Security Information

Identity theft occurs when someone uses your name, Social Security Number, credit card, or other identifying information to commit financial fraud.

There are a host of other destructive Internet frauds and scams being perpetrated, the most common of which is called phishing. Phishing (pronounced "fishing") attacks use fake e-mails and fraudulent web sites to trick recipients into divulging personal financial data, such as credit card numbers, account user names and passwords, and Social Security data.

Although Internet banking and e-commerce is very safe, you should always be cautious with your personal financial information. Here are some simple steps you can follow to protect yourself:

Protecting yourself online

• Enroll in Verified Access, America First's new enhanced internet banking security feature.
• Do not divulge your PIN (personal identification number) to anyone.
• Cancel your paper statement and receive it online to avoid problems associated with traditional mailings.
• Review your statements frequently and report any unusual activity immediately.
• Enroll in free electronic bill pay and use e-Bills to keep payment information secure and private.
• Do not offer personal or confidential information via unsecured e-mail or over the telephone. Remember, America First will never contact you and ask for your account number or PIN over the phone, via e-mail, or by any other channel.
• Be suspicious of any e-mail with urgent requests for personal financial information.
• Forward any suspicious e-mail regarding your America First account to emailfraud@americafirst.com. Remember to include the entire e-mail with its original header intact.
• Don't click on the links in an e-mail if you suspect the message might not be authentic.
• Avoid filling out forms in e-mail messages that ask for personal financial information.
• Use complex passwords. Avoid using your mother's maiden name, your birth date, the last four digits of your Social Security Number, or your phone number. Compose alpha and numeric passwords whenever possible.

Always report phishing e-mails to the following groups:

• reportphishing@antiphishing.com
• spam@uce.gov

Protecting yourself everywhere else

• Always report lost or stolen cards immediately.
• Never write your PIN on your ATM, check, or credit card. Keep your PIN and cards separate.
• Learn the importance of ATM Safety .
• Use Direct Deposit and have your paycheck automatically and safely deposited to your America First account.
• Order a copy of your credit report . Make sure it's accurate and includes only those activities you've authorized.
• Before using an ATM, check the area for safety.
• Be wary of promotional scams.
• Pay attention to your billing cycles. Follow up with creditors if your bills don't arrive on time.
• Safeguard or destroy receipts and other documents containing account information.
• Guard your mail and trash from theft. Deposit outgoing mail at your local US Post Office and promptly remove all materials from your mailbox. If you're planning to be away from home, call 1-800-275-8777 to request a vacation hold.
• When ordering checks, do not have your Social Security or driver's license numbers printed on them. Present your ID each time you pass a check.
• Destroy pre-screened credit card offers you receive in the mail. To opt out of receiving these, call 1-888-567-8688.
• Secure personal information in your home, especially if you have roommates, employ outside help, or are having service work done. Use shredders routinely.

When you conduct business via Web Access® Internet Banking, we recommend you take the following steps to ensure you’re not entering a fraudulent site:

If enrolled in Verified Access, ensure that your secret image and phrase are correct before entering your PIN.

Check for the SSL secure connection symbol: a locked padlock. When you log in, a secure session will be established between your browser and America First. You can confirm your session is encrypted by the appearance of a locked padlock symbol on the bottom status bar of your browser. This should appear on any secure pages as or .

View and confirm the SSL certificate details by double-clicking on the padlock symbol. Our certificate has been digitally signed by Verisign, the most recognized issuer of digital certificates in the world. Most browser software is written to automatically recognize any certificate signed by Verisign. You can make sure the certificate is legitimate if the “issued by” section refers to www.verisign.com , and that the date listed is within a valid range.

You can make sure the certificate is legitimate if:

• The "issued by" section refers to www.verisign.com
• The date listed is within a valid range
• The server identifies itself as "webaccess.americafirst.com" and not anything else. For example, "webaccessamericafirst.phisher.com"

If the certificate details differ from this, do not attempt to log in. E-mail us for further assistance and, if possible, include a screen shot of the false certificate.

There are a number of steps you should take to protect your own computer and Internet environment. We recommend that you consider the following measures to protect your computer:

Install anti-virus software -- You can help protect yourself from viruses that could damage your computer and your programs by installing anti-virus software. To maximize your security, be sure your anti-virus software also includes functionality to detect and prevent worms and dialer programs from being downloaded and enabled. Your software should also be regularly updated to detect and prevent infection from new viruses. You may wish to consider one of the following online suppliers:

• Symantec or Norton AntiVirus at www.symantec.com
• McAfee VirusScan at www.mcafee.com

Install a personal firewall -- Firewall software and hardware helps create a protective shield between your computer and the Internet. This barrier can prevent unauthorized people from gaining access to your computer, reading its information, or placing viruses on it while you are connected to the Internet. You can find firewall hardware or software at most computer stores, or visit any of the sites listed below:

• Symantec or Norton Personal Firewall at www.symantec.com
• McAfee Personal Firewall at www.mcafee.com
• ZoneAlarm OC Firewall at www.zonelabs.com

Install Anti Spyware software -- Spyware is a general term for hidden programs on your computer that track what you are doing on the Internet. Spyware is often bundled together with file sharing, e-mail virus checking, or browser accelerator programs, and it is installed on your machine to intercept information about you, usually without your knowledge. This information can include personal Internet usage and, in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from Spyware. Like an anti-virus program, it needs to be regularly updated to recognize the latest frauds. Several free anti-Spyware programs are available at: http://www.pcworld.com/downloads/collection/0,collid,1347,00.asp

Keep your browser and operating system up-to-date -- From time to time, security weaknesses or bugs are found in browsers and operating systems, and service packs are issued by the software company to make sure these issues are fixed as quickly as possible. You should make regular checks by visiting your software vendor’s web site (or request an alert, if they are available), and apply any new security patches as soon as possible.

• For Internet Explorer go to:
  http://www.microsoft.com/windows/ie/default.htm
• For Netscape Navigator go to:
  http://channels.netscape.com/ns/browsers/security.jsp

Avoid running programs or opening e-mail attachments from sources you don't know or trust -- You should not install software or download any files from web sites (including those that offer screensavers, games, etc.) with which you aren't familiar. You should also scan all e-mail attachments for viruses and avoid opening messages from people or organizations you don't know or trust. However, it pays to be aware that you can also get an infected attachment from someone you do know. If you are unsure what an attachment is -- no matter the source – do not open it.

If your computer has been infected with a virus or spyware, it may exhibit some of the following characteristics:

• Random dialing or dialing strange numbers
• Unusual icons appearing on your desktop or start menu
• Extra toolbars popping up
• Programs frequently locking up
• Home page constantly changing

This may mean your security is compromised by something that's been downloaded to your machine. We recommend you have your computer checked and serviced by a trusted professional. In some cases, however, the infection may not be so obvious because keyboard loggers or Spyware programs are often unobtrusive or covert. Be vigilant with your online business: review your transactions regularly, and ensure all activity has been initiated by you. It pays to be on the safe side.

Victims in Utah can visit http://www.idtheft.utah.gov/pn/ to report identity theft to local authorities.

To report a lost or stolen credit card, please contact us at 1-800-999-3961 and press the number 4 on your telephone keypad.

The FTC also recommends the following if you feel you're a victim of identity theft:

• Contact the fraud department of one of the three major credit bureaus to place an alert on your file. Creditors will then contact you before opening new accounts or making changes to your existing ones. As soon as one credit bureau confirms your alert, the other two will automatically place the same order, and all three reports will be sent to you free of charge.
• Close any accounts that have been tampered with or opened fraudulently. Use an ID theft affidavit to dispute unauthorized charges.
• File a police report. Submit a copy to your creditors and others requiring proof of the crime.
• File your complaint with the FTC. The FTC maintains a database of identity theft cases, which is used by law enforcement agencies for investigations. Filing a complaint also helps the FTC learn more about identity theft and the problems victims are having. For additional help and information, please visit www.ftc.gov/bcp/edu/microsites/idtheft/ .

At America First, safety and soundness are our top priorities. All Web Access transactions are managed via a secure server, which is separate from the web server that hosts our Internet site. This adds another layer of security for your peace of mind. To further protect your information and accounts, we have built a secure connection between our systems and the Internet. This connection is protected by a firewall, which regulates all the information going between us and the Internet, and is intended to prevent entry by anyone without proper authority.

Our security team continually monitors this system for any suspicious activity and alerts are generated if anything unusual arises.

As technology changes, we use services that regularly report on any potential vulnerability. This means we can take action to ensure our high levels of safety are maintained.

Internet banking security -- All transactions you complete are protected from unauthorized access by a method called encryption. Encryption is a technique of coding information using random mathematical keys so that only you and America First can readily unscramble the information -- it can't be read by anyone else. New keys are created each time you log in to Web Access and are destroyed when you log out. We use strong, industry-leading 128-bit SSL encryption. To be able to log in, you will need a browser that supports 128-bit encryption, such as Internet Explorer 4.0 or above or Netscape 4.06 or above.

We also have systems in place that constantly monitor online activity. If we come across a suspicious-looking transaction, we will investigate it to ensure there is no breach of security.

If you leave your computer, or forget to log out when you have finished a session, you will be automatically timed out after several minutes of no activity.

Verified Access -- As of January 2007, America First will feature a new internet banking security enhancement called Verified Access. This security enhancement will help you ensure that you are not visiting a fraudulent site and will help America First ensure that you are the one trying to access your account. More information on Verified Access is available here.

The secure connection between the Internet and our system is called Secure Sockets Layer (SSL). This is a well-respected technology developed by Netscape and supported by most browsers. To establish an SSL connection between your computer and America First, we send your browser a piece of information called a digital certificate every time you log in to Web Access. This certificate securely identifies the site to which you are connecting, and is used to establish and maintain an encrypted session.

A cookie is a message sent to your browser by a web server. Your browser stores the message in memory, and this message is then sent back to the web server each time you request a web page.

We use two types of cookies:

1. Session cookies are used as an integral part of the identification process for our Internet banking service. Each time you log in, a session cookie will be sent to your browser from our web server. We use session cookies to offer increased security when logging in, and to provide you with your confidential account information during a session. The cookie will only be present on your browser while you are logged in. When you log out, the cookie is no longer valid and is discarded when you close.
2. Persistent cookies are used to identify and provide personalized features such as choosing which site you’d like to make your home page. Despite common myths about cookies, they can't read your hard drive, obtain any information from your browser, command your computer to perform any action, be sent to any other site, or be retrieved by any site.