Online Security

  • Protect Yourself from Data Breaches (9/24/2014)

    Technology is great. Nerds like myself are often early adopters of many technological innovations. However, we nerds must also remain on our toes because with every new advancement comes new ways it can be used against you.

    On a similar note, the helps and hazards of new technology also take the spotlight off of older technology–which leaves you VERY vulnerable. Keep an eye out for my blog on Apple Pay, which is coming soon – it certainly has its pros and cons as far as identity security. But while the focus is on this new modernization, crooks are out there finding ways to rip you off the old fashion way–through debit card systems.

    Target stores were compromised over the holidays, as were Home Depot hardware stores recently. Is nothing sacred? That question is typically hypothetical, yet the answer is an honest and astounding “NO.” So here are a few quick tips to remain vigilant in the wake of the ominous debit card breaches that seem to be lurking at every corner.

    1. Use An App: Many retailers now offer apps that will allow you to pay directly to them, like Cumberland Farms Smart Pay. Some use stored-value cards such as those used by Dunkin’ Donuts and Starbucks. They don’t technically use credit card information at all when paying, so this can reduce your risk.
    2. C.I.D. Never sign the back of your cards. Sounds counterintuitive? How about this: Never leave the back of your cards blank. Huh? Now I must have lost my marbles! Actually both those statements are true. However, you should always write “See I.D. (or C.I.D.)” on the back of your credit and debit cards. Not all retailers ask for identification or even check cards at all, but I have a feeling with the news of the latest hack they might be starting! So a card with a name that matches that on your driver’s license, being used by a person that looks (generally) like the person on the I.D., give or take a few tens of pounds, will always pass a cashier’s “inspection.” If it all doesn’t line up, the crook’s purchase will get the boot.
    3. Gon’ phishin’. Tale as old as time. Offenders put together an elaborate email scheme, designed to look like the email came from a retailer, to obtain personal information. My advice is simple–be wary! Never take anything at face value on the Internet. Even if an email seems credible, go directly to the supposed source of the message to double check its validity before handing out any of your info.
    4. Monitor your account. Keep up with your monthly statements, or even use online banking to check them out much more frequently. Look for any unauthorized charges, big or small. Thieves often start with small amounts to test the waters and find out if you notice the discrepancy. If you do notice something sketchy, do not hesitate to call us or whoever your financial institution may be IMMEDIATELY! The sooner SIS or another institution like us knows about issues such as this, the sooner we can get it resolved for you and keep it from happening to others.

    Furthermore, when any type of breach like this happens, you’ll also want to keep an eye on your credit reports. Crooks like to open accounts in your name and scanning your credit report is a great way to look for invalid credit in your name. Many online sites and the big national credit reporting agencies offer free credit checks. You don’t want to be surprised when you go to apply for a mortgage and the bank tells you that you already have one!

    If you follow the advice above, you are more likely to be safe from these criminal hackers stealing debit card information. However, at the same time, be sure not to get lax and believe that it will never happen to you. Data breaches are serious problems, but they don’t have to be YOUR serious problems. If you ever have any questions, please contact us at 1-888-226-5747.

  • New Phishing Scam — Don’t Take the Bait! (9/23/2014)
    SIS Bank has been notified of a new telephone phishing scam. Frauds are making automated phone calls pretending to be bank representatives in attempt to gain personal information.

    Consumers beware — never give out your personal information over the phone! For confirmation purposes, representatives from SIS will only ask for the last four digits of your social security number — never the entire number. If the caller requires you to give out the whole number, hang up the phone! Also, never give out your SIS PIN (Personal Identification Number). Your PIN is just that — personal! It is for your eyes ONLY!

    Again, if you believe you are being phished, hang up without another word. Please contact SIS immediately if you receive a call from someone claiming they are from SIS Bank, but have asked for any of the red-flag information above. A good rule of thumb is to call us at 1-888-226-5747 if in any doubt whatsoever. For more information about phone scams in general, visit:
  • Multi-Factor Authentication Explained (4/27/2012)
  • Alert — beware of new text message phishing scam! (3/21/2012)
    SIS has been alerted of a text message phishing scam that has gone out to hundreds of people in the Southern Maine area.  Scammers try to obtain debit card information. The message says your ATM or debit card has been de-activated and gives a local phone number to call to re-activate the card.  This is a scam to get your social security, account number and/or pin number. The text of the phone calls vary slightly, what is consistent is they are asking the consumer to enter their entire account number or entire social security number.  NEVER GIVE OUT THIS INFORMATION IN ENTIRETY!  When you receive a telephone call from a legitimate SIS representative, they will ask you for only the last 4 digits of those numbers – they will never ask for the entire number. The other key to avoiding all Phishing Scams is a legitimate source will NEVER, ON ANY CIRCUMSTANCES, ask for a PIN (Personal Identification Number).  This information is for your eyes only. If you believe you have been contacted by a scam artist or need any other information, contact us at 1-888-226-5747.
  • Mobile Banking Security (2/23/2012)
  • Fraudulent and Dangerous Email Alert (11/28/2011)
    A phishing scam has come to our attention. Please be on the lookout for emails claiming to be from the Better Business Bureau. These emails are fraudulent and are an attempt to infect your computer with a virus. The email states that a case has been filed against you. It then instructs you to open an attachment included with the email. This attachment is most likely a virus or another form of malicious software. DO NOT OPEN THIS ATTACHMENT. SIS recommends that you delete this email entirely from your inbox and delete items folder upon receipt. Always be aware of every email you receive and do not open email attachments from someone you are not familiar with, even if it appears to be from a legitimate business or service. Marc Martin Vice President ~ Operations and Security
  • Nerdy Nate Explains Online Banking Login Security (8/22/2011)
  • New FFIEC Guidance on Internet Banking Authentication (7/26/2011)
    What has changed for SIS Customers using Online Banking? Sanford Institution for Savings (SIS) would like to take a moment to review recent Internet Banking rules that have been issued by the Federal Financial Institutions Examination Council (FFIEC). The FFIEC is a collection of the regulatory agencies that govern banks. SIS is governed by the FDIC. On June 28, the FFIEC sent guidance to all financial institutions regarding how we currently protect your information while using SIS Online Banking services. As you know, SIS takes the security of your information very seriously, and has complied with all regulations and guidance provided by the FFIEC. SIS will continue to comply with this guidance and examine the best practices available to protect your information while using SIS online services. Currently, SIS employs a combination of a secure browser connection, customer number, password, and our enhanced login security system. We recently added the ability for you to use email, voice and text to receive a one-time passcode needed when we do not recognize your computer. We do realize that having to use a one-time passcode is inconvenient at times. Please be assured that SIS will research other options to make this more convenient. However, at this time, using a one-time passcode is considered the best practice in authenticating you as a user when you login into SIS Online Banking. This method is also compliant with the FFIEC guidance issued to SIS. We are also working with our Online Banking provider on other security efforts in response to the FFIEC guidance.
    • Enhanced Device Identification – We will enhance the security of the multifactor authentication enrollment cookie, where it is in use, by adding device fingerprinting. This means that if the cookie is present on a system whose device fingerprint differs from what is on record, the cookie will not be honored and an additional authentication step will be required.
    • Removal of Challenge Questions – In the near future, we will no longer allow the use of a Challenge Question to authenticate you. Instead you will need to use one of the three passcode methods available; text, voice call and email.
    • Web Fraud Detection, Behavior Monitoring – We are evaluating different options to monitor your online access for fraud. Once we have a solution in place, we will notify you on how it might affect you as a user.
    • Malware Prevention & Detection – We are evaluating different options to monitor the use of malware to “hack” your online access. Once we have a solution in place, we will notify you on how it might affect you as a user.
    SIS remains committed to providing you with the best and most secure Online Banking experience possible. With the ever-changing landscape of online fraud, this is proving to be more difficult every day. We are confident that with your help and some hard work on our side, we can achieve our goal. If you have any questions, please contact the Electronic Banking department at 1-888-226-5747 or email
  • What Does SIS Do to Protect My Online Account? (7/7/2011)
  • Is It Safe to Bank Online? (6/16/2011)

    nerdynate-video-icon As a community focused financial institution, we have a strong policy when it comes to your privacy and security ( In addition, when doing business online it is important to be aware of any and all safety issues that could affect you. Nerdy Nate asks that you please read these timely and practical tips published by the US News & World Report.

  • Fraudulent Emails Claiming to be from NACHA (4/5/2011)

    See message from NACHA regarding fraudulent email:

    Further to notices issued on March 11 and February 22, 2011, NACHA – The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain ( Some bear the name of fictitious NACHA employees and/or departments.

    NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

    Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
    If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

    Always use anti-virus software and ensure that the virus signatures are automatically updated.

    Ensure that the computer operating systems and common software application security patches are installed and current.

    Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).