FAQs: Security

---

Q: Will Online Banking and Online Bill Pay make me more vulnerable to identity theft?
A: This is a common misconception of online banking and bill pay. Using these online services will actually DECREASE your risk! Most identity theft is not through electronic sources. Consumers are more likely to become a victim by "traditional means" (e.g. stolen wallet, dumpster diving, or from a friend or relative) than by using the internet. (Sources: Better Buisness Bureau, American Bankers Association, Yahoo! Finance)

Q: What is Login Security?
A: Login Security is an online security feature that provides an additional layer of protection from fraud and identity theft by preventing unauthorized access to your secure financial information. Login Security uses technology to verify your identity.

Q: Why do I need Login Security?
A: Login Security allows us to recognize you as the true owner of your account by recognizing not only your login information, but also your computer or mobile device. If we don't recognize your computer or mobile device, you will be requested to receive a new one-time passcode sent to your phone via text or voice, or as an email, in order to authenticate yourself into the Online Banking experience.

Q: Do I have to receive a one-time passcode every time I log in?
A: In order to bypass the one-time passcode on subsequent logins, you can select to remember your device upon logging in. We will then recognize your device the next time you log in and not require you to complete this step again

Q: How can I protect my Online Account?
A: Internet Banking has several effective security techniques that we encourage you to implement when you use Onling Banking:

• Never reveal your password to anyone or leave your password anywhere that someone else can use it.
• Treat your password as you would your checkbook or account number.
• Select a secure password that no one can guess, but you can still remember.
• Change your password on a regular basis.
• Use special characters in your password (!,@,#,,$,%,^,&,*,<,>,?, etc).
• Use the "Sign Out" button to end each Internet Banking session. Do not use the back button to exit the site.
• Close your browser winder after exiting Online Banking.
• Frequently delete your temporary internet files.
• Balance your account on a regular basis.
• Pay attention to your last login date and number of incorrect logins.
• Notify us immediately if you suspect someone has your login information.
• Security patches are free and can be downloaded from the manufacturers's website. Keep your computer patches up-to-date!
• Install anti-spyware and anti-virus software and keep them up-to-date!

Remember, your online account is only as secure as your password is. Any security features we've put into place are useless if you don't secure your password.

Q: What if I need to write my password down?
A: Write down your password at your own risk! You wouldn't leave your checkbook out for anyone to access...leaving your password accessible is the same thing, but if you still feel like you need to write it down, keep it under lock and key or apply an algorithm so you aren't writing your actual password. For exmple, if your password contains numbers, subtract 2 from each digit before you write it down.

Q: What is 128-bit encryption?
A: Encryption is a mathematical method of scrambling something to make it unreadable. Here is a very simple example: the phrase "Encryption is good" can be encrypted into "Fodsquijpo jt hppe". Unless you know how the phrase was scrambled (in our example, change each letter into the following letter in the alphabet), the resulting phrase looks like jibberish. However, given enough time and computer power, this simple code can be cracked. The "128-bit" is simply how complex the encryption is. The higher the number, the more complex, the harder it is, and the longer it takes to crack. We use encryption for protecting your online banking information as it travels through the internet. In order to use online banking, we require a browser that is compatible with 128-bit encryption.

Q: Will Bank of Hays send me emails asking for personal information like my account numbers, passwords, or social security number?
A: Never! Be assured, we will never ask for personal information in an e-mail. If you receive anything of this nature from anyone, please delete it immediately.

Q: Will Bank of Hays give my information to others or send me any spam email?
A: Absolutely not! We only give information to parties as necessary for normal banking procedures. Additionally, we will only send e-mails regarding announcements for our products or services, for example, added features to online banking or irregular down-time for online banking. You can be confident that your information is safe with us.

Q: What is "phishing"?
A: "Phishing" is a tactic used by identity thieves to steal your personal information. "Phishers" will send emails that look like they came from legitimate companies to lure you to enter passwords, social security numbers or other information. They may even add links within emails that will take you to a look-alike website to get you to submit this information. Most phishing emails have a sense of urgency to get you to act before thinking. Here are some good examples:

• Hurry or your account will be suspended.
• Your account has been compromsed.
• Verify your information.

Legitimate companies will never ask for sensitive information through email.

Q: What is "pharming"?
A: "Pharming" is similar to phishing except except instead of sending you an email, pharmers will trick your computer to go to a spoof website instead of a legitimate site. Before submitting any personal information on a website, always make sure you are at a secure website. Check that the address contains "https:" and an icon of a padlock is on the bottom of the screen. Otherwise, the site is not secure.