The Internet has made it easier for criminals to deceive individuals into revealing confidential information and clicking on links or attachments that will compromise the security of their computers which ultimately have an impact on Internet banking security. These criminals have continued to use increasingly sophisticated, effective, and malicious methods to fraudulently gain unauthorized access to consumers’ and businesses’ Internet banking accounts.
At Amalgamated Bank, we understand that security measures are a top priority and of utmost importance for Internet banking. We have implemented a significant level of security features to mitigate the risk of fraudulent Internet activity; however, we strongly encourage both our consumer and business customers using Internet banking and cash management services to be aware of current threats to the security of their Internet banking accounts, and to implement internal preventative and monitoring controls to reduce the risk of compromised access and account takeover.
Amalgamated Bank will NEVER request a customer’s personal information (debit card number, account number, social security number, personal identification number, or password) through email or by phone on an unsolicited basis. If you ever receive an unsolicited phone call or email claiming to be from Amalgamated Bank requesting your personal and confidential information, please DO NOT respond. Contact us immediately by calling 800-662-0860. As an additional monitoring control, you should review account statements and online account transaction history to ensure all transactions are correct and authorized.
Fraudsters will commonly use a type of Internet piracy called “phishing.” In a typical phishing case, you'll receive an email that appears to be from Amalgamated Bank. In some cases, the email may appear to come from a government agency or payment network, such as the FDIC or NACHA, respectively. The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to our website. In a phishing scam, you could be redirected to a fictitious website that may look exactly like our site. In other situations, it may be our actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your log-in authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes: your social security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of Identity Theft which can lead to malicious activity such as Internet banking account takeover.
We have implemented strong preventative and monitoring controls within our Internet banking, bill payment, and cash management systems; however, in order to enhance our customers’ internal security, we recommend our customers implement their own controls to mitigate risks. Examples of controls you may want to consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows:
- Refrain from opening unsolicited emails and attachments.
- Refrain from providing authentication credentials to callers claiming to be representing the financial institution, and from responding to emails requesting information or re-directing you to a website.
- Daily account activity monitoring via Internet banking account transaction history review.
- Review and monitor your account statements for unauthorized transactions.
- Safekeeping and confidentiality of Internet banking authentication credentials.
- Maintain up-to-date operating system security patches and have installed updated virus/spyware protection software. Anti-virus and anti-spyware software will help to keep your computer safe from malicious software that could install itself on your computer. Contact your hardware or software supplier for further information.
- Install a firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet using established rules to determine if a requested connection is malicious or not.
- Implement intrusion detection/prevention software or services.
- Prior to disposing, shred all confidential information on hardcopy and on electronic media.
For our business/commercial customers, we also strongly recommend that you perform internal periodic risk assessment and controls evaluations related to the security of your Internet banking/cash management environment. Special attention should be directed to high-risk transactions which involve access to personal financial information or the movement of funds to other parties, such as ACH, wire transfers, and bill payment.
For Personal Banking Customers Only: Amalgamated Bank is required under Regulation E: Electronic Funds Transfers to provide certain protections to our individual customers relative to electronic funds transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through Amalgamated Bank’s Internet banking channels, to either order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include but are not limited to debit card transactions, ACH payments, external transfers, and bill payments. For specific applicability and provisions, please refer to Amalgamated Bank’s Regulation E disclosure in our deposit terms and conditions booklet, which you received when you opened your account with us.
If you notice any suspicious or unauthorized account activity, experience a breach in security of personal information, your log-in credentials or computer security have been compromised, or for more information, please contact one of our support representatives at 800-662-0860.