CUSTOMER ANNUAL NOTIFICATION

Plaquemine Bank and Trust Company is required to notify its customers annually of the following information. Please retain this document for your reference!

Loan Customers

Proof of Insurance

Proof of Insurance, naming Plaquemine Bank and Trust Company as "Loss Payee," is required for all loans secured by collateral other than cash.

Online Banking Fraud Prevention Best Practices

Loan Customers

Proof of Insurance, naming Plaquemine Bank and Trust Company as "Loss Payee," is required for all loans secured by collateral other than cash.

User ID and Password Guidelines

  • Create a "strong" password with at least 8 characters that includes a combination of mixed case letters and numbers and special characters.
  • Change your password frequently.
  • Never share username and password information with third-party providers.
  • Avoid using an automatic login feature that saves usernames and passwords.

General Guidelines

  • Do not use public or other unsecured computers for logging into Online Banking.
  • Check your last login date/time every time you log in.
  • Review account balances and detail transactions regularly (preferably daily) to confirm payment and other transaction data and immediately report any suspicious transactions to your financial institution.
  • View transfer history available through viewing account activity information.
  • Whenever possible, use Bill Pay instead of checks to limit account number dissemination exposure and to obtain better electronic record keeping.
  • Take advantage of and regularly view system alerts; examples may include:
    • Balance alerts
    • Transfer alerts
    • Password change alerts
  • Do not use account numbers, your social security number, or other account or personal information when creating account nicknames or other titles.
  • Whenever possible, register your computer to avoid having to re-enter challenge questions and other authentication information with each login.
  • Review historical reporting features of your online banking application on a regular basis to confirm payment and other transaction data.
  • Never leave a computer unattended while using Online Banking.
  • Never conduct banking transactions while multiple browsers are open on your computer.

Tips to Protect Online Payments & Account Data

  • Take advantage of transaction limits.
  • When you have completed a transaction, ensure you log off to close the connection with the financial organization’s computer.
  • Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.
  • Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis. Account Transfer
  • Use limits provided for monetary transactions
  • Review historical and audit reports regularly to confirm transaction activity.
  • Utilize available alerts for funds transfer activity.

Account Transfer

  • Use limits provided for monetary transactions
  • Review historical and audit reports regularly to confirm transaction activity.
  • Utilize available alerts for funds transfer activity.

Tips to Avoid Phishing, Spyware and Malware

  • Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an e-mail.
  • If an e–mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update all of your computers regularly with the latest versions and patches of both anti-virus and anti-spyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Install a dedicated, actively managed firewall, especially if using a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to your network and computers.
  • Check your settings and select, at least, a medium level of security for your browsers.
  • Clear the browser cache before starting an online banking session in order to eliminate copies of Web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser’s preferences menu.

Tips for Wireless Network Management

Wireless networks can provide an unintended open door to your business network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:

  • Change the wireless network hardware (router /access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.
  • Disable remote administration of the wireless network hardware (router / access point).
  • If possible, disable broadcasting the network SSID.
  • If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.

If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access.

Consumer Account Take-Over Fraud

Identity theft related to financial fraud is a top concern for banking customers and banking institutions in all parts of the world. In fact, identity theft is the fastest growing type of fraud in the United States and many other developed countries.

Account takeover fraud is one of the two basic forms of financial identity theft (the other being application fraud), and it occurs when a fraudster obtains and uses a victim’s personal information to take control of existing bank or credit card accounts and carries out unauthorized transactions against them. Application fraud occurs when a perpetrator uses someone else’s personal information to establish new accounts.

Fraudsters employ a variety of techniques to obtain the personal and financial information typically needed to take control of existing accounts. Obtaining such information can be as simple as dumpster diving or cold calling. Alternatively, fraudsters may use more technology–reliant methods, such as phishing, SMiShing, or establishing fake websites to collect payment details. (NOTE: SMiShing is the use of Text Messaging instead of emails to gain access to your account information)

The following list provides some useful methods to protect against identity fraud:

  • Always check bank and credit card statements for inaccuracies.
  • Check your financial information regularly, looking for what should and should not be there.
  • Order and check your credit report at least once a year.
  • Before providing personal information, make sure the individual or business requesting it has a valid reason for requiring the information.
  • Never write your credit card numbers or Social Security number on checks or on the outside of envelopes.
  • Do not put your Social Security number on any document unless you are legally required to do so.
  • Do not give account numbers over the telephone or to persons/companies you are not familiar with.
  • Do not use cordless or cellular telephones or e-mail to transmit financial or private personal information.
  • Keep all financial documents in a secure place.
  • Purchase a shredder, and use it!
  • If you have your driver’s license information pre-printed on your checks, shred canceled checks before discarding them.
  • Shred pre-approved credit applications, statements, or bills that contain personal information.
  • Shred any papers with financial information and identifiers rather than simply throwing them in the trash.
  • Have yourself taken off "pre-screened lists."
  • Mail bills from the post office or your business.
  • Consider having your name, telephone number, and/or address removed from the telephone directory.
  • Do not provide personal information over the telephone unless you initiated the call and know who you are speaking with.
  • If telemarketing companies call, tell them: "Under the federal Telephone Consumer Protection Act, I want to be on your ’do not call’ list."
  • Keep your birth certificate in a safe place.
  • Make sure your computer security (spam filters, virus protection, firewall, passwords, etc.) is robust and up-to-date.
  • Choose passwords that will be difficult to crack and use different passwords for all accounts.
  • Change passwords and PIN codes often.
  • Use different PIN numbers for all of your cards.
  • Do not store your PIN numbers on mobile phones or laptops.

The FDIC, OFI, Internal Revenue Service, Better Business Bureau, NACHA and almost any other organization asking a customer to install software, provide account information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed or information is provided. While Plaquemine Bank does have a smart phone app, the customer must adhere to the Online Baking access protocols and contact our bank prior to downloading the banking application.

Phone calls and text messages requesting sensitive information is likely fraudulent. If you are in doubt, account holders should contact the organization at the phone number you the customer obtained from the organizations web site, Google search or by any means other than the number provided in the call or text.

Corporate Account Takeover

What is Corporate Account Takeover?

Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable

Corporate account takeover is a growing threat for small businesses. It is important that businesses understand and prepare for this risk.

Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.

Employee Education is Essential, but is Missing the Mark

You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.

Ninety two percent of respondents to a recent survey indicated employee education of small business employees was effective in reducing the threat of account takeover. However, nearly 80 percent of respondents to a small business survey said they had no formal internet security policy, with almost half indicating they provide no internet safety training to employees.

How do I protect myself and my small business?

The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.

A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:

  • Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically. Educate and Train your employees
  • Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
  • Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
  • Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

Additional Measures You Should Take

  • Secure your computer and networks
  • Limit Administrative Rights–Do not allow employees to install any software without receiving prior approval.
  • Install and Maintain Spam Filters
  • Surf the Internet carefully
  • Install & maintain real-time anti-virus & anti-spyware desktop firewall & malware detection & removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
  • Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
  • Install security updates to operating systems and all applications as they become available.
  • Do not open attachments from e-mail. Be on the alert for suspicious emails.
  • Do not use public Internet access points
  • Reconcile Accounts Daily
  • Note any changes in the performance of your computer
  • Dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups, etc.
  • Make sure that your employees know how and to whom to report suspicious activity to at your Company & the Bank
  • Contact the Bank if you:
    • Suspect a Fraudulent Transaction
    • If you are trying to process an ACH Batch & you receive a maintenance page.
    • If you receive an email claiming to be from the Bank and it is requesting personal/company information.

We strongly encourage our corporate customers to use the following list of websites as resources to better enhance their policies and practices.

PCI Compliance – Debit Cards, Credit Cards
https://www.pcisecuritystandards.org/security_standards/index.php

The Better Business Bureau’s website on Data Security Made Simple
http://www.bbb.org/data-security

The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information:
http://community.sba.gov/community/blogs/community-blogs/business-law-advisor/how-small-businesses-can-protect-and-secure-customer-information

The Federal Trade Commission’s (FTC) interactive business guide for protecting data:
http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html

The National Institute of Standards and Technology’s (NIST) Fundamentals of Information Security for Small Businesses:
http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf

The jointly issued "Fraud Advisory for Businesses: Corporate Account Takeover" from the U.S. Secret Service, FBI, IC3, and FS-ISAC available on the IC3 website
http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf or the FS-ISAC website http://www.fsisac.com/files/public/db/p265.pdf

NACHA – The Electronic Payments Association’s website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers
http://www.nacha.org/c/Corporate_Account_Takeover_Resource_Center.cfm

Tips to Protect Your ATM and Debit Card(s)

Plaquemine Bank would like to provide you with measures to protect your card(s) from fraudulent activity. Here are a few tips:

Never share your PIN with anyone; never give out your PIN in response to an email; shield your PIN when using it, choose an PIN password that is not obvious; never write your PIN on your card and if you lose your ATM or Debit Card immediately call 1-800-554-8969 or during business hours 225-687-6388.

Here are 10 ways a criminal could potentially gain access to your ATM or Debit Card:

  1. Steal cards
    The simplest way for a criminal to get card data is to steal someone’s card. To get the PIN, the thief might shoulder surf or guess a weak password, such as a birthdate.
  2. Steal machines
    A criminal might decide to steal either an ATM or POS terminal. Cash can be pulled from the ATMs, but both types of machines could store card numbers if misconfigured. A stolen machine is also valuable in order to learn about weaknesses or ways to physically attack it.
  3. Offline account takeover
    Breaking into mailboxes and stealing bank statements or other personal information can let a criminal conduct identity theft. Often they’ll try to change the victim’s mailing address with the bank, order a new card, and activate it. If the bank has good processes in place that are adhered to, then this type of attack can be stopped.
  4. Separate skimming device
    If a deft criminal can get a hold of a card for a few seconds, then they can swipe it through a reader and get its data.
  5. Overlaid skimming devices
    In this case, the criminal places a card reader over the machine’s intrinsic reader. They might also attach a video camera or a pin–pad overlay to capture the PIN.
  6. Internal skimming devices
    More capable criminals could place a skimming device inside a terminal, such as at a gas pump. The skimmer intercepts messages on the data lines, and is tough to detect without opening up machines.
  7. Hijacked terminals
    A terminal can be hijacked by replacing the operating system with a compromised one. An avenue of attack might be available for those ATMs with remote control capabilities that are left in the default (and insecure) settings. Stolen machines might also be modified and then used to replace an existing, non–compromised terminal.
  8. Ghost ATMs and fake fronts
    Why add a skimming device to a real terminal when you can just use your own fake one? Criminals have been known to place fake, modified terminals in public spaces where victims will use their cards but receive communication error messages. In reality the terminal has captured card data and PIN, and stored it for later retrieval.
  9. Buying the data
    With so many means of attack, there is a glut of card information on the market. Lazy criminals can simply buy card data, starting at $1 or less. Quality costs extra, but in the underground marketplace there are products for everyone.
  10. Data breaches
    Capable hackers are able to crack the security on merchants and other card data holders, and access large volumes of card data. With the heightened awareness of cybercrime, the industry has made strides in using more secure techniques for storing data (or in many cases, ensuring that they don’t store it). This has made it harder for criminals, but there are still many opportunities for attacks.