our goals are one.
You are encouraged to monitor your debit card and credit card transactions. If you believe your accounts have been compromised, please notify us immediately at 866.546.8273. If we are notified that your account has been compromised, we will close your card and issue a new one. It is important that any fraud is reported immediately. Note that One Florida will never ask you to share your PIN or password.
Below are important security facts and tips.
- Monitor your account transactions online frequently. Set up electronic transaction notifications and balance alerts through our online banking service to monitor activity.
- Be alert to "phishing" scams trying to trick you out of giving up account numbers and other information. They often arrive as email, phone or text messages asking for your account number or other details. Banks and credit card companies already have that information and will not ask you for it in such unsolicited requests. Call us directly or navigate to our official website from a separate browser page if you're suspicious.
- Protect your PINs and passwords; use a combination of letters and numbers for your passwords and change them periodically. Do not carry them in your wallet or purse.
- Be aware of your surroundings and equipment being used at ATMs and merchant swipe terminals to avoid skimming devices or other methods crooks use to steal your information.
- Do not give your Social Security number or other personal credit information about yourself to anyone who contacts you.
- Order copies of your credit report once a year to ensure accuracy.
- Choose to do business with companies you know are reputable, particularly online.
- When conducting business online, make sure it is a secure transaction.
- When using social networking sites, NEVER include personal contact information including telephone numbers, Social Security number, birth date, email addresses, physical address, mother's maiden name or other information that could provide sensitive information to fraudsters or hints to passwords.
- Do not open email from unknown sources and use virus detection software.
What to Do if You're a Victim of Fraud
- Contact us immediately if you know or suspect your account has been compromised or your identity has been stolen. The phone number for One Florida Bank is 844.529.8490.
- File a police report and contact the three major credit reporting companies. The fraud unit numbers are:
- Transunion - 800.680.7289
- Experian - 888.397.3742
- Equifax - 800.525.6285
- To report a lost or stolen debit card – 888.297.3416
- Keep records of your communication with authorities, including names and contact numbers.
If we detect possible fraud or if we are contacted about potential fraud, we immediately act by closing accounts when appropriate and beginning an investigation. Depending on the data that is compromised, the bank may take a variety of steps such as:
- Enhanced account monitoring and customer notification
- Blocking account access and re-issuing cards
- Credit Cards: If your credit card number is stolen, but not the card, you are not liable for unauthorized use. If your actual card is lost or stolen and you report it lost before it is used fraudulently, the Fair Credit Billing Act says you are not responsible for any charges you didn't authorize. Also, if you report a lost or stolen card after a fraudulent transaction is made most banks and card companies have zero liability policies for customers. For transactions on lost or stolen cards, the maximum allowable liability by law is $50 regardless of the amount charged.
- Debit Cards: You can deactivate lost or stolen debit cards at any time via the mobile app.
If someone makes unauthorized transactions with your debit card number, but your card is not stolen or lost, you are not liable for those transactions if you report them within 60 days of your statement being sent to you. If you report an ATM or debit card missing before someone uses it, the Electronic Fund Transfer Act says you are not responsible for any unauthorized transactions. If someone uses a lost or stolen ATM or debit card before you report it, your liability depends on how quickly you report it. Many banks will provide you with full coverage.
If you report fraud within two days of a fraudulent transaction, the maximum you are liable for is $50. If reported after two days, but before 60 days after your statement is mailed to you, the maximum liability is $500.
Many banks will offer provisional credit to customers that report fraudulent transactions quickly. For example, Visa's cardholder protection policy requires all financial institutions issuing Visa products to extend provisional credit for losses from unauthorized card use within 5 business days of notification of the loss.
Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.
According to the Federal Trade Commission (FTC), the nation's consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you deal with - for example, your Internet Service Provider (ISP), bank, online payment service, or even a government agency.
The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a website that looks just like a legitimate organization's site, but it is not. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
The FTC suggests these tips to help you avoid getting hooked by a phishing scam:
- The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit https://www.ftc.gov/ or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
- If you get an email or pop-up message that asks for personal or financial information, do not reply, or click on the link in the message. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, don't cut and paste the link in the message.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Use anti-virus and anti-malware software and keep your programs up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Antivirus software and a firewall can protect you from inadvertently accepting such unwanted files. Antivirus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
- Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to https://reportfraud.ftc.gov/#/. If you believe you've been scammed, file your complaint and then visit https://www.identitytheft.gov/#/ to learn how to minimize your risk of damage from identity theft.
In 1998, Congress passed a law-making identity theft a federal crime. The U.S. Secret Service, FBI and U.S. Postal Inspection Service investigate violations of the Act. Persons accused of identity theft are prosecuted by the Department of Justice. Consumer complaints about identity theft continue to grow.
Below are suggestions on how to minimize identity theft risks:
- Never divulge information about your social security number, credit card number, account passwords and other personal information unless you initiate contact with a person or company you know and trust.
- Don't carry around more checks, credit cards and other bank items than you really need. Don't carry your social security number in your wallet and, be sure to pick passwords and PINs (Personal Identification Numbers) that will be tough for someone to figure out. Don't write your social security number on your check.
- Protect your incoming and outgoing mail, especially envelopes that may contain checks, credit card applications or other information valuable to a fraud artist. Deposit outgoing mail, especially something containing personal financial information in the official Post Office collection boxes, hand it to the mail carrier, or take it to the local post office instead of leaving it in your home mailbox.
- Before discarding credit card applications, cancelled checks, bank statements or other information useful to an identity thief, tear them up as best you can, preferably by using a paper shredder.
- Safely store extra checks, credit cards and documents that list your social security number.
- Contact your financial institution immediately if you lose your checkbook or bank credit card, if there is a discrepancy in your records, or if you notice something suspicious such as a missing payment or unauthorized withdrawals.
- If your credit card bill doesn't arrive on time, contact your credit card company. This could be a sign that someone has stolen your account information, changed your address and is making large charges in your name from another location.
- Once a year check your credit record with the three major credit bureaus. To order your report, call the following toll-free numbers; Equifax: 800-685-1111 Experian: 888-397-3742 Trans Union: 800-888-4213.
If you are a victim of identity theft, take the following steps:
- Contact the fraud departments of each of the three major credit bureaus and request a "fraud alert" be placed on your file and no new credit be granted without your approval.
- Close any accounts that have been fraudulently accessed or opened.
- File a local police report and get a copy of the report to your bank, credit card company or others that may need proof of the crime.
The Federal Trade Commission (FTC) is the federal clearinghouse for complaints by victims of identity theft. Although the FTC does not have the authority to bring criminal cases, it can assist victims by providing information to help resolve problems that can result from identity theft. Should you find yourself a victim of identity theft, you can file a complaint with the FTC by calling toll-free 1-877-ID-THEFT (438-4338).
Wire fraud is one of the preferred and most effective methods criminals have in their toolbox for accessing your funds. Wires are an attractive target because they are often used to move large sums, quickly, and are difficult to reverse. On top of financial costs, businesses must contend with wire fraud’s impacts on business operations, payments systems and corporate reputation.
Criminals begin by conducting research on individuals, often in high level corporate positions. They utilize online sources of information, including LinkedIn profiles and profiles included on a company’s web site. Once individuals are identified, the fraudster(s) will use targeted techniques (described below) to gain access to corporate systems. With access to these systems, the fraudster will monitor and research how financial transactions are conducted before initiating their attack.
Next, the criminal will initiate an urgent and time sensitive request for a funds transfer from the manager/officer of the company whom they have profiled. The email, which appears to be from the manager/officer, instructs the receiver to urgently transfer significant funds to an account within the fraudster’s control (either directly or through a money mule), frequently located overseas.
Several high-profile methods to perpetrate fraud include the following:
- Business E-Mail Compromise (BEC): A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
- Data Breach: A leak or spill of data which is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
- Denial of Service: An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.
- E-Mail Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised e-mails to request payments to fraudulent locations.
- Malware/Scareware: Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
- Phishing/Spoofing: Both terms deal with forged or faked electronic documents. Spoofing generally refers to the dissemination of e-mail which is forged to appear as though it was sent by someone other than the actual source. Phishing, also referred to as vishing, smishing, or pharming, is often used in conjunction with a spoofed e-mail. It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
- Ransomware: A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as Bitcoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data.
Here are some controls and red flags to watch for to prevent your company from becoming a victim of wire or internet fraud.
- Establish a tiered confirmation process with third parties, vendors, and suppliers.
- Double check the email address. Criminals are tricky and can create email addresses that look very close to the legitimate account. They often find naming conventions for a company’s email accounts on its website (email@example.com) and use that same formula but with two letters transposed or an “m” instead of “rn,” which look very similar unless you inspect closely. Also be on the lookout for misspellings or poor grammar, or a communication style that is out of the ordinary for the requestor.
- Do not respond to email to confirm validity. Don’t reply to the requester by email. The fraudster either controls the spoof email account or has gotten access to executive’s email account and can write back that it’s legitimate when it’s really not.
- Call to confirm. Before the wire request goes to the bank, call the original requester to confirm it’s authentic. Be sure to use a phone number you know or have in your contact list for the requester. Do not use a phone number provided in the email; use a number you have previously known to be valid.
- Beware a sense of urgency. Usually, fraudsters will write that the funds need to be wired right away. These requests often ask that the client be contacted only through email instead of other channels.
- Implement a separation of duties between employees who request payments and those who send the request to the bank to release funds.
- Create shared protocols with vendors and suppliers.
- Ensure you know the approved source email address or the individual at the vendor who may request payment.
- If you don’t already have a policy in place for confirming wire requests, create one.
- Be suspicious of any requests to change the settlement instructions for payments to the vendor. Call a supervisor at the vendor to confirm the request to update payment instructions is valid.
- Ensure your IT environment is secure.
- Train your employees on the risks of phishing attempts and unsecure links. Perpetrators of internet and wire fraud need a way in and fooling an employee into providing their network or email credentials is one of the most popular. Fraudsters prepare emails that appear to come from Microsoft, or Google or other software providers that will ask recipients to provide their passwords to appear to authenticate their accounts with those providers, but the destination is a fake website and the information is captured by unauthorized individuals
- Consider upgrading your Microsoft 365 or Outlook licenses to enhance your security. Email providers have tools that will scan links and attachments in emails to identify suspicious links whose destinations don’t align with the text of the link
- Use anti-virus software on all computers and ensure anti-malware and anti-phishing features are activated and running. Keep the software up to date.
- If anything is different or out of the ordinary, call. Follow your intuition—if something doesn’t seem right, escalate the request and double down on your efforts to confirm the request is legitimate. Never release funds if you cannot confirm validity of the request.
If your business experiences wire fraud, you should be prepared to respond effectively. To do so, you’ll need a thorough incident response plan consisting of four stages:
- Preparation against an intrusion through controls and IT safeguards.
- Detection and analysis of attempts to initiate internet or wire fraud.
- Containment and eradication of intrusions and recovery of lost data as a result of an intrusion.
- Post-incident activity to ensure the threat has been neutralized and assess and patch the vulnerability source.