Online banking security

Quick Tip:

When changing your username please do not use your Social Security Number in any part of your new username. To edit your username, go to My Profile.

Online Banking Security: Everyday, everywhere!

Your online security has always been a top priority. The Bank of Fincastle offers Enhanced Login Security Services to further help protect you from identity theft. Enhanced Login Security, is a free and easy way to help prevent fraud.

Enhanced Login Security

This superior security technology protects your accounts from unauthorized access. It identifies you as the true "owner" of your accounts by recognizing not only your password but your computer as well. If we don't recognize your computer — you've logged in from a public computer or one you haven't used before — we'll prompt you for a onetime verification code (that you will receive by phone, text or email) as an additional line of defense to prevent unauthorized access. With Enhanced Login Security, you'll be protected from whatever you're using, whether you're at home or on the go.

Enhanced Login Security will:

  • Defend against identity theft and fraud
  • Provide security from any computer, wherever you are
  • Make it easy for you to bank online anytime, anywhere

Just one more way to ensure online fraud prevention, everyday and everywhere!


How We Protect You

Keeping your online financial and personal information secure and confidential remains one of our top priorities.

We ensure your privacy and security by offering technology and services designed by the brightest minds in the online banking industry.

  • Encryption: The privacy of communications between you (your browser) and our servers is ensured by encryption. Encryption scrambles messages exchanged between your browser and our online banking server.
  • Password Complexity: It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center.

We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e. someone trying to guess your password.)

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples:

  • Birth dates
  • First names
  • Pet names
  • Addresses
  • Phone numbers
  • Social security numbers

Never reveal your password to another person. You should periodically change your password in the My Profile section of Internet Banking.

Secure Architecture

The computers storing your actual account information are not linked directly to the Internet.

  • Transactions initiated through the Internet are received by online banking Web servers.
  • These servers route your transaction through firewall servers.
  • Firewall servers act as a traffic cop between segments of our online banking network used to store information and the public Internet.
  • This configuration isolates the publicly accessible Web servers from data stored on our online banking servers and ensures only authorized requests are processed.

Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.


Validating your Identity Screen

Should you logon to your computer and see a screen with the following message, "Please validate your identity. Sorry, we don't recognize the computer you are using," you are seeing this message because you are using Enhanced Login Security for extra online security protection, and we don't recognize this computer as one you have added.

In order to gain access to the system, please validate your identity with the call, text or email option. This will give you a onetime verification code to enter in to the computer. Be sure to add your cell phone number as an additional option in case you log in somewhere other than your home phone. If this computer is one you use frequently, avoid this page in the future by adding extra security protection to your computer. This can be done by clicking "Yes, Enroll This Computer." You can add, edit or delete phone numbers you have by going to the "My Profile" link once you are logged in to your online banking.


Questions & Answers

What is Multifactor Authentication?

Multifactor Authentication is superior security technology that protects your accounts from unauthorized access by strengthening the security of your online banking session. When you login to your internet banking session you can have peace of mind. Powered by the best-of-breed technology, Multifactor Authentication protects against online fraud by providing an additional authentication factor beyond your username and password used today.

Multifactor Authentication will:

  • Defend against identity theft and fraud
  • Provide added security from any computer, wherever you are
  • Make easy for you with one-time sign-up and convenient

When will I know that Multifactor Authentication/Enhanced Login Security is set for my accounts?

Soon you will be prompted to sign up when you login to your online banking session. Sign up once at your computer, set up your phone numbers or email capability, and you're all set.

How will it affect my online banking experience?

One you set up your account, the next time you login it will be business as usual. The rest of your online banking experience will remain exactly the same.

Can I access my account from other computers at my home, my office, or on the road?

Multifactor Authentication identifies you as the true owner of your accounts by recognizing not only your password but your computer as well. If we don’t recognize your computer you’ve logged in from a public computer or one you haven’t used before, for example, we’ll ask you to choose from the options on the screen (call, text or email) for a onetime verification code as an additional line of defense to prevent unauthorized access. With Enhanced Login Security, you’ll be protected from whatever computer you’re using, whether you’re at home or on the go.

For more information on Multifactor Authentication/Enhanced Login Security please contact a branch representative today.


IRS Repeats Warning about Phone Scams

IR-2014-81, Aug. 13, 2014
WASHINGTON — The Internal Revenue Service and the Treasury Inspector General for Tax Administration continue to hear from taxpayers who have received unsolicited calls from individuals demanding payment while fraudulently claiming to be from the IRS.
Based on the 90,000 complaints that TIGTA has received through its telephone hotline, to date, TIGTA has identified approximately 1,100 victims who have lost an estimated $5 million from these scams.  
"There are clear warning signs about these scams, which continue at high levels throughout the nation,” said IRS Commissioner John Koskinen. “Taxpayers should remember their first contact with the IRS will not be a call from out of the blue, but through official correspondence sent through the mail. A big red flag for these scams are angry, threatening calls from people who say they are from the IRS and urging immediate payment. This is not how we operate. People should hang up immediately and contact TIGTA or the IRS.”
Additionally, it is important for taxpayers to know that the IRS:

  • Never asks for credit card, debit card or prepaid card information over the telephone.
  • Never insists that taxpayers use a specific payment method to pay tax obligations
  • Never requests immediate payment over the telephone and will not take enforcement action immediately following a phone conversation. Taxpayers usually receive prior notification of IRS enforcement action involving IRS tax liens or levies. 

Potential phone scam victims may be told that they owe money that must be paid immediately to the IRS or they are entitled to big refunds. When unsuccessful the first time, sometimes phone scammers call back trying a new strategy.
Other characteristics of these scams include:

  • Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
  • Scammers may be able to recite the last four digits of a victim’s Social Security number.
  • Scammers spoof the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
  • Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
  • Victims hear background noise of other calls being conducted to mimic a call site.
  • After threatening victims with jail time or driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.

If you get a phone call from someone claiming to be from the IRS, here’s what you should do:

  • If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
  • If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to TIGTA at 1.800.366.4484.
  • You can file a complaint using the FTC Complaint Assistant; choose “Other” and then “Imposter Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the email to
For more information or to report a scam, go to and type "scam" in the search box.
More information on how to report phishing scams involving the IRS is available on the genuine IRS website,


TAS Phishing Scam

The Internal Revenue Service has learned of a new phishing scam in which taxpayers receive emails purporting to be from the Taxpayer Advocate Service (and bearing the IRS logo). The email contains a bogus case number and says:

“Your reported 2013 income is flagged for review due to a document processing error. Your case has been forwarded to the Taxpayer Advocate Service for resolution assistance. To avoid delays in processing your 2013 filing contact the Taxpayer Advocate service for resolution assistance.”

The email contains a link where the recipient can find contact information for the “advocate” assigned to their case that solicits personal information such as the recipient’s legal name and contact information. There’s also a link to review “your reported income” that again solicits this kind of personal information.

DO NOT click on the link and forward the email to the IRS’s designated address for such emails – You can find instructions for forwarding the messages on

If you believe you may have fallen victim to this type of scam and wish to report it, please file a complaint with the Internet Crime Complaint Center (IC3)


'Ransomware' Locks Computers, Demands Payment

There is a new “drive-by” virus on the Internet, and it often carries a fake message—and fine—purportedly from the FBI.
“We’re getting inundated with complaints,” said Donna Gregory of the Internet Crime Complaint Center (IC3), referring to the virus known as Reveton ransomware, which is designed to extort money from its victims.
Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
The bogus message goes on to say that the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service.
“Some people have actually paid the so-called fine,” said the IC3’s Gregory, who oversees a team of cyber crime subject matter experts. (The IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center. It gives victims an easy way to report cyber crimes and provides law enforcement and regulatory agencies with a central referral system for complaints.)

Podcast: Reveton Ransomware

“While browsing the Internet a window popped up with no way to close it,” one Reveton victim recently wrote to the IC3. “The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011. The IC3 issued a warning on its website in May 2012. Since that time, the virus has become more widespread in the United States and internationally. Some variants of Reveton can even turn on computer webcams and display the victim’s picture on the frozen screen.
“We are getting dozens of complaints every day,” Gregory said, noting that there is no easy fix if your computer becomes infected. “Unlike other viruses,” she explained, “Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.”
The IC3 suggests the following if you become a victim of the Reveton virus:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.

What Is 'Phishing'?

Most likely you've seen them: e-mail messages asking you to verify personal information over the Internet.

The scam, popularly called 'phishing,' involves the use of replicas of existing Web pages to try and deceive you into entering personal, financial, or password data. Often suspects use urgency or scare tactics, such as threats to close accounts.

We here at The Bank of Fincastle will never ask you via e-mail to verify account information. We will never use e-mail to threaten account closure. Please know this, as one defense against phishing. Other safeguards to help protect you from phishing scams:

  • Be suspicious of any e-mail messages that claim to be from us that use an urgent or scare-tactic alone.
  • Do not respond to e-mail messages asking you to verify personal information.
  • Delete suspicious e-mail messages without opening them. If you do open a suspicious e-mail message, do not open any attachments or click any links.
  • Install and regularly update virus protection software.
  • Keep your computer operating system and Web browser current.

If you see a suspicious looking e-mail message claiming to be from The Bank of Fincastle please let us know. We continually monitor such reports and act on them promptly. Additionally, also consider contacting the FBI's Internet Fraud Complaint Center at