Security is at the core of everything we do
Protecting Your Information
Maintaining your financial identity requires everyday vigilance in the way you conduct your financial affairs. Together, First Foundation and you play an important role in protecting your financial information. Below are solutions we have in place to help keep your information safe.
Encryption
Threat Detection
Secure Backup
Software Updates
Training
Dual Authentication
Protecting your company from the new generation of cyber criminals
Learn what the experts want to know about how you are keeping your business safe.
First Foundation's Role in Protecting Information
The confidentiality and integrity of your information and financial assets are of primary concern. Our teams work tirelessly to ensure that all financial transactions, data transmissions, and communications are conducted in a secure online environment.
To safeguard your financial and personal information in an environment of continually evolving threats, we have created a multi-layered security program. Our approach to security creates an advanced web of protection that safeguards your private information and financial assets, while providing the banking services you need.
Some examples include:
- Requiring identification and authentication for information requests, account maintenance, and transactions conducted in person and over the phone
- Posting strategic warnings online to alert our customers to recent incidents involving email and online fraud schemes
- Actively managing a vigorous Identity Theft Prevention program to identify and respond to potential red flags of identity theft
Everyone's Role in Protecting Information
You are a valuable partner in identity theft prevention. We encourage you to take every precaution on your own to help secure the privacy and safety of your identity and information. Here are some important guidelines for you to follow.
Protect Your Computer and Use the Internet Wisely
- Create Effective Passwords. They’re an essential first line of defense in protecting yourself and your information.
- Never respond to, click any link in, or open an attachment in an email that requests information about you or your accounts. First Foundation never makes such requests. If you accidentally click or respond to such requests, contact us immediately.
- Do not share your user ID or password with anyone.
- Do not send or receive personal or account information by unsecure or unencrypted email.
- Ensure that your computer has up to date security software, including a firewall; spam filter; and anti-virus, anti-malware, and anti-spyware protection.
- Be wary of WiFi hot spots at cafes, libraries, and airports that require you to enter personal or account information.
- Never reveal personal information on Web forums, such as Facebook, MySpace™, Twitter, or blog sites. Change your privacy settings to conceal personal information, such as your date of birth.
- Shop on secure Web sites displaying the padlock icon or green address bar that indicates the Web site is secure.
- Use Online Banking to check your account balance and transactions regularly; Alerts are helpful for account activity. Monitor your bank and credit card accounts frequently for unusual or unauthorized activity. Notify us immediately of unexpected account activity.
Be On the Alert for Fraudulent Email
- Note: First Foundation will not contact you via email to ask for or to validate any personal information.
- Be on the alert for Phishing, a process in which fraudsters try to commit fraud through illegitimate emails, text messages, and instant messages.
- Never fill in any information in an email that contains input fields.
- Be wary of emails that appear to be from friends and include a generic subject line, such as: "You really need to see these pictures" Fraudsters can steal users' address books and send malware email to every addressee.
- Be wary of offers that seem too good to be true.
- Never pay money to an “in advance fee scheme” in anticipation of receiving, in return, something of greater value, such as a car, loan, contract, investment, or gift.
- Be wary of emails asking you to sign up to be "mystery shoppers" or with offers of employment. Victims receive fraudulent checks for thousands of dollars, with instructions to cash the checks and wire the funds to another bank. The check bounces after the money is wired, leaving the victim responsible for paying the bank back.
Use U.S. Mail Carefully
- Pay attention to billing cycles. Call the company if you do not receive an expected bill in a timely manner. An identity thief may have diverted your bill.
- Remove mail from your mailbox promptly.
- Place outgoing mail in post office collection boxes only. Even better, consider using Online Banking with Bill Pay to send payments. By making payments online, you can help prevent mail fraud while saving time and postage costs.
- Shred documents containing personal information, including pre-approved credit offers, old bank statements, canceled checks, and ATM receipts. First Foundation offers online statements for checking, savings, and money market accounts. For more information, please contact your Banker.
Safeguard Your Cards and Accounts
- Report any lost or stolen cards immediately.
- Check your credit report at least once a year to be sure it's accurate and up to date. If your report shows new accounts you didn't open, numerous inquiries from creditors, or negative items, take action immediately.
- Go paperless. Electronic statements and invoices minimize the number of hard copy documents that bear your personal information and could get into the wrong hands.
- Memorize your PINs and change them regularly. Don't carry them in your purse or wallet.
- Sign up for account activity alerts. Online Banking alerts, which we send you by email or text message, will help you monitor your account activity.
Protect Your Social Security Number
- Don't print your Social Security number or driver's license number on your checks.
- Keep your Social Security card in a safe place, instead of carrying it in your wallet.
Be Aware of Your Surroundings
- Pay attention to anyone who may be listening when you make purchases by phone or give your Social Security number for identification.
- Never give out personal information, such as your Social Security number, account numbers, or PIN, in emails or during phone calls unless you personally initiated the contact.
- Store Social Security cards, unused credit cards, checks, and personal documents in a safe place, rather than in your wallet.
Business Clients' Role in Protecting Information
First Foundation has a program to aid in the detection of fraud and unauthorized business transactions. If First Foundation identifies suspicious activity indicating fraud, we may place an alert on your account and contact you to validate a suspicious transaction.
Businesses are increasingly becoming the target of fraud and “Corporate Account Takeovers”. This is due to the higher average balances in business accounts and the fact that many businesses use sophisticated cash management systems such as ACH and Wires Transfers. These systems allow businesses to move money from bank to bank and also overseas.
Many business clients are also susceptible to fraud because of operational efficiency is often prioritized over security and internal controls. Fraudsters try to take advantage of this mindset.
Fraud can be attempted through various channels, including in person, mail, email, phone, fax and Internet. It is important to have controls on all money transfer requests. The increased reliance of all businesses on the Internet and email to operate create opportunity for fraudsters. Cybercrime has become the fastest growing method of Business fraud.
Below are some best practices for Cyber Fraud prevention that First Foundation business clients should consider:
Use appropriate tools to prevent and deter unauthorized access to the network and periodically review such tools to ensure they are up to date. These tools include:
- Anti-botnet, anti-malware, and anti-spyware programs
- Encryption of laptops, hard drives, VPNs or other communication channels
- Block high-risk websites (adult entertainment, online gaming, online gambling, social networking, and personal email)
Create a secure financial environment by:
- Dedicating one computer exclusively for online banking and cash management activity.
- Disallowing the workstation(s) used for online banking to be used for general Web browsing, social networking and general email.
- Verifying the use of a secure session (“https”) in the browser for all online banking.
- Disallowing online banking activities from free Wi-Fi hot spots like airports or Internet cafes.
Educate employees to:
- Build awareness of the various type of Business and Cyber fraud.
- Think critically about each email and phone call received and to ask themselves, “Does this email or phone call make sense?” before taking action.
Practice Prudent Accounting Rules of Thumb by:
- Initiating payments (ACH and Wires) under dual control, with assigned responsibility for transaction origination and authorization.
- Assessing and assign appropriate limits to employees for sending fund transfers.
- Reconciling accounts online daily; at a minimum, and reviewing pending or recently sent ACH and wire transfers.
- Report suspicious account activity to your Banker.
- Take advantage of appropriate account services offered by First Foundation. We offer a variety of services including positive pay, security tokens, dual control requirements, user transaction limits, and call-backs
- Anti-Corporate Account Takeover Training Opportunities
What to Do if Identity Theft Occurs
First Foundation is committed to helping customers affected by identity theft reduce the time and effort it takes to restore their financial identity. If you are a victim of identity theft, take the following three steps as soon as possible:
* Please do not include personal account information (account numbers, social security numbers, etc.) or other confidential information in your e-mail message . In addition, e-mail messages will not serve as a sufficient method for any requirement imposed on you to provide written notice, nor may e-mail messages be used to place a stop payment on a check, cancel a bill payment, request account transfers, or report lost or stolen banking codes and/or cards.
- Notify your financial institutions immediately ; call First Foundation at 888-405-4332 to report any suspicion of fraud. You may also be eligible for a referral to the Identity Theft Assistance Center. In addition, inform credit card issuers and other financial institutions affected by the fraud.
- Contact credit bureaus and authorities . Notify the three major credit bureaus of the fraud in writing and ask them to put a fraud alert on your credit report. In addition to contacting a credit bureau with your initial report, we recommend that you follow up with a letter to confirm your claim. Be sure to keep a copy for your records.
- Start rebuilding your good credit. Open new accounts to replace any accounts you had to close, and change all of your personal identification numbers (PINs).
- Consult these links for additional resources and documents to help you protect against or report identity theft:
- (This is a US Government website with identity theft information.)
- Deter, Detect, Defend: Avoid ID Theft
- Recovering from Identity Theft
- Reporting Suspected Email and Website Abuse
Reporting Suspected Email and Website Abuse
If you receive requests for information from a source you do not recognize, or have accidently supplied information to third parties that you do not recognize as being valid, please consider these options to reduce possible fraudulent activity in your First Foundation accounts.
Effective Passwords
Your identity is one of your most valuable resources. That is one reason why we want to help you take extra precautions to protect it. We recommend that you help safeguard your identity and personal information by using effective password protection. Here are some suggestions for creating safer passwords and some cautions against weaker ones.
Tips for choosing more-secure passwords:
- Create original passwords that contain a combination of letters, numbers, and even special characters (#, &, %) if allowed
- Use both capital and lowercase letters (if your password can be case sensitive)
- Ensure that your passwords are at least fifteen characters
Avoid using:
- Your Social Security number
- Account numbers
- Phone numbers or addresses
- Birth dates or anniversaries
- Obvious or common nicknames
- Names of relatives or pets
- Common words from the dictionary
Additional precautions:
- Use a unique password for each service or website
- Choose a password you can easily remember, so you don't have to write it down
- Avoid using software that saves or remembers your passwords
- Change your passwords at least twice a year
Phishing
"Phishing" refers to fraudulent processes in which fraudsters attempt to obtain your personal information through electronic communications, such as emails, text messages, or instant messages. These messages appear to be from a trustworthy entity, such as a bank, insurance company, retailer, or regulatory agency. However, the messages are not legitimate. The fraudsters typically ask you to send your personal information to a website and then use that information to commit identity theft.
First Foundation does not request personal information by emails, text message, or digital message. Beware of any unsolicited emails that request personal information of any kind. Do not respond to any such emails, texts, instant messages, pop-ups, or links.
The following tips will help you spot fraudulent messages:
- The sender's name is usually generic, such as "Customer Service Department," or is just the company's name, such as "XYZ Bank."
- The message title generally concerns an "urgent matter" that requires your immediate attention, such as "verifying" certain information to prevent the company from suspending or closing your account.
- The message may look professional and official, often displaying the look and feel of a website that you know. It may even contain links or pop-up windows that have the appearance of legitimacy.
- The sender may ask for ATM or credit card numbers, personal identification numbers (PINs), sign-on IDs, and other personal information, such as your Social Security number, date of birth, or mother's maiden name -- all of which thieves can use to take over an account or commit identity theft.
- The message may point you to a domain name that is spelled very close to or appears to be related to the legitimate domain name.
- The message may point you to a web page that is protected by Secure Socket Layer (SSL), better known as https.
If you are ever unsure of the origin of a First Foundation email, or believe it is not legitimate, do not click on the links. Instead, type "www.ff-inc.com" or a specific URL in your browser’s address bar.
Spyware
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allows hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. Follow the tips below to protect your computer and private information from these dangerous programs.
How to Protect Your Computer from Spyware
- Never open any email attachments, web links, or files if the sender or source is not trustworthy or cannot be confirmed. This will help prevent spyware (which is designed to secretly access information) from being installed on your computer.
- Use the automated update wizards in your operating system to download and install the latest security patches.
- Install a firewall and anti-virus software with spyware protection on your computer. Use the automatic update options, and keep your subscriptions current, as fraudsters continue to develop new malware and viruses.
- Use email spam-filtering software.
- Avoid using public computers shared by many individuals to pay your bills, check your account balance, or transact business. If you do have to use a public computer, remember to log out of any websites completely and log off the computer.
- Always use encryption for wireless access.
For additional information on the control of malware, refer to http://www.staysafeonline.org.
* Please do not include personal account information (account numbers, social security numbers, etc.) or other confidential information in your e-mail message . In addition, e-mail messages will not serve as a sufficient method for any requirement imposed on you to provide written notice, nor may e-mail messages be used to place a stop payment on a check, cancel a bill payment, request account transfers, or report lost or stolen banking codes and/or cards.