Equifax Data Breach: Considerations for Protecting My Personal and Financial Information

We understand our customer and employee concerns regarding their personal and financial information following the recent Equifax data breach and offer these steps for you to consider to protect your information, now and going forward:

  • Consider monitoring updated information being released about the data breach directly from Equifax. You can go to their site and navigate to the information on this breach, or use this link at: https://www.equifaxsecurity2017.com
  • You may want to consider signing up for Equifax’s free credit monitoring service. Equifax’s CEO statement can be found at: https://www.equifaxsecurity2017.com. This site is also where you can check to see if your information was likely breached, and where you can enroll in the 12 month free security tracking services. Even if you find your information was not among the group that was likely breached, you may want to enroll for credit monitoring anyway for peace of mind. Enrollment is up to you. Be sure to read the disclaimers as you are enrolling. Note that Equifax has published updates to this incident and you can check on an ongoing basis for updates. There are other providers that you may consider as well, such as LifeLock, that will charge a fee for their service. 
  • Consider finding everything you do online where personal and confidential information may be involved and change all passwords. This is a good practice anyway.
  • Closely monitor credit and debit cards – all financial accounts really – and consider canceling old cards/accounts that you may have open but do not use.
  • Make use of all the security features with cards, including the ability to turn off your credit and/or debit cards and set alerts for activity that takes place on your cards or accounts. As always, we encourage you to consider doing this as a part of daily management of your financial affairs. Tracking and managing your financial affairs should be done every day.
              1. If you carry a Merchants Bank debit card, download the My Mobile Money Access app from your App store to track all debit card activity.
              2. If you use Merchants Online Banking, we encourage you to use the Alerts functions to monitor account activity as well.
  • Understand that much of your confidential and personal information may already be in the ether of the global internet and could be pulled together to steal your identity – Facebook, LinkedIn, Twitter, other data aggregation sites, public records, online phone books, etc. As a best practice, never use passwords related to information that can be found online. Always monitor your credit reports for accounts opened in your name.

 

We publish fraud scams and alerts in a variety of ways. Follow us:

These suggestions and others may be useful to you. Be sure to keep tracking this issue and seek input and opinions from your trusted sources. Then take the course of action that is best for you.

Concerns? Contact us.

The 3 Online Banking Alerts You Should Have Set Up

Farmer examinig wheat field status with digital tablet

Security Awareness Week: June 5-9, 2017

If you’re not using the FREE alerts feature of Merchants Bank Online Banking, you’re missing out on tools that could protect you from identity theft and fraud.

To set up automatic alerts, sign in to your Online Banking account and click the Other Services tab. From here, select the type of alert you’d like to enable and follow the steps to configure. Alerts can be sent to an email address, via text message or both…it’s up to you!

Here’s the list of the top three alerts our Electronic Banking Specialists recommend all customers put in place.

My Profile Changed – Get an alert if there are any changes to your Merchants Bank Online Banking profile. For example, a change to the email address associated with your account. This alert may help you detect if someone else has accessed your account and is trying to make changes to your profile.

Internet Banking Login Error – Get an alert if your password is entered incorrectly when attempting to log in to Online Banking. This alert may help you detect if someone else is trying to access your Online Banking account.

Balance Alerts – Get an alert based on balances above or below a certain dollar amount. Simply select the account you’d like an alert for, then choose an option from the drop down and type in an amount. This alert may help you detect large withdrawals or purchases you did not initiate.

To learn more about all of our Merchants Bank Online Banking alert options, watch this video featuring Lucas Stangl, Electronic Banking Specialist.

To get started with alerts, sign in to your Online Banking account now.

Are You Using These 7 Tips to Protect Your Identity?

Home budgeting

Security Awareness Week: June 5-9, 2017

It may feel like keeping your personal information secure is impossible in a world tech-savvy hackers and scammers. Every day the news reports on new data breaches and scams. But, you can play an important role in protecting yourself from identity theft and fraud by taking small steps.

Here’s where to start:

  1. Check your financial activity. It only takes a few minutes, but reviewing your bank, credit card and other financial activity and statements for fraud is an important first step. If you see any suspicious activity, report it.
  2. Don’t use the “remember password” option. Using this feature on your computer or mobile device makes it easier for someone to access your accounts.
  3. Set up automated account alerts. Get a text or email alert for certain transactions, balances and more. We offer free alerts through Merchants Bank Online Banking for your checking, savings and loan accounts and through My Mobile Money for your debit card transactions.
  4. Be cautious when asked for personal information. If you are asked to provide personal information through a phone call, email or website pop-up page, think before you act. Verify the company or person asking for the information through a third party, like a phone book or other trusted resource.
  5. Store private information securely. Whether at home or work, do not leave your personal information out where others can see it.
  6. Make a fraud kit. Keep a list of your credit and debit cards, account numbers, expiration dates and customer service of fraud department telephone numbers in a secure place away from the cards for easy access.
  7. Be a skeptic. If a situation sounds too good to be true, it probably is. You can’t win the lottery if you haven’t entered. You don’t need to send a payment to claim prize winnings.

To stay up-to-date on Merchants Bank fraud alerts and scams, sign up for our alerts emails.

How to Control Debit Card Activity

mymobilemoney

Security Awareness Week: June 5-9, 2017

Take control of your debit card transactions with our free My Mobile Money app. Use it to:

  • Set card transaction alerts
  • Set spending controls
  • Turn your debit card(s) on and off
  • Deny transactions based on criteria you choose
  • And much more!

Learn how to enable the top three features recommended by our staff. Before you begin, make sure you have downloaded the app, enrolled and signed in.

Feature 1: Transaction Alerts

From Customer Service Manager, Michelle Schroeder: “I can’t say enough about the automatic notifications for all transactions. I love seeing everything that goes through my debit card. It’s perfect in case I forget about an automatic withdrawal I had approved or someone is attempting fraud on my account.”

To receive alerts for certain transactions on your mobile device:

  1. Choose the card you wish to set alerts for.
  2. Select Alert Preferences.
  3. If you would like alerts on all transactions, click the “Send alerts for” drop down and select All Transactions.To set specific alerts, such as alerting for all online purchases, click the “send alerts for” drop down and selected Preferred Transactions. Then choose the type(s) of alerts you wish to set.

Feature 2: On/Off and Automatic Denials

From Commercial Banking Officer, Mike Swanson: “My wife and I have used the on/off feature for our debit card more than once. If one of us misplaces our card…leaves it in the car, forgets it on the counter or something else, we can just turn it off on the app until we find it. If our cards really were lost, it would prevent anyone else from using them. It’s just nice peace of mind.”

To turn off a debit card:

  1. Choose the card you wish to turn off.
  2. Slide the Card ON/OFF button from green to red.

To deny debit card transactions based on dollar amount:

  1. Choose the card you wish to set up for denials.
  2. Select Control Preferences.
  3. Select Spend Limits and slide on Per Transaction.
  4. Simply enter in the maximum amount that will be allowed for a transaction.
  5. Click Save.

Feature 3: Location Controls

From Customer Service Representative and Lead Teller, Tina Bechtel: “I’ve used the location feature and that’s really handy. You just set up if you only want to allow transactions based on a city, region or state. Transactions attempted from outside that area are then automatically denied.”

Although these options give you the flexibility to protect your card while traveling, you still need to notify us (contact your local Merchants Bank) of travel plans outside of Minnesota, Iowa and Wisconsin to ensure your debit card can be used while out of town.

To deny transactions based on the location of your mobile device:

  1. Choose the card you wish to set up location controls for.
  2. Select Control Preferences.
  3. Select Locations.
  4. Swipe the My Location function on.
  5. All attempted transactions outside of the zip code where your mobile device is located will be denied.

To allow transactions based on locations you select:

  1. Choose the card you wish to set up location controls for.
  2. Select Control Preferences.
  3. Select Locations.
  4. Swipe the My Regions function on.
  5. Select the plus symbol.
  6. Add a region by entering a zip code or using the map to zoom.
  7. Give your region a title and choose save.
  8. Repeat steps 5-7 to add up to two other regions.
  9. All transactions within the regions you selected will be allowed.

If you have questions about My Mobile Money, contact your local Merchants Bank.

Privacy Code: Why You Need One

PrivacyCode-Blog.jpg

Security Awareness Week: June 5-9, 2017

As part of our privacy standards, we would like all Merchants Bank customers to have a privacy code in place to protect you and your data from being accessed by someone other than you.

What is it?

A privacy code is a word or numbers or combination between 4 to 30 characters that you choose and will easily remember. This will be used to identify you and protect your data from being accessed by someone other than you. It is not the PIN associated with a card, phone banking or online banking system. It is a part of identifying you as a person.

When will it be used?

Merchants Bank staff will use a privacy code to identify that it is really you on the phone before we give you information on your accounts. If you do not have your photo ID with you, we may also use this to identify you in person.

Why do I need one?

Fraud and identity theft are increasing. Without a privacy code you may no longer be able to call in and obtain information over the phone.

To set up a privacy code, please call or visit your local Merchants Bank branch.

 

Ransomware and Rip Van Winkle: Don’t Ever, Ever Sleep Again

This can't be right

Security Awareness Week: June 5-9, 2017

By Rodney Nelsestuen, Chief Information Officer

We all know the story of Rip Van Winkle who slept for 20 years and woke to find he’d missed the Revolutionary War and that society had changed dramatically. Today, poor Rip would find that a mere 20-minute nap may be enough to put him out of touch – especially when it comes to security.

This was driven home by the recent global attack of ransomware (aptly named Wannacry) that put hospitals, governments, and businesses on the defensive and interrupted the normal course of business on some estimated 250,000 computers in 150 countries, including the US. This event was one of the first to have a large-scale global reach and one which cost those who were attacked an estimated $3 billion dollars. Moreover, the success of Wannacry and its scale will most certainly result in a massive expansion of the ransomware “business.”

You may wonder why ransomware is suddenly so popular as compared to other types of hacking. Here are three reasons:

The attacker need do nothing and still gets paid.

Ransomware either encrypts files on a computer or blocks access to the files. These programs used to be delivered exclusively in emails as an attachment that a victim would open. While that delivery method is still in use, the more pernicious versions simply roam the internet and when they find an unprotected network or computer, will launch the attack without human intervention.

Stealing personal information and credit card data is still popular, but imagine how much work it is to steal, store, organize, and then find a buyer for that data. In short, the old fashioned methods of theft are a lot of work compared to a ransomware attack that threatens to delete all data on a computer unless the victim pays for the release. Attackers simply sit back and wait for the victim to pay.

Want to go into business? Try ransomware as a service.

Don’t know anything about computers or hacking? No need to worry. You can contract with a hacker and outsource your criminal activity. Organizations offering ransomware services are beginning to take root and will encourage bad actors of all types to try their hand at it.

After all, what do they have to lose? The outsourced service provider does all the work and gets paid a cut of the take, and you merely await your share as the business owner.

If one door is locked, just try another.

The interconnectivity of the internet and businesses across the globe makes it much easier for a ransomware attack to succeed. Can’t get into a corporate network? Try the company’s version of webmail, which can be accessed from any computer in the world. Can’t get a user to click on a link? Then use in-memory malware to deliver the payload. Find it hard to scale your crime? Then hack cloud services and launch attacks against thousands of high value targets at once. In short, ransomware has multiple attack vectors.

So what can I do to protect my business?

There are long-standing processes and tools that companies need as a foundation to stopping ransomware. While the list of approaches is long, let’s focus on three items that will reduce the risk of being hacked or a victim of ransomware:

  1. Whether you run your own technology or outsource it, be sure you know what protections and processes you have in place. Anti-virus software, firewalls, and intrusion detection software with expert alerts, and patching systems and applications are regularly among these basics.More importantly, make sure your security tools are on the most current versions. This may mean having updates almost continuously at times as risk conditions can change dynamically. It’s good to look into new technologies as new threats arise, but remember that the tools you do have may be the best there are if kept up to date.
  2. Layer security across your business. No one single solution will protect you from every attack. Whether physical locks on doors, increasing the sophistication of passwords, using out of band authentication, or segmenting your network with additional firewalls, consider using a layered approach to make it more difficult for bad actors to get through to your valued information. This includes using the security and authentication steps offered by your bank. Most banks will provide tools that allow the business to verify financial transactions before they occur. Unfortunately, too many businesses fail to adopt these solutions and processes.
  3. Train your staff on proper use of the connected world we live in – and keep security awareness in the forefront of employees’ minds. The human threat is twofold: first, people make mistakes and as humans, we always will.Second, there has been a growing threat from insiders who are ‘groomed’ by bad actors to ultimately take part in a crime. While this is an unpleasant topic, it’s something every business owner or manager needs to consider today.

One final thought. It would pay most businesses to be connected to an organization that monitors the global threat environment and can keep the business up to date on emerging threats. This external information can then be aligned with your internal IT steps and actions. There are several such organizations and many have very reasonable fees.

The security issues faced by businesses will only be more challenging in the future. Staying up to date on security technology, being vigilant on how users interact with your systems, and having an eye to the emerging threats as they grow are all smart and necessary steps for any business today.

While there are no sure-fire solutions to risk, by taking a multi-faceted approach you’re in the know about the threat environment, and you’ll feel better that you’re managing it in a sound manner. Then you’ll be able to sleep peacefully even with one eye open so as not to miss, as Rip Van Winkle did, the important things in life such as the birth of a nation.

Fraud and Scam Updates for May

Fraud-Blog

Review our most recent fraud alerts and updates to help keep your personal information secure. Want to be automatically updated about recent scams and fraud? Sign up for our Alerts emails here: http://bit.ly/1G1dF0n

Internal Revenue Service Scam

Some of our customers have fallen for a recent scam involving fraudsters posing as employees from the Internal Revenue Service (IRS). The fraudster will call you – stating to be an Internal Revenue Service employee – and claim you owe back taxes, which can be paid via wire transfer.

The truth is that the IRS does not use phone calls to make personal contacts. If the IRS wants to contact you, they will send a letter first. If you receive a phone call from an individual claiming to be from the IRS, it is a scam. For more information on how and when the IRS might contact you, see these two articles from the Federal Trade Commission:

Check Fraud

Merchants has recently seen an increase in fraudulent checks. Customers have fallen for some “too good to be true” scenarios including being asked to be a secret shopper for a fake business or receiving a winnings check in the mail from a drawing they did not enter. When you receive a check, make sure to consider where it came from.

Some questions to ask yourself:

  • Did I recently enter any contests or drawings where I could win money?
  • Can I verify the information on the check through a third-party? For example, can you confirm a person’s contact information through the phone book? Or confirm a business’s information through an online directory like the Yellow Pages?
  • Does it sound too good to be true?

Be a skeptic. If the situation doesn’t sound right, it’s time to do some more investigating before depositing that check. For more information, read this article on check fraud from the Federal Trade Commission.

Next Steps If You’ve Experienced Fraud

If you think your bank account information has been compromised or you are a victim of identity theft, contact your local Merchants Bank and ask to speak to a Customer Service Representative.