Download 116.2 Kb.
Online Privacy and Security Policy (Rev. 01/16)
How We Protect You
How we handle information about you when you visit our website will depend on what you do when visiting the site.
If you visit our website to read information and do not use any of our online services, then we collect and store only the name of the domain from which you access the Internet, the date and time you access our website and the Internet address of the website from which you linked directly to our website. We may record the “IP address” assigned to you by your internet service provider as part of this process. We use the information we collect to measure the number of visitors to the different sections of our site, and to help us make our website more useful to visitors.
When you visit our website, or use our electronic banking services, there may also be times when you are asked to provide information about yourself that is personally identifiable ("Personal Information"). This may include any of the following:
Personal Information might be needed or requested from you so you can register for banking or other services, or to fill out our forms or applications for services, for special promotions or contests, to accomplish transactions you request (such as bill payment or other banking services), or send you important information regarding the services, changes, to this Policy and/or other similar administrative information. This may result in sharing of Personal Information with third parties (such as data processors or service bureaus) as part of servicing your accounts or transactions.
There may be a need for you to contact us to make changes to your Personal Information. When you contact us through our website or online banking, a bank representative will contact you shortly after to ensure the validity of the request. Upon verifying your identity and confirmation of the request, the changes will be documented within the appropriate account forms to be signed by you. No changes will be made until the fully executed account forms have been received by the Bank.
When you supply us with your postal or e-mail address or telephone number online, you may receive periodic mailings or telephone contact from us with information on new products, services or upcoming events. If you do not wish to receive such mailings or contact, please call us or write us at the telephone number or address shown on your account statement. Please provide us with your exact name, street, and e-mail address. Even if you make this choice, we
may still send you e-mail to deliver your statements (which may include marketing materials) or give you account-related notices or other information.
While you are logged on viewing your account information or conducting online transactions with us, we recommend that you do not access other websites during your online session. Always exit from your online session with us before moving to or accessing other websites and prior to turning off your computer.
Some browsers allow you to reject cookies. However, if you set your browser to reject cookies, you may find that you are unable to conduct your online transactions with us. If you choose to NOT accept cookies while accessing web pages on the Internet, we suggest that you enable acceptance of cookies when you are logged onto your online session with us. For detailed instructions on enabling and disabling cookies, refer to your web browser’s online HELP menu or user manual.
Our Site does not process or respond to "do not track" requests or other similar web browser mechanisms, which enable users to indicate an opt-out preference regarding the collection of Personal Identifiable Information. By using our Site, you acknowledge and agree that anonymous information may be collected. By completing a form or other request for information, you agree to the collection of this information. Please note that industry standards are currently evolving and we may not separately respond to or take any action with respect to a “do not track” configuration set in your internet browser.
You may also decide to send us information that personally identifies you, for example, in an electronic mail (e-mail) message. We will use that information to respond to the inquiry and provide accurate information in response to questions. We preserve your e-mail address, our response, and the original content of your e-mail for a period of time so we can efficiently handle any follow-up questions you may have. We also do this for legal, regulatory and account servicing requirements.
If you visit our website or engage in any online services that we offer, then we may collect and store these categories of Personal Information. We will not share the Personal Information you provide us at our website or by e-mail, except as described below. The Personal Information we obtain from you is stored with us if it is to be used on an on-going basis.
We want you to use our website with confidence, knowing that the information you submit to us is secure. The encryption strength varies depending on the browser you are using, however, most current browsers offer 128 bit encryption. Additionally, many browsers display a secured lock symbol to indicate a secure connection. Emails that you may send to us outside our online banking service may not be secure unless we advise you that security measures will be in place prior to your transmitting the information. For that reason, we ask that you do not send confidential information such as social security or account numbers to us through an unsecured email.
For clients, when you login to Internet Banking the Secured Socket Layer (SSL) protocol is used to establish a secure and encrypted session with our service providers. This encryption is designed to ensure the privacy and integrity of the information exchanged. You can tell whether your browser is in secure mode by looking for the secured lock symbol on your browser window. To obtain details about the encryption, position your mouse over a blank area on your screen and right-click to select “properties” information about the page being viewed (Note: the title for “properties” will vary by browser). The properties or page information section will indicate the encryption strength being used to view the secure page.
We have implemented multifactor and multilayer authentication, in addition to online banking user security, which requires multiple pieces of information to validate identity while ensuring compliance with regulatory requirements and Federal Financial Institutions Examination Council (FFIEC) recommendations. Multifactor Authentication automatically monitors accounts for unusual activity based on account history and requires customers to verify their identity by answering pre-selected challenge questions. Token solutions for online banking provide hacker- resistant multi-factor authentication protection for online transactions. Based on time- synchronization technology, this authentication device solution generates a simple, one time authentication code that changes at the push of a button. Clients are thus able to access their account online by entering the token code following their existing login credentials – resulting in a unique, one-time-use passcode that positively authenticates the client and only permits access to online banking if the code is validated.
Changes to the Online Privacy and Security Policy
From time to time, we may make changes to this Policy in order to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We encourage you to review the Policy periodically to ensure that you understand how we collect, use and share information through the Services. If we do make changes to the Policy, we will also update the "Revision Date" posted at the top of the Policy.
CommerceWest Bank protects and values your privacy. The Bank thanks you for the trust you place in us. We want you to know that the information you share with us is treated with care. In this Online Privacy and Security Policy, we refer to the term “Personal Information”, which includes:
Our Site is not intended for use by children under the age of 13. We do not knowingly market to, nor solicit data from children.
Think You Are a Victim of Fraud?
Reporting Suspicious Information - are you receiving suspicious information such as e-mails requesting your online banking User Name or password, ATM PIN, or telling you your Debit Card has been deactivated? Have you received any other security notices or information you think may be suspicious?
Please contact us at (949) 251-6959 to report such information.
The following scams are commonly reported in today’s environment:
"Pharming" (pronounced “farming”) is another form of online fraud, very similar to phishing (see below). “Pharmers” set up bogus websites to obtain confidential information and perpetrate online scams. However, pharming scams are much more difficult to detect than phishing scams because criminals are not dependent upon the victim accepting a “bait” email. Instead, rather than relying on users clicking an enticing link in a fake email message, pharmers redirect victims to a bogus website even when they type the correct website address in their browser. The criminal then proceeds to load spyware and adware on the victim’s computer to collect personal information and use it to commit fraud or other crimes.
“Phishing” (pronounced “fishing”) is a criminal tool employing both social engineering and technical subterfuge to steal a person’s personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails purporting to be from legitimate agencies and businesses to lead consumers to counterfeit Web sites designed to trick recipients into divulging financial data such as user names and passwords. Technical subterfuge schemes plant crime ware onto personal computers to steal credentials directly, often using systems to intercept consumers online account user names and passwords and to corrupt local navigational infrastructures to misdirect consumers to counterfeit Web sites (or authentic Web sites through phisher controlled proxies used to monitor and intercept consumer keystrokes).
Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to
come from legitimate businesses that one might have dealings with, such as: i)banks; ii)online organizations; iii)Internet service providers; iv)online retailers; and, v)insurance agencies. The messages may look quite authentic and may feature corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes or security concerns of the account.
Similar to Phishing, Smishing uses cell phone text messages to deliver the "bait" to get consumers to divulge their personal information. The "hook" (the method used to actually capture your information) in the text message may be a Web site Uniform Resource Locator (URL), however it has become more common to see a telephone number that connects to automated voice response system.
The Smishing message usually contains something that wants your "immediate attention". Some examples include "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com."; or "(Name of popular bank) is confirming that you have purchased a $1500 computer from (name of popular computer company). Visit www.?????.com if you did not make this online purchase."; or, "(Name of a financial institution): Your account has been suspended. Call ###.###.#### immediately to reactivate."
The hook is a legitimate looking Web site that asks you to confirm or enter your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, Social Security Number, e-mail address, or other personal information. If the hook is a telephone number, it normally directs the person to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.
This is an example of a Smishing message in current circulation: "Notice - this is an automated message from (a local financial institution), your ATM card has been suspended. To reactivate, please call immediately at 866-###-####.”
In many cases, the Smishing message will show that it came from "5000" instead of displaying an actual phone number or from a company domain. This usually indicates the message was sent via e-mail to the cell phone, and not sent from another cell phone. The information is then used to duplicate ATM/credit/debit cards. There are documented cases where information entered on a fraudulent Web site (used in a Phishing, Smishing, or Vhishing attack was used to create a credit or debit card that was used halfway around the world.
Also called "VoIP phishing," it is the voice counterpart to Phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's credit card number. The initial bait can also be a telephone call with a recording that instructs the user to telephone a toll-free number.
Whether Phishing or Vhishing, because people are used to entering credit card numbers over the telephone, this technique may be effective. Voice over IP (VoIP) is used for Vhishing because caller identifications can be spoofed and the entire operation can be brought up and
taken down in a short time, compared to a real telephone line.