BankFirst will NOT initiate contact with customers via phone call, text, or email that require our customers to supply personal information for verification purposes. If you are contacted by someone who states they are calling from the Bank, or you receive an email you should not give them any account information. You should contact the Bank at (877) 441-2784 or [email protected] in the event you notice suspicious account activity or experience customer information security-related events.
If your BankFirst debit card has been lost or stolen, contact us during business hours at (877) 441-2784. After business hours, please call 866-546-8273 to report a lost or stolen debit card
Please call 800-423-7503 to report a lost or stolen credit card.
For a complete detailed explanation of protections provided and not provided under Regulation E , please see the following:
Below is a list of control mechanisms you may consider implementing to mitigate your own risk.
- It is VERY important to choose a strong password. A well-chosen password has two important characteristics; it should be easy to remember and hard to guess.
- Use a different password for sites that contain financial information from sites that you browse casually or that don't ask for personal information.
- Do not use people's names, special dates or personal information as passwords. Avoid any combination of characters that friends or acquaintances can easily guess. For example, a password such as "April15" for a TurboTax Online account is not a strong password.
- Use syllables or acronyms. Avoid using complete words that appear in any dictionary regardless of the language. One option is to start with the first letters of a familiar phrase. For example, "Mary had a little lamb" becomes Mhall, which could be part of a secure password.
- Mix it up! Use a combination of upper and lower case letters, numbers, and punctuation/special characters, such as &^$#.
- Keep it to yourself. Do not share your personal password with others. You never know what the future will bring in relationships or coworkers, so do not give your password out — to anyone.
- Keep your passwords safe. There are programs available where you can securely store your passwords. Don't write them down in a place where others can find them.
- Do not use the auto-save feature on your browser.
- Change your passwords often.
Common Passwords to Avoid:
- Customer name, family member, or pet's name
- Social Security, Account, or Phone numbers
- Any part of your physical address
- Anybody's birth date
- Other information that is easily obtained about the user
- Any username on the computer in any form
- A word in the English or foreign dictionary
- A password used on another site
- Any of the above spelled backwards
- Out of Wallet or Public Records (e.g. Mother's maiden name)
- Sequences: "12345678", "222222", "abcdefg"
- Install and activate a firewall. A firewall is a software program or piece of hardware that blocks communications to and from sources you don't permit. Some operating systems have built-in firewalls. Make sure your firewall is on and that it is updated regularly.
- Always sign out or log off.
- Update software frequently and keep systems current.
- Install and run the most recent version of anti-virus software.
- Keep your operating system (OS) current.
- Activate the automatic update feature.
- Set your browser's security level to the default setting or higher.
- If you use a wireless network in your home, take precautions to secure it against hackers. Choose a wireless router with an encryption feature and turn it on. Consider turning off your wireless network when you're not using it.
- Shred receipts, statements, expired cards, and similar documents.
- Review statements promptly and carefully. Report any suspicious activity immediately.
- Be positive of the identity of anyone before you divulge personal information, and only if you initiate the contact.
- Check your credit report at least annually.
- When making online purchases, use a credit card.
- Never click on suspicious links.
- Only give sensitive information to websites using encryption. You can verify this by the URL https://... (the "s" is for secure).
- Use social media wisely. Don't reveal too much personal information.
- Avoid storing sensitive information
- Use passcodes and lock your device when not in use.
- Keep software up-to-date.
- Install remote wipe so it can be cleared if the device is lost or stolen.
- Protect your debit card and PIN. If it is lost or stolen, report this immediately.
- Choose a PIN that is different from your address, telephone number, and birthdate.
- Be aware of people and your surroundings.
- Put away your card and cash.
- Observe the card reader; if it appears to be damaged or altered, don't use it. This is called "skimming".
General Best Practices
- Keep your personal information private and secure.
- Check your account balance regularly.
- Do not access your account from a public location.
- If you suspect suspicious activity, report it immediately.
- Be skeptical of email messages from someone who is unlikely to send an email, such as the IRS.
- Do not open suspicious emails and do not click on the links. If you do, perform diagnostics on your computer immediately.
- Don't provide personal or payment information when requested through email.
- Avoid get rich quick schemes.
Best Practices for Online Business Banking Customers
- Monitor accounts frequently (daily as a best practice). Immediately review Wire, ACH, or other transaction confirmations.
- Implement dual controls and approval for ACH and Wire transfers so that dual approval is required before the transaction is initiated at the Originating Depository Financial Institution (ODFI). Please contact BankFirst if you are interested in this feature.
- Never share User IDs, passwords, tokens, etc. with anyone. Do not leave them in an area that is not locked/secured.
- Do not use the same login or password on any other website or software.
- Obtain and install anti-virus, anti-malware (see Trusteer Rapport below), and anti-spyware software, and consider installation of a firewall (and make sure it is active and automatically updated by the vendor, or take necessary steps to keep it updated.)
- Limit or eliminate unnecessary web surfing and/or email activity by employees, including personal activity, on computers used for Online Banking.
- Consider a dedicated computer for Online Banking that is never used for email or general Internet browsing/surfing (cost of computer vs. loss).
- Educate all company/entity personnel on good cyber security practices, clearing the Internet browser's cache before and after visiting the Financial Institution's website, to avoid having malware installed on a computer. (e.g., if a media player needs to be updated, go to the official media player website to install the update. Clicking on a fake update installation link could just mask a hacker downloading malware onto the computer.)
- Verify use of a secure session. (https:// and not http://)
- Avoid saving passwords to a computer
- Never leave a computer unattended when using any Online Banking services, and always lock your computer when away.
- Never access BankFirst's website for Online Banking (or any privileged or sensitive computer system) from a public computer at a hotel/motel, library, coffee house, or other public wireless access point.
- Be suspicious of any employment position that requires use of a personal account for business purposes. Such offers for employment as a mystery shopper, payment processor, etc., where you are required to use your personal account for someone else's business purposes, are not legitimate.
- No legitimate business will attempt to move business funds through anyone's personal account, and you should educate yourself on these issues.
- If you are approached to participate in such schemes, immediately contact local law enforcement, the FBI or the Secret Service to let them know.
BankFirst Security Features
- Enhanced Login Security (Enhanced Multifactor Authentication): Leaving your computer set to "public" when accessing Online Banking will allow for a second factor of authentication. After successfully authenticating with your User ID and Password, a One-Time Passcode (OTP) is sent to your phone. You must then enter this OTP to complete the log in process.
- Tokens for Online Business Banking: Each user who has online access to Wire Transfers and ACH is issued a token. A code generated by this token is required for file submissions, etc.
- Trusteer Rapport: This free anti-malware solution isolates the browser process from other processes on the system. Man-in-the-Browser (MitB) malware allows a fraudster to not only steal passwords and User IDs, but also modify the communication between the browser and the banking application. The malware can rewrite the account and payment instructions (such as the payee and amount), without the user's knowledge, in real time. Installing Trusteer's Rapport on your computer can reduce the risk of losses from MitB-based attacks. This offering is strongly recommended for all customers given the nature of the attacks, but it is particularly crucial for users with Wire and ACH transactions authority (Online Business Banking.)
- Separation of Duty for Online Business Banking: The Separation of Duty control is available for ACH and Wire transactions. With separation of duty, one user has permission to initiate a funds transfer, while a secondary user must approve the transfer. By separating the capabilities in this way, you prevent a scenario where a single user could transfer funds independently without oversight, or where a fraudster could move funds with a single set of user credentials.
- Limits for Online Business Banking: Organizations should establish limits that restrict the dollar amounts allowed for Wire or ACH transactions. Creating such dollar limits can reveal attempts to violate those limits and reduce single loss expectancies for your organization. Limits may be established at the customer or user level.
- Activity Reporting for Online Business Banking: On-going data and statistics on the state of online activity is another important best practice for security. Administrators should run activity reports on a daily basis to scan for logins from unidentified IP addresses during off-hours.
- Text and Email notifications: These notifications offer a fast and easy way to help protect your BankFirst accounts from fraud. Enable one or more of our many alerts to stay on top of your account activity.