Welcome to QNB's Consumer InfoZone. On this section of our Web site, you'll find information about security, fraud prevention, and bank regulations that could affect you.
Security & Fraud Prevention
Social Engineering - Phishing, Vishing and Smishing!!!
Hearthland Payment Services Data Breach
FBI Fraud Alert - Don't Get Scammed!
Identity Theft -- What Is It and What to Do
Protect Yourself and Your Computer
Security News and Updates
Avoid Charity Scams
Government Agency Links
Social Engineering is the act of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
Types of Social Engineering
“Phishing” is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication or email.
1. A criminal will send email messages to a list of email addresses stolen from a financial institution.
2. The email messages alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
3. The email message instructs the victims to call a phone number or click on a link to visit a website where their personal information is requested.
4. Once the victim calls the phone number in the text message or visits the website and provides the information requested, the “Phisher” has the information necessary to make fraudulent use of the card or access the account.
“Vishing” is a combination of Voice and phISHING. Vishing is the criminal practice of using social engineering over the public telephone system.
1. A criminal will call a list of phone numbers stolen from a financial institution.
2. When the victim answers the phone, an automated message is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
3. The automated message instructs the victim to “call the following phone number immediately”. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
4. When the victim calls the number provided, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
5. Once the victim enters their credit card number or bank account number, the “Visher” has the information necessary to make fraudulent use of the card or to access the account.
“Smishing” is a combination of SMS and phISHING. SMS (Short Message Service) is the technological protocol used for sending and receiving text messages on cell phones. Smishing is the criminal practice of using social engineering over the cellular phone system.
1. A criminal will send text messages to a list of cellular phone numbers stolen from a financial institution.
2. The text messages alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity.
3. The text message instructs the victims to call a phone number or visit a website where their personal information is requested.
4. Once the victim calls the phone number in the text message or visits the website and provides the information requested, the “Smisher” has the information necessary to make fraudulent use of the card or access the account.
How to protect yourself against Social Engineering, malware, viruses, etc…
- Be skeptical of suspicious e-mail, text messages, unfamiliar sites and links and any unprompted requests for personal information.
- Protect your personal information. Keep your user names and passwords secret and be skeptical of any requests for personal information.
- Always look for "https://" in the address of any site where you enter personal information; this indicates a secure connection.
- Do not click on links contained within e-mails. Open a new browser window and type the address yourself.
- Do not reply to phishing, smishing or vishing attempts. Never reply to phone calls, e-mail, or text messages asking for personal or financial information unless you can confirm the requestors identity.
- Keep security software (antivirus, anti-malware) up-to-date and keep firewall settings active.
Important Announcement to our Debit Cardholders
On January 20, 2009, Heartland Payment Systems (a nationwide payment processor for over 250,000 business locations) announced that a data intrusion into its computer network had occurred in 2008, potentially exposing debit and credit card transaction information. This exposure window appears to have occurred from May through November 2008. Heartland has created a website www.2008breach.com with information and FAQs. QNB was not directly a part of this breach nor do we utilize Heartland Payment Systems for card processing.
What are the facts known to date?
It is unknown how many accounts have actually been compromised. The exposed data includes debit and credit card numbers, cardholder names and expiration dates. No other personal information was compromised. QNB is beginning to receive lists of potentially affected debit cards from Visa®. Even though it is not known if any customer information was actually removed during the exposure, we are viewing this data to be at risk based on Visa’s recommendation.
What is QNB Bank doing to protect our customers?
To date, QNB has not identified any suspicious activity that indicates our cards are being misused. However, we believe that it is prudent to close and reissue cards as they are identified. We do not yet know the number of QNB CheckCards that may have been used at merchants who processed through the Heartland system, but we are anticipating a significant number may be affected. As we get information from Visa about the data compromise, we will be taking action on our customers’ cards in an orderly fashion to minimize inconvenience without taking undue risk. If your card is suspected of compromise, we will send you a letter explaining the issue as soon as we are informed by Visa. These cards will be reduced to a $400 daily limit for purchase type transactions (this minimizes your risk but allows you to continue to conduct routine daily transactions). Your ATM withdrawal limit will not be changed. You will be asked to stop into a branch to reorder a new card before a designated date (two weeks after the letter is sent). This affords you the opportunity to select your own PIN (PINS were not compromised). If you do not take steps to reorder a card, we will have one issued to you with a system-selected PIN on the date indicated in the letter. Three weeks after the letters are sent the old cards will be disabled. Note that joint account holders’ cards DO NOT have the same numbers. It is only necessary to close both cards if both cardholders are informed of the breach.
What should you do to protect yourself?
Monitor the activity on the account connected to your QNB CheckCard on a regular basis. In addition to reviewing your monthly statements, you can review account activity 24 hours a day/7days a week with QNB-Online internet banking. If you are not currently enrolled in QNB-Online, sign up today at www.QNBBANK.com. If you do not use online services, you can access your account activity with QNB-Voice 24 Hour Telephone Banking at 215-538-5600 (select option 1). Additionally, you can stop by any of our nine convenient branch locations where we’ll be happy to assist you with any inquiries or questions. You can have peace of mind in knowing that you are not responsible for any unauthorized activity that occurs with your debit card. We want to reassure you that we are fully aware of the situation and are monitoring it closely to protect you.
Cash Advance Scams Are Increasing. You Could Be Involved In A Fraud Or About To Be Scammed!
- Lottery Winning Scams: Paying Fees or Taxes to receive winnings
- Agent Scams: Paying Commission for facilitating Items
- Inheritance Scams: "A Long Lost Family Member Has Died"
- Have you been instructed to either "Wire", "Send by Western Union", or "Ship" money, as soon as possible, to a foreign country, such as Canada, England, Nigeria or to a different area of the United States?
There are different variations on the types of frauds listed above. Please take the time to ask bank employees for assistance before depositing or cashing any checks that may be suspicious!
You are responsible for any checks you cash or deposit! Amount of items returned will be charged against your account!
For more information visit www.fakechecks.org.
Identity theft, which the U.S. Department of Justice labels the "crime of the new millennium," cost nearly 10 million Americans almost $5 billion in the past year, according to the Federal Trade Commission. And it costs businesses too. The FTC says 27.3 million individuals have been victimized since 1998 -- racking up a $48 billion tab for U.S. businesses.
Identity theft and account fraud are making big headlines. How can someone steal your identity? Identity theft occurs when someone uses your personal information such as your name, Social Security Number, credit card number, account number, or other identifying information, without your permission to commit fraud or other crimes.
Identity theft is a serious crime. People whose identities have been stolen can spend months or years - and their hard-earned money - cleaning up the mess thieves have made of their good name and credit record. In the meantime, victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.
Your bank works hard every day to ward off these threats. Security is paramount in gathering personal data, as well as tracking transactions. There is a great deal of emphasis and specialization on things like encryption of information and strict authentication practices, but maximum security is possible only with your help.
Educating yourself on how to protect against privacy invasions is critical. Once you understand what information should be protected and what to do in case that information is compromised, you'll feel much more secure.
Here are some things you can do to prevent these crimes from happening and protect your assets and your good name:
- Don't give out financial information such as checking and credit card numbers and especially your Social Security number over the phone unless you initiated the call and know the person or organization you're dealing with.
- Report lost or stolen checks immediately. Also, review new deliveries of checks to make sure none has been lost in transit.
- Do not carry all your credit cards, your Social Security card, passport, etc in your wallet or purse at all times. Carry these only when need them.
- Carefully monitor your monthly bank and credit card statements and order a credit report once a year to check for inaccuracies and fraudulent use of your accounts.
- Guard your ATM Personal Identification Number and the ATM receipts.
- Be very careful when using your credit card on the Internet, or providing other information such as your Social Security number or other personal information.
- Always shred preapproved credit applications, credit card receipts, bills and other financial information before discarding them in the trash.
- If you applied for a new credit card or your regular bills have not arrived in a timely manner, call the bank or company involved.
- Don't put outgoing mail in or on your mailbox. Drop it into a secure, official Postal Service collection box.
If you think your identity has been stolen, here's what to do now:
- Contact your bank(s) and credit card issuers immediately so that the following can be done: access to your accounts can be protected/restricted; stop payments on missing checks; personal identification numbers (PINS) and online banking passwords changed; and a new account opened if appropriate. Be sure to indicate to the bank or card issuer all of the accounts and/or cards potentially impacted including ATM cards, check (debit) cards and credit cards. Customer service or fraud prevention telephone numbers can generally be found on your monthly statements.
- Contact the fraud departments of any one of the three major credit bureaus (see list below) to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge.
Credit Bureau Web sites and Phone Numbers
Equifax: www.equifax.com 800-525-6285
Experian: www.experian.com 888-397-3742
TransUnion: www.transunion.com 800-680-7289
- Close the accounts that you know or believe have been tampered with or opened fraudulently.
- File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
- File your complaint with the FTC (www.ftc.gov ). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you.
For more in-depth information on recovering from identity theft and help with protecting your personal records, visit www.consumer.gov/idtheft .
Internet “phishing” scams are one of the fastest-growing frauds today. Phishing typically involves a bogus e-mail message that uses legitimate materials, such as a company's Web site graphics and logos, in an attempt to entice email recipients to provide personal financial details, such as credit card and Social Security numbers.
Click on the following links for more detailed information on phishing scams and how to protect yourself.
- American Bankers Association – Don't Get Phished
- Office of the Comptroller of the Currency – Phishing & How To Protect Yourself
There are many nasty things that can happen to your computer resulting in loss of data and/or unintended divulgence of personal information. Following are things that could make you and your PC very unhappy and some recommended ways to protect yourself…
A program or piece of computer code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses are capable of replication to other computers. Viruses can compromise computer and network resources and bypass security systems. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
- Purchase Antivirus (AV) software – AV software detects and removes viruses/worms from your computer (McAfee, Symantec).
- Purchase Firewall software - firewall software protects your computer from anything (or anyone) on the Internet that tries to access or alter files on your PC without your permission (McAfee, Symantec).
- Regularly update the virus definition files associated with the AV software.
- Regularly scan your computer for viruses.
- Do not click on or follow hyperlinks you are not familiar with or do not trust.
- Do not open e-mail attachments sent from a source you are not familiar with or do not trust.
Software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are inadvertently installed when visiting a website or clicking a hyperlink. Once installed, spyware monitors user activity on the Internet and transmits that information covertly to someone else. Spyware can also gather and transmit personal information (e-mail addresses, passwords, credit card numbers, etc…). Spyware can also cause problems with computer resources causing PC's to run slowly or erratically.
- Purchase software that protects your computer from anything (or anyone) on the Internet that tries to access or alter files on your PC without your permission (AdAware, Spybot).
- Minimize unnecessary “surfing” on the Internet
- Do not click on or follow hyperlinks you are not familiar with or do not trust.
- Do not open e-mail attachments sent from a source you are not familiar with or do not trust.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Identity Theft is the procurement of another person's personal information (e.g., name, social security number, credit card number, passport) without that person's knowledge and the fraudulent use of such knowledge.
- Never give out personal information to anyone, unless you know and/or trust the person you are giving the information to. Always be suspicious of someone asking you for bank account numbers, social security numbers, birth dates and other personal information.
Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. E-mail advertising for some product sent to a mailing list or newsgroup.
- Purchase Anti-Spam Software - this software filters your e-mail for SPAM and either deletes it or directs it to a destination of your choosing. There are many companies who offer anti-spam software packaged with AV software (McAfee, Symantec).
Power failures are accompanied by surges and dips in power. Outages, surges and dips can all be harmful to your computer hardware.
Purchase an uninterruptible power source (UPS) to plug your computer into. UPS's have batteries that, in the event of power failure, continue to provide power for your computer providing you with enough time to properly shut down applications and save data. UPS's also provide surge and dip protection.
The Federal Trade Commission last week issued a new consumer alert, "Helping Victims of Hurricane Katrina: Your Guide to Giving Wisely," that offers tips to help consumers ensure that their donations reach the needy. Among other things, the alert advised people to be wary of charities that spring up overnight. "They may be well-meaning, but lack the infrastructure to provide assistance," the alert said. Also, be suspicious of charities with names that sound like familiar, or nationally known organizations. "Some phony charities use names that sound or look like those of respected, legitimate organizations," it said. Read more >>
Notice of Changes in Temporary FDIC Insurance Coverage for Transaction Accounts
FDIC Extends Expiration Date for Increased Insurance Coverage
Limits on Transfers from Savings Accounts Increased
What Happened to the Paper Check?
Check 21 Act
All funds in a “noninterest-bearing transaction account” are insured in full by the Federal Deposit Insurance Corporation from December 31, 2010, through December 31, 2012. This temporary unlimited coverage is in addition to, and separate from, the coverage of at least $250,000 available to depositors under the FDIC’s general deposit insurance rules.
The term “noninterest-bearing transaction account” includes a traditional checking account or demand deposit account on which the insured depository institution pays no interest. It does not include other accounts, such as traditional checking or demand deposit accounts that may earn interest, NOW accounts, money-market deposit accounts, and Interest on Lawyers Trust Accounts ("IOLTAs").
For more information about temporary FDIC insurance coverage of transaction accounts, visit www.fdic.gov.
On May 20, 2009, the FDIC extended the expiration date for the per depositor $250,000 insurance limit from December 31, 2009 to December 31, 2013. On January 1, 2014, the standard insurance amount will return to $100,000 per depositor for all account categories except for IRAs and other certain retirement accounts which will remain at $250,000 per depositor.
To calculate your level of FDIC coverage visit www.myFDICinsurance.gov.
The Federal Reserve Board (FRB) has announced revisions to Regulation D (“Reg D”), which take effect on July 2, 2009, revising the transaction limits imposed on savings account transfers and withdrawals. Reg D imposed two (2) limits on certain types of transactions that may be initiated from a “savings account” per calendar month or by statement cycle period.
* Six Transaction Limit: This limit applies to transfers to third parties or to other deposit accounts at the same bank made by preauthorized means (such as an ACH auto debit), automatic means (such as a savings overdraft protection product), telephone, electronic or other data transmission (such as through an online banking product).
* Three Transaction Limit: This limit, which is a subset of the overall six transaction limit, applies to checks, drafts, point of sale, debit card or similar orders payable to third parties.
During the calendar month the “savings account” would be limited to an overall total of 6 transactions as listed in either of the above Six or Three Transaction Limit categories; however, only 3 of those 6 were permitted to be transactions as those listed under the Three Transaction Limit.
The revision to Reg D removes the Three Transaction Limit effective July 2, 2009 and the transactions that were previously limited to the Three Transaction Limit category now become part of the Six Transaction Limit category as follows:
* Six Transaction Limit (effective 7/2/09): This limit applies to transfers to third parties or to other deposit accounts at the same bank made by preauthorized means (such as an ACH auto debit), automatic means (such as a savings overdraft protection product), telephone, electronic or other data transmission (such as through an online banking product), checks, drafts, point of sale, debit card or similar orders payable to third parties.
Check 21 Act Brings Changes to Checks
In October 2003, the Check Clearing for the 21st Century Act became law. Now known simply as Check 21, the legislation's goals include “to improve the overall efficiency of the nation's payments system.”
Today, most checks must be physically transported—whether across town or across the country—before they can be cleared. This is expensive and time-consuming.
Check 21 provides a new option: legal acceptance of paper reproductions of original checks.
This reproduction is called a “substitute check” and is produced from a digital image of the original check.
How Will Check 21 Affect You?
By Oct. 28, 2004, every bank will be required to accept substitute checks, just as they currently accept your original paper checks. If you receive your canceled checks or electronic images of your canceled checks with your account statement, you will begin seeing substitute checks after that date. A substitute check is the legal equivalent of the original check and will include all the information contained on the original.
Check 21 includes several safeguards for check writing consumers. Check 21 helps speed check clearing, so check fraud can be discovered faster. Faster fraud detection means faster resolution for customers. Another safeguard: A bank that creates a substitute check must warrant that it is accurate. The bank also has to make sure that the substitute check is produced in accordance with industry standards for quality.
A Word About Check Conversion
You may already have experienced two other emerging payment practices, and each is an example of “check conversion,” which uses the automated clearinghouse, or ACH, system.
In the first example, a retailer converts a paper check into an electronic ACH payment on the spot. In this situation, if you've written a check for a purchase, you are handed the check back immediately after it's converted into an electronic ACH payment at the store or shop.
In the second example, regular billers (telephone, utilities and credit card providers, for example) convert your check payments into ACH payments. The check has been “converted” to an electronic format, and you won't receive a copy of the original. The payment will be reflected in your bank statement, which becomes the legally accepted proof of your payment.
Keep in mind that both of these example transactions are different from substitute checks.
All of these changes allow for faster payment processing and even better service to the nation's banking customers.
Efficient Check Clearing Benefits You
The improvements brought about through Check 21 allow for faster payment processing and even better service to you, the bankingcustomer. A few of the benefits include:
- Faster check clearing
- Decreased fraud
- Less paper
- Increased security
As permitted by the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), consumers will be able to request a free annual credit report from the three consumer reporting companies- Equifax, Experian, and TransUnion.
The FACT Act amends the Fair Credit Reporting Act and has three major objectives:
- Enhance the ability of consumers to combat identity theft
- Increase the accuracy of consumer reports
- Allow consumers to exercise greater control regarding the type and amount of marketing solicitations they receive
The free annual credit reports will be phased in across the country from west to east over a nine-month period. Consumers in eastern states, which include Pennsylvania , can order their reports beginning 9/01/2005.
ABA - Checks are Changing - Consumers and Check21