Online Banking Direct Login

For your convenience you can now access your account directly from the homepage.

  1. Use dropdown to select account type
  2. Enter your Access ID (not password)
  3. Click "Go" or press ENTER
Close Please do not remind again

Fraud prevention starts with eStatementssm 

You want the safest, most reliable process for accessing your financial information. eStatementssm (electronic statements) allow you to view and reconcile your accounts more quickly. You’re in total control — you say where; you say when. Intercepting or rerouting your mail is a common fraud tactic. eStatementssm eliminate the worry of lost or stolen statements.

eStatements logo

To sign up to receive your account statements electronically instead of the traditional paper statement, simply login to online banking and follow the steps. We highly recommend all our customers take advantage of this free service. eStatementssm will simplify your life, help the environment — and provide an extra level of security.

Your protection continues with MasterCard SecureCode® 

 MasterCard SecureCode logo
We have enhanced security to your debit card by participating in the MasterCard SecureCode® program. This free online security service guards you against unauthorized use of your MasterCard when shopping online at participating merchants. It is just like entering your PIN at an ATM. 

  1. Have your MasterCard debit card in hand.
  2. Register and create your SecureCode®. You will be asked to select a six digit pin. Note: your SecureCode® is never shared with the merchant or the bank.
  3. When you make online purchases, a window pops up at checkout asking you to enter your SecureCode®. Enter your SecureCode® in the window.
  4. Your card issuer confirms you are the authorized cardholder and your purchase is completed.

Click here to register.

Most participating merchants display the MasterCard SecureCode® logo on their site.  If the merchant is not a SecureCode® participant, you will simply use your card as you have been doing.

Click here for more MasterCard SecureCode® frequently asked questions.

Out-of-the-norm Transaction Verification

Added protection for your ATM/debit card

If a questionable transaction is detected on your card, you will be contacted by the bank, or a fraud specialist (third party vendor) calling on our behalf, to verify the transaction in question. For example: while you’re at the neighborhood grocery buying a few staples, you simultaneously make a purchase in Europe. Not only is this unlikely — it’s impossible.

If the transaction is valid, no action is taken. If you confirm the transaction as fraudulent, we immediately eliminate the card’s access to your account, making it impossible for the card to be used for further unauthorized transactions. By identifying our customers’ general spending patterns, and watching for transactions that appear out of the ordinary, we reduce your risk of fraud.

Important: All information is kept strictly confidential. You will always be contacted by phone. That is why it is critical we have your current telephone numbers on file. If we are unable to make timely contact with you, your ability to use your debit card will be impeded. We don’t want you experiencing such an inconvenience!  For your security, no one at First American Bank, including fraud specialists working on our behalf, will ever send a text message to your cell phone, or email you regarding potentially fraudulent transactions.

To update your contact information, or if you have questions about this system, please contact your personal or business banker.

Multi-factor Authentication System: Online Banking Security

First American Bank delivers the highest level of security for our personal online customers by adding an additional layer of security to our log in process called Online Banking Security. Every time you log in to personal online, First American Bank identifies you, and lets you identify First American Bank using a private image and phrase. Click here for more information.

128-bit Encryption: the Highest Level of Protection

First American Bank’s website utilizes 128-bit encryption to secure your confidential account information. When data is sent, it is scrambled so it cannot be understood by unauthorized people. The data is then unscrambled when it is received by First American Bank personnel.

Privacy Statement and Practices

First American Bank promises to respect your privacy, keep your information secure and use your information responsibly. If you have a concern about our privacy practices, please contact your personal or business banker. To view the full statement, click here. 

Fraud Alerts

Identity thieves prey on the uninformed and unsuspecting. Knowledge is protection. First American Bank is dedicated to raising awareness of identity theft and fraud. Our website is updated regularly to keep you advised of prevalent scams. Click here to visit the Federal Trade Commission.

Are You at Risk for Identity Theft?

First American bank is dedicated to helping you reduce your risk of being victimized. Identity theft is the fastest-growing white-collar crime and can rob you of your money…your credit…and your good name. Are you doing everything you can to protect your identity? Test yourself with our ID Theft Quiz.

Protect Your Identity While Traveling

As you make travel plans, take into consideration these tips for protecting your identity while traveling.

Before You Leave

  • Go through your wallet, purse and/or briefcase, remove any of the following items and place them in a locked safe or safety deposit box at your local bank:
              - Social Security card
              - Checkbook and deposit slips
              - Birth certificate
              - Credit card receipts
              - Library card
              - Video rental card
              - Bills
              - Extra credit cards
  • Minimize the number of credit and debit cards in your wallet or purse.
  • However, ALWAYS have an alternate form of payment other than your debit card. A credit card may be the best alternative. Increasing security surrounding debit cards may temporarily suspend your card until transactions can be verified.
  • Write down all the phone numbers from the back of your credit and debit cards and keep them somewhere other than your wallet or purse.
  • Provide your bank with up-to-date contact information, including your cell phone number.
  • If you are leaving the country, advise your bank of your plans so they won't be alarmed when they see transactions taking place in another country and will be able to better assist you if you need help from overseas.
  • Pay bills before you go out of town.
  • Place mail on "postal hold" with the Post Office. Arrange so mail may only be picked up by you, and request that identification must be shown to receive the held mail.
  • Stop delivery of newspapers or any other items you normally have delivered.
  • Make copies of your itinerary, passport data page, visas and driver's license to leave with a designated emergency contact.
  • Notify a trusted neighbor to watch your house.

During Your Travel

  • Lock up all your valuables (jewelry, laptops, passports and any other important documents) in a room safe or hotel safe while you are out of the room.
  • Heighten your awareness of people and crowds around you - pickpockets thrive in most major cities. If you are able to carry cards and cash in your pockets, rather than a purse or bag, all the better.
  • Avoid ATMs that appear to have been tampered with.
  • Cover the PIN pad when using ATMs. This will make it difficult for criminals to capture your PIN visually or with a camera.
  • Be aware of your surroundings at all times - "shoulder surfing" is a viable method of obtaining personal information when you least suspect it.

Click here for a handy tool to take with you on your travels, just in case!

 

 

Corporate Account Takeover

What is corporate account takeover?

"Corporate account takeover" is when cyber-thieves gain control of a business' bank account by stealing the business' valid online banking credentials. Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business' computer workstations and laptops.

A business can become infected with malware via infected documents attached to an e-mail or a link contained within an e-mail that connects to an infected web site. In addition, malware can be downloaded to users' workstations and laptops by visiting legitimate websites - especially social networking sites - and clicking on the documents, videos or photos posted there. This malware can also spread across a business' internal network.

The malware installs key logging software on the computer, which allows the perpetrator to capture a user's credentials as they are entered at the financial institution's web site. Sophisticated versions of this malware can even capture token-generated passwords, alter the display of the financial institution's web site to the user, and/or display a fake web page indicating that the financial institution's web site is down. In this last case, the perpetrator can access the business' account online without the possibility that the real user will log in to the web site.

Once installed, the malware provides the information that enables the cyber-thieves to impersonate the business in online banking sessions. To the financial institution, the credentials look just like the
legitimate user. The perpetrator has access to and can review the account details of the business, including account activity and patterns, and ACH and wire transfer origination parameters (such as file size and frequency limits, and Standard Entry Class (SEC) Codes).

The cyber-thieves use the sessions to initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting "money mules" for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.

Why are smaller businesses and organizations targeted?

The cyber-thieves appear to be targeting small- to medium-sized businesses, as well as smaller government agencies and nonprofits, for several reasons:

  1. Many small businesses and organizations have the capability to initiate funds transfers - ACH credits and wire transfers - via online banking (individual consumers generally do not have this capability except for payees set up in online bill payment systems);
    1. This funds transfer capability is often related to a small business' origination of payroll payments;
    2. In corporate account takeover, the cyber-thieves may add fictitious names to a payroll file (directed to the accounts of money mules), and/or initiate payroll payments off-cycle to avoid daily origination limits.
  2. Small businesses often do not have the same level of resources as larger companies to defend their information technology systems.
  3. Many small businesses do not monitor and reconcile their accounts on a frequent or daily basis;
  4. Small businesses bank with a wide variety of financial institutions with varying degrees of IT resources and sophistication.

Prevention, detection & reporting for business customers account control

  1. Reconcile all banking transactions on a daily basis.
  2. Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
  3. Utilize routine reporting on transactions. Perform periodic risk assessment of the banking products/services you use; including; regular reviews of user access levels,
    dollar limits and activity.
  4. Immediately report any suspicious transactions to the financial institution.
  5. Stay in touch with other businesses and industry sources to share information regarding suspected fraud activity.

Computer security tools & practices

  1. Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers.
  2. Install commercial anti-virus software on all computer systems.
  3. Ensure virus protection and security software are updated regularly.
  4. Ensure computers are patched regularly, particularly operating system and key applications, with security patches.
  5. Consider installing spyware detection programs.
  6. Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. If you are not certain of the source, do not click any links.
  7. Create strong passwords.
  8. Prohibit the use of "shared" usernames and passwords for online banking systems.
  9. Use a different password for each website that is accessed.
  10. Change the password several times each year.
  11. Never share username and password information with third-party providers.
  12. Limit administrative rights on users' workstations.
  13. Carry out all online banking activities from a stand-alone computer system from which e-mail and Web browsing are not possible.
  14. Verify use of a secure session ("https") in the browser for all online banking.
  15. Avoid using an automatic login features that save usernames and passwords for online banking.
  16. Never leave a computer unattended while using any online banking or investing service.
  17. Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.

Recommendations for corporate account takeover victims

  1. Immediately cease all activity from computer systems that may be compromised. Disconnect the Ethernet or other network connections to isolate the system from remote access.
  2. Immediately contact your financial institution and request assistance with the following actions:
    1. Disable online access to accounts.
    2. Change online banking passwords.
    3. Open new account(s) as appropriate.
    4. Request the financial institution's agent review all recent transactions and electronic authorizations on the account.
    5. Ensure that no one has requested an address change, title change, PIN change or ordered new cards, checks or other account documents be sent to another address.
  3. Maintain a written chronology of what happened, what was lost and the steps taken to report the incident to the various agencies, banks and firms impacted. Be sure to record the date, time, contact telephone number, person spoken to, and any relevant report or reference number and instructions.
  4. File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer's name taking the report or
    involved in the subsequent investigation. Having a police report on file will often facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.

This is for information purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions and security threats change constantly.

Sources: NACHA and the Financial Services-Information Sharing and Analysis Center