FFIEC Consumer Guidance

This page contains:

Online Security is our top priority!

Understanding the Factors

Online security begins with the authentication process, used to confirm that it is you, and not someone who has stolen your identity. Authentication generally involves one or more basic factors:

• Something the user knows (e.g., password ,PIN)
  
  
• Something the user has (e.g., ATM Card, smart card)
  
  
• Something the user is (e.g. biometric characteristic, such as a fingerprint)
  

Layered Security For Increased Safety

Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfers.

Layered security can substantially strengthen the overall security of online transactions…protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.

The purpose of these layers is to allow your bank to authenticate customers and detect and respond to suspicious activity related to initial login and then to reconfirm this authentication when further transactions involve the transfer of funds to other parties.

Internal Assessments At USLA

On the back-end, the new supervisory guidance offers ways for us to look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the transaction’s level of risk. Accordingly, we have concluded a comprehensive risk-assessment of our current methods as recommended in this supervisory guidance. These risk assessments consider, for example:

• Changes in the internal and external threat environment
  
  
• Changes in the customer base adopting electronic banking
  
  
• Changes in the customer functionality offered through electronic banking; and
  
  
• Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.
  

• Utilizing call-back (voice) verification, email approval, or cell phone-base identification.
  
  
• Analyzing banking transactions to identify suspicious patterns.
  
  
• Establishing dollar limits that require manual intervention to exceed a preset limit.
  

Your Protections Under “Reg E”

Banks follow specific rules for electronic transactions issued by the Federal Reserve Board. Known as Regulation E, the rules cover all kinds of situations revolving around transfers made electronically. Under the consumer protections provided under Reg E, you can recover internet banking losses according to how soon you detect and report them.

Here is what the Federal rules require: If you report the losses within two days of receiving your statement, you can be liable for the first $50. After two days, the amount increases to $500. After 60 days, you could be legally liable for the full amount. These protections can be modified by state law or by policies we have.

Customer Vigilance: The First Line Of Defense

Of course, understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. You can make your computer safer by installing and updating regularly your

• Anti-virus software
  
  
• Anti-malware programs
  
  
• Firewalls on your computer
  
  
• Operating system patches and updates
  

• www.staysafeonline.org
  
  
• www.ftc.gov
  
  
• www.usa.gov
  
  
• www.idtheft.gov
  

If You Have Suspicions

If you notice suspicious activity within your account or experience security-related events (such as a phishing email from someone purporting to be USLA), you can contact us at 800-373-8752 or by email at onlinebanking@uslabank.com and you will be quickly and courteously guided to the person responsible for such issues.