Summit Bank of Kansas City takes great care to ensure your identity remains safe. We provide this information as a courtesy to you.
The safety and security of your financial information is of primary importance to us. This page includes important information about fraud as well as links to several resources where you can learn more about the many different types of fraud and steps you can take to minimize your risk.
Safety Recommendations When Using Mobile Apps
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary permissions.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Avoid storing sensitive information like passwords or a social security number on your mobile device. Confidential company or customer information should never be stored on a personal device and only accessed using the appropriate approved tools. Keep personal information private. Lockdown your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Always log out of apps that have financial information like your bank app or credit card app as soon as you’re finished using it.
- Update the software for your phone and mobile apps whenever a new version is released, which may contain critical security updates.
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Enable the “Find your device” feature, if available.
- Always lock your device when it’s not in use or set it to lock automatically after being idle for a set amount of time. For even better security, set your device to erase all data after 10 bad password attempts.
- Clear your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Remove personal information before replacing your phone or tablet. Don’t rely on carriers, recycling firms or phone deposit banks to “clean” your device before disposal or resale to third parties. Follow the manufacturer’s instructions to remove all personal information from your device before decommissioning it.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected. The small screen size of smartphones makes it even harder to spot whether a site is legitimate. If you wish to access a website, type in the address yourself rather than clicking an email link. Watch out for public Wi-Fi. Avoid online shopping, banking or other activities that require use of sensitive information when using public Wi-Fi. Use your mobile network whenever possible. Always protect your home wireless network with a password. When connected to public Wi-Fi networks, be cautious about what information you are sending.
- Secure your devices: Use strong passwords, passcodes or other features such as touch identification to lock your devices. Passwords should be at least 8 characters in length and a mix of upper and lowercase letters, numbers and special characters. Use different passwords for every account. Securing your device can help protect your information if your device is lost or stolen.
- Shop securely online: Avoid sending payment information or credit card numbers through email. Make sure all personal information transactions are done on a secure site. When shopping online, only use trusted, secure websites. Before providing any personal or financial information, make sure the address bar changes from an “http” to an “https” address and includes a padlock logo to the right or left of the browser address bar. The “s” stands for “secure,” and if you double-click on the padlock logo, you’ll see a digital certificate for the website. When shopping online, use credit cards, not debit cards. This will minimize the damage in the event of a compromised account.
- Personal information is like money – Value it. Protect it. Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
- Own your online presence: Use security and privacy settings on websites and apps to manage what is shared about you and who sees it.
- Now you see me, now you don’t: Some stores and other locations look for devices with Wi-Fi or Bluetooth turned on to track your movements while you are within range. Disable Wi-Fi and Bluetooth when not in use.
- Don’t Be A Bragger: Going on your next big vacation? Posting online you’re on the other side of the globe is practically a handwritten invitation for trouble. Such personal, up-to-date information like travel plans allows an attacker to combine that information with other knowledge they already have about you to attempt a timely social engineering attack against you over the phone or by email. Instead, try posting photos once you’re back.
April 22, 2014 -- The Heartbleed Vulnerability
In response to the recent alert on the prevalent cyberthreat known as “the Heartbleed Vulnerability,” a flaw in a commonly-used online encryption tool, “Open SSL,” Summit Bank of Kansas City immediately initiated a security assessment of its infrastructure and web environment. Based on the assessment, there is no evidence that any of Summit Bank of Kansas City’s systems have been improperly accessed due to the Heartbleed vulnerability.
Summit Bank of Kansas City takes these types of threats very seriously, responding to and remediating identified risks to our customers and partners.
While there is no need for customers to change their login credentials and password with respect to the Heartbleed Vulnerability, Summit Bank of Kansas City does recommend changing login credentials if the same login credentials and passwords are used on other sites.
As a reminder, it is important to employ best practices to reduce the risk of Online Identity theft. These practices include, but are not limited to:
- Create passwords that contain both numbers and letters and change them frequently.
- Do not use out of date software. Update virus protection, anti-spy software, and firewalls with the latest versions and security patches.
- Be on alert for email that contains unfamiliar or suspicious links or attachments, etc. Never open it, do not click on its links or open attachments, and do not reply or forward the email.
- Monitor what you are posting on social media sites, including travel and shopping plans.
Please be assured that Summit Bank of Kansas City continues to monitor this and other potential threats as part of ongoing processes.
December 23, 2013 -- Target Retailer Card Breach Information
Summit Bank of Kansas City has started the process of reissuing Debit Cards that were compromised during the recent breach of customer information at Target. If your Debit Card was compromised, you should be hearing from one of our banking representatives soon, if you have not already. To offer you the best protection against fraud, we intend to reissue your existing Debit Card with a new card number. Once you activate your new card, the old card will be “Hot Carded” and no longer available for use. Until you receive the new card, please continue to monitor your account closely for unauthorized usage.
Special Alert for Target Red Card customers with the card tied to a Checking Account
For customers with a Target Red Card that was tied directly to their checking account, your account and routing numbers may have also been compromised. This information could be used to perform fraudulent debit transactions against your account. For these customers, Summit Bank of Kansas City recommends you take the following actions to protect your account:
- Close your checking account and open a new one. This is the safest way to ensure your account information is protected.
- Closely monitor your account for unauthorized electronic activity. If you see any unauthorized transactions, report the transaction to your local office immediately. You will be asked to complete a Written Statement of Unauthorized Activity, and in most cases, the funds can be recovered.
We have also been hearing reports of phishing scams being targeted to compromised card victims. Cleverly disguised criminals are calling or emailing customers to lure them into releasing additional personal information such as PIN numbers and account detail. Follow the guidelines below to avoid falling victim to these scams:
- NEVER give your personal financial information over the phone or via email. This includes Debit/ATM Card PIN numbers, Online Banking ID and passwords, account numbers, Social Security numbers, name and addresses associated to the account.
- Do not click on any links within an email requesting this type of personal information. This could introduce harmful “malware” onto your device that can be used to collect more personal information.
- In the event you receive any suspicious calls or emails attempting to collect your personal information, contact your local office immediately.
December 19, 2013 -- Target Retailer Card Breach Information
Summit Bank of Kansas City is aware of the recent security breach of card information from the retail chain Target. We expect to receive a list of compromised cards from Visa and will take action to block and re-issue affected cards as soon as this list is received. In the meantime, if you have shopped at a Target retail location in November and December 2013, please monitor your account closely. Summit Bank of Kansas City also utilizes a Fraud Monitoring service for our Debit Cards. They will contact you if they see suspicious activity on your card. As always, continue to protect your personal information and do not provide your PIN or card number to anyone over the phone or via email. Please contact your local office if you have further questions.
Educational Resources for Consumers:
FDIC: Learn How to Protect Yourself from Fraud
Federal Trade Commission: Fighting Back Against Identity Theft
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) designed to serve as a vehicle to receive, develop, and refer criminal complaints regarding cybercrime.
The Financial Fraud Enforcement Task Force maintains a wide list of resources and information dedicated to helping find and report suspected cases of financial fraud.
OnGuard Online provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
FBI: Common fraud schemes and helpful information to avoid becoming a victim.
What is Scareware?
Also called “fake antivirus” and “rogue antivirus,” scareware is an attempt by cyber-thieves to sell computer users useless, and potentially dangerous, antivirus software, registry cleaner or other software which allegedly repairs problems or enhances a computer’s performance.
Scareware is normally recognized by pop-up messages, which resemble Windows system messages, indicating that a large number of problems have been found on the computer. The messages prompt users to purchase software to fix the alleged computer problems and either takes users to the attacker’s website or initiates a malware download if the user clicks “Cancel” or the “X” to close the window. Malware installed on computers allows thieves to view users’ passwords and other personal information.
Some of the most aggressive scareware products make critical changes to victims’ computers, thus preventing them from restoring their computers to an earlier, secure status. You can protect yourself by understanding this form of cybercrime and avoiding clicking on suspicious pop-up windows.
Tips for Preventing Mail Theft and Fraud
- Retrieve your mail promptly after delivery.
- Always deposit your mail in a mail slot at your local post office or hand it to your letter carrier.
- Sign up for Online Services:
- Online Bill Pay – eliminates the need to send your checks through the mail.
- Online Bill Presentment – your bills are sent electronically and not through the mail.
- eStatements – eliminates paper statements that travel through the mail.
How to Report Identity Theft
- Contact a bank representative immediately.
- If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division:
P.O. Box 740250
Atlanta, GA 30374
P.O. Box 1017
Allen, TX 75013
P.O. Box 6790
Fullerton, CA 92634
Report all suspicious contacts to the Federal Trade Commission through the Internet at http://www.consumer.ftc.gov/features/feature-0014-identity-theft, or by calling 1-877-IDTHEFT.
Tips to Help Avoid Identity Theft
- Never provide your personal information in response to an unsolicited request.
- If you believe a contact may be legitimate, contact the financial institution yourself after you have verified the contact information.
- Never provide your password over the phone or in response to an unsolicited Internet request.
- Never click on the links provided in an e-mail.
- Protect your Social Security Number (SSN), credit card and debit card numbers, PINs (personal identification numbers), passwords and other personal information.
- Protect your incoming and outgoing mail.
- Keep your financial trash “clean” by shredding sensitive information.
- Keep a close watch on your bank account statements and credit card bills.
- Review your credit record regularly.
- Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may be installed to trap an account number and login information, leaving you vulnerable to possible fraud.
Identity Theft and Phishing
One way thieves can steal your identity is through “phishing.” It is pronounced “fishing,” and that is exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.
With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.
The safety and security of your financial information is of primary importance to us. Summit Bank of Kansas City Bank wants to educate you by offering tips to help identify fraud and avoid becoming a victim. If you have answered “yes” to any of these questions please contact your personal banker today.
- Are you cashing or depositing a check for items sold on the internet or a work-at-home program?
- Were you informed you were the winner of a lottery you never entered?
- Have you been asked to return or wire some of the proceeds of a check?
- Were you offered a check for an amount that is higher than the selling price of an item?
- Have you clicked on an attachment in an email that you did not know where it came from?
- Has a website asked for your user id, password, or other personal information to verify your identity?
- Have you had issues trying to access your internet banking accounts or seen a message to try again later because the site is under maintenance?
Educational Resources for Businesses
The Federal Trade Commission’s (FTC) Bureau of Fraud Protection Business Center contains information about how to protect your business from fraud.
US Chamber of Commerce Common Sense Guide to Cyber Security for Small Businesses.
What can you do?
- Ask us about multi-factor authentication, for example, something the person knows (user ID, PIN, password); something the person has (password-generating token).
- Ask us about dual control features for initiation of payments via Online Banking, with distinct responsibility for transaction origination and authorization.
- Ask us about establishing reasonable exposure limits that are related to transaction origination.
- Do not respond to or open attachments or click on links in unsolicited emails.
- If you receive an email from an apparent legitimate source requesting account information or action, contact the sender directly by other means. We will not send customers emails asking for passwords, credit card numbers or other sensitive information.
- Contact us immediately if you encounter a message stating that the system is unavailable while trying to log in to your account.
- Conduct Online Banking and payments activity from a dedicated computer that is not used for other online activity, such as general web browsing and social networking and/or is not connected to an internal network.
- Ensure that all anti-virus and security software for all computer workstations and laptops is robust and up-to-date.
- Log off/turn off and lock up computers when not in use.
- Change the default passwords on all network devices.
- Educate your employees on this type of fraud scheme.
- Monitor and reconcile accounts daily; many small business clients do not reconcile their bank accounts on a daily basis, and, therefore, may not recognize fraudulent activity until it is too late to take action.
- Note changes in the performance of your computer such as: loss of speed, changes in appearance, computer locking up, unexpected rebooting or restarting of your computer, unusual pop-up messages, new toolbars and icons or an inability to shut down or restart.
- Look out for rogue emails; if someone says they received an email from you that you did not send, you may have malware on your computer.
- Run regular virus and malware scans of your computer’s hard drive.
- If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
- Immediately contact us so that the following actions may be taken: disable online access to accounts, change online banking passwords, open new accounts as appropriate, request a review all recent transactions and electronic authorizations on the account and ensure that no one has added any new payees or made any other critical changes to account information.
- File a police report; having a police report on file will often help facilitate the filing of claims with insurance companies, financial institutions and other establishments that may be the recipient of fraudulent activity.
- In addition, you may choose to file a complaint online at www.ic3.gov. For substantial losses, contact your local FBI field office. (http://www.fbi.gov/).
- Have a contingency plan to recover systems suspected of compromise.
- Consider whether other company or personal data may have been compromised.
Why are smaller businesses and organizations targeted?
The cyber-thieves appear to be targeting small to medium-sized businesses, as well as smaller government agencies and non-profits, for several reasons:
- Many small businesses and organizations have the capability to initiate funds transfers via ACH or wire. This funds transfer capability is often related to a small business’ origination of payroll payments.
- Many businesses maintain a type of organization chart online, making spear phishing (targeting a specific employee) for an employee with online banking authorities easier.
- Small businesses often do not have the same level of resources as larger companies to defend their information technology systems.
- Many small businesses do not utilize additional banking services, such as password-generating tokens, and do not monitor and reconcile their accounts on a frequent or daily basis.
Corporate Account Takeover
Corporate account takeover is a method by which cyber-thieves gain control of a business’ bank account by stealing the business’ valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business’ computer workstations and laptops.
A business can become infected with malware via infected documents attached to an email or a link contained within an email that connects to an infected website. In addition, malware can be downloaded to users’ workstations and laptops when the users visit legitimate websites – especially social networking sites – and click on the documents, videos or photos posted there. This malware can also spread across a business’ internal network.
In common attacks, cyber-thieves send emails purporting to come from reputable, national organizations. This is a common tactic to gain credibility and lure unsuspecting individuals into taking some action. A recipient who clicks on the links within the email may be taken to a fake website, which prompts the recipient to unknowingly download malware to the computer.
The malware installs keylogging software on the computer, which allows the perpetrator to capture a user’s credentials as they are entered at the financial institution’s website. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution’s website to the user and/or display a fake Web page indicating that the financial institution’s website is down. In this last case, the perpetrator can access the business’ account online without the possibility that the real user will log in to the website.
The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting “money mules” for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.