Security Announcements from the FBI
Deter, Defend. Detect.
One of our highest priorities is to ensure your privacy and peace of mind by employing the most advanced online security measures in the industry. Once enrolled in NetTeller online banking, you will be able to use a self-selected User ID, Password and Multi-factor Authentication System that serves as your first line of security.
Blackhawk Bank provides state-of-the-art encryption of all data transmitted between your computer and our secure site. Most browsers utilize an encryption method called Secure Sockets Layer (SSL), a protocol that encodes data before it's transmitted over the Internet.
Security Enhancement – EV SSL (Secure Sockets Layer) Certificates
Jack Henry and Associates (Blackhawk Bank’s SSL Certificate Issuer) will use Extended Validation (EV) SSL Certificates for security to help confirm that users have reached a legitimate Web site, not a “spoofed” site created by fraudsters to steal personal and financial information. EV SSL means that the NetTeller site passed a rigorous identification process.
Example: The green bar in your browser
Address Bar: The address bar in the browser will display https://, turn green and will show users that the site is identified in high-security browsers.
Padlock Icon: A closed padlock is prominently displayed in the address bar. Users may click the padlock to view details about the certificate that secures the site and the certificate issuer.
Security Status Bar: The security status bar rotates between the name of the authenticated organization (Jack Henry and Associates is Blackhawk Bank’s Certificate Issuer) and VeriSign, the trusted 3rd party that performed the Extended Validation authentication.
High Security Browsers
To see the green address bar, users will need to be using one of the following browsers that support EV SSL Certificates. EV SSL will not prevent a user from accessing NetTeller, but the green address bar indicator will not be present.
NetTeller Online Banking Only Supports the Current and Prior Major Release. As part of our commitment to protecting you with the highest security standards, Blackhawk Bank's Web Solutions Administrator has retired its support for the TLS 1.0 security protocol on our website in favor of more secure versions - TLS 1.1 or higher. This change occurred on September 20, 2017.
In general, compatible browsers/versions* are:
Beta versions are not supported. When new versions of browsers are announced as ready to Release to the Web by the provider, they will become a supported version.
The following types of tools and/or access are not recommended and may impact experience:
- Accessing account via an embedded browser such as:
- Personal or Commercial Financial Management Software (Quicken, Quickbooks, etc.)
- Browser Bars within AOL, Yahoo, Google, etc…
- Internet Portal access within gaming systems such as XBox
- Use of browser Add-Ins (Emoticons, FunWeb Services, etc.)
Download a supported browser:
PLEASE NOTE: Your browser MUST accept “Cookies” to utilize this service. Each browser handles Cookies uniquely. Please check with your browser software manufacturer to determine how to verify that your settings will accept Cookies.
An icon, such as a lock or key, will be displayed in the corner of your browser’s window to let you know that your browser’s encryption is active.
Education is key to understanding the safeguards that you should employ to help you reduce your risk for fraud when banking online. Take precautions to protect your PC from viruses and malware.
What You Should Do
Ideally, use a dedicated computer for online banking ONLY and a separate computer for email, surfing the Internet and online shopping. This is the best way to prevent the possibility of malicious software infecting the computer you use for online banking. Computer technology advances (e.g. ‘Notebook’ laptops) have made the purchase of a dedicated computer an inexpensive means of protection.
If you choose not to use a dedicated computer:
- Avoid Spyware. The best way to protect your computer from spyware is to install an anti-spyware program that monitors the activity of software on your computer. Like a virus scanner, anti-spyware software detects and attempts to remove malicious applications from your computer. Spyware infects computers when the user interacts with a malicious resource on the Internet.
- Use software that scans for viruses.
Note: There are a number of malicious programs that purport to be anti-virus and anti-spyware applications. When installing anti-virus and anti-spyware be sure they are legal licensed versions of the software.
The following rules will help keep your computer safe:
- Do not respond to unsolicited (spam) email.
- Do not click on a link within an unsolicited email.
- Be cautious of email claiming to contain pictures in attached files as the files may contain viruses. Only open attachments from known senders. Virus-scan the attachments if possible.
- Contact the actual business that supposedly sent the email to verify if the email is legitimate.
- Avoid visiting websites that contain questionable content, including sites that offer illegal music, movie and software downloads.
- Pay attention to the Google Results page. Google identifies sites that may contain malicious content. Avoid clicking links that have been identified as such.
- To protect your privacy and help prevent unauthorized use of online banking you should always ‘Exit’ secure websites to completely log-out. Do not simply click the X to close your Internet session.
- Monitor your accounts and review your transactions regularly. Should you see suspicious activity, report it immediately.
- Use encryption software on laptop computers.
- Familiarize yourself with the Security Settings on your PC.
- Educate all online banking users in your home about the risks and safeguards
Other Security Hints
- Keep your web browser software up-to-date to take advantage of security enhancements.
- Take precautions to keep your computer free from viruses that might be used to capture Password keystrokes or send information from your hard drive.
- DO NOT use coffee shop or public Internet hook-ups or rented computers. Computers can capture information from the Internet as part of the browser software's operation, or because someone has loaded a program in it to secretly gather your information.
- If you are away from home and get an unexpected screen asking you for your credit card number, password, or account information, DO NOT disclose it.
- If you save financial information externally, remember that a sophisticated user can read it, even after you have "erased" the file. DO NOT share external information that contains confidential information.
- Practice "safe trash" with printouts of your account information. DO NOT throw them away where prying eyes can find them. It is always a good idea to shred printouts of your account information before discarding.
Tips for Creating and Using Safe Passwords
- In addition to the suggestions offered above, follow these guidelines for creating and using strong passwords:
- Use BOTH upper- and lower-case letters.
- Place numbers and punctuation marks randomly in your password.
- Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended.
- Use one or more of these special characters: +_%@!$&*~
- To help you easily remember your password, consider using a phrase or a song title as a password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”
- Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.
Using Your Password Safely
- Create different passwords for different accounts and applications. That way, if one account is breached, your other accounts won’t be put at risk too.
- Never use your NetTeller password for online shopping sites or free e-mail accounts (Hotmail, Yahoo!, Gmail).
- Change your passwords regularly, about every ninety days.
- Don’t share your password with anyone else. Once it’s out of your control, so is your security.
- Never enable the “Save Password” option, even if prompted to do so. Pre-saved passwords make it easy for anyone else using your computer to access your accounts.
- Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
- Don’t use sample passwords given on different Web sites, including the samples listed above.
How Passwords Are Stolen
When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:
- Guessing. Programs designed to guess a user’s password are common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.
TIP: It’s best to steer clear of any personally identifying information when creating a password.
- Dictionary-based attacks. Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.
TIP: Staying away from actual words, even in a foreign language, is recommended.
- “Brute Force” attacks. By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.
TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.
- Phishing. Phishing scams usually try to hook you with an urgent IM or e-mail message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.
TIP: Best advice is don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source.
- Shoulder surfing. Passwords are not always stolen online. A hacker who is lurking around in a computer lab, cybercafé or library may be there for the express purpose of watching you enter your user name and password into a computer.
TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.