Protect Your Identity
Identity thieves only really need your Social Security Number in order to commit Identity Theft. They can steal credit card payments or statements from private mailboxes; dig through trash to search for cancelled checks, account statements, and pre-approved credit card offers; hack into computers that store personal information; or even file change of address forms in victims names to start gathering personal and financial information.
Make it harder for identity thieves by doing the following:
- Install a lockable mailbox or pick up your mail at the post office to reduce mail theft. Never put outgoing mail in an unguarded "out box" at work or within your building, and when you're out of town have the post office hold your mail.
- Never leave your purse or wallet unattended, especially at the gym or restaurants, or within open view in your car.
- If you are unsure about a request from a company for personal information, contact the company directly by checking previous statements for contact information (not the statement that came with the request) and find contact information for the business on their website to make sure it's legitimate.
- Never give personal information over the phone unless you initiated the call. Thieves will try to pose as legitimate businesses to trick you into giving information. If this happens, hang up the phone and call the company to establish if there is a problem or to let them know someone is trying to scam their customers.
- Never give your Social Security Number (SSN) to anyone and don't use checks with your SSN printed on them.
- Shred all statements or pre-approved credit card offers using a cross-cut shredder before throwing them away to prevent dumpster divers from obtaining your personal information.
- Some thieves create fake websites and will recruit unsuspecting victims into phone interviews for "work from home" types of employment. They will ask for your Social Security Number and bank account information for a direct deposit. To avoid this type of scam, do your due diligence in checking out a company, and try to get a meeting in person. Remember, if a job offer is too good to be true, it probably is.
- When at work, never provide personal information about yourself or your company, especially about the organizational structure, technology, or networks unless you are certain the person you are talking to is authorized to have that information.
Below are some simple security steps that you can take to safeguard yourself while using the Internet and to define some common terms like phishing, spyware, and malware so you are familiar with them.
Identity Theft Prevention Tips When Using Online Banking
- Do not give your Hills Bank Online ID or password to anyone. Don’t write IDs or passwords where anyone can find this information.
- We encourage you to avoid using commonly guessed names or numbers (birthdays, addresses, phone numbers, words in the dictionary, etc.) for your password. Try using passphrases, which are a string of characters longer than a normal password that include capitalization, punctuation, special characters, and numbers (i.e. i%HEART<3HBT1904.)
- Remember to logout Hills Bank Online when you are finished banking. This will properly end your session and require you to reenter your ID and password to bank again. When you simply hit the Back button of your browser, the Hills Bank Online session does not end.
- When naming your accounts, don’t use the account number. Give the account a name like Checking, Household Savings, Car Loan, Kid's CD, etc. This keeps your account numbers confidential and the system even more secure.
- Create email alerts to notify you of activity in your Hills Bank Online accounts. Set up your alerts by logging into Hills Bank Online, click “Services” in the left column then click "Manage Alerts."
- When you email Hills Bank Online Customer Support with a question, do not send your account number or social security number in the message. While you are trying to save us time, email isn’t secure and in the event someone intercepts your message to us, you don’t want those people to have that confidential information.
What is Phishing?
Phishing is an Internet scam done by an illegitimate person(s) who falsely claims to be a familiar business. The purpose is to direct the user — you — to a website under the guise of updating your personal information. The website may look legitimate but it is actually a duplication of the real website.
Protect yourself from phishing by following these tips:
- Always perform due diligence when sending sensitive information over the Internet and make sure the website you're using is legitimate and has adequate security measures.
- Always pay attention to the URL of a website. Malicious websites may look legitimate, but the URL may be misspelled, or have a different domain ending in .net versus .com, etc.
- If you receive an email saying your account will be discontinued unless you confirm personal information, do not reply or click any links in the email.
- Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.
- If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
- Check for anti-phishing features offered by your email client and web browser.
- For more detailed information on phishing attacks pretending to be from the Federal Deposit Insurance Corporation (FDIC), visit their website at www.fdic/gov/consumers/consumer/alerts/index.html or find information about known phishing attacks from the Anti-Phishing Working Group at www.antiphishing.org.
Protection From Viruses, Spyware, and Malware
If you are connected to the Internet, you should take steps to protect your computer from malicious software that may harm your computer or capture your personal information like user IDs and passwords.
Here are a few ways to protect against malicious software:
- Firewall: A control on networks to keep them secure by building a bridge between the internal and external network (i.e. Internet) that is not assumed to be secure. Firewalls can be either software or hardware based.
- Anti-Malware Protection: Software that can be used to prevent, detect, and remove malware that may harm your computer like viruses, worms, and Trojans.
- Anti-spyware Protection: Spyware can collect information on the computer without the user’s knowledge. To protect your computer from being infected, use an antispyware program that can identify spyware on your computer and remove it.
- Key Logger Detection: Key logging detection is surveillance software that records each keystroke you make on your computer to gain access to personal information. Be sure your antivirus protection detects this type of intrusion.
- Keep Software and Security Patches Up-to-date: Use the latest version of a web browser or online security software and keep it up to date for the highest level of security.
For more information on how to protect your computer, refer to your local technology service professional to ensure your malicious software protection is up to date.
Secure Socket Layers (SSL)
As technology develops, count on us to look for sophisticated ways to keep our website and its products and services safe and secure. Hills Bank and Trust Company uses several layers of security technology to enforce the confidentiality of your visit to our website, and to Hills Bank Online. The first layer is browser encryption. Hills Bank and Trust Company strongly recommends using the latest version of whichever browser you use. The latest versions often incorporate the most secure connection, 128-bit encryption. Downloading a newer version of your browser is quite simple and often can be done at no charge to you.
Secure browsers utilize secure socket layer, or SSL, technology to communicate with servers. When sending information to us at the bank, SSL technology scrambles, or encrypts, your information so that it is virtually impossible for anyone other than us to read it.
SSL works in three ways:
- It creates a secure communication channel by encrypting all communication between the user and the server.
- SSL verifies that the server you are connected to is the same server it claims to be. That way you are assured that you are really communicating with the bank, and not someone trying to intercept your message or transaction.
- A cryptographic word count is conducted to ensure integrity of the data between the server and the user. This word count gives a count of the number of bytes in a document and ensures the correct number of bytes are both transmitted and received. By using SSL, even the word count is scrambled so no one can make changes to it. If a message is not received in full, the message is rejected. Another copy of the message is sent automatically.
For these reasons, SSL encryption is the leading encryption method available today. Depending on your browser, when you are on a secure page, a padlock will appear on your screen (often in the lower right hand corner). This is a quick way of knowing your information is being encrypted and you should see this whenever you are entering your personal information. When using Hills Bank Online, you will see a padlock from the time you click Login until you exit Hills Bank Online. All the pages of this service are secure.
The second layer of security rests within the features of Hills Bank Online. When you sign up for the service, you are assigned a computer generated ID number. You have the ability to change that to whatever you want. Your original 12-digit number will always work for you but you are in control of your ID. The PIN that is used to get into Hills Bank Online is initially the last four digits of your social security number. When you first sign on, you will be forced to change that PIN to a 6-8 digit alphanumeric PIN. Hills Bank Online requires you to change your PIN at least once every three months. You have the ability to change your PIN more often if you feel the need.
We don’t display any of your personal information on Hills Bank Online other than your name. Since we use Pseudo Account Names, your account numbers do not appear online. Your social security number will never appear in Hills Bank Online, nor will your address, or your date of birth. This is another way that we are committed to making your online visit as safe and secure as possible.
Cookies are small pieces of data that are sent to your browser from a web site. Each time you go back to that web site, your browser will remember the information. The cookie is returned ONLY to the web site that sent it originally and no one else can view it.
Enabling your computer to accept cookies varies by browser. Click to read the instructions for the following browsers:
Links to Other Websites
While visiting HillsBank.com, you may use links we have posted on our site. These links will take you out of our site. While we believe these to be reputable sites, we are not responsible for the content on those sites or for anything that occurs after leaving HillsBank.com. The quality and dependability of these third party sites may vary as they are updated or altered. Any site linked to and from Hills Bank and Trust Company’s site is independent from us and because of this, Hills Bank and Trust Company has no control over the products, services, materials, or any other information contained in or available through these third party web sites. Access to these sites are at the user’s own risk.
Disclosing Information to Financial Aggregators
There are many e-businesses that offer to consolidate all of your financial information to just one web site and while that sounds convenient, you should take precautions with this service. Many financial organizations suggest using personal financial software such as Quicken® or Microsoft Money® instead of the online account aggregators. Prior to enrolling in aggregation services, you should carefully read the terms and conditions statement the aggregator provides you. Make sure you understand these before giving any of your login information to a third party. This is especially important because we at the Bank may not be able to monitor intrusion to your accounts if the password (e.g. Hills Bank Online ID and PIN) is given to others.
Smart phones, tablets, notebooks, and mobile devices with online capabilities are more common than ever. These mobile devices are capable of storing and processing information just like a computer. It's important to protect your mobile devices just as you would your computer to prevent identity theft and loss of personal information.
- Always install updates to applications and firmware on your mobile device. If you don't do this, it increases the risk of having your mobile device compromised.
- Always wipe your mobile device when you sell it or trade it in to avoid leaving personal data.
- Check to see if your smartphone's operating system has encryption capabilities that can protect your personal data in case of loss or theft.
- Do not leave your mobile device unattended and keep it in a secure place, especially when not in use.
- If available, install mobile security software on your mobile device.
- Just as you would on your computer, don't click links or download software from unknown sources to avoid malware.
- Protect your mobile device by enabling a power-on password and screenlock feature to protect the contents.
- Turn off the ability for your mobile device to connect to unknown wireless networks.
- Turn off geo-location services if they are not necessary on your mobile applications.
- Turn off features of your smartphone that are not needed. This reduces the number of places where your phone could be vulnerable to attack.
- Remember, downloading applications may require access to personal information, so only download apps to your mobile device that you know and trust.
Set up Hills Bank Online alerts to receive alerts for low balances, for specific transaction amounts or checks, or for password changes. You can choose alerts be sent to email or your phone. It's a great way to track account changes and your finances.
Social Media Security
As the popularity of social media sites soars, so does the number of thieves who want to exploit social media to steal your personal information. Below are tips to keep in mind when using social media sites.
Type the URL of the social media site you are visiting. Get into the habit of going directly to the website you are visiting versus clicking an email link. If you click a link through email or another website, it could be a phishing technique used by a hacker.
Use caution when posting information about yourself. Hackers often break into accounts by clicking the “Forgot your password?” link on the account login page and searching for answers to security questions like your birthday, hometown, high school information, etc. If possible, create your own password questions.
Don’t allow social media sites to scan your email contact list. Typically, when you join a social media site, you are offered to enter your email address and password so you can automatically connect with everyone in your email contact list. When you do not allow the site to scan your contact list, you protect your friend’s email addresses in the event your account is hacked.
Be selective. Not only should you be selective about who you friend on social networking sites, but also be selective about what you post. Thieves will go to great lengths to find personal information. Not only should you not post personal information, but don’t let friends know when you’re out of town, where you do your banking, what credit cards you use, etc. You may trust your friends, but do you trust your friends' friends?
Know the privacy policies and privacy settings of the social media sites you belong to. You may think only friends can see your posts, but if your privacy settings are set to allow friends of friends to see your information, you may be unknowingly letting strangers know more about you than you thought.
Think twice before installing third-party applications. Many social networking sites allow you to download third-party applications. When you install third-party applications, you are allowing an unknown party to send emails, post on your wall, and access your information on your behalf. Sometimes thieves use these applications to steal your personal information.
Keep your browser and security software up-to-date. Typically, the newer the browser, the more security features it has. Older browsers tend to have more security flaws that hackers have discovered. Also, consider having security updates automatically installed on your browser and in your security software versus having to manually install updates.
Protect Your ATM, Credit, and Debit Cards
ATM, credit, and debit cards are fast, easy, and convenient to use. Unfortunately, thieves use a wide variety of scamming techniques to try to gain access to your accounts. Protect your ATM, credit, and debit cards like you would protect your cash. Just as you wouldn't leave cash unattended anywhere, don't leave your bank cards unattended. Keep a record of all your ATM, debit, and credit card numbers, expiration dates, and the lost or stolen number of each card in a locked and secure place so if your card is lost or stolen, you can immediately call the bank or credit card company to get it canceled.
And don't forget, as soon as you get your card, sign the signature panel on the back of the card so merchants can verify a valid signature.
Ways Card Fraud Occur
In order for fraud to occur, a thief needs the magnetic stripe information on the back of your card and your PIN number for an ATM or debit card. However, some debit card transactions can be run as credit, so a thief doesn't always need the PIN in order to fraudulently charge your account. If your card is stolen or duplicated, common methods used to steal or duplicate cards and obtain the PIN include:
- Easily Identified PINs for ATM and Debit Cards: Do not write your PIN down; this number should be memorized. Avoid using a PIN that is your birth date, birth year, or based on any information that can be found in your wallet. This includes easily identifiable PINs like your initials, telephone number, or social security number. Never disclose your PIN number to anyone. No one should ever ask you for your PIN, including cashiers helping you with a transaction or Hills Bank employees.
- Skimming Techniques: Thieves use skimming techniques to install hidden devices on ATM or cash machines to obtain card information and PIN numbers. Oftentimes, these devices are attached directly to an ATM card insert slot as well as a camera that is used to record the card owner entering their PIN number. Thieves also use devices designed to jam your card into an ATM, and will disguise themselves as a helpful stranger who watches as you input your PIN a few times, but the card remains stuck. After you leave, the thief will remove your card and have your PIN. Be sure to carefully observe ATMs for fraudulent devices and be aware of your surroundings when conducting transactions.
- Phishing: Thieves use phishing techniques to send unsolicited and urgent emails that appear to come from a bank or legitimate organization asking to provide card information and the PIN number. Then, they use the information to make unauthorized transactions. If you are ever in doubt about the authenticity of an email, call the company directly and ask if they are aware of the email being sent on their behalf. Please remember that Hills Bank will never send you an email asking for personal information.
If you ever receive a suspicious email, see something suspicious on an ATM machine, or have lost your ATM, credit, or debit card; contact Hills Bank immediately at 1-800-445-5725 (1-800-HILLSBK).
Ways to Protect Your Cards
There are several ways to protect your personal information and cards from fraudulent charges.
- Carefully Watch Credit Card Transactions: Keep an eye on your credit card transactions, void incorrect receipts, and destroy carbon copies. When signing credit card receipts, write "0" or draw a line through any blank spaces above the total, especially in instances where there are blank spaces for tips.
- Online Shopping on Secure Websites: If you're using your card online, be sure the website you're visiting is secure and has "https://" in the URL before you enter any information. Sometimes websites even have a tiny icon of a padlock to symbolize a higher level of security, and although it's not a guarantee of a secure site, it may provide assurance.
- Online Statements: Signing up for electronic statements not only provides you with your account statement the day after it's generated at the bank, but it also prevents your mail from being intercepted and credit card information from being stolen.
- Photo ID Cards: If possible, get a card with your photo on it. Use a straight-on full-head image and zoom in on your face. Do not wear sunglasses or other items that could detract from your clear identity. Use a photo with a light, single-colored background for best results. Make your Hills Bank card a photo ID card with our Picture Perfect website.
- Reconcile Accounts Monthly: Once you have received your credit card or account statement, reconcile it promptly. Save credit or debit card receipts to compare with your credit card statement.
- Set Alerts Online and with Mobile Applications: With online banking, you can set alerts through email or text to be notified of activity in your Hills Bank Online accounts.
Don't let fraud, pickpockets, or identity theft ruin your next vacation. The following tips will help protect your wallet, valuables, identity, and financial information while traveling.
Credit Card Purchases: Alert your credit card company of travel plans as well as a lost or stolen card as soon as possible. The sooner the better, so be sure to carry the Hills Bank lost or stolen credit card number or download the Important Card Information brochure, and keep it in several places so it won't be lost or stolen either. Another precaution is to pack a backup card and secure it in a hotel safe, so if one is lost or stolen, you will have a backup to pay for hotel rooms or other large purchases.
Be Careful with Your Debit Card: When using a debit card, keep in mind it is linked directly to your checking account, so it's important to know what is leaving your account at every transaction. Immediately contact the Hills Bank lost or stolen debit card number if yours is lost or stolen so we can cancel the card and limit fraudulent withdrawals. Hills Bank has designed an Important Card Information brochure so you can print and keep these phone numbers with you.
Make Copies of Important Financial Information: Make copies of all cards you will have on your trip, your passport data page, and travel itinerary. Carry only what you need, and do not carry anything with your social security number. If you must carry a card with your social security number on it, make a copy of it and black out the last four digits. Take the copy and leave the card at home. Also, leave copies of everything with a trusted friend or family member while you are gone.
Alert Hills Bank and Your Credit Card Company about your Travel Plans: Remember to alert Hills Bank and your credit card company about your travels. If you don't remember to do this, we may think a thief—not you—is making purchases and we could freeze your card. This is especially imperative for travel outside the United States.
Protect your Hard-Earned Cash: Take only the cash you need for the day and leave the rest. Use the hotel safe to secure your cash and valuables including your computer, camera, jewelry, mp3 player, and other valuables. Be sure to split up your money while you are traveling: carry some in your wallet, some in your belt, and some in your sock as a precautionary step. Be aware of your surroundings and be particularly alert in crowds and in taxis. It is easy to become distracted, let your guard down, and be an easy target for a pickpocket or thief attempting to steal your luggage.
For International Travel: Take several forms of payment in case one is not accepted, is lost or stolen, or is deactivated while out of the country. Some countries have converted to EMV (Europay, MasterCard® and VISA®) cards outfitted with microchips for better security. Hills Bank also has prepaid VISA cards as an alternative to your regular debit/credit card. Take US currency or foreign currency with you and if you need additional currency, you may be able to use your ATM or debit card to get cash at an ATM.
For more information and tips for traveling abroad, visit travel.state.gov.
For Business Travel: If your employees need to travel for work, especially internationally, consider purchasing a travel laptop and travel pay-per-use phone for your business. Make sure these devices carry as little information as possible in the event they are lost or stolen.
Make sure your employees are aware of the risk of connecting to public networks. Even if employees travel with a clean computer and wipe it upon their return, hackers could still capture what is typed in emails or username/password fields if connected to a public network. Educate employees to avoid sensitive information like logging into financial accounts or business accounts while on public networks. After the laptop is returned, have the computer cleaned and then restored back to default settings in order to delete malware or suspicious code.
When you return from your vacation, carefully review your purchases within online banking. Don't wait for your monthly statement to review your balances.
For any questions regarding your debit and credit cards, contact Hills Bank at 1-800-445-5725 (1-800-HILLSBK), or email HillsBank@hillsbank.com.