Personal Banking

Your online banking security is important and Solera National Bank is providing best practices for your review.

Monitor accounts frequently (daily as a best practice). Immediately review Wire, ACH or other transaction confirmations.

Run activity reporting on a daily basis and scan for logins from unidentified IP Addresses. The goal is to identify any suspicious or abnormal activities.

Implement dual controls and approval for ACH and Wire transfers so that dual approval is required before the transaction is initiated at Solera National Bank.

Never share user IDs, passwords, PIN numbers, dynamic tokens, etc. with anyone. Do not leave them in an area that is not locked/secured.

Do not use the same login or password on any other website or software.

Obtain and install antivirus, anti-malware and anti-spyware software, and consider installation of a firewall (and make sure it is active and automatically updated by the vendor, or take necessary steps to keep it updated).

Limit or eliminate unnecessary web-surfing and/or e-mail activity by employees, including personal activity, on computers used for online banking.

Consider a dedicated computer for online banking that is never used for e-mail or general internet browsing/surfing (cost of computer vs. loss).

Educate all company/entity personnel on good cyber security practices, clearing the Internet browser’s cache before and after visiting the Solera National Bank’s website, to avoid having malware installed on a computer.

»» e.g., if a media player needs to be

updated, go to the official media player

website to install the update. Clicking on

a fake update installation link could just

mask a hacker downloading malware onto

the computer.

Verify use of a secure session. (“https://” and not “http://”)

Avoid saving passwords to a computer.

Never leave a computer unattended when using any online banking service, and always lock your computer when away.

Limit access to Solera National Bank’s website for online banking (or any privileged or sensitive computer system) from a public computer at a hotel/motel, library, coffee house or other public wireless access point.

Be suspicious of any employment position that requires use of a personal account for business purposes. Such offers for employment as a mystery shopper, payment processor, etc., where you are required to use your personal account for someone else’s business purposes, are not legitimate.

»» No legitimate business will attempt to

move business funds through anyone’s

personal account, and you should educate

yourself on these issues.

»» If you are approached to participate in

such schemes, immediately contact local

law enforcement, the FBI or the Secret Service to let them know.

Password Security

A password represents a shared secret, known only by the end-user and the system they are authenticating against. The system cannot differentiate the real user from another user who also knows the password. For this reason it is essential that users keep their password private and

immediately report any suspected security violations.

A well chosen password has two important characteristics; it should be easy to remember, and

hard to guess. Users should be advised not to write down the password anywhere.

Passwords should be changed on a periodic basis to counter the possibility of undetected password

compromise. Passwords should be changed often enough so that there is an acceptably low

probability of compromise during a password’s lifetime. To protect against undetected password

compromise, the maximum lifetime of a password should be no greater than 120 days.

Below is a list of some common password choices to avoid:

• Customer name, or family member, or pet’s name

• Social Security, Account, or Phone numbers

• Any part of your physical address

• Anybody’s birth date

• Other information that is easily obtained about the user

• Any username on the computer in any form

• A word in the English or foreign dictionary

• A password used on another site

• Any of the above spelled backwards

• Out of Wallet or Public Records (e.g. Mother’s

maiden name)

• Sequences: “12345678,” “222222,” “abcdefg”

Below is an example of a more secure password:

iwc8dc

• at least 6 characters in length

• at least one numeric digit

• not based on word in the dictionary

• not easily guessed

• can be easily remembered by remembering

the letters stand for “Integrity Without Compromise, the number 8, and Delight Customers”.

Below is an example of a less secure password:

money1

• is based on a word in the dictionary