Security with MAX Online Banking
Protecting your account information online is a top priority at MAX. Whether you access your account information from a browser or with your phone, MAX Online Banking has several security measures in place that help safeguard your accounts from online theft.1. Multi-factor authentication – All MAX Online Banking users are required to create a unique username and password to conceal any account sensitive information. During the initial login at each new computer and or when cookies have been removed, you will be required to complete the First-Time User Enrollment process where you will verify your identity through the use of a secure access code. Only after the secure access code has been successfully entered will you be able to access your accounts online.
2. Your MAX Online Banking access will be locked out after three unsuccessful attempts to enter an invalid username or password.
3. MAX's utilizes 128-bit encryption technology and firewall protection for MAX Online Banking and the MAX Mobile Banking App.
4. Extended Validation (EV) SSL certificate use.
5. MAX's automatic sign-off feature ensures that your MAX Online Banking session temporarily logs you out of account after 10 minutes of inactivity. Your password is required to re-open the session. After 20 minutes of inactivity, the MAX Online Banking session is completely logged out; this requires you to enter your username and password. The same procedures are used for the MAX Mobile Banking apps too!
6. MAX Text Banking is also secure; text messages will never contain confidential information about you or your accounts. Messages will never contain full account numbers.
7. MAX Online Banking and MAX Mobile Banking App uses account masking. Account numbers are truncated to only display the last four digits with the MAX App; all digits are truncated when logging into MAX Online Banking.
Security Best PracticesIn addition to the security protection MAX has enabled on your behalf, there are several best practices that you and your family members can put into place while banking online and surfing the web in general.
1. Keep your password a secret – don't share your password or write it down. Plus, don't use obvious passwords like birthdates, first names, addresses, etc. that other people may know.
2. Update your password on a regular basis and use a combination of letters, numbers and symbols for your password.
3. Avoid using public computers to log in to your account and only use computers that you trust.
4. Never choose the "Remember your password" option.
5. Log out of your account instead of clicking the "X" at the top of your browser screen. Logging out ensures that your MAX Online Banking session has ended.
6. Log off of the internet and lock your computer when it is not in use.
7. Avoid suspicious and non-trustworthy sites. Such sites may house malicious software that has the potential to infect your computer.
8. Never click on links in suspicious emails or send personal information over non-secure email. Never reply to or click links that ask you for personal information.
Below, you'll find helpful resources to keep you and your family aware of many safeguards that are available to help navigate the internet as safely as possible.
- Visit the Internet Education Foundation's website www.GetNetWise.org for additional information such as how to protect your PC from spyware, and much more.
- The Federal Trade Commission and the Department of Homeland Security have partnered to provide another helpful website www.OnGuardOnline.gov with these and even more educational resources, including tips on safe online shopping, and how to prevent identity theft.
Smartphone & Mobile Device Security
Smartphones, tablets, and other mobile devices continue to grow in popularity and are now as powerful and functional as many computers. It is important to protect your smartphone just like you protect your computer as mobile cybersecurity threats are growing. These mobile security tips can help you reduce the risk of exposure to mobile security threats:
1. Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN) on your phone’s home screen as a first line of defense in case your phone is lost or stolen. When possible, use a different password for each of your important log-ins (email, banking, personal sites, etc.). You should configure your phone to automatically lock after three minutes or less when your phone is idle, as well as use the SIM password capability available on most smartphones.
2. Do not modify your smartphone’s security settings. Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
3. Backup and secure your data. You should backup all of the data stored on your phone – such as your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased.
4. Only install apps from trusted sources. Before downloading an app, conduct research to ensure the app is legitimate. Checking the legitimacy of an app may include such thing as: checking reviews, confirming the legitimacy of the app store, and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents. There are also apps that warn you if any security risks exist on your phone.
5. Understand app permissions before accepting them. You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone. Make sure to also check the privacy settings for each app before installing.
6. Install security apps that enable remote location and wiping. An important security feature widely available on smartphones, either by default or as an app, is the ability to remotely locate and erase all of the data stored on your phone, even if the phone’s GPS is off. In the case that you misplace your phone, some applications can activate a loud alarm, even if your phone is on silent. These apps can also help you locate and recover your phone when lost. Visit CTIA for a full list of anti-theft protection apps.
7. Accept updates and patches to your smartphone’s software. You should keep your phone’s operating system software up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.
8. Be smart on open Wi-Fi networks. When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.
9. Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings. Then, donate, resell, recycle, or otherwise properly dispose of your phone.
10. Report a stolen smartphone. The major wireless service providers, in coordination with the FCC, have established a stolen phone database. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider. This will provide notice to all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.
For more information and resources on mobile and cybersecurity, visit www.fcc.gov and check out their Smartphone Security Checker. You can also visit the Department of Homeland Security’s Stop.Think.Connect.™ Campaign.
Beware of FraudFraudsters obtain your phone number or email from public records and marketing list vendors who sell phone, email and address lists to companies like retailers, telemarketers, political campaigns and credit card companies so they can call you or send you solicitations. Even people who are not MAX members receive these calls from fraudsters because the scammers get lists of local phone numbers, knowing that there are a lot of MAX members in our area. The fraudsters then use these lists to contact you by email, phone, or text message to try to trick you into thinking there's a problem with your account. If you dial or text the number and give them your account information, the fraudster can use your account for purchases. MAX will NEVER release your name, phone numbers, or any other information to marketing list services for any reason.
Please immediately report any suspicious phone call, text message, or email inquiry about your MAX accounts to a MAX associate at ScamAlerts@myMAX.com. If you are contacting us about a suspicious email, please forward the email to us.
- If you have given your account information in response to one of these inquiries, immediately contact MAX by phone at 1-800-776-6776. Remember, MAX will never ask you for your account information, such as your credit card number, debit card number, or personal identification number (PIN) by email or phone. If you are unsure if a phone call or email is fraudulent, please don’t take a chance. Just hang up the phone or forward the email to MAX for verification.
- Your local police department or sheriff (if you are outside of city limits) to report the call so that an official record is made of the incident in case your account information is compromised.
- You may also contact the Attorney General's Consumer Protection Division at 1-800-392-5658, or visit the AG's website at www.ago.state.al.us.
Other Helpful Resources
FTC Identity Theft Resources
Identity Theft 911
Fraudsters continuously attempt new ways to obtain your personal account information. First came phishing scams that use fraudulent emails as bait. Then came vishing scams (voice phishing) that call and request personal account information. Now, the latest trick of the fraudster trade is smishing (short message phishing) via text messages to your cell phone.
Regardless of the way fraudsters contact you, they all have the same end-goal in mind: to obtain your account or other personal information and use it to make purchases. Remember, your financial institution will never phone, email or text you to find out your account information.
How these scams typically work:
Fraudsters obtain your phone number or email from public records and marketing list vendors who sell phone, email and address lists to companies like retailers, tele-marketers, political campaigns and credit card companies so they can call you or send you solicitations.
The fraudsters then use these lists to contact you by email, phone or text message to try to trick you into thinking there's a problem with your account. If you dial or text the number and give them your account information, the fraudster can use your account for purchases. MAX will NEVER release your name, phone numbers or any other information to marketing lists services for any reason. Never.
HOW TO AVOID BECOMING A SCAM VICTIM
1. Hang up the phone if you receive a call from someone (normally a recorded voice) who asks you to confirm your credit card number or any other account information. If you are concerned whether or not a call was legitimate, you can contact MAX to see if we placed the call.
2. Be suspicious of any call that asks you for personal account information, regardless of whether or not the phone number that appears on your caller I.D. seems legitimate.
3. Hang up the phone if you receive a call from someone who knows your credit card number but asks you for the three-digit code found on the back of your card. MAX, or any other financial institution, will never ask you for this information.
4. Delete and do not respond to any email, text message or voice mail that asks you to call a toll-free number to confirm your account information. Also, never respond to an unsolicited text message; doing so lets a fraudster know that he/she has indeed reached a working number. Also, do not click on links, photos, or videos in emails or texts from unknown sources.
How did the fraudster get my phone number or email address?
Fraudsters can access public phone records and purchase telephone lists and will tend to target certain area codes.
If fraudsters have my phone number or email address, do they also have my account information?
No. The goal of the phone call, email, or text is for you to give the fraudsters the account/personal information they need to steal from you. That is why it is important to never respond to these inquiries.
How do fraudsters know where I have an account?
They don't. The inquiries coming from phone calls, text messages, and emails are sent to a wide range of people in a certain area. The fraudsters assume that by doing so, they will reach a good number of actual customers/members of certain financial institutions.
How can I keep from receiving text message scams?
Contact your cell phone provider and find out how to avoid receiving spam texts. Your cell phone provider can add spam filters to your account.
Immediately contact your financial institution. If you have given your personal information, you will also need to contact your local police department and the Attorney General's Consumer Protection Division at 1.800.392.3568.