to monitor their children's Internet usage. However, it can also be placed on an unsuspecting computer through a virus and used by fraudsters to collect information, including login IDs and passwords.
Spoofing - This is a term that means to deceive. In the case of email spoofing, fraudsters change the "sender" information of an email to make it appear as though it came from a trusted source. Website spoofing is when a fraudulent site is created to be an exact replica of a legitimate website.
Phishing - This kind of "phishing" refers to tricking people into divulging account information. The most common form of phishing is for fraudsters to send a spoof email to unsuspecting victims. These spoof emails look very much like an email from a financial institution, merchant, credit card company or other legitimate business. The spoof email will try to get you to click on a link that goes to a fake website. The fake website can look surprisingly like the legitimate business and ask for your account information.
- Remember, in the case of spoofing and phishing, no legitimate business, including Androscoggin Bank, will ever ask you for such information as user IDs or passwords, unless you initiate the contact first.
- Never click on a link embedded in an email that claims to direct you to the website of a business requesting account information. If you are suspicious, call that business, confirm their web address (URL) and type it directly into your browser window.
- Never enter account information online unless you are sure you are on a reputable site. If you are not sure, call that business and type the web address or URL into the browser.
- Be aware and be knowledgeable.
For more information about key logging, phishing and spoofing, go to the Maine Anti-Phishing Coalition (nophishing.org) and the Anti-Phishing Work Group (antiphishing.org).
Safe computing practices.
Your computer is your gateway to the Internet. In order to browse or conduct business online, you have to open a window to the outside world. Following these safe computing tips will greatly increase the security of your computer and reduce the chance of becoming a victim of fraud. Above all, keep in mind that awareness is your best protection. So take the time to fully educate yourself and your staff on the methods used by thieves and fraudsters to gain unauthorized access - and become familiar with the steps your organization can take to help prevent account fraud.
Passwords - Whether for online banking or any other online service, passwords are the frontline defense against an unauthorized person gaining access to your account information. Your online passwords should be as strong as possible so no one can easily guess what they are. Use the following guidelines when creating a password for Androscoggin Bank online services:
- Must consist of 8-17 letters and numbers
- Must contain at least 1 letter and 1 number
- We also recommend using Upper and lower case letters, as well as a special character such as !@#$%^&.
- We recommend you change your password every 45-90 days.
Account Review- Review your transaction activity and bank accounts frequently. Online Banking and Cash Management provides 24/7 access.
Software Updates - Keep your operating system and other software up to date. It's especially important to be sure your Microsoft Windows environment is kept current. Microsoft issues new security patches each month. Security patches are updates to fix vulnerabilities that have been discovered in the software since it was originally released. These vulnerabilities can be exploited to compromise the security of your computer. It is recommended that all Windows systems should be configured to automatically check for new updates. Typically MAC's are set up to check for new updates, but MAC users can also launch the software updater software to check for recent updates.
Antivirus Software - Any computer browsing or doing business on the Internet should have an up-to-date antivirus application installed. Antivirus software will help protect your computer from viruses, worms and Trojan horses designed to exploit the vulnerabilities referenced above. The software will scan files that are downloaded, received by email and read from a floppy, compact or USB disk. The software must be kept current in order to be effective since new viruses are discovered every day. Virus definitions should be updated weekly. A full system scan should be performed immediately after virus definitions are updated. Anti-virus software should be running continuously in the background.
Anti Spyware Software - Like viruses and Trojans, spyware is software that can infect your computer and transmit information such as user IDs, passwords and account information back to criminals. Be sure your computer has up-to-date spyware software installed.
Firewalls - We recommend that you install or activate a firewall on your computer. A firewall is one important step you can take to help block unauthorized traffic to and from your computer.
Most Internet Service Providers will provide antivirus, anti spyware and firewall software free of charge. Check with your ISP for details.
Liability for electronic transfers.
Important information for consumers.
As a consumer, you are protected by federal law against loss due to fraudulent activity provided you notify Androscoggin Bank in a timely manner of suspect transactions or compromised, stolen, or lost account information or access devices. This includes all electronic transfers such as ATM and debit card activity, electronic checks, and ACH.
Androscoggin Bank utilizes various security measures to keep your accounts safe including third party and in-house transaction monitoring, 0% liability protection from VISA, transaction limits, and more.
For more information, or to report a compromised account or fraudulent activity, please call our customer service at 1-800-966-9172.
Important information for business clients.
Non-consumer entities are not protected under federal law against fraudulent electronic transfers. As such, you may be liable for losses incurred due to ACH fraud or other electronic transfers. To ensure our customers are not completely unprotected, Androscoggin Bank has partnered with VISA to extend 0% fraud liability to our business debit cards.
Additionally, just as with our consumer accounts, Androscoggin employs multiple security measures such as third party and in-house transaction monitoring, transaction limits, and even optional enhanced authentication methods to keep your accounts safe.
In any event where fraud has occurred or your account information may have been compromised, it is critical that you notify Androscoggin Bank at 1-800-966-9172 as soon as possible in order to prevent further theft and protect yourself and your business.
Additional information and recommendations for our ACH origination clients
As a user of Androscoggin Bank's ACH (Automated Clearing House) services, you should be aware of ways to mitigate risk associated with the service. While there are no fail-safe solutions, awareness and using best practices can help. This letter describes existing ACH security features, optional additional features and best practices associated with online banking. Your commercial banker will be happy to answer questions and concerns you have about ACH and wire transfer risks. Please read the ACH Rules for Origination.
Existing features and procedures designed to protect your account are:
- Dual verification - Androscoggin Bank must release all ACH transactions.
- Exposure limits - transaction caps are assigned based on use.
- Account separation - accounts using ACH are not linked to a line of credit.
- Multi-factor authentication (MFA) - access is layered, requiring something you know (a username and password) and something you have (a token).
In addition, Androscoggin Bank encourages you to implement following optional security features:
- Implement dual control. One person creates the ACH transaction and another approves.
- Customize when ACH transactions can be created based on hours of operation, day, or time of day.
- Conduct a Risk Assessment annually to determine if your business still needs access to ACH Origination and/ or Wires.
Last, please consider using the following best practices for conducting transactions online:
- Use a separate computer for on-line banking to prevent the introduction of viruses and malware.
- Do not use for email or instant messaging;
- Never click on hyperlinks - refrain from accessing websites directly from e-mails.
- Restrict web browsing - limit Internet use to the financial institution web site.
- Limit unauthorized access to your computers.
- Use properly configured firewalls.
- Periodically test the system by performing and external penetration test.
- Hire two consultants: one to install and configure the firewall and another to test it.
- Keep patches and antivirus software up-to-date and operating properly.
- Virus definitions should be updated weekly.
- A full system scan should be performed immediately after virus definitions are updated.
- Anti-virus software should be running continuously in the background.
- Configure you computer to automatically check for security patch updates.
- Know your liability and responsibility.
- Know the terms and limitations of your general liability policy with respect to cyber-crime
- Carefully read the Bank agreements and contracts regarding ACH and wire services.
- Review your transaction activity and bank accounts frequently.
- Online Banking and Cash Management provides 24/7 access.
- If you notice an unauthorized ACH debit item posting to your account you need to notify Androscoggin Bank the day it posts so that the item can be returned within the timeframe allotted (the return needs to be received back at the Originating Depository Financial Institution by the second morning after settlement).
- Protect your credentials to prevent unauthorized access to your accounts.
- Do not share your passwords or tokens with anyone.
- Change your password every 45-90 days.
If you have specific questions about how Androscoggin Bank can help protect your account information and help keep you from falling victim of account fraud, or if you wish to report a suspicious email, please contact our Client Services Department at: 800-966-9172, via a Secure Live Chat, or via email to email@example.com. Please note that standard Internet email should not be used to exchange sensitive or private information such as social security numbers, bank account numbers and financial statements. If you would like to send us a secure email, please use the Androscoggin Bank Secure Message Center. email sent through the Secure Message Center will be secured through ZixCorp encryption services.