Security Information & Updates
Internet Explorer Zero-day Vulnerability (04/28/14):
Affects all versions 6 through 11
Microsoft has released information on a zero-day vulnerability in versions 6 through 11 of Internet Explorer. This vulnerability, if exploited, would allow an attacker remote control of a workstation with the same rights as the user. An attacker would have to lure a potential victim to a malicious website to exploit the vulnerability.
Microsoft has released an out-of-band patch, which, contrary to earlier reports, will include updates for Microsoft Windows XP.
Keep in mind that this is an end-user vulnerability in the browser, so there is little financial institutions can do to directly protect our customers. We urge our customers to exercise caution in visiting unknown websites. Also, customers should apply the Microsoft patch when it becomes available.
Security best practices advise not clicking on links in unexpected emails or visiting unknown, untrusted websites. Here are some other, more aggressive protective measures from Microsoft, that Internet Explorer users can take until the patch has been applied:
1.Deploy Enhanced Mitigation Experience Toolkit 4.1.
2.Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
3.Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
5.Modify the Access Control List on VGX.DLL to be more restrictive.
Details for each of these workarounds, including the potential impacts of each, are provided in Microsoft Security Advisory 2963983.
Customers could also opt to use alternative browsers instead of Internet Explorer. Our NetTeller product supports Firefox, Safari and Chrome browsers, in addition to Internet Explorer.
Fraud Alert (2/22/13):
Cortland Banks has been made aware of a fraudulent text message sent to mobile phones, warning recipients that their “debit card has been suspended or deactivated.”
Please be advised this message did not originate from Cortland Banks.
Do not respond
to the text message or reveal any confidential account information to anyone.
If you receive an unsolicited text message or automated phone call and have provided your card information, please contact Cortland Banks Security immediately at 330.282.4114 (Russell Taylor) or 330.282.4188 (Beth Pirone).
If you did not respond, no further action is required.
Security for ATM/Debit Card Holders
A security package has been implemented that will further enhance your protection. High risk transactions will be identified and reviewed by a fraud analyst. If fraud is suspected, the fraud analyst will attempt to contact the cardholder to verify the legitimacy of the transactions. If fraud is confirmed by the cardholder, the card is immediately disabled to prevent further activity and the cardholder is instructed to contact their financial institution. If the cardholder is not available to confirm the activity, the card will be temporarily blocked until the cardholder contact is made. This transition should be seamless to our cardholders.
If you have any questions, please contact us at 330-637-8040 ext. 4999. If you have a lost or stolen card, please call the Bank during business hours.
After hours and on weekends please call 1.866.546.8273.
Fraud Center FAQs:
Information Source: Jack Henry & Associates PassPort
(Cortland Banks' ATM/Debit Card Processor)
Q1. What hours will the fraud analyst attempt to contact the cardholders?
A1: FTC laws prohibit the fraud analyst from contacting cardholders daily before 8 am and after 9 pm in the cardholder’s time zone. If an alert is created before or after these times, the fraud analyst will attempt to contact the cardholder the same day or the following day during the approved hours.
Q2. How soon will the cardholder be contacted when a potentially fraudulent transaction is flagged?
A2: The alerts are presented in the order in which they occur. Alerts are worked in a priority order with high risk transactions being reviewed first. Alerts with lower scores are worked after newer alerts with higher scores
Q3. A cardholder has his card blocked by a fraud analyst who was unsuccessful contacting the cardholder. This cardholder calls his financial institution (rather than the analyst) and confirms the transactions are not fraudulent. If the FI calls the Fraud Center and requests that the status be removed, will the fraud analyst comply?
A3: Yes. If the institution’s employee is listed as a contact for fraud cases, the request will be completed. We recommend that the institution transfer or refer the cardholder to the Fraud Center so the alert history can be updated with accurate information. The Toll Free numbers are – Domestic 800-411-8498, Collect for International 1-206-352-3516.
Q4. How many attempts will be made to contact the cardholder?
A4: If there is no answer, the fraud analyst will leave a message. If an alternate number is provided, the analyst will also call the alternate number and leave a message. If the FI has not provided any phone numbers, the fraud analyst will not attempt to contact the cardholder, instead an email will be sent to the FI indicating no phone numbers on file.
Q5. Are there steps a cardholder can take to notify the Fraud Center of an upcoming trip overseas so the debit card is not blocked?
A5. Yes, they can place notes in the PowerLink system for the fraud analyst. The notes should state the area and dates of travel. It should always be suggested that cardholders carry a second form of payment (traveler’s cheques, credit cards) in the event the debit card is blocked. If the card gets block by the Fraud Center, the cardholder can call collect (206) 352-3516 internationally, 7 x 24 to have the block removed. The fraud analyst will take steps to verify the cardholder’s identity. If the cardholder confirms the transactions are legitimate, the fraud analyst will remove the block. The FI should provide the number and instructions to the cardholder.
Federal Deposit Insurance Corporation Links:
FDIC Consumer News and Information
FDIC Insurance Calculator
Consumer Document Downloads
FRB What You Should Know: Home Equity Lines of Credit
FRB A Consumer's Guide to Mortgage Refinancings