Education & Security - Tools & Resources | NPESB

What are Online Banking user ID and password guidelines?

Create a “strong” password with at least 12 characters that includes a combination of mixed case letters, numbers, and special characters.

Change your password frequently.

Never share username and password information.

Avoid using an automatic login feature that saves usernames and passwords.

What are Online Banking general guidelines?

Do not use public or other unsecured computers for logging into Online Banking.

Users should check the last login date/time every time they log in.

If the system does not recognize your computer or location, you will be asked to provide additional information. This may include Authentication via phone or SMS text message or answering more sophisticated challenge questions.

Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.

View transfer history available through viewing account activity information.

Whenever possible, use Bill Pay or ACH instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.

Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.

Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.

Never leave a computer unattended while using Online Banking.

Never conduct banking transactions while multiple browsers are open on your computer.

What are Mobile Banking general guidelines?

Keep your mobile device secure.

Use password protection or biometric authentication.

Do not store passwords in notebook apps, instead use a password manager app.

Exclusively download apps from trusted sites like Apple’s App Store or Google Play.

Always update your apps and device software when new versions become available.

Always use a secure connection.

Avoid using public WIFI networks when logging into your banking app.

Consider additional protection.

Anti-virus and anti-malware apps are available.

What are some tips to Avoid Phishing, Spyware and Malware?

Do not open email from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer.

Never respond to a suspicious email or click on any hyperlink embedded in a suspicious email.

If an email claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.

Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.

Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.

Ensure computers are patched regularly, particularly operating system browsers and key applications.

Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.

Check your settings and select, at least, a medium level of security for your browser.

Clear the browser cache before starting any Online Banking session to eliminate copies of web pages that have been stored on the hard drive.

Be advised that you will never be presented with a maintenance page after entering login credentials. Legitimate maintenance pages are displayed when first reaching the URL and before entering login credentials.

Online Banking does not use pop-up windows to display login messages or errors. They are displayed directly on the login screen.

Online Banking never displays pop-up messages indicating that you cannot use your current browser.

Online Banking error messages never include an amount of time to wait before trying to login again.

Be advised that repeatedly being asked to enter your user ID or password are signs of potentially harmful activity.

What are some tips for wireless network management?

Change the wireless network hardware (router/access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.

Disable remote administration of the wireless network hardware (router/access point).

If possible, disable broadcasting the network SSID.

If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.

If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.