Privacy Policy

OUR COMMITMENT TO YOUR PRIVACY

Tustin Community Bank is committed to providing the highest level of security and privacy regarding the collections and use of our customers’ personal information. You have chosen to do business with us, and we recognize our obligation to keep the information you provide us secure and confidential.

Our commitment to protect your financial information will continue under the principals and guidelines described below.

PRIVACY

The confidentiality and protection of customer information is one of Tustin Community Bank's fundamental responsibilities. And while information is critical to providing quality service, we recognize that our most important asset is the trust of our customers. Thus, the safekeeping of customer information is a priority for Tustin Community Bank. 

The Bank’s Privacy Policy explains how we use and protect the information about our customers. 

 SECURITY

Tustin Community bank is committed to ensuring your online banking experience is safe and secure.  We have implemented the following security measures to make certain you feel confident accessing our online banking website.

Login and Password
Users access their accounts by entering a Logon name and password that they create during the application process.  In order to deter someone from illegally accessing your account, if there is an attempt to login that fails three times, the user will be locked out.    You must contact Tustin Community Bank at 714-730-5662 during regular business hours to unlock your account.

Change Security Question
The security answer is another security measure we have taken to identify you while using Internet Banking.  If you forget your password you can recover it by entering your Security Answer.  During the apply process, you will set your own private Security Question and submit your private response, which is considered your Security Answer.  As with your password, it is your responsibility to keep your Security Answer confidential.

Browser
To ensure security, users must use a browser that will support Secure Socket Layer (SSL) and 128-bit encryption.  In order to fully utilize these security features, we recommend the use of the latest versions of Netscape Navigator, Microsoft Internet Explorer, Mozilla Firefox or Apple Safari.  Tustin Community Bank cannot offer any assurances of how your computer will operate should you update your browser software.  To prevent unauthorized access to your account be sure to close your browser when you have completed your internet banking session.

Extended Validation Certificate
The Extended Validation Certificate provides two security features; it positively identifies our online banking site as certified by VeriSign, by providing a visual clue* to indicate the presence of an EV SSL Certificate and provides the Secure Sockets Layer (SSL) 128 bit encryption required to conduct online banking safely and securely, provided you are utilizing the recommended internet secure browser.
 
*If you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard the URL address bar to turns green. Additionally you will see a lock icon Picture of the Lock icon in the Security Status bar.  The Security Status bar is located on the right side of the address bar.  You can click the lock to verify the identity of the website.

Site to User
Site-to-User helps you know you are really on our legitimate Web site. Our bank does all it can to confirm that you are who you claim to be. Site-to-User helps you know that we are your bank. If our site knows that you are who you claim to be and you know that our site is legitimate, we can transact business safely and securely. During phishing and pharming attacks, users are often lured to fake Web sites that look genuine. Such fake sites may ask a visitor to enter private information. Site-to-User helps you know the difference between a fake Web site and a real one.

On the first screen you will be asked for your logon name. Then, on the second screen, you will be asked for your password and, once you have chosen an image and phrase, your unique image and phrase will be displayed. Then, each time you login, you will see your unique image and phrase.  If you do not see your image and phrase, do not login.

Risk-Based Authentication
Risk-Based Multifactor Authentication uses a Transparent Two Factor technology that works behind-the-scenes to authenticate all users and logins based on individual user and device profiles.

In addition, Risk-Based Authentication uses a Risk Engine tool to estimate the level of risk for the specific activity. If a high-risk is detected, you will be prompted for authentication via challenge questions - helping protect your account from being accessed by unauthorized users.

Firewall
A firewall is designed to block unauthorized access while permitting authorized access to and from the server. All messaged entering or leaving the server must pass through the firewall.

SECURITY ISSUES

Phishing
Phishing uses email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users into disclosing personal, financial, or computer account information. The attacker can then use this information for criminal purposes, such as identity theft, larceny, or fraud. Users are tricked into disclosing their information either by providing it through a web form or by downloading and installing hostile software.

A phishing attack succeeds when a user is tricked into believing they're interacting with a legitimate company and thus takes actions that have effects contrary to the user's intentions. Usually this involves giving away a user's name and password.

Once the they have obtain this compromising, private information; they access the account to perform fraudulent activities, such as transferring the balance of a checking account to an external account

Pharming
Pharming is setting up a fraudulent Web site that contains copies of pages from a legitimate Web site in order to capture confidential information from users. By hacking into DNS servers and changing IP addresses, users are automatically redirected to the bogus site, at least for some period of time until the DNS records can be restored.

For example, if a bank's DNS were changed, users could be redirected to a Web site that looks familiar. The bogus site could just collect usernames and passwords, or it could allow access to the site and, using some pretense, request financial information. Unlike phishing schemes that use e-mail to make people go to the phony site, pharming is more natural. Users are going to the site on their own and are certainly not suspicious because the pages look familiar.

Protect Yourself
Employees of Tustin Community Bank will never ask for personal information via email.  Never disclose your password or personal information to anyone via email request.   Be sure to report such request to the bank.

Be careful on any email with urgent requests that claim your account will be closed if you do not respond.  Look for typos and errors; this is often a sign of a fraudulent e-mail and/or website.

Never respond to an unsolicited request.  If you think it is a legitimate request contact the financial institution directly.  Contact information is available on websites or phonebooks.    It is important that you independently verify that you speaking with the actual financial institution.



 

Copyright 2014 - Tustin Community Bank