First National Bank of Tennessee Bank Contact

It is important to contact First National Bank of Tennessee in the event you discover suspicious account activity, you have lost your debit card, or if your online banking credentials are compromised. Your account is protected against fraudulent transactions in a number of ways, so monitor your account balances and transactions frequently. If you want to report suspicious activity in your account(s), or if you have questions about the security of your account(s), you can call us at: (888) 777-9798.

UNSOLICITED CUSTOMER CONTACT

First National Bank of Tennessee will never call, text, or email customers asking for account numbers, pin numbers, or online banking credential (i.e. user IDs, one-time security codes, passwords, etc.). If you receive any type of communication and you are unsure if it is First National Bank of Tennessee, do NOT provide any account or personal information. Please call us immediately at (888) 777-9798 or visit us at your local office.

First National Bank of Tennessee will only contact customers on an unsolicited basis for the following reasons:

• Suspected fraudulent activity on your account
• Inactive/dormant accounts
• To notify you of a change or disruption in service; or
• To confirm changes submitted to your online banking profile

IDENTITY THEFT

What is identity theft?

Identity theft involves the unlawful acquisition and use of someone’s identifying information such as:

• Name
• Address
• Date of Birth
• Social Security Number
• Driver’s License
• Bank or Credit Card Account Number
• Personal Identifiable Number (PIN)

Thieves then use the information to repeatedly commit fraud in an attempt to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, social security benefits, renting an apartment, and establishing services with utility and telephone companies. It can have a negative effect on your credit and create a serious financial hassle for you.

Methods of Identity Theft

Phishing

Phishing is the attempt to acquire sensitive information by pretending to be a trustworthy entity in an electronic communication.

Tips to identifying a Phishing email

• Unsolicited email that requests personal identifying information
• Awkward greeting
• Urgent call to act – “We’re updating our records”, “We’ve identified fraudulent activity on your account,” or “valuable account and personal information was lost due to a computer malfunction.” Usually, the e-mail also contains a threat to close your accounts.
• Source code points to a different website that the alleged sender – The link looks official, but when your mouse curser rolls over it the link source code points to a completely different website.
• Typos & Incorrect Grammar

Ransomware

Ransomware is a type of malicious software cyber criminals use to deny access to systems or data until a ransom is paid. Paying the ransom is discouraged because there is no guarantee your system or data will be released and there is an increased risk of being a future target.

Business E-mail Compromise

Business e-mail compromise is a type of scam targeting companies who conduct wire transfers or have suppliers abroad. Cyber criminals spoof the email accounts of high-level employees and request/conduct fraudulent transfers.

Account Takeover

Account takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts.

HOW DO I PROTECT MYSELF?

Digital Banking Security

First National Bank of Tennessee uses the latest technology to secure your information when transmitted over the internet. Encryption standards such as TLS and trusted certificates are used to protect your information when transferred between your computer and the bank.

Online Security

• Never share your user ID or password over the phone, in texts, by email, or in person. If you are asked for your password it’s probably a scam.
• Never click suspicious links in emails, on social media posts, or via online advertising. Links can take you to a different website than the labels indicate. When in doubt, do not click.
• Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information, when possible.
• Protect your data by only submitting sensitive information to websites that encrypt your data. Make sure the URL begins with https:// instead of just http://. (The “s” means your data will be encrypted when you submit it.) Some browsers also display a closed padlock.
• Always be cautious if you receive an unsolicited phone call, text, or email directing you to a website or requesting sensitive information.

Passwords

• Make it unique. Create a unique password for each website you use. If you do not, one breach leaves all your accounts vulnerable.
• Make it complex. The longer the password, the tougher it is to crack. Use a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using standalone dictionary words and personal information (e.g., names, dates, etc.) in your password
• Do not share. Never share your password over the phone, in texts, by email, or in person. If you are asked for your password, it is probably a scam.
• Use a password vault. Choose passwords you can remember without writing it down. If you cannot remember all your passwords, consider using a password vault.

Computer Security

• Maintain active and up-to-date anti-malware protection provided by a reputable vendor. Schedule regular scans of your computer, alongside real-time scanning, when possible. If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information. Use a security software and/or seek professional help to find and remove the malware.
• Update your computer software frequently to ensure you have the latest security patches. This includes your computer’s operating system, as well as other installed software (e.g., web browsers, Adobe programs, Microsoft Office, etc.). Automate software updates, when possible, to ensure it is not overlooked.
• Keep your computer in a secure location. Do not leave laptops unattended in untrusted locations (e.g., car, restaurant, airport, etc.).

Mobile Device Security

• Enable available security features, such as biometrics (e.g., fingerprint scanner, facial recognition, etc.), auto-lock after a certain amount of time, and auto-wipe after a number of failed passcode attempts.
• Create a complex passcode for your mobile devices. Avoid using personal information (e.g., names, dates, etc.) in your passcodes. Do not share your passcodes with anyone.
• Keep your device up to date. Install new updates as soon as you can to fix any identified security vulnerabilities.
• Do not root, jailbreak, or otherwise circumvent security controls on your device. Install anti-malware, when possible.
• Lock your device’s screen anytime you are not using it, so it must require authentication before the device can be used again.
• Before disposing of your mobile device or when changing ownership, delete all information from the device. Use a “factory reset” to permanently erase all content and settings stored on the device.

Advanced Login Authentication

Advanced Login Authentication (ALA is a security system in which more than one form of authentication is implemented to verify the legitimacy of the transaction). First National Bank uses four different methods to validate its consumer online banking customers at sign on:

1. User ID and Password
2. Complex Device Profiling – During login, extensive details about your device and network are gathered and evaluated for consistency with your typical behavior and for any indication that fraud could be involved in the login. The end result is used to determine the next step in the login process, if necessary. This includes devices such as computers, tablets and smartphones.
3. Step Up Authentication – Based upon the results of the device profiling, the system may require additional authentication. Out-Of-Band Authentication requires you to authenticate through the use of a one-time security code. The interaction occurs outside the online banking channel either using an automated voice call, or a text message to a mobile device.
4. Out-of-Wallet Questions – allows the customer to authenticate using a four question, multiple choice quiz that is dynamically created from over 50 sources of public record data. The customer must pass the quiz to proceed. For customers that do not have a Social Security Number on record, such as business users, an alternative Out of Band solution is provided.

Alerts

Set up alerts to stay on top of various activities and transactions related to your account. Real-time notifications will be sent via email, text message, or both when an alert is triggered. By enabling activity alerts, you can stay vigilant about your finances, detect potential fraud or unauthorized transactions early, and maintain better control over your financial well-being. Alerts include:

• Login Failures
• Contact Information Changed
• Username and Password Changes
• Debit Card Controls & Alerts (Mobile Banking Only)

Identity Theft Tips

Identity theft occurs when someone uses your personal information such as social security number, account number or credit card number, without your permission, to commit fraud or other crimes.

• Do not open suspicious emails and do not click on suspicious links
• Be skeptical of email messages or text messages, for example, from someone unlikely to send an email or text such as the IRS
• Shred all documents that contain confidential information, receipts, credit card solicitations, expired cards, statements, bills and invoices that contain personal information, and pay stubs.
• Review your monthly statement promptly and carefully
• Don’t give private information to anyone unless you are positive you know the person and they have legitimate reasons for asking
• Periodically check your credit report. Federal law allows you to get a free copy of your credit report every 12 months from each credit reporting company. It is important to ensure that the information on all your credit reports is correct and up to date. Visit annualcreditreport.com to obtain your free annual credit report today! Reviewing your credit report can help you find out if someone has opened unauthorized financial accounts, or taken out unauthorized loans, in your name. If you find inaccuracies on your credit report, you should dispute the inaccurate information directly with the consumer reporting agency and maybe even with the provider of the information.:
  • Equifax: (866) 349-5191
  • Experian: (888) 397-3742
  • TransUnion: (800) 916-8800
• Use different passwords on all accounts. Never give your passwords to anyone
• Do not write pin numbers on debit cards
• Cancel old and unwanted cards

EFT

How Does the Electronic Funds Transfer Act (also known as Regulation E) Apply to Your Accounts with Online Access?

Regulation E is a consumer protection law for accounts established primarily for personal, family, or household purposes. It protects individual consumers engaging in electronic funds transfer (EFT). Non-Consumer (or business) accounts, such as Corporations, Partnerships, and Trusts etc. are not protected by Regulation E.

What is an EFT?

• Point-of-Sale Transactions
• Automated Teller Machine transfers (ATM)
• Direct deposit or withdrawals of funds
• Transfers initiated by telephone
• Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal
• Transfers initiated through Online Banking/bill pay

Exclusion from Regulation E Protection

• Checks
• Check guarantee or authorization
• Wires or other similar transfers through Fedwire
• Securities and commodities transfers
• Automatic transfers by account-holding institutions
• Any preauthorized transfer to or from an account if the assets of the account holding financial institution were $100 million or less on the preceding December 31 and
• Telephone – initiated transfers. Any transfer of funds that:
  • Is initiated by a telephone communication between a consumer and a financial institution making the transfer; and
  • Does not take place under a telephone bill payment or other written plan in which periodic or recurring transfers are completed

CORPORATE CUSTOMER AWARENESS

Businesses are not protected under Reg E; therefore, they need to be diligent in reviewing their periodic statements. In addition to the information provided regarding “Digital Banking Security,” businesses also need to have multiple controls in place to monitor their online banking accounts and users. As a non-consumer (or business) customer, you should perform a periodic assessment to evaluate the security and risk controls you have in place. The internal risk assessment & controls evaluation should be used to determine the risk level associated with any online activities the non-consumer performs and any controls in place to mitigate these risks.

Tips:

• Create an Acceptable Use Policy (AUP), if you don’t already have one, and require your employees to sign at least annually
• Require each employee who uses Online Banking to go through security awareness training at least annually
• Run background checks on all employees prior to hire
• Ensure all computer systems have up-to-date antivirus software
• Implement a process to ensure software updates and patches are applied frequently
• Implement an Intrusion Detection/Prevention System to protect your network
• Restrict Online traffic on the systems used for online activities
• Implement an email SPAM filter to help eliminate potentially harmful or unwanted e-mail messages from making it to the end users’ inboxes
• Configure workstations to auto lock after a period of inactivity
• Secure wireless traffic using industry approved encryption