This section of our website explains our general policy regarding any personal information you might supply to us when you visit this site. Our goal is to protect your information on the Internet in the same manner we protect it in Flushing Bank branches, at ATMs, and on the phone.
You can visit the Flushing Bank website and obtain information about our products and services, view our corporate reports, check on career opportunities, find branch locations, or get news updates and other value-added services without providing any information about yourself.
When you download and use our mobile banking apps, the following permissions on your device pertaining to the collection and use of information may be required:
|CAMERA||Allows access to the device’s camera||Mobile Remote Deposit|
|LOCATION||Allows access to location||Maps|
|ACCESS TO EXTERNAL STORAGE||Allows access to files/media on the device||Secure Message Attachments|
|CONTACT LIST||Allows access to contacts on the device||Person-to-Person Payments Recipient List|
|AUDIO||Allows access to the device’s microphone||Chat|
|PHONE STATE||Allows access to information about the user’s device for device identification||Malware/Anti-Phishing|
|DOCUMENTS AND IMAGES||Allows access to for the collection, processing, and retention of documents and images||Statements and check images|
|ZELLE®||Allows access to email addresses and phone numbers||Transfer money between you and others who are enrolled directly with Zelle® or enrolled with another financial institution that partners with Zelle®|
Online Banking System Security
At Flushing Bank, we understand the importance of online security and the need for various types of safety measures. We take many daily precautions to successfully protect the security of your accounts and transactions, including using some of the most up to date Internet Banking security methods and programs..
Security concerns have been addressed from several angles within the architecture of the Internet Banking application. Implementation of the Secure Sockets Layer security protocol on the Web server and customer browser helps ensure authenticated data has been received from the customer. The three-tiered approach of the Internet Banking application creates a double firewall which performs information requests over dedicated networks designed to handle specific functions. Placing all business logic and event logging within the Internet Banking server creates a controlled environment which allows quick incorporation of Internet security technologies as they evolve. Finally, a security analyzer monitors login attempts to prevent unauthorized logins.
However, it is also up to you, our customer, who must participate in creating a secure environment to protect your online banking accounts from unauthorized access and fraudulent activity.
Best Practices for Online and PC Security
By following these simple steps, you can contribute to a safe online banking experience.
- Monitor account activity on a periodic basis. Immediately report suspicious transactions or if your information has been compromised by contacting us at 800-581-2889.
a. e-mail and text alerts can be scheduled to notify you of your current account balance, changes to your account balance, paid checks, and more.
- Never share logins, passwords, or any other information that allows secure access to your online banking system. Do not leave them in an area that is not secure.
- Use different logins and passwords for each online banking system. Your password should be easy to remember and difficult to guess. We recommend using best practices for strong passwords that include uppercase and lowercase letters, numbers, and special characters. Periodically change passwords several times a year.
a. Avoid using passwords such as birthdays, family names, and pet names.
b. Do not store a list of passwords on the computer or keep them near your computer.
- Never access websites for online banking from a public computer at an Internet café, hotel, library, etc. and do not use public wireless access points or non-secure wireless networks.
- Obtain and install commercial anti-virus, anti-malware, and anti-spyware software, and consider installation of a managed firewall. Free software may not provide the level of protection required against the latest security threats. Keep all security software updated to the latest releases. In many cases the software can be configured to automatically update. Visit our Customer Resources page on www.FlushingBank.com for several vendors who provide security software solutions.
- Keep your computer updated with the latest operating system patches and updates for all software applications. This includes the operating system, browser software, and software programs such as Real Player, iTunes, and Microsoft Office. Most of the programs can be set to automatically update.
- To prevent the inadvertent installation of malware, spyware, or viruses do not navigate the web when you are using an identity that has Administrative rights. Set up a separate identity for web browsing that does not have Administrative rights, and only use the Administrative rights identity when operating off of the web.
- Be aware of pop-ups that prompt you to install software. A common scam is a message that warns of a virus installed on your computer and imitates running a virus scan. Never click OK to the popup that states software needs to be installed to remove the virus. Clicking OK will install malware, spyware, and/or a virus on your computer.
- If possible, dedicate a computer to perform online banking transactions and do not use it for any other online purpose (ex: reading e-mail, web browsing, accessing social media sites).
- Clear the Internet browser’s cache before and after visiting online banking websites to avoid having malware installed on your computer.
- Perform updates to installed software by visiting the official website instead of clicking a link contained in an e-mail or web page. For example, if a media player needs to be updated, go to the official media player website to install the update. Clicking on a fake update installation link could result in downloading malware onto the computer.
- If you are on a site that asks for personal information or login information, check for the following on the web page:
a. Check that the online banking system session is secure by verifying the web address contains “https://” and not “http://”. This ensures the site is secure.
b. Look for a closed lock either by the address bar or in the bottom frame of your browser. If the lock is missing the page is not encrypted and your information can be intercepted as it passes across the Internet.
- Type the address of the page you are browsing to in the address bar instead of clicking on a link. Links can be spoofed to look valid but may take you to a fraudulent site without your knowledge. Favorites can also be compromised and altered to take you to a fraudulent site.
- Do not use automatic login features for online banking and best practices advise to avoid saving passwords to the computer.
- Never leave a computer unattended when using an online banking service, and always secure the computer when not in use or away.
- Never send personal or sensitive information by e-mail or post on any external websites such as social media sites.
- Do not click on links or open attachments contained in suspicious emails.
- Immediately report suspicious or fraudulent activity or if your information has been compromised by contacting us at 800-581-2889.
Cash Management Services - SureKey Authentication
In addition to the above best practices, clients enrolled in our Cash Manager Direct service can request an additional layer of security at login. SureKey is an out-of-band authentication that requires the user to receive a security code via email or text and a personal code to successfully log in.
Email and Text Scams
Email scams, also known as “phishing”, typically appear to have been sent by a legitimate source. The e-mail asks the Internet Banking user to update their personal information, confirm their account status, or try a new online banking feature. An embedded link within the e-mail sends them to a fraudulent website that often looks similar to an actual online banking site. In addition to other sensitive data, users are asked to enter account username and password under the pretense of verifying their identity. Unfortunately, this information can then be used to gain access to real accounts online.
For years, scammers have tried to trick people using phony e-mails, asking them to click to websites that "spoofed" authentic websites for banks and credit card companies, eBay and major retailers, even the IRS. Most recently, text messaging scams, called “smishing”, have begun to appear. Smishing is when identity thieves send fraudulent text messages to a mobile phone, pretending to be from a financial institution asking the user to call a number. Those who call are asked to key in their credit card number, ATM number, social security number, and/or their personal identification number (PIN).
- Be suspicious of e-mail or text messages purporting to be from a financial institution, government agency, or other source requesting any of your banking information.
- Never reply to the sender with account or login information.
- It is strongly advised against clicking on links or opening attachments in these types of e-mails. Doing so could result in your system being compromised. Instead, contact the sender using publicly available contact information to verify the authenticity of the e-mail
- Never reply to or follow any of the instructions in an e-mail or text message that requests your personal information.
- Never provide personal information including, but not limited to, Social Security Number, account or credit card numbers and personal identification numbers (PIN) over the phone, via the Internet, email or by text message unless you have initiated the transaction.
- Always access online banking websites by typing the URL in the address bar instead of clicking on links in an e-mail or another website.
- Always review the sender’s e-mail address or text message to verify that it is from a valid account or source. If they appear suspicious in any way, notify Flushing Bank or the legitimate source company immediately.
- Always leave any suspicious website if you suspect that it is not legitimate.
Like ‘phishing’ and other email or text scams, Social Engineering involves scamming or tricking people into breaking their normal security procedures to obtain information, commit fraud, or gain access to the victim’s computer system. These Social Engineers attempt to obtain information by gaining the confidence of an authorized user and getting them to reveal information that compromises the network's security. The Social Engineer relies on the natural helpfulness and weaknesses of people. They may call the authorized employee with an urgent problem that requires immediate network access.
A Social Engineer will use tactics to persuade people to run malware-laden email attachments and convince people to divulge sensitive information. These malicious engineers rely on people who are not aware of the value of the information and are careless about protecting it. Eavesdropping, shoulder surfing, and dumpster diving are other tactics used in Social Engineering.
FOR CALIFORNIA CONSUMERS
We do not collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”) covered by the CCPA.
Personal Information collected, processed, sold, or disclosed, as permitted, pursuant to the federal Gramm-Leach-Bliley Act and its implementing regulations is not considered Personal Information by the CCPA.
800.581.2889 (855.540.2274 TTY/TDD)
Flushing Bank and legitimate companies or financial institutions will NEVER make an unsolicited contact requesting your username, password, or other account information. It is important that all Internet banking users be aware of such types of fraud.
You can report suspicious e-mails, text messages or any other suspicious activity or requests to your financial institution and the Internet Crime Complaint Center (www.ic3.gov),Opens a new window a partnership between the FBI and National White Collar Crime Center.
For more information, visit the following websites: Federal Deposit Insurance Corporation, the Anti-Phishing Working Group, the National Consumers League, the OCC Consumer Protection News and the OCC Consumer Complaints and Assistance.