Online Banking Security

The Internet has made it easier for criminals to deceive people into revealing confidential information. Many scams begin by asking consumers to click on malicious links or attachments delivered through email, intended to compromise the security of their computers. Once your computer or personal data is compromised, the security of your online banking may also be at risk.

South Shore Bank is required under Regulation E: Electronic Fund Transfers to provide certain protections to our clients relative to electronic fund transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through South Shore Bank's Internet banking and cash management channels to order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include, but are not limited to, ACH payments, external transfers, and bill payments.

South Shore Bank will NEVER request a client's personal information (e.g., debit card number, account number, social security number, personal identification number or password) through email or by phone. If you ever receive an unsolicited phone call or email claiming to be from South Shore Bank requesting your personal and confidential information, please DO NOT respond. Contact us immediately by calling 781.682.3715. As an additional monitoring control, you should review account statements and online account transaction history regularly to ensure all transactions are correct and authorized.

Fraudsters will commonly use a type of Internet piracy called "phishing." In a typical phishing case, you will receive an email that appears to be from a legitimate source, such as South Shore Bank or a government agency such as the FDIC. The email will likely warn you of a serious problem requiring your immediate attention, using phrases such as "Immediate attention required," or "Please contact us immediately about your account" to urge you to act before you can properly consider whether it is legitimate. The email will often encourage you to click on a button or link to redirect you to the Bank's website. In a phishing scam, you could be redirected to a fictitious website that may look exactly like the Bank's site. In other situations, it may be the Bank's actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your login authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes, such as your Social Security number, account number, password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth.

If you provide the requested information, you may find yourself the victim of identity theft, which can lead to malicious activity such as Internet banking account takeover.

South Shore Bank is required by our banking regulators to conduct regular periodic risk assessments of electronic banking products and services to identify potential security threats, evaluate Bank controls related to internal and external security, changes in client functionality offered through electronic banking, and actual incidents of security breaches, ID theft, or fraud experienced internally or within the industry. As a proactive measure, we strongly suggest that our business or commercial clients also perform periodic risk assessments and control evaluations related to the security of their Internet banking / cash management environment. Special attention should be directed to high-risk transactions involving access to personal financial information or the movement of funds to other parties, such as ACH, wire transfers, and bill payment.

At South Shore Bank, we have implemented strong preventative and monitoring controls within our online banking services, bill payment, and cash management systems. Still, to enhance your internal security, we recommend implementing your own controls to further mitigate risks.

What Can You Do to Protect Against Fraud?

• Maintain up-to-date operating system security patches and install updated virus/spyware protection software. Viruses and spyware can leave your computer vulnerable to attack and intrusion. Anti-virus and anti-spyware software will help keep your computer safe from malicious software.
• Install a Firewall, either software or hardware. A firewall will prevent attacks perpetrated through the Internet by using established rules to determine if a requested connection is malicious or not.
• Implement intrusion detection/prevention software or services.
• Maintain controls designed for safekeeping and confidentiality of Internet banking authentication credentials.
• For business clients, implement dual control for initiating and approving high risk Cash Management transactions such as ACH origination and wire transfers.
• Conduct daily account activity monitoring via Internet banking account transaction history review.
• Review and monitor your checking account, debit card, and credit card statements for unauthorized transactions.
• Refrain from opening unsolicited email and attachments.
• Refrain from providing authentication credentials to callers claiming to represent the financial institution and from responding to emails requesting information or that re-direct you to a website.
• Prior to disposing, shred all confidential information on hardcopy, and ensure proper destruction of electronic media.