Not securing your own computer, or not updating it properly, can be a recipe for disaster.

We encourage you to implement several security tips when you use our Online Banking services:

  1. Always access your online banking account on the homepage. Never click on a link sent to you in an email.
  2. Never give out your personal information through an email or over the phone. RSI Bank will never request that information in this manner.
  3. Choose your User ID and password carefully – They should not be easy for others to guess (like your name or birthday, or your children's names and birthdays). Make sure to change your passwords on a regular basis.
  4. Use a combination of letters, numbers, and symbols when creating a password.
  5. Never reveal your password to anyone; never leave your password in a place where someone else can obtain and use it.
  6. Make sure you have a firewall in place when conducting your financial transactions.
  7. Log out completely - Do not simply close your browser or use the back button to exit the site. Use the Exit button to end each Online Banking session and then close your browser.
  8. Never leave an open session unattended. Your online banking session should be your only open internet window or tab.
  9. Change your session timeout in User Options to a time that meets your needs.
  10. Install an antivirus app on both your personal computer and your mobile device and keep it updated.
  11. Always keep your computer and/or smartphone up to date.
  12. Never access your Online Banking account from a public or shared computer.
  13. Avoid installing Android apps from third-party websites or unreliable sources.
  14. Read the permissions requested by every application before installing.
  15. Perform regular backups of data stores on your smartphone.
  16. Protect devices with passwords.
  17. Don't view or share personal information over a public Wi-Fi network.
  18. Balance your account and statements on a regular basis. Online Banking makes it easy!

RSI Bank strongly encourages our commercial customers to perform their own risk assessments and controls evaluations.

  • Make a list of the risks related to online transactions that your business faces including: passwords being written down and left out in the open; the use of old or inadequate passwords; the possibility of internal fraud or theft; delays in terminating the rights of former employees; the lack of dual control or other checks and balances over individual access to online transaction capabilities.

  • An evaluation of controls your business uses may include: Using password protected software to house passwords in; conducting employee background checks; initiating a policy and process to terminate access to former employees; segregating duties among two or more people so no one person has too much access or control; conducting internal or third party audits of controls; using firewalls to protect from outside intrusion or hackers.

February 16, 2022Social engineering

Protect yourself against P2P cyber scams

It’s not uncommon for cybercriminals to use digital payments, such as P2P transfers, to steal money from online banking accounts. Anyone who uses technology, such as online banking, can be targeted by a cybercriminal. It pays to protect yourself by understanding how these cyber scams work.

What is a P2P transfer?

Peer-to-peer payments (also known as P2P transfers) are electronic money transfers usually made between individuals. P2P transfers allow users to send money to another person through a linked bank account, credit card or debit card. P2P transfers may be made through mobile apps or through services provided in online banking.

How do P2P scams typically work?

A common goal of these scams is to steal money from bank accounts. The scammers accomplish this by tricking a target into revealing their online banking credentials. Many of these schemes begin with a spoofed text message (a phishing text that appears to be legitimate) aimed at a target. The fake text message appears to come from the target’s bank as a warning about a suspicious payment.
Anyone who responds will soon receive a spoofed telephone call from a scammer pretending to be a representative of the target’s bank. During the call, the scammer will ask the target for their online banking username to “authenticate” them. In the background, however, the cybercriminal is resetting the target’s password on the bank’s website to gain access to their accounts.
If multi-factor authentication is enabled, the scammer will typically say something like “I’m going to send you a passcode. Please read it back to me once you get it.” When the code is provided, the scammer uses it to access the victim’s online banking account.
Once the victim’s online banking account has been compromised, the scammer will use the P2P transfer service within online banking to send money to fraudulent accounts under their control. Some P2P services have authentication protection in place to deter fraud, but cybercriminals use the same tactics mentioned above to trick the victim into approving the transaction. Unfortunately, once the transfer has taken place, it may be difficult or impossible to get the money back.

To protect yourself and your money, remember:

  1. Banks will NEVER call you directly and ask for sensitive information, such as your online banking username, password, or verification code. If you receive any such calls, it is best to hang up and call your bank using a known phone number.

  2. If you are a victim of this scam, or if you notice any unusual activity in your account, call the bank right away to report it.

  3. It is important to immediately change your online banking password to prevent further unauthorized access. Using a strong password that combines uppercase and lowercase letters, numbers, and symbols also makes it more difficult for cybercriminals to guess your password or passcode.