Secu­ri­ty Center

At ROGER Bank, your financial security is our top priority. Every year, millions of people fall victim to fraud and identity theft, often through scams that look incredibly convincing. This guide is designed to help you understand the risks and take simple steps to protect yourself and your accounts.

Imagine this: You receive an email that appears to be from ROGER Bank, urging you to update your account information immediately. You click the link, enter your details, and unknowingly hand your information over to criminals.

Don't let this happen to you! This guide will assist you in recognizing and avoiding common scams and protect your hard-earned money.

Types of Fraud

There are many types of fraud in which thieves may 'steal' your money other than just physical theft:

Check Fraud: Involves scams in which you are tricked into accepting a fraudulent check but the actual proceeds are obtained by the thief and you are left with a monetary loss.

Identity Theft: Occurs when a thief obtains your identity (by using your name, SSN, and other personal information) to take over or apply for additional credit and/or bank accounts under your name leaving you in a possible financial burden.

Debit/Credit Card Fraud: Occurs when a thief obtains your actual credit/debit card or the information on the card to create another card and uses it against your actual funds in your account.

Phishing/Pharming/Pretexting: Occurs when a thief tricks you into giving them your account information, usually through email or phone, which may eventually lead to identity theft and a monetary loss.

Scams

Overpayment Scams

Overpayment scams usually originate when an individual tries to sell an item online. The criminal sends a check over the amount requested, which is usually accompanied with a letter or a prior email, stating that they sent extra funds to cover shipping costs, etc. Then the criminal instructs the individual to deposit the check and return the rest of the funds back to them. The individual deposits the check into their account, returns the remaining funds back to the criminal and then the check comes back as 'fraudulent' or 'account closed' and is debited from the individual's account, leaving the individual at a loss of the whole amount of the check plus the 'extra' funds that were sent back. Be cautious when selling an item online and request that the teller verifies the check before it is deposited!

Lottery Scams

Originating in Nigeria, lottery scams are now coming from several parts of the world. Some other notorious lottery scams originate in Canada and South Africa as well. These scams include a letter that explains the victim has won the lottery or a sweepstakes. The letter is usually accompanied with a cashier's check made out to the victim's name for a certain amount. The letter will instruct the victim to deposit the check and then wire funds back for 'taxes'.

Inheritance Scams

Inheritance scams are another popular scheme often sent from Nigeria. Usually sent by mail or email, the criminal explains that someone is deceased and you are the only person with inheritance rights. The amounts can vary but are usually fairly large. They then request that you send them your account information so they can wire the money from the inheritance to you.

If you receive any of these items in the mail or receive something similar, please consult with us before you proceed with depositing the funds or following the directions. Our mission is to protect you!

Phishing

Note: Don't trust an email simply because it looks like it came from a trusted source. Thieves often disguise their emails to look like bank websites or online businesses. They use logos and graphics to look trustworthy. Links in emails may point to websites that are not "official," no matter how real they seem.

One way to avoid getting scammed is to ignore the link in the email and type in the web address directly. Also, don't submit any confidential information online. ROGER Bank will NOT ask you to verify social security numbers, account numbers, etc. via email.

If you receive a phone call requesting confidential information, you should verify the identity of the person calling. Find the phone number online, and call the person back using a number you can trust.

Samples of possible Phishing/Pharming attempts:

A phishing email link may open up the actual bank website, but open up a smaller window from another website. You may see the main window has the correct bank website, but the smaller window does not show the address. By seeing the two windows, a customer might feel confident about the website and enter their personal information into the second window - and leave themselves open to fraud.

Email may contain official logos, links to real websites, and even content that was copied from official websites. But you should be cautious - they may still be phishing attempts. Be cautious of poor spelling or grammar. Don't trust links in an email; they may point to a different website than the address shown.

Prevention

How We Protect You

Online Banking Multi-Factor Authentication

We have implemented multi-factor authentication to help prevent common phishing and pharming techniques.

Online Banking Account Verification

In order to protect your account, we may ask you to verify yourself by providing a form of identification or providing us information about yourself that we have obtained from you previously. We may also contact you if we notice any unusual activity on your account.

How You Can Protect Yourself

While there are no information security guarantees, there are precautions you can take to help safeguard your personal information. Precautions include being aware of the methods that criminals use to trick you, and to take steps to protect yourself.

Prevent Phishing

• Just because a website looks like it might be from a legitimate bank or business doesn't mean that it is. Look at the address bar - Does it begin with the address of your bank's website? Is it asking you to enter information that you normally enter, or is it asking for more personal data, such as Social Security Number? Are there misspelled words or badly-worded sentences?
• Install virus protection, anti-spyware software and a firewall to help prevent criminal access to your computer.
• Know your bank's security measures. ROGER Bank employs various techniques to help secure your online banking. We will be more than happy to verify whether or not a webpage claiming to be from ROGER is legitimate. If in doubt, ask!
• Don't trust someone on the phone simply because they say they are from "your bank." Call them back using a valid phone number. Be cautious when giving information that your bank should already have.
• ROGER Bank WILL NEVER request your credentials such as your online banking password or debit card PIN in order to assist you! If you get a call asking for your credentials, hang up and call us at  844.995.2484.

Prevent Identity Theft

• Never keep a copy of PIN numbers, passwords, or Social Security card in your wallet or purse!
• Identity thieves use birth dates as cornerstones of their craft. Do not use birthdays, pet names, maiden names, sports teams, religious words, or any word that might be found in a dictionary. Do not use passwords that might be guessed by a friend.
• Use multiple usernames and passwords. Keep your usernames and passwords for social networks, online banking, email, and online shopping separate. Having distinct passwords is not enough. If you have the same username across different sites, your entire romantic, personal, professional, and e-commerce life can be mapped and re-created with some simple algorithms.
• Shred unneeded documents that contain personal information. Destroy receipts, credit applications, cancelled checks, and credit offers.
• Keep records in a secure location.
• Do not submit confidential information through email! Email is inherently insecure.
• Carefully review your credit report annually. Inspect bills and account statements to ensure that there are no unauthorized purchases.
• Know when your billing cycles occur, and watch for missing mail.
• Do not give out confidential information in response to an unsolicited email or phone call.
• Do not click on links inside an email. They are often disguised to look like a link to a legitimate website, but actually redirect you to a spoofed site. Always type the URL in the browser address bar.
• Manage Your Cookies: Websites use small files called "cookies" to remember your preferences and track your activity. While some cookies are helpful, others can be used to track your browsing habits and collect personal information. Most browsers allow you to control which cookies are accepted. You can choose to block all cookies, block third-party cookies (cookies from websites other than the one you're visiting), or clear cookies regularly. Keep in mind that blocking all cookies may prevent some websites from functioning properly. Refer to your browser's help documentation for instructions on managing cookies.
• If in doubt, verify. A few extra minutes of checking up may save you many headaches down the road! Do not be afraid to call your bank and ask them if they sent the email or letter.

Prevent Check Scams

• Always consult with a bank employee before depositing an item you received in the mail if you are unfamiliar with the business/individual or if you sold something online.
• Do not pay for a 'free prize'. If someone tells you the payment is for taxes, he or she is violating the law. Wait to send an item that you sold online until you are sure that the funds have been collected.
• In order to win a lottery, you must be present in the state to purchase tickets. You cannot win a lottery from a state or country that you have never been to.
• Do not get confirmation from the phone number on the letter or the check. Usually, that phone number will direct you to the criminal themselves. Either look up the phone number of the company or the bank the check is drawn off of for confirmation. A bank employee may assist you with this as well.
• Research any business or charity that you are considering doing business with.
• Check scams do not pinpoint a certain individual. The same scam is sent to multiple individuals over the country.
• If it sounds too good to be true, it probably is.

Prevent Debit/Credit Card Fraud

• Keep your PINs secure. Do not keep them written down in your wallet or purse and do not share them with anyone.
• Keep all of your cards secure. Only carry one or two cards that you need and leave the others in a secure place at home.
• Write your card numbers and expiration dates down and keep them in a secure place in case your wallet/purse does get stolen and you need to cancel the cards.
• Review your bank statement and credit card statements to check for any transactions that you did not authorize.
• When making purchases online, make sure that the site is secure before entering your card information. Read the Security/Privacy Policy and verify the website address has an "S" after HTTP.

Victim Reporting

Help! I think I've been a victim of Identity Theft!

If you think you've been a victim, there are some immediate steps you should take to minimize the hassle you might face, to secure your accounts, and to minimize your personal liability.

First, notify your bank that you think your accounts may have been compromised. Explain your situation, and they will help you create new accounts to replace ones that may be exposed.

Next, notify the police to file a report. You may need a copy of the police report to submit to various agencies showing that you have been a victim of fraud.

Notify the three credit reporting agencies. They can help you put a notice on your credit report, making it easier for authorities to find the individuals responsible for the fraud, as well as protecting you from further credit fraud.

Then, file a record with the Federal Trade Commission (FTC). The FTC gathers information on identity theft, and maintains a database on identity theft cases.

Online Banking

Personal Banking Customers

• ROGER Bank will never contact any customer and request electronic banking credentials. If you get a call asking for your credentials, hang up and call us.
• Tips to reduce the risk in online banking:
  • Manage Your Cookies: Websites use small files called "cookies" to remember your preferences and track your activity. While some cookies are helpful, others can be used to track your browsing habits and collect personal information. Most browsers allow you to control which cookies are accepted. You can choose to block all cookies, block third-party cookies (cookies from websites other than the one you're visiting), or clear cookies regularly. Keep in mind that blocking all cookies may prevent some websites from functioning properly. Refer to your browser's help documentation for instructions on managing cookies.
  • Do not put your full birth date on your social-networking profiles: Identity thieves use birth dates as cornerstones of their craft. If you want your friends to know your birthday, try just the month and day, and leave off the year.
  • Use multiple usernames and passwords: Keep your usernames and passwords for social networks, online banking, email, and online shopping separate. Having distinct passwords is not enough. If you have the same username across different sites, your entire romantic, personal, professional, and e-commerce life can be mapped and re-created with some simple algorithms.

If you have online banking concerns or if something does not look right, contact us at 844.995.2484.

Business Customers

In addition to tips that can be used by customers with only personal accounts, business customers should periodically evaluate the possible risks associated with a commercial or business account. Here are some key areas to check:

• Who has access to the online banking account and credentials?
• How often do you change the online banking password and who knows the password?
• Is there a firewall active on the computer?
• If you have online business banking concerns or if something does not look right, contact us at 844.995.2484.

Federal Financial Institutions Examination Council (FFIEC) Online Security Guidance

If you use online banking or mobile banking as a consumer or as a business, you will be interested to learn that six federal financial industry regulators teamed up recently to make all of your personal and business accounts more secure. New supervisory guidance from the Federal Financial Institutions Examination Council (FFIEC) will help banks strengthen their vigilance and make sure that the person signing into your account is actually you. The supervisory guidance is designed to make online transactions of virtually all types safer and more secure.

Consumer Guidance: Account Authentication & Online Banking

Multi-factor authentication and layered security are helping assure safe internet transactions for banks and their customers.

Business Guidance: Risk Assessment & Layering Security

New financial standards help banks and business account holders make online banking safer and more secure from account hijacking and unauthorized funds transfers.

Understanding the Factors

The authentication process is of vital importance to verify that YOU, and not someone who has stolen your personal identity or hijacked your corporate account, is conducting your online transactions. Authentication generally involves one or more basic factors:

• Something the user knows (e.g., password, PIN)
• Something the user has (e.g., debit card, smart card)
• Something the user is (e.g., biometric characteristic, such as a fingerprint)

Single factor authentication uses one of these methods; multi-factor authentication uses more than one, and thus is considered a stronger fraud deterrent. When you use your debit card, for example, you are utilizing multi-factor authentication: Factor number one is something you have, your debit card; factor number two is something you know, your PIN. To assure your continued security online, your bank uses both single and multi-factor authentication, as well as additional “layered security” measures when appropriate.

Internal Assessments at ROGER Bank

The new supervisory guidance offers ways your bank can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the transaction’s level of risk. ROGER Bank has conducted a comprehensive risk-assessment of its current methods with regards to the following:

• Changes in the internal and external threat environment
• Changes in the customer base adopting electronic banking
• Changes in the customer functionality offered through electronic banking; and actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry

Whenever increased risk to your transaction security might warrant it, ROGER Bank will be able to conduct additional verification procedures, or layers of control, such as:

• Employing customer verification procedures
• Analyzing banking transactions to identify suspicious patterns
• Establishing dollar limits that require manual intervention to exceed a preset limit

Your Protection Under “Reg E”

Banks follow specific rules for electronic transactions issued by the Federal Reserve Board. Known as Regulation E, the rules cover all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Reg E, you can recover internet banking losses according to how soon you detect and report them.

Here is what the Federal rules require: If you report the losses within two (2) days of receiving your statement, you can be liable for the first $50. After two (2) days, the amount increases to $500. After sixty (60) days, you could be liable for the full amount. These protections can be modified by state law or by policies at ROGER Bank, so be sure to ask how these protections apply to your particular situation.

Customer Vigilance!

Knowing how fraudsters might trick you and understanding the risk is critical to safe online banking. You can take further steps to protect yourself and make your computer safer by installing and regularly updating:

• Anti-virus software
• Anti-malware programs
• Firewalls on your computer
• Operating system patches and updates

Additional steps include:

• Create strong complex passwords that contain both CAPITAL and small letters, numbers and any allowed special characters.
• If you think you may have visited a website with malware or if you think your computer may be infected with a virus, DO NOT access your online banking or other sensitive logins until you have scanned your computer and know it is clean and virus free.

Layered Security for Increased Security

Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfers. Layered security can substantially strengthen the overall security of online transactions by protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.

Examples of Layered Security for Businesses

For business accounts, layered security can include enhanced controls for system administrators who are granted privileges to set up or change system configurations, and control access privileges and application functions or limitations for their own staff and users. Added layers may include:

• Fraud detection and monitoring systems that include consideration of you transaction history and behavior
• Dual customer authorization through different access devices
• Transaction value thresholds that restrict the number or amount of transactions for a set time frame
• Internet Protocol (IP) reputation-based tools
• Policies and procedures for addressing customer devices that have been potentially compromised, or for detecting customers who may be facilitating fraud
• Account maintenance controls over activities performed online or through customer service channels

Recommendations for Business Accounts

• Conduct periodic assessments of internal controls
• Use layered security for system administrators
• Initiate enhanced controls over high-dollar transactions
• Provide increased levels of security as transaction risk increase

If You Have Suspicious Activity

If you notice suspicious activity within your account or experience security-related events (such as loss of token, compromised PIN or password, phishing email from someone purporting to be from your bank), you can contact anyone at your bank and you will be quickly and courteously guided to the person responsible for such issues.

FAQs

I don't download music or games. Am I really at risk?

Yes—unfortunately. Identity theft and fraud occur to all kinds of consumers. Thieves have been known to rummage through trash to find personal information that they can use to steal identity. Often, the perpetrator is known to the victim—as a roommate, neighbor, friend, or even family member. Some thieves search through mailboxes to find bills, checks, or personal information. They may even phone you, posing as charities, government agencies or bank employees to get account numbers or other personal data.

What is "phishing" or "pharming"?

It is the attempt by thieves to trick a consumer into giving out confidential information. They disguise emails or webpages to look like legitimate businesses or government agencies to instill confidence in the viewer, then use the information gathered to commit fraud or steal identities.

I have virus protection software, so why should I worry?

Virus protection software is valuable to protect you from emails infected with programs that may cause damage to your computer, but they will do little to protect you from many common phishing schemes. Most are built upon "social engineering" schemes; they gain your trust by giving the appearance of legitimacy, and succeed when you submit your personal information to them thinking that you are doing the right thing. There may be no virus involved—just a scam. The only way to protect yourself is to be aware of their methods, and to verify the legitimacy of the email or webpage.

I know just enough about computers to do a few things. Do I have any hope of protecting myself?

Yes! Just being aware will help. Before you give away personal information, ask yourself some questions:

• Is the email concerning a transaction you are trying to complete?
• Were you expecting an email?
• Does the offer seem "too good to be true?"
• Does something strange stand out—spelling errors or poor grammar?
• Are the questions or requests out of the ordinary?
• Do you know how they will use the information you submit?
• Is the request from a business you have a relationship with?
• Does the email seem pushy or demanding—that if you take too long, they will close your account?

These should be red flags, and you should be cautious before proceeding. Phone the company or bank using a number you know to be correct. A legitimate business will not mind answering questions to assure you before using your credit and good name.

Resources

Online Resources

• Federal Deposit Insurance Corporation
• FDIC Consumer Protection
• Federal Reserve System
• Office of the Comptroller of the Currency
• Federal Trade Commission

Anti-Virus Resources

• McAfee Anti-virus
• Norton Anti-virus (by Symantec)

Identity Theft Tips

• Federal Trade Commission

Information Computer Threats

• Department of Homeland Security

Credit Report Information

• Equifax
• Experian
• Trans Union

Additional Resources

• FBI
• BankersOnline
• Trend Micro Site Safety Center