The network architecture used to provide First IB’s online banking service was designed by some of the brightest minds in network technology.
First and foremost, the computers storing your actual account information are not linked directly to the Internet. Instead, transactions you initiate online are received by our online banking Web servers, which then route your transaction through firewall servers. Firewall servers act as a traffic cop between segments of our online banking network used to store information, and the public Internet.
While your requests are traveling between your computer and our servers, the privacy of communications is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server.
- When visiting online banking’s sign-on page, your browser establishes a secure session with our server.
- The secure session is established using a protocol called Secure Socket Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys.
- Keys are random numbers chosen for that session and are only known between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server.
- Both sides require the keys because they need to descramble (decrypt) messages received. The SSL protocol helps to ensure the information sent is not altered prior to decryption.
The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message. For your protection, our servers require the browser to connect at 128-bit encryption (versus the less-secure 40-bit encryption).
At our data center, there are a number of various access control mechanisms, including intrusion detection and anti-virus, that you cannot see, which monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.
We also provide a number of security features in online banking that you can see. For example, online banking will “time out” after a specified period of inactivity. This prevents curious persons from continuing your online banking session if you left your PC unattended without logging out. You may set the timeout period by following the Preferences link in online banking. We recommend that you always sign off (log out) when done banking online.
It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. (See our tips for creating a strong password.) When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to unlock your access and reset your password.
First Internet Bank is committed to protecting your personal information. The security recommendations provided here will help you protect your personal information and will aid you in protecting yourself in all your online activity.
- First Internet Bank will never make an unsolicited request for any confidential information from you via email or phone call or require that you update your account details on a Web page. Do not respond to or click on links from unsolicited emails, and do not provide confidential information on an unsolicited phone call.
- Retrieve your mail from your mailbox promptly and mail sensitive information such as bill payments from secure mailboxes. Consider using eStatements and online Bill Pay.
- Shred documents that contain confidential information with a cross cut shredder; even credit card offers should be shredded.
- Review your credit reports regularly at www.annualcreditreport.com.
- Keep your log on credentials secret. Do not give them to anyone or leave them unsecured. Change your passwords regularly.
Online and Mobile
Protect against online and mobile fraud. Follow these recommended best practices for mobile and online account fraud protection.
Email and Texting
- Be aware of phishing emails. Normally they will require you to click a link or open an attachment to verify or change your account. First Internet Bank will not send emails of this type: if you receive what you believe is a phishing email please delete.
- Do not click on links in emails, particularly forwarded emails or emails you were not expecting. If you trust the site, type the address in your browser; do not copy and paste the address.
- Do not answer text messages requesting your account information. First Internet Bank will not send these texts and you should delete them.
- Be suspicious of email headers including the email sender’s identity, which can be easily forged.
- Do not fill out forms included in an email; it can be difficult or impossible to tell where the information will actually be sent.
- Spam emails should be immediately deleted. These can be forwarded from friends or from people you do not know. Many times they offer something “too good to be true” or other enticing offers.
- Install anti-virus/anti-spyware software. Configure it to update automatically and schedule regular scans of your hard drive.
- Ensure you have a firewall installed and active to help prevent intrusion on your computer.
- Keep your operating systems, applications and internet browsers updated regularly.
- Patches and updates can be configured to install automatically or you may do it manually, but the key is to ensure it is done consistently. This will help keep your software secure against intrusions.
- If you have a wireless network, ensure it is set up with industry-standard protections.
- Consider turning off your computer when not in use.
Convenience is the driving factor in the rise of mobile banking. It provides greater consumer choice and access to banking options. But, as mobile devices like smartphones and tablets have become more popular, hackers are finding savvy ways to steal information. Consumers are urged to be cautious when using mobile devices to conduct their banking.
It’s important to take a common sense approach to mobile banking. Use caution on your phone just like you would a computer. If you’re careful, you can really enjoy mobile banking benefits safely and securely. Following a few simple steps can prevent a big headache later. The following tips are considered best practices to protect your information:
- Avoid storing sensitive information like passwords and social security numbers on your mobile device.
- Password protect your mobile device and lock it when you’re not using it.
- Be aware of your surroundings. Do not type any sensitive information if others around can see your screen.
- Log out completely when you complete a mobile banking session.
- Protect your phone from viruses and malware, just like your computer, by installing mobile security software.
- Download the updates for your phone and mobile apps.
- Use discretion when downloading apps.
- If you change your phone number or lose your mobile device, let your financial institution know immediately.
- Monitor your accounts regularly and report suspicious activity to your financial institution as soon as possible.
The FBI has seen a significant increase in fraud involving the theft and exploitation of valid online banking credentials belonging to small and medium-sized businesses. The fraud effort is normally the result of an online customer’s computer being compromised by the installation of malware or spyware. Many times this installation occurs when an unsuspecting recipient clicks on links in unsolicited emails or visits a compromised website.
There are many forms of cyber fraud, and the criminals initiating them frequently change their methods in order to continue their deceptive practices. Therefore, it is vitally important that we all remain vigilant in the fight to protect confidential information. Security is a priority for us, and we continually work to provide a safe and secure environment for our online banking customers. You should consider implementing these recommended steps to help protect your business online, thus helping to mitigate the possibility for loss of funds.
- Periodically assess your risk and evaluate your internal controls, including reviewing your users and the permissions you give them.
- Use a dedicated computer for conducting financial transactions and turn it off when not in use. To reduce your risk of exposure to fraud, do not perform other online activities on this computer (do not use to check email or access websites).
- Always protect your online banking log on credentials and choose passwords that are difficult to guess (use a combination of letters, numbers, and special characters).
- Monitor all account activity daily via Business Online Banking.
- Use dual authorization or out of band authentication for online banking transactions.
- Set computers to time out and automatically lock after a certain amount of time.
- Reconcile all accounts and statements quickly.
- Tighten internal controls.
- Maintain up-to-date anti-virus/anti-spyware software and perform regular scans.
- Implement a firewall and configure it correctly.
- Restrict employee access to hardware such as CD burners and USB ports.
- Implement strict policies for confidential information storage and destruction.
- Use cross-cut shredders.
- Invest in employee training.
- Investigate purchasing insurance to reduce the risk of loss should fraud occur.
- Consider working with a reputable third party to independently perform security testing on a periodic basis.
- Review vendors frequently to insure compliance with your confidentiality policies.
- Use encrypted emails when confidential data is sent.
Suspect fraud? Contact us.
If you believe that you are a victim of identity theft with respect to any of your accounts or transactions with First Internet Bank, please contact one of our Relationship Bankers at (888) 873-3424.
Please provide as much detail as possible regarding the accounts or transactions in question, including dates and account or transaction numbers, along with any additional information you may be aware of.
Other contacts to consider if you have been a victim of cybercrime:
- Alert any other financial institution with which you have accounts.
- Notify one of the three major credit reporting agencies.
- Report the crime to the FBI at ic3.gov.
- File a report with your local police or sheriff.
Believe you’ve been a victim of identity theft?
The sooner you report suspicious account activity, the faster First Internet Bank and others, including the authorities, can take steps to assist you. Below are important steps in the process:
- Review your financial account statements and recent transaction histories to determine if fraudulent activities have occurred. Also, check your personal documents to determine if you have been compromised.
- Call one of our Relationship Bankers at (888) 873-3424 and report any suspicious activities. Ask to have your account numbers, PIN and passwords changed immediately.
- Notify any other financial institution that you do business with and do the same.
- Contact your credit card companies and ask that all accounts be restricted or closed.
- If checks are missing from your checkbook, issue stop payments on them.
- If your driver’s license is missing, contact your local Bureau of Motor Vehicles office.
- If your Social Security card is missing, contact the Social Security Administration.
- File a report with your local police department and obtain a copy for your records.
- In detail, document when, what happened, who you spoke with and include dates and times.
Your Rights as a Consumer
Regulation E is the Federal Reserve regulation that sets rules, liabilities and procedures for electronic funds transfers (EFT), and establishes consumer protections using EFT systems. This regulation prescribes rules for:
- Solicitation and issuance of electronic funds transfers.
- Debit cards.
- Consumer liability for unauthorized transfers.
- The requirement of financial institutions to disclose at least annually the terms and conditions of EFT services.
For example, the regulation sets up an error resolution procedure for errors on EFT related accounts.
Unauthorized Transfers or Transactions
There are procedures for correcting disputed transactions to a consumer’s bank account under Federal Reserve Regulation E. Examples of these transactions include:
- A consumer claiming that funds were taken from an account by another person’s unauthorized transfer without prior consent.
- A transaction was posted improperly due to a bank bookkeeping error; this may be corrected by notifying the financial institution holding the account.
CONSUMER LIABILITY: Tell us AT ONCE if you believe your card and/or code has been lost or stolen. Telephoning is the best way of keeping your possible losses down. You could lose all the money in your account (plus your maximum overdraft line of credit). If you tell us within two (2) business days, you can lose no more than $50.00 if someone used your card and/or code without your permission. If you do NOT tell us within two (2) business days after you learn of the loss or theft of your card and/or code, and we can prove we could have stopped someone from using your card and/or code without your permission if you had told us, you could lose as much as $500.00.
ADDITIONAL LIMIT ON LIABILITY FOR CHECK (DEBIT) CARD AND CREDIT CARD: Unless you have been grossly negligent or have engaged in fraud, you will not be liable for any unauthorized transactions using your lost or stolen check (debit) card or VISA® credit card. This additional limit on liability does not apply to ATM transactions, to transactions using your PIN which are not processed by VISA®, or to commercial cards.
Also, if your statement shows transfers that you did not make, tell us at once. If you do not tell us within sixty (60) days after the statement was mailed to you, you may not get back any money you lost after the sixty (60) days if we can prove that we could have stopped someone from taking the money if you had told us in time. If a good reason (such as a long trip or a hospital stay) kept you from telling us, we will extend the time periods.
CONTACT IN EVENT OF UNAUTHORIZED TRANSFER: If you believe your check (debit) card or VISA® credit card has been lost or stolen, call toll-free (888) 873-3424 immediately. Please also notify us at the telephone number or address listed in the Error Resolution Notice if you believe your ATM, check (debit) card or VISA® credit card has been lost or stolen or that someone has transferred or may transfer money from your account without your permission.
ERROR RESOLUTION NOTICE: In case of errors or questions about your electronic transfers, call or write us at the telephone number or address listed below as soon as you can, if you think your statement or receipt is wrong or if you need more information about a transfer listed on the statement or receipt. We must hear from you no later than sixty (60) days after we sent the FIRST statement on which the problem or error appeared.
- Tell us your name and account number (if any).
- Describe the error or the transfer you are unsure about, and explain as clearly as you can why you believe it is an error or why you need more information.
- Tell us the dollar amount of the suspected error.
If you tell us orally, we may require that you send us your complaint or question in writing within ten (10) business days.
We will determine whether an error occurred within ten (10) business days after we hear from you and will correct any error promptly. If we need more time, however, we may take up to forty-five (45) days to investigate your complaint or question. If we decide to do this, we will credit your account within ten (10) business days for the amount you think is in error, so that you will have the use of the money during the time it takes us to complete our investigation. If we ask you to put your complaint or question in writing and we do not receive it within ten (10) business days, we may not credit your account.
For errors involving new accounts, point-of-sale, or foreign-initiated transactions, we may take up to ninety (90) days to investigate your complaint or question. For new accounts, we may take up to twenty (20) business days to credit your account for the amount you think is in error.
We will tell you the results within three (3) business days after completing our investigation. If we decide that there was no error, we will send you a written explanation.
You may ask for copies of the documents that we used in our investigation.
If you have inquiries regarding your account, please contact us at:
First Internet Bank of Indiana
8701 E 116th Street
Fishers, Indiana 46038
PHONE: (888) 873-3424
HOW CAN WE HELP?
Our team is ready to answer your questions! Contact us however you choose — email, chat or phone — and you’ll be connected with one of our Relationship Bankers. We’ll make sure all of your questions are answered and you receive the support you deserve.