skip to main content

Leaving Website Disclosure

This link will redirect you to a site that may have certain associated risks, including not being insured by federal deposit insurance.

To remain at our site, click BACK. To leave our site for the link you selected, click OK.

Thank you for visiting Central Pacific Bank's website.

Central Pacific Investment Services Hero C

A Bank Customer's Guide to Cybersecurity

Security Reminder: Beware of anyone asking you for your passwords and PINs (Personal Identification Number) to your bank and financial applications, products and services. This is a tactic frequently used by fraudsters to gain access to your accounts and steal your funds. Never provide your passwords and PINs to anyone. Central Pacific Bank will never contact you asking for your passwords or PINs.

Information provided by FDIC Consumer News

Your credit and debit card statements can help detect fraud

  • Small Charges Can Signal a Big Crime

    When Small Charges Can Signal a Big Crime

    Counting every penny on your credit and debit card statements can help detect fraud

    Most people looking at their bank statements would probably notice if their credit or debit card were used without their approval to purchase a big ticket item, and they would quickly call their bank or card issuer to report the error or fraudulent transaction. But consumers are less likely to be suspicious of very small charges, including those less than a dollar ... which is why criminals like to make them.

    “These small transactions might be signs that someone has learned your account information and is using it to commit a crime,” said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. “That’s why it’s important to be on the lookout for fraudulent transactions, no matter how small.”

    He added, “When thieves fraudulently obtain someone else’s credit or debit card information and create a counterfeit card, they might test it out with a small transaction — like buying a pack of gum or a soda — to make sure the counterfeit card works before using it to make a big purchase. If this test goes unnoticed by the true account holder, thieves will use the card to buy something expensive that they want or that they can easily sell for cash.”

    In one example, the Federal Trade Commission alleged that a group of individuals stole nearly $10 million by making charges to more than a million credit and debit cards that went unnoticed by most of cardholders because the transactions ranged from 20 cents to $10.

    Even a small deposit in your checking or savings account that you weren’t expecting could be a sign that criminals have learned your account information and are trying to link your account to theirs so they can fraudulently withdraw money, perhaps your entire balance. Note: Be aware that if you ask to link your accounts at two different financial institutions, such as when setting up automatic transfers for investment or payment purposes, many banks and other payment providers may make test charges or deposits of less than $1 to verify that the proper arrangements have been made.

    What can consumers to do protect themselves? Be on the lookout for small transactions you don’t think you’ve conducted or authorized. “The best way to catch this kind of fraud is to regularly and thoroughly review your bank and credit card statements to look for transactions that you didn’t initiate,” Benardo said. “If you have online access to your bank and credit card accounts, it is a good idea to check them regularly, perhaps weekly, for suspicious activity.”

    Immediately contact your bank or credit card issuer if you see a transaction that you didn’t authorize and ask for it to be reversed. Debit card users in particular should promptly report an unauthorized transaction. While federal protections for credit cards cap losses from fraudulent charges at $50, a consumer’s liability limit for a debit card could be up to $500 or more if you don’t notify your bank within two business days after discovering the theft.

    Also ask your bank or credit card issuer about additional precautions it could take to prevent fraud on your account. “For a period of time, it might monitor your account more closely for fraudulent transactions,” Benardo said. “Or, it may determine that the best course of action is to close your current account and issue you a new card with a new account number.”

The Roles of Banks and the Government

  • What Banks and Bank Regulators are Doing to Protect Customers From Cyberthreats

    In today's world, financial institutions must be aware of current cyberthreats and take appropriate precautions in order to protect their customers' money and personal information. "Banks are tempting targets for cyberthieves who want to commit financial fraud," said Jeff Kopchik, a senior policy analyst with the FDIC. "But what customers need to remember is that banks and regulators are working together to prevent these crimes."

    Banks have employees or use outside firms that work to prevent cyberfraud. Also, financial institutions must continually improve their information security programs so they can effectively respond to the latest cyberthreats.

    In addition, the FDIC and other regulators work with financial institutions to help protect customer information and money. Since 2001, federal law and regulations have required that financial institutions have programs to ensure the security and confidentiality of customer information. Federal and state bank examiners also regularly conduct on-site examinations of FDIC-insured institutions and their outside firms to ensure that they comply with these and other regulations.

    Banking regulators also work with institutions to share overviews of the cyberthreat landscape and discuss steps they can take to be prepared. For example, in 2015, the FDIC produced an educational video on cybersecurity to help boards of directors and senior management at banks protect against potential threats. That same year, the regulators unveiled a voluntary "cybersecurity assessment tool" to help institutions identify risks and assess their preparedness.

    "Banks may use any risk assessment tool they choose. FDIC examiners are available to discuss the results with bank management and help them focus on areas that need improvement," said Mark Moylan, FDIC deputy director for operational risk. "We view this communication as an important part of our strategy to help ensure the safety of customer financial information."

    The FDIC also recommends that institutions join industry organizations that provide reliable and timely information designed to help institutions protect critical systems from cyber threats.

    "Cybercriminals are constantly looking for new ways to commit financial fraud against a bank and its customers," Kopchik said. "That is why the FDIC devotes significant resources to financial institution compliance with federal information security laws and alerts bank management about the newest cyber threats and effective countermeasures. It's part of the FDIC's mission to maintain stability and public confidence in the nation's financial system."

  • How Federal Laws and Industry Practices Limit Losses From Cyberattacks

    When criminals make unauthorized purchases using stolen payment card numbers or other information, federal consumer laws and financial industry practices protect victims from losses under certain circumstances. Here are key details to remember.

    If your credit card number is accessed by cyberthieves: "Under federal law, a consumer's liability is normally capped at $50 for all unauthorized transactions on each card. However, if your credit card number is stolen, but not the card, you are not liable for any unauthorized use," said Richard Schwartz, a counsel in the FDIC's Consumer Compliance Section. "In addition, credit card losses are typically absorbed by the card issuer because of zero-liability policies, which preclude consumers from having to pay any amount of an unauthorized charge. These policies are set by the card industry."

    If your debit card or the card number is used to withdraw money from a checking or savings account: To minimize your losses, you should contact your bank as soon as possible if you discover that your debit card has been lost or stolen. Your maximum liability under federal law is $50 if you notify your bank within two business days after learning of the loss or theft of your card. But if you notify your bank after those first two days, under the law you could lose more.

    What if your debit card number (not the card itself) is stolen in an online hacking incident? Remember to check your account activity regularly. Timing is critical because under federal law you will not be liable for the transaction if you report it within 60 days after your account statement showing the transaction is sent to you. But if the charge goes unreported for more than 60 days, all your money in the account could be lost. However, remember to check with your bank about the payment card networks' zero-liability policy, which may protect you.

    If you have a debit card for a business account that is used fraudulently: Debit cards issued for business use have different loss protections than debit cards for consumers. The Uniform Commercial Code (UCC), which sets many rules for businesses, requires a standard of "ordinary care" by the card holder in order to avoid liability for losses from online fraud. "This can be a technical area, so check with an attorney to make sure you are managing your business account consistent with the UCC rules," Schwartz advised.

    If a prepaid card account is used fraudulently: Prepaid cards have money deposited onto them, and they usually aren't linked to a checking or savings account. In terms of legal protections against losses as a result of fraud, the rules vary depending on the type of prepaid card:

    - Prepaid cards used by employers to pay their employees are covered under the same laws described earlier for consumer debit cards.

    - General-purpose "reloadable" prepaid cards, which display a network brand such as American Express, Discover, MasterCard or Visa, currently have no protections limiting liability under federal law but do, in most cases, include in their contracts with customers the same protections as those for consumer debit cards. However, regarding liability for losses, the Consumer Financial Protection Bureau (CFPB) in November 2014 proposed a rule that would include reloadable prepaid cards under the federal law for consumer debit cards. Visit the CFPB website for updates.

    - Prepaid gift cards for purchases at stores are typically not registered and, therefore, are not subject to federal consumer liability rights and protections. And, issuers of prepaid gift cards generally do not provide their own fraud liability coverage to card holders. "If you lose your gift card, you will probably lose the entire value of that card," Schwartz said.

Additional FDIC Resources for Consumers

  • A Cybersecurity Checklist

    Reminders about 10 simple things bank customers can do to help protect their computers and their money from online criminals

    1. Have computer security programs running and regularly updated to look for the latest threats. Install anti-virus software to protect against malware (malicious software) that can steal information such as account numbers and passwords, and use a firewall to prevent unauthorized access to your computer.

    2. Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don’t have up-to-date security software.

    3. Get to know standard Internet safety features. For example, when banking or shopping online, look for a padlock symbol on a page (that means it is secure) and “https://” at the beginning of the Web address (signifying that the website is authentic and encrypts data during transmission).

    4. Ignore unsolicited emails asking you to open an attachment or click on a link if you’re not sure it’s who truly sent it and why. Cybercriminals are good at creating fake emails that look legitimate, but can install malware. Your best bet is to either ignore unsolicited requests to open attachments or files or to independently verify that the supposed source actually sent the email to you by making contact using a published email address or telephone number.

    5. Be suspicious if someone contacts you unexpectedly online and asks for your personal information. A safe strategy is to ignore unsolicited requests for information, no matter how legitimate they appear, especially if they ask for information such as a Social Security number, bank account numbers and passwords.

    6. Use the most secure process you can when logging into financial accounts. Create “strong” passwords that are hard to guess, change them regularly, and try not to use the same passwords or PINs (personal identification numbers) for several accounts.

    7. Be discreet when using social networking sites. Criminals comb those sites looking for information such as someone’s place of birth, mother’s maiden name or a pet’s name, in case those details can help them guess or reset passwords for online accounts.

    8. Be careful when using smartphones and tablets. Don’t leave your mobile device unattended and use a device password or other method to control access if it’s stolen or lost.

    9. Parents and caregivers should include children in their cybersecurity planning. Talk with your child about being safe online, including the risks of sharing personal information with people they don’t know, and make sure the devices they use to connect to the Internet have up-to-date security.

    10. Small business owners should have policies and training for their employees on topics similar to those provided in this checklist for customers, plus other issues that are specific to the business. For example, consider requiring more information beyond a password to gain access to your business’s network, and additional safety measures, such as requiring confirmation calls with your financial institution before certain electronic transfers are authorized.