First Trust Bank

Login to Online Banking

Login to
Business Plus

Login

Resources

Resources

Resources

Resources

Security/Fraud Protection

Protecting You -First Trust's Priority

First Trust Bank is committed to keeping you and your money safe and secure. Whether you deal with our bankers face-to-face at one of our branches, make purchases with your First Trust debit card, or log-on to your First Trust Bank online banking account, your personal information is guarded by account services that help to prevent fraud and to protect your financial data. An extra benefit of banking at First Trust is our commitment to knowing our customers and their banking preferences; that personal connection is an important asset in the protection of your security. You see an example of First Trust's fraud protection services every time you log on to our online banking system: the multi-authentication process includes your secure user ID, your frequently-changed password, and a multi-level, multiple channel approach to verifying requests for information.

Learn More...

  • Ways First Trust Protects Your Account Information
  • Security Is Everyone's Responsibity-Your Choices Make a Big Difference!
  • Best Practices for Online Personal and Business Banking
  • Identity Theft and Fraud-What You Can Do & What You Should Know

Our Online Security Commitment
Ways First Trust Protects Your Account Information

First Trust Bank works very hard to protect your confidential information. We use many-layered security features and controls, such as firewalls, encryption, tokens, multifactor and out-of-band authentication to safeguard the security of your personal financial information and transactions. These controls allow us to authenticate your identity whether you call our bank or access our online services and are designed to protect your information and transactions. We constantly monitor and assess the security of our systems.

Use of Firewalls

To protect data stored on our systems and to prevent unauthorized access, we employ firewalls where appropriate. Firewalls are software and hardware products that are intended to define, control and limit the access to a website, network or computer system.

Third Party Verification

Our Online Banking is registered with Verisign, an industry leader in website identification and encryption. Via your browser, Verisign allows you to confirm our online banking website’s authenticity before transmitting any personal information.

Encryption

Most web browsers have the ability to communicate securely with a website by encrypting the information as it passes across the Internet. This method of communication is called Secure Socket Layer (SSL). First Trust Bank requires the use of a browser which supports 128-bit SSL encryption to log in to the online banking website. If you see a website address that begins with "https" (as opposed to "http") and the address bar is green, you are using an SSL connection to transfer your confidential information

Password Management:

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess or crack passwords. Examples: Birth dates; First names; Pet names; Addresses, Phone numbers, Social Security numbers, any word found in a dictionary, English or foreign, a password used on another site, anything spelled backwards, or sequences,”12345,” “efghij,” “222222.” Never use passwords derived from information found on your social networking sites, such as your pet’s name.   Passwords using a combination of alpha-numeric, caps, and symbols provide exponentially stronger protection.   Of course, never reveal your password to another person.

We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us. A forgotten password feature is available using out-of-band authentication.

Secure Architecture

  • The computers storing your actual account information are not linked directly to the Internet.
  • Transactions initiated through the Internet are received by online banking Web servers.
  • These servers route your transaction through firewall servers.
  • Firewall servers act as a traffic cop between segments of our online banking network used to store information, and the public Internet.
  • Multiple access  control mechanisms, including firewalls, intrustion detection, and anti-virus software monitor for and protect our systems from potential malicious activity.

Multi-factor Authentication

Multi-factor Authentication strengthens the authentication process by adding an additional factor to be validated. Authentication factors include, something the user knows, something the user has (physically in possession of), or something the user is (biometrics).Multi-factor Authentication in our online banking layers something you know, i.e. your User ID and Password, with something you have, a numeric passcode sent to a phone of your choice. The phone provides yet another layer of protection in that the passcode is sent via a communication method separate from the computer you are logging in from. This is called an out-of-band authentication measure. If a fraudster steals your username and password, but does not possess the time-sensitive numeric passcode sent to a phone of your choice, they are not able to authenticate. One-time use “cookies” can add additional security by authenticating that your personal computer is requesting access to your online banking, ensuring that a remote hacker is not attempting to log in from a non-recognized computer. Multi-Factor Authentication reduces the risk of compromised user credentials; password reset attacks, phishing attacks, key logger attacks and some Man-in-the-Middle attacks. If you mark your computer as “Private” for online banking, a small text file or “cookie” is sent to your computer from our online banking system. The data stored in the cookie is used only for identification and is encrypted. The cookie is active only as long as a browser is running and is deleted when your online banking session is closed.

Secure Messaging and E-Mail

E-mail messages sent from within our online banking system are secure. You may also contact us by phone, postal mail or in person of course.

Note: Regular Internet e-mail is not secure. Do not send confidential information such as social security or account numbers to us via regular e-mail.

Automated Time Out

This feature will automatically log you off of your current online session after a period of inactivity. Re-establishing and authenticating your credentials for your online session helps to reduce unauthorized access to your accounts.

Online Statements

By eliminating your paper statement, you stop thieves from stealing your information out of your mailbox. Electronic delivery of your statements is available through online banking. Alerts notify you of your next statement availability.

Check Images

View images of cleared check transactions on line to help prevent fraud.

Alerts

Deposit, payment, and balance alerts are financial tools we provide to help you to monitor your accounts more actively and detect suspicious activity more easily.

Challenge Questions

On the phone, you may be asked to respond to challenge questions, as we authenticate your identity and protect your information.

Security Is Everyone's Responsibility- Your Choices Make a Big Difference!

We take safeguarding your information seriously; however, even the best security measures can only prevent fraud if you are also vigilant about employing the necessary safeguards to protect your information. Guard your financial information carefully. First Trust will never request that you provide personal, account information or logon credentials via the phone or by text, e-mail or pop-up in your browser.

  • If someone contacts you claiming to be a representative from the bank requesting information, that person may be attempting to defraud you. Do not provide any information. Call the bank at (815)929-4000 and report the event.
  • Never give other individuals your logon credentials such as pin numbers, passwords, or challenge question answers.
  • Keep your financial documents in a safe place. Shred discarded information.
  • You may decide to choose the option to receive encrypted electronic statements and check images.Financial documents left in mailboxes are sometimes retrieved by thieves.
  • Guard your debit and credit cards, and report a lost card or fraudulent transactions immediately.
  • Choose a challenge question for your bank account for which the answer is not easily obtained; for example, never use a question which is answered on your FaceBook page or through other social media.
  • Do not use the same password for multiple accounts.

More suggestions for protecting your online account...

There are several computer operating and maintenanc habits that enhance your security.

  • Keep your computer operating system, web browser and application patches current. It may be possible to sign up for automatic updates.
  • Close all other browser sessions / windows when working in online banking.
  • Install and regularly update virus protection software.
  • Close pop-ups safely by right-clicking the ad in your task bar and selecting “close” from the menu. Avoid clicking on the pop-up itself.
  • Use alert features in online banking and bill pay wherever possible. First Trust's online banking allows you to setup notifications for several balance and transactions levels.
  • Review your account online frequently.

Best Practices for Online Personal and Business Banking

With the diversity of security attacks globally, it is becoming increasingly important for all of us to protect themselves against cyber threats. Below are some checklists of best practices for you to consider:

Personal Banking Best Practices

  • Create passwords memorable to you and difficult for others to learn.
  • Log off when you are finished with a site.
  • Close your browser when you are not using the internet.
  • Install and keep anti-virus security sotware up-to-date on your computer.
  • Do not select the "Remember Me" option offered on many websites.
  • Install personal firewalls which also assist in preventing cyber attack. 
  • Install software patches, operating system updates, and legitimate third party application updates.
  • Secure your home wireless network.
  • Delete account sensitive emails, and empty the Recycle Bin or Trash.
  • Look beyond the logo of e-mails or messages and resist giving out sensitive information.
  • Make purchases online only from trusted companies with a secure payment site (one with an unbroken key or a locked  padlock icon at the bottom of the browser screen and an address beginning with "https.)"If the offers on a site or in an e-mail look too good to be true, they probably are. Do not submit personal information there.

Business Banking Best Practices

  • If possible, and in particular if you transact high value or large numbers of online transactions, you should carry out online banking activities from a computer from which e-mail and Web browsing are not allowed.
  • Turn on the Popup Blocker setting through your browser
  • Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers
  • Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses
  • Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product. Do your homework before selecting an anti-virus vendor, ensuring they not only provide coverage for key threats, but also respond quickly to new ones. Do not use the trial versions; they are not updated to detect new threats.
  • Ensure computers are updated regularly particularly operating systems, browsers and key applications with security patches. It may be possible to sign up for automatic updates.
  • Consider installing spyware detection programs
  • Avoid or secure wireless networks
  • Recommend clearing the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser’s preferences menu
  • Train staff with access to online accounts on best practices including closing additional browser windows while in online banking, logging off when finished, and never leaving a computer unattended while using online banking, not responding to unsolicited pop-up windows
  • Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers and special characters and change that password regularly
  • Prohibit the use of “shared” usernames and passwords for online banking systems
  • The company administrator should consider having two sets of login credentials - one used for administrative purposes and one for everyday transactions
  • Use a different password for each website that is accessed
  • Never share username and password information for online services with third-party providers
  • Verify use of a secure session (https not http) in the browser for all online banking, look for green bar and security lock
  • Avoid using automatic login features that save usernames and password
  • Never access bank or other financial services information at Internet cafes, public libraries, or any type of public computer. Unauthorized malware may have been installed to trap account numbers and sign on information
  • Initiate ACH and wire transfer payments under dual control, with a transaction originator and separate transaction authorizer
  • Use Alert features of online banking whenever possible
  • Use tokens for electronic third parties transactions to provide an additional layer of authentication
  • Consider performing your own periodic security risk assessment

Identity Theft and Fraud

Identity theft is a serious problem. It is the first step in a plan to steal money, and it is a crime that can cause the victim significant time and money to resolve. If you are concerned that you have received fraudulent e-mail, disclosed confidential information or have identified unauthorized transactions, please call the bank at (815)929-4000 immediately to report the event.

For comprehensive information about fraud and identity theft, consult the Detect Identity Theft section of "About Identity Theft-Deter, Detect, Defend" at www.ftc.gov, the Federal Trade Commission's site for consumer protection against identity theft. This site is an excellent training tool for avoiding identity theft as well as offering specific suggestions if you believe your identity has been stolen. Additional resources can be found at the following www.FDIC.gov/consumer as well as at www.idtheft.gov. As outlined in our Account Agreement disclosure, federal regulations provide consumers with protection for unauthorized electronic fund transfers. These regulations are not extended to business accounts.

Frequently Asked Questions. . .
How does someone steal an identity?

Some of the ways information is stolen include going through trash looking for personal information, changing billing addresses for credit cards, and stealing items in your wallet or the pre-approved credit card offers, new checks, or tax information in your mailbox.

Other approaches are more technically sophisticated such as:

  • Stealing credit/debit card numbers storage devices as cards are used, or e-mailing fraudulent cash giveaway offers by using special devices that include a way to gather Social Security numbers, credit card numbers, bank account numbers, etc.
  • Sometimes these scams involve direct personal contact with victims pretending to be representatives of financial institutions, utilities, or credit card companies asking for account verification.

 

How can you recognize identity theft?

  • Specifically, check your online banking regularly and review your bank statements and credit card bills promptly.
  • Make sure that all items listed are valid transactions.

You should also request your personal credit report annually and examine it for unauthorized applications.

For instant access to your free credit report visit www.annualcreditreport.com. You will find more recommendations for avoiding fraud at www.ftc.gov.

 

Own a business?  Manage your risk of cyber fraud:

Use this tool to create your customized cyber security plan for your business, www.fcc.gov/cyberplanner.  Its informative and easy-to-use!

 

How can you avoid being a victim of fraud or identity theft?

 

Accounts may be compromised by responding to a phishing e-mail, infecting your computer with a keylogger or Trojan Horse virus that was installed on your PC or access device, or possibly by trusting someone with your user name and password. To prevent this from happening, we recommend the following:

  • Be suspicious of any e-mail with urgent requests for personal financial information.
  • Don't click the links in an e-mail, instant message or chat if you suspect the message might not be authentic or you don't recognize the sender or user's address transactions are legitimate.
  • Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate.
  • Always ensure that you are using a secure website when submitting credit card or other sensitive information via your web browser. Look for the https://, the green address bar, and the Security Lock symbol.
  • Ensure that your browser is up-to-date and security patches have been applied.
  • Always report "phishing" or "spoofed" e-mails
  • Install and regularly update anti-virus software on your computer
  • Use good judgment before opening strange or unexpected e-mail attachments and/or files
  • Back up your data
  • While working in online banking, close all other browser windows on your computer
  • Keep papers containing your personal information in a safe place, and shred them when they are no longer needed
  • Close unused credit card accounts

What Is Phishing?

Phishing (pronounced "fishing") is an electronic scam that attempts to obtain confidential personal or financial information from its target. It takes the form of a fake message, often an e-mail, which appears to be from a legitimate financial institution or service provider. The message typically includes the company name, logo and a link to a website which instructs you to update your account information by providing your social security number, bank account number, PIN, password, birth date, etc. with a dire warning if action isn't taken. A phisher can then use your personal information to commit fraud. The number and sophistication of phishing scams continues to increase. In order to avoid becoming a victim of a phishing scam, you need to know what to look for.

  • In a typical phishing case, you will receive an e-mail that appears to come from a reputable company such as your financial institution, government agency, or a credit card company.
  • E-mail addresses are harvested from publicly available sources or through randomly generated lists.
  • Phishers send out millions of e-mails at a time hoping to catch the customers of a targeted company by pure chance.
  • While some e-mails are easily identified as fraudulent, including some containing tabloid-style headlines to get the user to open them, others may appear to come from a legitimate address and trusted online source. Do not rely on the name or e-mail address in the "from" field, as this is easily forged.
  • The message will describe an urgent reason why you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
  • Once inside the fraudulent website, you may be asked to provide social security numbers, account numbers, passwords, or other information used to verify your identity such as mother's maiden name or place of birth.
  • Fraudulent e-mail may also include links and/or attachments that contain computer viruses and/or keystroke loggers and should not be clicked on or opened.
  • Other typical phishing scams include fake job offers, surveys, bogus prize awards (sweepstakes), gift certificate offers, money laundering schemes, or a traveling friend or relative in need. Some recent phishing scams pretend to come from the IRS, FDIC, and NACHA (automated clearinghouse)
  • Phishing scams can also come in form of text and telephone messages.

    NEVER RESPOND WITH YOUR INFORMATION

     

    First Trust is always working to help protect you and your money.
    Knowledge and diligent monitoring of your accounts are significant ways you can help to deter identity theft.

    Identity Protection Resources

    Credit Bureaus

    Equifax: www.equifax.com
    Experian: www.experian.com
    TransUnion: www.transunion.com
    Federal Trade Commission Identity Theft Affidavit: www.ftc.gov/bcp/edu/resources/forms/affidavit.pdf
    Social Security Administration: www.ssa.gov or 877-772-1213
    Federal Trade Commission Identity Theft Site: www.ftc.gov/bcp/edu/microsites/idtheft
    Federal Trade Commission tips:www.onguardonline.gov
    Federal Bureau of Investigation: www.fbi.gov
    Better Business Bureau Online:www.bbbonline.org
    Staysafe Online Security Information: www.staysafe.org
    Anti-Phishing Working Group:www.antiphishing.org
    Identify Theft Information:www.lookstoogoodtobetrue.com
    Privacy Rights Clearinghouse: www.privacyrights.org

    Security Alerts

    There are many illegal scams in which criminals attempt to steal money and/ or financial information from unwary consumers. A few examples include the following:

    • FDIC E-mail Fraud: The FDIC does not issue unsolicited e-mails to consumers or business account holders. The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC. While the e-mails exhibit variations in the "From" and "Subject" lines, the messages are all similar in that they attempt to get you to click on a link in the e-mail where you will be asked to give personal information.  Some include statements pertaining to the Bankruptcy Reform Act and the Investor Protection Law. Others claim that an ACH transaction has not been delivered or that “Your ACH and Wire transaction abilities have been temporarily withheld for your security, because your security version expired.” Another claims to be a survey asking for a few minutes of your time that wil result in your receiving $100 for your efforts. The messages instruct recipients to click on the enclosed link.The intent of this email is to collect personal or confidential information, or to load malicious software onto end users' computers. Do not click on the link provided.

    • FinCEN Fraud: The Financial Crimes Enforcement Network (FinCEN) has received reports of financial scam attempts conducted by both e-mail and telephone. In the telephone scam the caller identifies himself/herself as an employee of FinCEN, asks for the victim by name and identifies an outstanding debt with knowledge of name, telephone number, account description, and personal identification. Immediate payment is demanded. Another scam conducted by both telephone and e-mail informs the victim that he/she has received a large Treasury Department grant. To obtain the grant the victim is instructed to provide bank account information and make an initial payment. Do not respond to such messages; do not provide personal or confidential information and do not send money.

       

    • NACHA E-mail Fraud: National Clearinghouse Association has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators send these fraudulent messages to email addresses globally.

      These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary with more recent examples purporting to come from actual NACHA employees and/or departments — and often including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
       
      NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
       
      Do not to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in their efforts with security experts and law enforcement officials to pursue the perpetrators.

       

    • Definitions

      What is a keylogger?

      A key logger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a fraudster.   It also can capture screenshots of your user activity, log-in passwords, record online chat conversations or take different actions in order to find out what a user is doing. Often downloaded inadvertently by users clicking on links in fraudulent e-mails, keyloggers pose a dangerous threat to user privacy.

    • What are Trojan Horse programs?

      Trojan Horse programs (including Remote Access Trojans or RATS) can be hidden in games, videos, music files or programs downloaded from the Internet or e-mail that install a malicious program on the target's computer. Many anti-virus programs will detect and remove Trojan Horse programs, and must be regularly updated to remain effective.

    • What is a Man-in-the-Middle attack?

      In a Man-in-the-Middle attack, users believe they are interacting directly with a real banking site, when in reality there is a proxy function that is intercepting, manipulating, and forwarding the data between the user’s browser and the real banking site.

    • What is a Pop-up Blocker?

      Pop-up Blockers protects users from malicious activity that is often hidden behind or initiated by pop-up windows. It is designed to give users more control over their Web browsing experience. Some of the most annoying pop-up window actions include windows that continually reopen when the user closes them, pop-ups that blanket the desktop with banner ads. Other pop-up windows attempt to imitate a user’s desktop and then remain in focus, creating pop-up windows that cannot be closed, or creating pop-ups that appear off-screen where they go unnoticed. These activities often hide malicious activity running behind the pop-up window.

 

FDIC Equal Housing Lender