Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
Children’s Online Privacy
We do not knowingly collect, use, or maintain any information through our websites from or about children who are under the age of 13 years. If we determine that a child under the age of 13 has provided us with information through one of our websites, we will use this information only to notify his or her parents that the information was received.
Online Privacy, Security & Information Gathering Policy
Last Updated: August 28,2015
Surety Bank is committed to safeguarding your confidential information and maintaining the security of our online products and services. In addition to this statement, please view our full Privacy Notice, which addresses our general policies for collecting and sharing customer information.
We maintain appropriate physical, electronic and procedural safeguards to protect the security, integrity and privacy of your personal information. Information you submit through Surety Bank website is encrypted to industry standards. No confidential or personal information should be sent through regular email since those email transmissions may not be secure.
We continually review our security safeguards in order to protect customer information that we gather, transmit and store in connection with our online products and services. Remember to educate yourself on scams and threats and to maintain your computer operating system and data security software up to date. We will never ask for personal identifying information, login or password information in an email message. Also, never click on an unverified link in an email message.
Online Security: Steps You Can Take
While investments in the technology and processes have been made by Surety Bank to ensure that we are providing a secure environment for all of your financial transactions, data transmissions, and communications, protecting your identity and personal information is a team effort. We recommend you also take steps to protect yourself and your computer from fraudsters who may try to obtain your personal information electronically.
Here are some steps you can take:
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend you help safeguard your identity and personal information by using effective password protection. Here are some suggestions for creating safer passwords and some cautions against weaker ones.
Tips for choosing more-secure passwords:
- Create original passwords that contain a combination of letters, numbers, and even special characters (#, &, %) if allowed
- Use both capital and lowercase letters (if your password can be case sensitive)
- Ensure your passwords are at least eight characters
- Your Social Security number
- Account numbers
- Phone numbers or addresses
- Birth dates or anniversaries
- Obvious or common nicknames
- Names of relatives or pets
- Common words from the dictionary
- Your interests or hobbies that are commonly known to others
- Use a unique password for each service or website
- Choose a password you can easily remember, so you don’t have to write it down
- Avoid using software that saves or remembers your passwords
- Change your passwords at least twice a year
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows distant hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals.
Follow these tips to protect your computer and private information from these dangerous programs:
- Never open any email attachments, web links, or files if the sender or source is not trustworthy or cannot be confirmed. This will help prevent spyware (which is designed to secretly access information) from being installed on your computer.
- Use the automated update wizards in your operating system to download and install the latest security patches.
- Install a firewall and anti-virus software with spyware protection on your computer. Use the automatic update options, and keep your subscriptions current, as fraudsters continue to develop new malware and viruses.
- Use email spam-filtering software.
- Avoid using public computers shared by many individuals to pay your bills, check your account balance, or transact business. If you do have to use a public computer, remember to log out of any websites completely and log off the computer.
- Always use encryption for wireless access.
Mobile Device Security
Mobile devices have a high likelihood of being lost or stolen. So, you should avoid using them to store sensitive information such as passwords and bank account numbers. If sensitive data is stored, then encryption should be used to secure it. To prevent unauthorized access to your mobile device, enable your mobile device’s auto lock feature, configure it to require a passcode to unlock the screen, and configure your settings to have the device automatically wiped after 10 failed passcode attempts. Install security software to prevent malware from infecting your mobile device. There are a number of vendors who provide this service through apps found in your vendors app store. Only use the official app store for the device to acquire apps or updates. Rooting (a.k.a. jailbreaking) your mobile device will increase the risk from malware infections as any malware would then have the ability to make changes to the device’s operation system that it would not have otherwise had.
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identify theft.
Criminals use a variety of social engineering attacks to attempt to steal information, including: Phishing and Website Spoofing.
“Phishing” refers to a process in which fraudsters attempt to obtain your personal information through electronic communications. (e.g. emails, text messages, instant messages) These messages appear to be from a trustworthy entity, such as a bank, insurance company, retailer, or regulatory agency. However, the messages are not legitimate. The fraudsters typically ask you to send your personal information to a website and then use that information to commit identity theft, gain access to your financial accounts or to initiate wire fraud.
Remember, Surety Bank does not request personal information by emails, text messaging, or instant messaging. Beware of any unsolicited emails that request personal information of any kind. Do not respond to any such emails, texts, instant messages, pop-ups, or links.
The following tips will help you spot fraudulent messages:
- The message title generally concerns an “urgent matter” that requires your immediate attention, such as “verifying” certain information to prevent the company from suspending or closing your account.
- The sender may ask for ATM or credit card numbers, personal identification numbers (PINs), sign-on IDs, and other personal information, such as your Social Security Number, date of birth, or mother’s maiden name — all of which thieves can use to take over an account or commit identity theft.
- The sender’s name is usually generic, such as “Customer Service Department,” or is just the company’s name, such as “ABC Bank.”
- The message may look professional and official, often displaying the look and feel of a website that you know. It may even contain links or pop-up windows that have the appearance of legitimacy.
- The message may point you to a domain name that is spelled very close to or appears to be related to the legitimate domain name.
- The message may point you to a web page that is protected by Secure Socket Layer (SSL), better known as https.
Any communication that appears to come from Surety Bank can be confirmed by calling the bank using contact information you already have or that is publicly available using a reputable source. Please do not attempt to reach Surety Bank using contact information provided in a communication that appears to be suspicious.
Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different address. If you are suspicious of a website, close your browser and contact the company directly by phone. Do not click links on social networking sites, pop-up windows, non-trusted websites or in email messages. Links can take you to a different website than their labels indicate. Typing an address in your browser or using a popular search engine are a safer alternatives. Only give sensitive information to websites using a secure connection. Verify the web address begins with https:// (the “s” is for secure) rather than just “http://”. Additionally, some websites will add a padlock to the address bar or the address bar green will turn green in your web browser to indicate that you are in the correct location (i.e. ownership of the website has been verified by a third party).
Commercial Banking Customers
In order to determine potential exposures you may have related to Internet banking activities, we recommend you perform regular risk assessments with an enhanced focus on “high risk” transactions. Your risk management program should reflect your operating environment, business type, market conditions, legal and compliance risk, control environment and any other potential threats and risks applicable to your situation.
We obtain information about our clients and website users online when you provide your information to us directly to complete online forms or obtain online services or indirectly as part of the information we collect on our websites. One example of information we collect indirectly is information collected through our internet access logs. When you access our website, your internet address is automatically collected and is placed in our internet access logs. We may also record the URLs of the websites and pages you visit before, during and after your visit to our website, the times and dates of these visits, information about the computer hardware and software you use, and other information that may be available.
Temporary “session” cookies are also used to facilitate customer navigation within our website. Session cookies are deleted once you close your internet browser. We may also use “persistent” cookies that are retained on your computer after your visit ends so we can identity your preferences and enhance your next visit to our website.
In addition, cookies help us manage and monitor internet traffic from third-party websites to ours and identify which areas of our website are used most often and for how long. We may provide this type of aggregate information to non-affiliated application service providers that compile statistical or other information for us. This feedback and analysis allows us to continually update our website.
You can block cookies by changing the settings on your internet browser or through the use of software programs specifically designed to block cookies. You should be aware that blocking cookies or using certain security software settings may prevent you from logging onto your accounts or limit your online activities. If you employ “do not track” signals while visiting our website, we will not collect information about your visit, nor will any third-party included on our site.
Changes to this Policy
This Online Privacy, Securing & Information Gathering Policy is subject to change. Please review it periodically. If changes are made, the “Last Updated” date at the top of this Policy will be revised. Any changes to this Policy will become effective when posted unless indicated otherwise.