Online Banking Security
Online banking is a great, free, and convenient service offered to help you manage and monitor your bank accounts and finances. While it has become a popular and widespread service offered by almost all banks and financial services providers, like everything, it is not without its risks. To help you understand and minimize these risks, below are some helpful tips and steps you can take to protect the security of your online banking experience.
Computer, Mobile Device, Browser, & Network Security
The first line of defense is to make sure the computer and/or mobile device you use to access your accounts online is well protected. We recommend keeping your operating, security, and browser software up to date, as well as installing and regularly updating anti-virus and other protection programs. To learn more, please review Computer Security Basics.
Network security and integrity is also important, especially on mobile and Wi-Fi enabled devices. We recommend using only trusted networks, and if you use a Wi-Fi network environment in your home, be sure it is password protected to prevent unauthorized access or use.
Authentication & Layered Security
The next step in safely accessing your accounts begins with the authentication process. This is the process used to verify your identity and confirm your account authorization access. To help protect you and deter fraud, we use multi-factor authentication and layered security. Multi-factor authentication uses more than one method to verify your identity. For example, when you use your ATM card, you are utilizing multi-factor authentication. Factor number one is something you have: your ATM card; factor two is something you know: your Personal Identification Number (PIN).
In the online banking environment, after your initial enrollment and each time you login from a new or unrecognized computer, you are prompted to register your login ID with your computer. Registering your login ID with your computer allows the system to place a secure token or cookie on your computer that is used to identify you on future visits. This token and your login ID are things you have, or factor one. Please note: we recommend only registering your personal or other trusted, private computers and devices. You should not register your login ID on a public or shared computer at a café or library, etc.
Additional factors include challenge questions and your password. As mentioned above, we identify you by checking the computer(s) that you are using to access our Web site. Should you need to login from a new or different computer, however, we will take additional steps to verify your identity, through a series of challenge questions that you select and answer at the time of enrollment. Our challenge questions are designed to elicit answers that you can easily remember, yet would not be information commonly known by fraudsters. Questions such as “What is your mother’s maiden name?” or “What city were you born in?” need to be balanced by tougher more privately known answers to questions such as “What was the license plate on your first car?”
Once your computer has been recognized or your challenge questions have been correctly answered, you are ready to enter your private password. To protect you, we employ strong password structure requirements that make guessing your password extremely difficult, require you to change your password every 90 days, and lock out your login ID after three failed password attempts.
Additional layered security may also be required whenever we identify an increased risk to your transaction. This is especially true for our business customers who use online banking and Cash Management. Layered security is characterized by the use of different controls at different points in a transaction process so that any weakness in one control is compensated for by the strength of another. For example, for certain transactions, our business customers may be need to provide additional personal or corporate authorization steps to complete the processing of high-dollar funds transfers despite being granted secure access using all of the aforementioned multi-factor authentication steps. Additional layers of security may include using callback (voice) verification, email approval, or other in-person identification.
Other Bank Security Measures
In addition to the authentication and layered security measures, we take many more, ongoing steps to protect you and your accounts. We routinely assess and closely monitor our systems’ hardware, software, and performance. We perform ongoing, detailed risk assessments of our critical systems, vendors, and procedures; and have in-depth disaster recovery plans in place so that we will be able to quickly and effectively respond to all manner of natural and/or man-made disasters. Internal and external third-party audits and regulatory exams are also conducted regularly.
Furthermore, we limit access to personally identifiable information to only those employees with a business reason to know such information about you. We maintain appropriate security standards and procedures regarding unauthorized access to customer information. We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures and our policies.
We employ customer verification procedures when accounts are opened or when a mailing or email address change is requested, and we monitor and analyze banking transactions to identify and halt suspicious fraud patterns. One example of this type of fraud detection is our advanced neural network technology which examines all incoming debit card authorizations for potential fraud. Each authorization is analyzed and compared against a database that contains merchant profiles and cardholder behavior. If irregular or suspicious transactions or patterns are detected, you will be contacted to either verify the transactions as legitimate or confirm them as fraud.
Your Protections under the Electronic Funds Transfer Act (Reg E)
All banks follow specific rules for consumer electronic transactions issued by the Federal Reserve Board. The Electronic Funds Transfers Act (Reg E) rules govern all types of transfers made electronically. Under the consumer protections of the act, you are entitled to recover online banking losses according to how soon you notice and report them. Reg E states that if you report the losses within two days of receiving your statement, you are only liable for the first $50. After two days this amount increases to $500, and after 60 days you could be legally liable for the full amount. These protections may be modified by state law or bank policies, and it is important to note that the Federal Reserve does not apply Reg E protections to non-consumer or business transactions. To learn more, please be sure to ask us how Reg E protections apply to you and your particular situation.
Reporting Suspicious Activity
We strongly encourage you to monitor your accounts online and promptly review your statements for any transactions or activity you do not recognize or deem suspicious. Please contact your local branch location as soon as you become aware of any suspicious account activity.
In addition to quickly alerting us of any suspected fraud, we strongly encourage you to notify law enforcement and contact the three primary credit-reporting agencies. For additional information on who to contact and how to place a fraud alert, please visit our Reporting Suspicious Activity page.
Additional Steps You Can Take
Ultimately, protecting the security of your account is a partnership between you and Mercantile Bank. As described above, we take our responsibility to protect you and your accounts very seriously; it is one of our highest priorities and privileges as your bank. We also need your help as well. Steps to take include:
- Keep your computer, mobile devices, and operating and security software up to date.
- Regularly monitor your account online and/or promptly review your statements.
- Make sure your customer contact information is current– address, email, and phone numbers.
- Choose strong passwords and protect them from others, even family members who should not have access to your account information.
- Never give out your bank account or debit card numbers, online banking account logins and passwords, PINs, Social Security number, or any other important private financial information in response to an unsolicited call or email. (Once provided to us at account opening, we will NEVER initiate contact with you and ask for your Social Security Number, bank account or debit card number, password or PIN. If you contact us, we may ask you to verify one or more as a means of identification, but we will never call or email you and ask for this information unsolicited.)
- Keep track of your debit card, and never give out your PIN or write it on your card.
- Alert us immediately of any suspicious activity.
- Inform us of any extended or international travel where you plan to use your debit card, or any unusual, high-dollar debit card purchases so we can help minimize any inconvenience.
- Talk to us about any major life changes such as an upcoming marriage or divorce, the birth of child, the loss of a spouse or other joint account owner, a new employer, big move, or any other situation that may require making account changes or other important financial decisions.
To learn more about preventing check fraud, scams, phishing, identity theft, debit card fraud, and many other financial education topics, please visit our Financial Resource Center, call or stop by any location at your convenience. We appreciate the opportunity to be your bank!