Personal Online Banking & Bill Pay

People do everything online these days — including banking. Luckily, managing your accounts online is easier than ever. Just log in to view account balances, transfer funds, sign up for eStatements, and more.

Use Bill Pay to save time and money. It's simple to set up recurring payments and reminders, so you can avoid paying another late payment fee. Sign up today!

Summary
Online Banking Security

Online Banking Fraud – What's it all about?

Whenever you access the Internet through a PC or a mobile device, you run the risk of exposing yourself to online scams or unauthorized downloads. Online fraud schemes attempt to obtain confidential information -- including passwords, personal ID numbers and account numbers -- and use it to access your accounts, transfer money, or commit other fraudulent acts. The primary methods of online fraud are social engineering, malware, and a combination of both.

Social engineering is someone impersonating a trustworthy entity, in an electronic communication, to manipulate you into performing actions or divulging confidential information. An email ("phishing") or text message ("smishing") appears to be from a legitimate company, bank, or government agency. It typically warns you of a potential problem with your account and requests that you follow a link and provide personal or account information to update your account. You should not reply to these emails, open any attachments, or follow any of the links provided. If you believe an email is legitimate, you should contact the company using the contact information or URL provided in a printed statement.

Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your internet browser, or display fake websites, all in an effort to impersonate you in online banking transactions. "Pharming" is a type of fraud that involves redirection from a legitimate site to a site that appears to be legitimate, but has been created by fraudsters in an attempt to gain your personal or account information. Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.

Online Banking Security – What Community 1st Does to Protect You!

Individual Username and Password

When you sign up for Online Banking, you create your own username and password to access your accounts. You should not share your username or password with anyone. And, once signed-up for Online Banking, you can change your username and password anytime. In fact, for your protection, our system will prompt you to change your password every 180 days.

Encryption

Encryption is the scrambling of data to make it unreadable to anyone who does not have the key to decipher it. The information you enter when signing-up, or signing-on, to Online Banking is encrypted during transmission. All Online Banking access and Bill Pay sessions are encrypted. Here's how you can tell:

  • Any web address beginning with "https://..." indicates the page you are viewing uses encryption. The "s" stands for "secured."
  • To determine if encryption is being used on any web page you are viewing look for a "closed lock" icon in the lower right-hand corner (Microsoft Internet Explorer) or in the right end of the address bar (Firefox 2) or in the top right corner (Safari) of your browser.

Firewall

Our computer systems are protected 24/7 by a powerful firewall that blocks unauthorized entry.

Timed "Log-Off"

The Online Banking system will automatically timeout and log you off after 20 minutes of inactivity.

Monitoring

Our Operations Team monitors access and activity in the Online Banking system daily. We look for anything that may appear unusual or suspicious. If we see something that doesn't look right, we may restrict online access to accounts or prevent certain types of transactions until we can verify with you that the activity is legitimate. These measures safeguard your identity and your accounts. You should monitor your account, too, for any unauthorized transactions.

We're here for you!

If you see something that looks suspicious in your account activity, you should contact us immediately. Promptly report any incident of unauthorized account access or use.

Anytime you have questions or concerns about your Online Banking account or transactions, you can send us a secure message using our Online Form. Or call us at: 916-724-2424 or 530-863-4800, Monday through Friday, 9:00am to 5:00pm.

If we need to reach you, we may send you a secure message through the Online Banking system, or send you an email, or call you by phone, BUT we will NEVER send you a text message or e-mail requesting that you text us, link to a website, or call us to provide your personal information such as your Social Security Number, Credit Card Number, Online Banking ID, Passwords, PINs or birth date.

These are scams from criminals – don't be fooled!

If you receive an email or phone call that requests this type of sensitive information, you should be suspicious of it. We strongly recommend that you do not share your confidential account information with anyone, under any circumstances.

Claims for Unauthorized Activity

Under federal law, Regulation E (Electronic Fund Transfer Act) provides certain protections to consumer customers when there is unauthorized account activity initiated electronically (including online) in a consumer's checking, savings, or other asset account used primarily for personal, family, or household purposes.

All of the protections and requirements of Regulation E are incorporated into our Electronic Fund Transfers disclosure and apply to the consumer accounts covered by our Internet Banking Agreement. Regulation E does not apply to business-purpose accounts.

In the unlikely event that someone you have not authorized removes funds from your consumer account using Online Banking services, you must follow the steps outlined in the Electronic Fund Transfers disclosure to file a claim for return of the funds.

Fraud Prevention Tips – What YOU can do to Protect Yourself!

We constantly reassess the risks to internet banking and evaluate the protective controls in our systems and procedures. As you use Online Banking services for your personal or business banking, we suggest you do the same. Here are some things you can do to take control of your own security.

Tips on Your Username and Password

  • Create a "strong" password with at least 8 characters that include a combination of mixed case letters, numbers, and special characters.
  • Do not use your social security number or account number as any part of your username or password.
  • When creating account nicknames or other titles, do not use account numbers, your social security number, or other account or personal information.
  • Do not use your Online Banking username and password as credentials for other online accounts.
  • Change your password frequently.
  • Never share username or password information with anyone else.
  • Avoid using an automatic login feature that saves usernames and passwords.

Tips to Protect Account Data and Online Payments

  • Do not use public or other unsecured computers for logging into Online Banking.
  • Never leave a computer unattended while using Online Banking.
  • Never conduct banking transactions while multiple browsers are open on your computer.
  • Check your last login date/time every time you log in.
  • When you have completed a transaction, ensure you log off to close the connection with the Bank's computer.
  • Review account activity and balances regularly (preferably daily) and immediately report to us any suspicious transactions or transfers.
  • Whenever possible, use online Bill Pay instead of paper checks to limit the distribution of your account number and to gain better electronic record keeping.

Tips to Avoid Phishing, Spyware and Malware

  • Do not open e-mail from unknown sources. Be suspicious of e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials such as usernames, passwords, PIN codes, and similar information.
  • Opening file attachments or clicking on web links in suspicious e-mails could expose your system to malicious code that could hijack your computer.
  • Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail. Call the purported source if you are unsure who sent an email.
  • If an e-mail claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Install a personal firewall on your computer.
  • Install and run anti-virus and spyware detection software on your computer. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update your computer regularly with the latest versions and patches of the operating system, anti-virus and anti-spyware software as recommended by the software vendor.
  • Before downloading an update to your computer program, first go to the vendor's website to confirm the update is legitimate.
  • Check your computer settings and select, at least, a medium level of security for your web browsers.
  • Clear the browser cache before starting an online banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared depends on the browser and version you are using. This function is generally found in the browser's preferences menu.
  • Turn your computer off completely when you are finished using it – don't leave it in sleep mode.
  • Conduct online banking activities on secure computers only. Public computers (computers at internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Online banking activities and viewing or downloading documents (statements, etc.) should only be conducted on a computer you know to be safe and secure.

Login Authentication FAQs

Overview

Device Profiling reviews a wide range of details about the login transaction including the device, the connection, and the customer's past use of these device attributes.

The device information is a collection of facts from a user's machine. The device information that is collected helps to uniquely identify a user's device. These facts feed into the risk engine and help identify a fraudulent login attempt. Based on this assessment, most customers will be able to proceed to the Password entry page. However, if the device is not recognized, or if your system (i.e. browser, ip address) have been updated, an additional layer of authentication will be required to login.

The system creates a globally-unique device ID for each device that accesses online banking. From then on, the device ID is used to identify the device together with a variety of additional methods to verify that identification.

Those additional methods are:

  • Device forensics – the detailed hardware and software characteristics, or device print, of each computer.
  • Network forensics – the IP address, subnet, ownership, and geographic location of the network connection the device is using.

The risk engine maintains a history (profile) of the devices used by each user: The profile includes the first and last date they were seeing together, what level of authentication was achieved on this device-user combination, the number of times this combination has appeared, and more.

When a user logs in or performs a certain activity the risk engine will match the device information received in this activity against its profile of recently used device attributes on the user's profile.

To summarize, when the Login goes through Device Profiling, it is evaluated for risk factors. The primary risk factor is: "have we seen this user with this device before". Some combinations of changes, although subtle, are also signs of attempts to mimic the customer's login patterns. While this might be frustrating to the end-customers, we need to ask for an additional security check when it looks like this might be a cyber-fraud attempt.

Why did I have to go through the additional authentication process? (Why did I get stepped up?)

A: Most common reason would be this is a new device profile identified for the user or there has not been enough consistent use of the Device to confirm the correlation.

Because the Device Profiling looks at many factors together, as well as a system cookie and a Flash Object from a prior session, there are some instances where changes to a combination of factors would trigger a risk score that requires additional authentication.

Examples Include:

  • Clearing Cookies + a Browser Setting Change or a different web browser (Internet Explorer to Fire Fox)
  • Many devices used by a single user in a short period of time
  • Multiple people using the same device can trigger a risk profile
  • A Browser Update, Cleared Flash Object, Dates Out-of-Synch

These situations are difficult to pinpoint and difficult to explain but essential to appropriate assessment of risk. As a result, please follow the step up instructions to provide additional authentication so the system can learn this profile is safe and you can access the system from this profile in the future.

What if I am a Tech-Savvy user who is frustrated by repeated requests to go through a step-up process? Are there adjustments I can make to my PC to make it work better?

A: There are some settings in a PC that make a Device Profile work more effectively. Essentially these settings will expose more of the PC Profile to the Device Review to make it easier for the system to tell the legitimate customer from a fraud attempt.

If a user continues to get stepped up over and over, we have found that sometimes users' browsers don't encrypt the Device ID correctly and therefore cannot be recognized as a previously used Device.

Here are some hints we have found helpful in resolving user side issues that prevent devices from properly registering and resulting in users being stepped on every login:

  • Clear cookies but do not check "preserve favorite sites" in Internet Explorer. (NOTE: this should be done once to give user a clean slate for registration to adhere, it should not be done frequently as this can cause step up to take place. See item # 6)
  • Add the bank site and online banking to trusted sites list in your browser setting
  • Delete any Flash cookies for the bank and online banking website (this can be done at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html and scroll through the list to find the bank website, highlight and click delete website)
  • Confirm that user is using a supported browser. If they are, attempt with a different supported browser. The list of compatible browsers is outlined below.
  • Confirm you are not accessing with network/router/VPN device - if they are, they need to try without that device in place. These types of devices will cause step up to take place if users cannot avoid using them they will be stepped-up.
  • Make sure that the users do not have any settings/programs in place that will clear cookies automatically upon leaving browser, leaving page, shutting down computer or on a daily run that cleans computer. This will potentially cause the users to be stepped up each time they login.
  • Make sure that that following settings are set on their device:
  • Third-Party Cookies should be allowed
  • JavaScript enabled
  • Flash available

Additionally some browser software/plug-ins stops items from loading and can limit our ability to recognize their system.

What if I log in from different locations and I am frustrated that I have to go through Out-of-Band authentication frequently. What can I do?

A: Our security system is designed to detect anomalies in behavior that are possible indicators of fraud. In this case, multiple logins from different devices and some masked devices for the User ID have been observed so the system is looking for additional assurances that this is not a fraudulent login. If you feel you are being asked for additional authentication too frequently, there are a few things you can try to help the system recognize them.

Does the user use 3rd party aggregators that login with their credentials for updates? If they have set up multiple aggregators who log in regularly, the multiple logins from different places could look similar to a fraud attempt. Review which aggregators you use and how frequently the updates occur.

Please assure the customer that the system is designed to recognize legitimate logins and ask for additional authentication when behavior or Device Profiles look suspicious. The system is more secure for everyone if we can tell the good guys from the bad guys at login.

What operating systems will work with online banking?


Operating SystemsMicrosoft Internet ExplorerApple Inc. SafariGoogle ChromeMozilla Firefox
Windows XP*8.0 - 9.0N/A25.0 - 26.019.0 - 20.0
Windows Vista8.0 - 9.0N/A25.0 - 26.019.0 - 20.0
Windows 78.0 - 9.0N/A25.0 - 26.019.0 - 20.0
Windows 810.0N/A25.0 - 26.021.0
Mac OSX 10.7.4 "Lion"N/A5.1 - 6.025.0 - 26.019.0 - 20.0
iPad 3N/A6.0N/AN/A
Galaxy 10.1N/AN/AN/A20.0

*Microsoft has announced they will discontinue support of Window XP on April 8, 2014.