Customer Awareness Program

SouthFirst Bank’s Commitment to Security

Each year more and more Americans have their identity stolen and the staff and management at SouthFirst Bank want to give you the information you need to help protect yourself against ID theft and other fraudulent activity.

While we cannot guarantee that your ID will never be stolen we will NEVER request personal information by e-mail, phone call or text messaging. This includes account numbers, passwords, personal identification information or any other confidential customer information.

Fraudulant e-mails may be designed to appear as though they are originated by SouthFirst Bank. You should never respond to any e-mail communications which request any type of personal or confidential information and you should never go to any links that may be listed in that e-mail. This type of communication will never be originated by SouthFirst Bank. Never give out any information that the Bank already has to a caller, texter or e-mail sender. If you contact us we may verify the last 4 digits of your SSN to confirm your identity but we will never contact you and ask for confidential information such as your debit card number or your full SSN. If we need to contact you, it will always be in a manner that protects your personal, confidential information and we will clearly identify ourselves.

One of SouthFirst Bank’s top priorities is to safeguard your confidential information and we will work diligently to do so. We will work with the local regulatory and law enforcement departments to be certain any type of illegal activity is stopped as soon as possible.

You should immediately report any suspicious e-mails or websites to SouthFirst Bank by forwarding the message to SFBwebmonitor@southfirst.com, If you suspect identity theft or have any questions regarding this notice please contact the Compliance Officer at SouthFirst Bank by calling (256)245-4365 or (800)239-1492, extension 1126.

Regulation E: Electronic Funds Transfer Coverage

This regulation carries out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and of financial institutions that offer these services. The primary objective Regulation E is the protection of individual consumers engaging in electronic fund transfers.

Your liability for losses as a result of unauthorized electronic funds transfers depends on when you report the losses. If you lose your EFT card, or if it is stolen from you, you may avoid any losses by immediately calling the bank or other institution that issued the card. If the card has not been used before you give notice, you will lose nothing. If the card has been used to draw money from your account before you notify the financial institution, your loss is limited to $50, provided that you give notice to the financial institution within two business days after you learn of the loss or theft of the card. Your card issuer cannot charge you for any loss unless it has previously given you a written summary of your liability for unauthorized electronic fund transfers, the telephone number and address of the person or office that you must notify if you believe that an unauthorized transfer has been made, and the days when the financial institution is open for business, called "business days." If you do not notify the financial institution within two business days of the loss or theft, your risk of loss due to an unauthorized transfer will increase. You will be liable for up to $50 of loss that occurs during the first two business days, plus any loss that occurs after the first two business days and until you actually give the financial institution notice of the loss or theft. However, you are liable for such a loss only to the extent that the loss would not have occurred if you had given notice during the two business days. Your loss also is subject to an overall upper limit of $500. The financial institution must establish that the loss would not have occurred if you had notified it within the two business days.

At account opening you were provided our Regulation E disclosure providing details on liability amounts, our notification of unauthorized transaction requirements and our investigation timelines. If you would like an additional copy of this information please contact the Customer Service Department at (256)245-4365 or (800)239-1492.

It is important to monitor your account statements each month and report unauthorized transactions to the bank immediately. If you believe there has been an unauthorized or inaccurate electronic funds transfer on your account, please contact our Customer Service Department by calling (256)245-4365 or (800)239-1492 as soon as possible.

Regulation E is a consumer protection law for accounts established primarily for personal, family, or household purposes. Non-consumer accounts, such as Corporations, Partnerships, Trusts, etc., are excluded from coverage.

What is Identity Theft?

Back to top

Identity theft is the fraudulent acquisition and use of a person's private identifying information, usually for financial gain. Identifying information includes, but is not limited to the following:

  • Name
  • Address
  • Date of Birth
  • Social Security Number
  • Mother's Maiden Name
  • Drivers License
  • Bank or Credit Card Account Number

Thieves then use the information to repeatedly commit fraud in an attempt to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, and social security benefits, renting apartments and establishing services with utility and telephone companies. Identity Theft can have a negative effect on your credit and may create a serious financial burden for you.

How do You Protect Yourself?

  • Report lost or stolen checks or credit cards immediately.
  • Never give out any personal information including Birth Date, SSN or Passwords.
  • Shred or destroy all documents containing personal information, such as bank statements, unused checks, deposit slips, credit card statements, expired cards, pay stubs, medical billings, and invoices.
  • Protect your incoming and outgoing mail.
  • Keep a close watch on your bank account statements and credit card bills.
  • Exercise your new rights under FACTA to review your credit record and report fraudulent activity.
  • Don't give any of your personal information to any web sites that do not use encryption or other secure methods to protect it.
  • You may find the following resources provide helpful information about identity theft and other tips on how to protect yourself and your information:

Computer Security

The United States Department of Justice

FDIC Consumer Protection

Federal Trade Commission

The Fair Credit Reporting Act (FCRA) gives you specific rights when you are, or believe that you are, the victim of fraud or identity theft. Here is a brief summary of the rights designed to help you recover.

  • You have the right to ask the major credit reporting companies to place a Fraud Alert on your credit report.
  • You have the right to free copies of the information on your credit report.
  • You have the right to obtain documents relating to fraudulent transactions made or accounts opened using your personal information.
  • You have the right to obtain information from a debt collector.
  • If you believe information in your report results from identity theft, you have the right to ask a credit reporting company to block that information from your credit report.
  • You also may prevent businesses from reporting information about you to credit reporting companies if you believe the information is a result of identity theft.

Putting a fraud alert on your credit file is one of the first things you should do if you suspect someone is trying to open credit accounts in your name. It might be something you want to do, even if you don’t think identity theft is an immediate threat. Fraud alerts are not a cure-all, however. A fraud alert can be ignored by creditors. If you suspect you’re a victim of identity theft, or have already become a victim, fraud alerts are only a start in trying to protect your credit. You also need to pay close attention to your credit report and consider a credit freeze – an even stronger option than a fraud alert. It tightens access to your credit data even more by allowing you to freeze all access to your credit file. A fraud alert is something that the major credit bureaus attach to your credit report. When you, or someone else, tries to open up a credit account by getting a new credit card, car loan, cell phone, etc., the lender should contact you by phone to verify that you really want to open a new account. If you aren’t reachable by phone, the credit account shouldn’t be opened. To place a fraud alert or credit freeze on your credit report you may contact the credit bureau fraud departments by using the contact information listed below.

Equifax
Consumer Fraud Division
Phone: 800-525-6285 or: 404-885-8000
Fax: 770-375-2821
P.O. Box 740241
Atlanta, GA 30374-0241 
Experian
Experian’s National Consumer Assistance
Phone: 888-397-3742
P.O. Box 2104
Allen, TX 75013 
TransUnion
Fraud Victim Assistance Department
Phone: 800-680-7289
Fax: 714-447-6034
P.O. Box 6790
Fullerton, CA 92634-6790 

 

Also, if you think your identity has been stolen:

  • Report all suspicious contacts to the Federal Trade Commission by calling 1-877-IDTHEFT.
  • File a police report with your local police department. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
  • File a complaint with the IC3

To order credit reports you may call the following:

Equifax: (800)685-1111
Experian: (888)397-3742
TransUnion: (800)916-8800

Understanding Phishing

Back to top

"Phishing" is the latest form of identity theft. It happens when thieves act as if they are representing an organization and try to hook the consumer into providing personal or financial information. Once the consumer is hooked, the thieves can do lasting damage to a consumer's financial accounts. They can dupe customers into providing their Social Security numbers, financial account numbers, Online Banking password's, mothers' maiden names and other personal information.

Thieves often pose as:

  • Financial institution
  • Credit card company
  • Online merchant
  • Utility or other biller
  • Internet service provider
  • Government agency
  • Prospective employer

How it May Work

A consumer will receive an email from an organization with which they normally do business. The email will typically include bogus claims such as problems with an account or billing errors, and will ask the consumer to confirm his/her personal information. Typically, the email will ask the consumer to follow an embedded link that takes them to an exact replica of the victim company's web site. Graphics on the counterfeit site may be so convincing that even experts can have a hard time distinguishing the fake site from the real one. Despite the convincing appeals, consumers should not respond to unsolicited emails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally will not request account numbers or passwords unless the consumer initiated the transaction.

Please note that SouthFirst Bank will never request identifying information, account information, or internet banking password information via email, text or phone call. . If you have any question regarding the validity of a phone call or email requesting account information, please call SouthFirst Bank Customer Service at (256)245-4365 or (800)239-1492 prior to responding to the request for information.

Clues to Identify a “Phishing” E-mail

  1. Awkward Greeting - A phishing e-mail may address the customer with a nonsensical greeting or may not refer to the customer by name.
  2. Typographical Errors and Incorrect Grammar - This is a technique used by phishers to avoid email filters. The errors are intentional and will be obvious.
  3. Source Code Points to a Different Website than the Alleged Sender - The link contained in a phishing e-mail may look official, but when your mouse curser rolls over it the link’s source code points to a completely different web site. Remember that you can always type a URL into your web browser instead of clicking on a link.
  4. Urgent Call to Act – A phishing e-mail may ask the recipient to act quickly on a certain matter. Different approaches include things such as "We're updating our records," "We've identified fraudulent activity on your account," or "Valuable account and personal information was lost due to a computer glitch." To encourage people to act immediately, the email usually threatens that the account could be closed or canceled. 

Debit Card Protection

Debit Card Usage has increased significantly in recent years and unfortunately so has the fraudulent use of debit cards. SouthFirst Bank has some suggestions for you regarding the proper care and usage of your debit card.

  • Never provide your debit card information to anyone when requested by phone, email or text. SouthFirst Bank will never request information from you in this manner. Please contact us immediately if you receive any such request.
  • Memorize your personal identification number (PIN) and never disclose it to anyone. Never keep your PIN in your wallet or purse and NEVER write the PIN on the card itself.
  • Be mindful of “shoulder surfers” when using ATMs or POS terminals. Stand close to the keypad and shield it with your hand when keying in the PIN.
  • Never let other people use your card. If your card is lost or stolen, report the incident immediately to the bank by calling (256)245-4365 or (800)239-1492.
  • It is a good idea to pay by credit card rather than debit card if the card must leave your sight for payment. An example might be when a waiter takes your card from the table in a restaurant.
  • Debit cards are easier than credit cards to process illegally.

When using your debit card at an ATM:

  • Make sure the ATM is in a well-lit secure location.
  • Have your card ready before approaching the ATM to avoid searching through your wallet or purse to the find the card while at the ATM.
  • Do not use and ATM that appears to have been tampered with or otherwise altered. (Report such condition to the bank who owns the ATM.)
  • Do not leave the receipt at the ATM.

Online Banking Security

SouthFirst Bank hopes you enjoy the convenience of our internet banking products and services. In addition, to the security features we have in place for these products and services please consider the following tips on keeping your information secure.

  • Never give anyone your personal information including User Names, passwords, SSN or Date of Birth.
  • Regularly change your password and create difficult passwords which include letters, numbers and symbols, when possible.
  • Avoid using personal information as your User Name or Password. For example, avoid using the last 4 digits of your SSN or your date of birth.
  • Never store your User Name and/or Password on or near your computer.
  • Never use the password auto-save feature on your browser.
  • Regularly check transaction history details and statements to make sure that there are no unauthorized transactions. Report any unauthorized transactions immediately to the bank by calling (256)245-4365 or (800)239-1492.
  • Before doing any online transactions or sending personal information, make sure that correct website has been accessed. Beware of bogus or “look alike” websites which are designed to deceive consumers.
  • Check if the website is “secure” by checking the Universal Resource Locators (URLs) which should begin with “https” and should contain a closed padlock icon on the status bar. To confirm authenticity of the site, you can double-click on the lock icon to display the security certificate information of the site.
  • Install a personal firewall and a reputable anti-virus program to protect personal computer from virus attacks or malicious programs. Make sure your anti-virus program is kept up to date and runs at all times. Keep your operating system (OS) current.
  • Activate the automatic update feature and set your browser’s security level to the default setting or higher.
  • Never download any file or software from sites or sources, which are not familiar or hyperlinks sent by strangers. Opening such files could expose the system to a computer virus that could hijack personal information, including password or PIN.
  • Never leave the computer you are using unattended when you are logged-in.
  • Avoid opening other browser windows while banking online.
  • Be skeptical of e-mail messages, for example from someone unlikely to send an e-mail such as the IRS.
  • Never open suspicious e-mails and do not click on the links included in a suspicious e-mail. Should this happen stop using the computer and have a diagnostics performed immediately.
  • Avoid using shared or public personal computers when conducting electronic banking transactions.
  • Use social media wisely and don’t reveal too much.

Mobile Device Security

When using your mobile device, use the following security tips:

  • Use a passcode and set it to activate in a short amount of time.
  • Avoid storing sensitive information on your mobile device.
  • Keep software up-to-date.
  • Install remote wipe so if your device is lost or stolen information can be cleared off from a remote location

Other Resources Regarding Types of Fraud, Prevention, and Reporting:

Annual Credit Report

Better Business Bureau – Data Security Made Simple

Bureau of Consumer Protection 

Department of Homeland Security Cyber Report 

Fraud Advisory for Businesses: Corporate Account Take Over -  http://www.fsisac.com/files/public/db/p265.pdf         ---> Invalid URL

FDIC Safe Internet Banking 

FTC- Privacy & Security 

ID Theft 

Internet Crime Complaint Center 

NACHA - Account Takeover Resource Center

NACHA - For Consumers
 
National Cyber Security Alliance 

Protecting Personal Information: A Guide for Business -  http://business.ftc.gov/multimedia/videos/protecting-personal-information ---> Invalid URL
 
Small Business Information Security 
 
United States Secret Service 
 
US-Cert-Cyber Security Tips 

Back to top