Electronic Security

Electronic Security

Safe electronic banking involves making good choices – decisions that may help you avoid costly surprises or even scams. The following information and tips can help keep your personal information private and secure.

a credit card and lock, how to avoid cardholder fraud

Secure Online Passwords

To avoid unauthorized use, you should not share your User IDs, passwords, or personal identification numbers (PINs) with anyone. Also, unless you use a secure site, you should avoid saving your passwords online. Listed below are some helpful tips and suggestions for creating a secure online password:

  • Choose passwords that are difficult for others to guess
  • Use a different password for each of your online banking accounts
  • Use at least eight (8) characters with a combination of both letters and numbers; if passwords are case sensitive, use a combination of lower case and uppercase letters

Avoid using the following:

  • All or part of your User ID
  • Your e-mail address
  • Your social security number
  • Your date of birth
  • The name of your child/spouse/pet

Computer Security

These tips will help you keep your personal information safe:

  • Install software that can be used to prevent, detect, and remove threats such as:

-Anti-Virus Software
-Anti-Spyware Software
-Anti-Malware Software

  • Use the most current version that is available
  • Use secure connections when accessing personal information
  • Use a router and firewall to prevent unwanted intrusions
  • Clear your internet browser’s history, cookies, and cache regularly

Debit Card Protections

When using your Debit Card, please remember:

In stores and at ATMs, always cover your card and the keypad when you enter your PIN
Be aware of your surroundings

Cell phone cameras, mirrors, and other tools used to view cards and PINs
People watching your transactions
Cashiers taking your card out of sight (take it to the register yourself)
Unusual activity at ATMs; if you feel uncomfortable, go to another ATM

Always take your receipt with you after completing your transaction
Don’t write your PIN number on your card
Watch out for skimmers attached to the ATM or Card Reader (such as at gas pumps). Skimmers are devices placed over the card reader. The devices allow the thief to download the card information, transmit the data, and use it for fraudulent transactions.
If you use your debit card for online purchases, sign up for Mastercard® SecureCode

Unless absolutely required for a legitimate business purpose, avoid giving out your:

Address and zip code
Phone number
Date of birth
Social security number
Card or account number
Card expiration date

ESSA’s Monitoring for Debit Card Fraud

To protect your account, we monitor your debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when your U.S. – issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world. If we suspect fraudulent use, we call you to validate the transaction(s). Your participation in responding to our call is critical to prevent potential risk and avoid restrictions that we may place on the use of your card.

Our automated call will ask you to verify recent transaction activity on your card, which you will be able to do via your touchtone keypad. If you prefer not to use the automated call system, take note of your case # and then call our fraud center at 877-253-8964.

Additionally, foreign transactions may be restricted due to the high risk of potential fraud.  Fraud risks are monitored on a daily basis and countries are blocked accordingly.  Please contact your local branch for more information.

Our goal, quite simply, is to minimize your exposure to risk and the impact of any fraud. To ensure we can continue to reach you whenever potential fraud is detected, please keep us informed of your correct phone number and address at all times. In the meantime, please be diligent in monitoring transaction activity on your account and contact us immediately if you identify any fraudulent transactions.

If you believe your card has been lost or stolen:

Call 800.472.3272
You will be asked to verify your name, address, date of birth, and possibly a security question
You will be asked to provide the date and approximate time your card was lost/stolen

Please note: A new card will not automatically be reissued. You will need to apply for a new card. You can fill out our online application and bring it to one of our branches or call us at 855.713.8001 to request an application be mailed to you.

Personal Card Application Business Card Application

It is important that you log off after you have completed your online banking session. Also, you should regularly check your account for accuracy and contact us with any questions.

eStatements are available through our Online Banking service. eStatements provide greater account and identity protection than typical printed/mailed statements that can be stolen from mailboxes. View more information on eStatements.

Online Banking Useful Information

After ten (10) minutes of inactivity, Online Banking will automatically end a session and log off the user.
After three (3) failed login attempts, Online Banking will lock access to the user.
Depending on whether you are a consumer or a business, the system will ask you to choose a new password every 90 to 365 days (once every three months, or once a year). You may not re-use passwords.

  • It is a good idea to log in often to review your account transaction history.
  • When finished with an Online Banking session, click the “Logoff” button.
  • Do not share your login ID or password with anyone.

Personal Accounts: Each Online Banking application is an individual enrollment.

Business/Organization Accounts: The authorized signer(s) are the person(s) authorized to log on to access the account(s) and/or speak with an Online Banking representative about the account(s) online.

Users can set up real-time alerts designed to help them stay on top of their finances and personal information.  These notifications are sent at the users’ request by email, mobile text message, push notification, and/or secure inbox.  Users choose what type of alerts they wish to receive, how they receive those alerts, where they receive alerts, and even when to receive alerts.  Use alerts to notify yourself when important account activity occurs, such as when an account balance is low or meets a specific threshold or when a deposit or withdrawal is processed.  Users can also set up security alerts to be notified when personal information has been changed such as password, contact email, etc.  Alerts can be set up by clicking “Alerts” within Online Banking, or selecting Alerts from the More option within the Mobile App.

Online Banking Helpful Tips

To view and/or print an image of the front and back of your current canceled checks, click on the check number.

Click on the “Options” tab to perform any of the following:

  • Change your password
  • Update email address
  • Update security information
  • Enroll in mobile banking
  • Give your accounts nicknames

Click on “Transfer” for immediate transfers, future date transfers, or recurring transfers.
Place a stop payment on a check by clicking on “Stop Payment.”
Sign up for eStatements to discontinue paper statements.

Click on your abbreviated account number for information including, but not limited to:

  • Current balance
  • Available balance
  • Last deposit
  • Last check
  • Current interest rate on accounts
  • Current accrued interest
  • Interest paid current year
  • Interest paid last year
  • Principal balance
  • Taxes paid
  • Loan amount last paid
  • Next payment amount
  • Next payment date

Online Banking Security Information

Online Banking is Safe and Secure

The system features a multifactor controlled entry which includes Logon ID, Password and an additional level of user authentication. Users are required to choose an Access ID and password at their first sign on to Online Banking. You will also be required to select a set of 3 security challenge questions and provide answers for each question. Every time you enter your Access ID to our secure site, our system analyzes the way you are currently accessing our site and compares this with information stored from your previous logons. If it is determined your current access method is different, for example you are logging on from a new computer for the first time, you will be required to answer a challenge question.

Our website brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features a VeriSign-issued Digital ID for the bank’s Internet Service Provider hosting our website, Secure Sockets Layer (SSL) protocol for data encryption, and a router and firewall to regulate the inflow and outflow of server traffic.

Secure Data Transfer

Once a server session is established on an https secure page, the user and the server are in a secured environment. The server has been certified as a 128-bit secure server by VeriSign meaning that data traveling between the user and the server is encrypted with a Secure Sockets Layer (SSL) protocol. Data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. The bank’s server issues a public key to the end user’s browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user creates a server session.

Router and Firewall

Secure forms must filter through a firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.

Bill Pay Information

Bill Pay is a service we provide that allows you to make payments electronically to anyone…from a large company such as a credit card provider to the boy next door who mows your lawn. Payments are made electronically or by check depending on the capabilities of the payee. Payments can be one-time (immediately or on a specified future date) or can be set up as recurring.

Bill Pay is free for the first three months (trial period). After three months, there is a $5.00 monthly charge for unlimited transactions. This monthly fee is waived for payments made through qualifying ESSA Checking Accounts (See Personal Fee Schedule or for each Business Checking Account, click on “viewing fee schedule” for details).

ESSA’s Bill Pay Customer Service can be reached at 855.837.7928 between 7 a.m. – 1 a.m. ET, 7 days a week.

Payments take one to three business days to process. If your payee accepts electronic payments, payment is generally made within 24-48 hours. If your payee does not accept electronic payments from the system, a computer-generated check will be sent and your payee will receive it within 5-7 business days. Funds will normally be withdrawn from your account on the payment due date.

You can cancel any pending bill payment that has been scheduled for a future date by selecting the payment in “pending payments” and clicking “delete”. Once an electronic payment has been processed, it cannot be stopped. If a payment has been made by check, a stop payment can be issued by calling our Contact Center for instructions at 855.713.8001 between the hours of 8:30 a.m. – 5:00 p.m. ET, Monday through Friday.

If you decide that you would like to cancel Bill Payment, please notify us either by sending an email to Online Banking at contactcenter@essabank.com, submitting a written request to any ESSA branch, or accessing your Online Banking account, clicking on the Bill Pay tab, selecting “My Profile”, and choosing the “Cancel Service” option.

Identity Theft Scams

Identity thieves use various scams to obtain personal identification information such as account numbers, social security numbers, or PIN numbers.
They include:
  • Phishing – The criminal attempt to steal personal financial information through fraudulent emails and websites which are designed to appear as though they are legitimate businesses, financial institutions, and government agencies. Most commonly, a link is provided that directs users to enter personal information at the fake website. Additionally, when the user clicks on the link, malicious software may be loaded onto the user’s computer.
  • Smishing – The criminal attempt to steal personal financial information through the telephone system via text messages. A common ploy for this method is sending a text message stating that the customer’s debit/credit card has been deactivated and then instructing the customer to press a number to reactivate the card.
  • Vishing – The criminal attempt to steal personal financial information through the telephone system via Voice over Internet Protocol (VoIP).
  • Pretext Calling – When identity thieves make random phone calls identifying themselves as bank employees in an attempt to convince a customer to divulge personal identification information. They may use the excuse of “changing computer records” or “frozen accounts”.

We want you to know that if ESSA Bank & Trust contacts you, we will never ask you via voice mail, text message, or email to provide any personal information, password, account number, or debit card number. Additionally, ESSA will not contact you beyond the hours of 8 AM to 9 PM. If you receive a suspicious phone call or email, do not provide any information. If you have a question concerning any message you receive, please call us at 855.713.8001 or stop in any of our branch locations.

TeleBank is ESSA’s telephone banking system. It provides a fast, convenient way of obtaining information on your accounts. Using your touch-tone phone, TeleBank allows you to connect to your accounts anytime from anywhere. You can obtain current account balances, information on your most recent transactions, and transfer funds from one account to another (as permitted).

To reach TeleBank, dial (570) 421-1876, (outside of the area, call toll-free (800)-655-6706).

You will need to create a secure Personal Identification Number (PIN) to use TeleBank. The initial PIN is the last 4-digits of the primary account holder’s Tax ID Number. You will be required to change your PIN upon initial access to the TeleBank system. It is recommended that you change your PIN frequently, use a different PIN for each of your accounts, and to choose a PIN that is difficult for others to guess.

Do not share your User ID’s, passwords, or PINs with anyone.

Identity Theft Protection

Identity theft happens when someone steals your personal information and uses it without your permission. Identity theft is not strictly an online crime. Some of the most successful thieves employ low-tech methods such as stealing your mail, checking your garbage for receipts and statements, or grabbing your purse or wallet.

If you believe you are a victim of identity theft, click here to start your recovery plan.

Corporate Account Takeover Fraud

What is Corporate Account Takeover?

Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Thousands of businesses have fallen victim to this type of fraud, and the losses have ranged from a few thousand to several million dollars.

Consider these tips to ensure your business is well prepared:

Initiate a “dual control” payment process with your employees.

ESSA offers cash management services with the ability to establish a two-person process.

Have Dedicated Workstations

  • Lock workstations when not in use…even for short periods of time.
  • Do not use public computers – such as at the public library, hotel’s Business Center or airport computer terminals – to access online banking.

Use robust authentication methods and vendors.

In addition to passwords and PINs:

  • Each user should have their own password – do not have several users share the same password.
  • Use ‘complex’ passwords – ones that contain a combination of numbers, letters and/or symbols.
  • Consider using an additional authentication tool, such as a token or a smart card.
  • Each user should change their password frequently – approximately every 45-60 days.

Update virus protection and security software.

  • Do not respond to emails or open attachments unless you are expecting the communication. Phishing scam emails can come from both unrecognized and recognized sources.
  • You won’t ever receive an authentic email asking for your online banking credentials.
  • If something appears unusual or you receive an email requesting your online banking credentials, call your bank, but don’t use any information from the email as it may be a phishing email.

Reconcile accounts daily.

Utilize bank account features, such as automated payment filters and other alerts that show unexpected activity on your accounts.