How to keep your accounts safe
We want to help you keep your personal and banking information as safe and secure as possible. We’ve provided the following resources to help keep you informed on how to protect yourself against fraudulent activity, and instructions for what to do if you do discover fraud on your account.
Recent Security Alerts
- Contactless Payment Fraud
One of our main goals is to help you keep your personal and banking information as safe and secure as possible. As such, when we see an area of concern we aggressively work to do what we can to protect our customers and their accounts.
Our fraud representatives have informed us of the most recent type of attack targeting contactless wallets such as Apple Pay and Google Play. The fraudster will set up an account without an individual knowing by obtaining their information from the dark web and using this to make purchases and eventually take over the owner’s account.
In an attempt to get ahead of this, we will be restricting most contactless purchases for a short time as we wait to receive more information on this fraud. While we know this can be a bit of an inconvenience, we believe it is far more advantageous to keep our accountholders safe at this time. We will keep our accountholders informed on these restrictions and appreciate your patience as we work toward ways safeguard your information and mitigate loss for both our customers and the bank.
If you should have any questions at any time, you can contact our Customer Service Center at 800-455-2275 or customerservice@montgomerybank.com You can also follow our social media pages for updates.
- Fraudulent Phone Calls
Please be aware of fraudulent calls and text messages posing as Montgomery Bank, and asking for your personal, confidential information. Always be alert and know that Montgomery Bank will never call and ask you for your account information, so please do not give account number or debit card information over the phone or via text, or any other personal information. If you receive a call or text that causes suspicion, ask the caller their name and contact our Customer Service Center to confirm. Again, please never provide account or debit card information to any caller or text. We invite you to learn more about fraud and scam attempts by visiting the link below.
https://www.banksneveraskthat.com/ #BanksNeverAskThat
- National Public Data Breach
We are aware of the recent data breach at National Public Data, which included the possibility of stolen data including Social Security numbers and other Personally Identifiable Information (PII). While the number of impacted individuals continues to fluctuate, the total number of impacted individuals is believed to be lower than was initially reported by many media outlets since many of the records stolen belonged to the deceased.
A hacker known as "USDoD" allegedly hacked a company called National Public Data and stole personal records. The compromise is believed to have begun in or around April 2024, after which the records were posted for sale and later released by other criminal groups onto the dark web. At this time, we do not believe card data was tied to this event. Currently available information suggests this was a compromise of personal information, not credit and debit card information.
Please take the time to review some industry best practices for security and fraud prevention, including but not limited to the following:
-
If you have not already done so, update your antivirus protection and perform security scans on all devices. If malware is found most antivirus programs should be able to remove it, but you may need to seek reputable professional assistance in some cases.
-
Update passwords for bank accounts, email account, social media accounts, and other services used, ensuring your updated passwords are strong and unique for each account. Passwords should include uppercase and lowercase letters, numbers, and special characters whenever possible and should never include personal information that a hacker could guess or obtain from stolen data.
-
The use of multifactor authentication is recommended on any accounts or services that offer it to ensure proper identity verification.
-
Check your credit report and report any unauthorized use of credit cards. If you notice any suspicious activity, ask credit bureaus to freeze their credit. You can see your current score and report inside the Montgomery Bank app using our Credit Sense service. To learn more visit Credit Sense | Montgomery Bank
We recommend using extra caution with email and social media accounts and beware of phishing, which is an attempt to get your personal information or access to accounts by misrepresenting the identity of person or entity sending a message.
Please be assured that your Montgomery Bank information was not compromised. We are informing you of this so that you can take the necessary steps to protect yourself.
If you see anything out of the ordinary, please contact us at 1-800-455-2275.
-
Security Resources
- Debit Card Hotline
If suspicious activity occurs on your account, we make every attempt to notify you promptly. If we are unable to reach you, your Montgomery Bank debit card will be hot carded so no further activity can be made until we hear from you.
If this occurs, please call us at 1-800-455-2275.
To legally report the loss of your Montgomery Bank Debit Card you must call Montgomery Bank at 1-800-455-2275.
Under federal law, you can reduce your financial liability for unauthorized use of your Montgomery Bank, ATM Card or Debit Card by reporting the loss of your card immediately after you are able to detect that the card is lost.
- Debit Card Restrictions
Debit card transaction restrictions have been lifted within the US. The restrictions stated below remain in place:
International (anything outside of US):
- All transactions are blocked (Signature and PIN) – unless a card is listed as an exception
Online Transactions:
- International: All transactions are blocked
- Domestic: No limits / No restrictions
Auto Bill Pay with card
- International: All transactions are blocked
- Domestic: No limits / No restrictions
Signature (Credit) Based = No PIN used
- PIN (Debit) Based = PIN used
Before you travel outside of the United States, please contact a Personal Banker or our Customer Service Center at 800-455-2275 to schedule travel notes on your account.
If you would have any questions or wish to order a replacement card, please contact our Customer Service Center at 800-455-2275 or customerservice@montgomerybank.com.
- Blocked Countries, States, and Businesses
International Transactions
All international transactions are restricted by default. If you plan to travel outside of the United States, please contact your local branch or our Customer Service Center at 1-800-455-2275.
Blocked States
Blocked Businesses
- Cash App – due to continued fraud issues transactions limited to no more than 5 per day, no transactions over $500 permitted and a daily limit of $750.
- Facebook Pay (transactions over $199.99 blocked)
- Crypto.com AVS
- MACQUARIE UNIVER
Debit card transactions at chip capable machines when the chip is not used over $149.99.
Blocked Countries
International transactions are restricted.
If you plan to travel outside of the United States, please contact your local branch or our Customer Service Center at 1-800-455-2275
Last Update: 05/29/2020
- Fraudulent Techniques Defined
Phishing
A technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from a legitimate retailer, bank, organization, or government agency. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card or bank account details. These emails can look authentic with company logos and banners copied from Web sites.
Identity theft
One of the fastest-growing types of financial fraud. Without stealing your wallet, a crook can steal your financial identity with as little information as your social security number. Identity theft involves crooks’ assuming your identity by applying for credit, running up huge bills and stiffing creditors – all in your name.
Social engineering
Using human interaction (social skills) to obtain or compromise sensitive information about an individual or an organization. This social engineering could be used to gather personal information on you or other family members. An attacker may seem unassuming and respectable. They may even offer “credentials” to support their identity. By asking seemingly harmless questions, they may be able to piece together enough information to steal your identity or to infiltrate your computer.
Avoiding Social Engineering and Phishing Attacks
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution such as Montgomery Bank. In this email they will request account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. It is important to note: MONTGOMERY BANK WILL NEVER ASK FOR PERSONAL INFORMATION IN AN EMAIL OR PHONE CALL TO YOU!
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year.- natural disasters (i.e., Hurricane Katrina, Indonesian tsunami, Joplin tornado)
- epidemics and health scares (i.e., H1N1)
- economic concerns (i.e., IRS scams)
- major political elections
- holidays
How do you avoid being a victim?
Do not give sensitive information to anyone unless you are absolutely sure that they are indeed who they claim to be and that they should have access to the information.
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Do not provide personal information unless you are absolutely certain of a person’s authority to have the information. Do not reveal personal or financial information in an email and do not respond to email solicitations for this information. This includes following links sent in email. Don’t send sensitive information over the Internet before checking a website’s security (see Protecting Your Privacy for more information). Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a slight variation in spelling or a different domain (i.e., .com vs. .net). If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Device Protection
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic over your personal computers. (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information). Take advantage of any anti-phishing features offered by your email client and web browser.
What do you do if you think you are a victim?
If you believe your personal financial accounts may be compromised, contact your financial institution such as Montgomery Bank immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account. Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
Used with permission and available at http://www.us-cert.gov/, the United States Computer Emergency Readiness Team, a service of the U.S. Department of Homeland Security.
- Secure Email Services
With the increase in fraudulent activities and e-mail scams, Montgomery Bank has taken another step to ensure your information is secure by providing a secure email service.
Our secure email service has changed. To send a secure email to Montgomery Bank, we, first, ask that you please send an email to our Customer Service department (customerservice@montgomerybank.com) requesting that a secure email communication method be setup with you or simply contact our customer service center at 1-800-455-2275 for assistance. Our Customer Service department will send you a secure, encrypted email. As you reply to this email, your response back to Montgomery Bank will be encrypted and secure.
Caution: Normal, unencrypted email should not be considered as a secure method of communication. We ask that you NOT include confidential information including account numbers, passwords, social security numbers, etc., in the emails you send to us. To discuss confidential information, please stop by any Montgomery Bank location or call us at 1-800-455-2275 Monday through Friday between 7:30 a.m. to 6:00 p.m. or Saturday 7:30 a.m. to noon (CT). The bank assumes no responsibility for interception of confidential information you send in an unsecured (unencrypted) email message.
The security of your private information is very important to us. Montgomery Bank will never provide your confidential information to any source not affiliated with the bank. We will never ask you for your personal information through an email so be aware of the phishers who try to gain this information via email.
- Montgomery Bank Website Security Statement
The security of your personal and account information is important to us.
We understand that our continued success as a leading financial institution relies on both our ability to offer banking services to you in a secure manner as well as your responsibility in keeping any access codes, passwords or PINs secure. To assist us in offering these Web-based banking services in a secure manner, we employ a number of measures which are described below. These measures allow us, among other benefits, to properly authenticate your identity when you access these services and protect your information as it traverses the Internet between your PC and Montgomery Bank.
Montgomery Bank is proud to deliver the highest level of security for our Internet banking customers. An additional layer of security has been added to our log in process. This will help ensure that your information is secure, protecting you from fraud and identity theft.
Security Image
Enhanced online security is provided for our Internet banking customers that verifies your identity in two ways. Every time you log in to Internet banking, the bank identifies you, and it lets you identify the bank using a private image and pass phrase that is unique to each individual Internet banking user. This level of security is used for routine Internet banking services such as balance inquiries, transfers and eBill Pay.
Security Tokens
Security Tokens are provided to our commercial Internet banking customers that verify your identity in two ways. Every time you log in to business Internet banking, the bank identifies you using a one-time password generated by the security token, and it lets you identify the bank. This enhanced level of security is provided to our commercial customers that utilize more complex Internet banking services such as wire transfers and ACH origination.
Many of the financial services we provide on this web site utilize access codes (e.g., ID and password/PIN). For further details about a particular service’s access codes, follow the links to the discussion of that service’s security specifics.
To further protect you, a timeout feature is often used. This feature will automatically log you out of your current financial service session after an extended period of inactivity on our site.
Montgomery Bank also requires the use of secure browsers to protect you while you access our online financial services. More specifically, the personal and account information that flow back and forth between your PC and Montgomery Bank must be encrypted while in transit – secure browsers are how we achieve this level of protection. Encryption is the process of scrambling information (typically for data transmission) so that it can only be reassembled in its original clear text format by someone who has the correct encryption key to do so. Likewise, when we send personal or account information to you, this technology encrypts it, which then only you can decrypt.
Montgomery Bank employs an additional protection mechanism known as a firewall to protect our computer systems and your information. Firewalls can be thought of as selective barriers that only let authorized traffic (i.e., you, our Online Banking customer) through to Montgomery Bank’s systems.
System and application activity logs are another mechanism Montgomery Bank uses to protect our systems and your information. These logs are reviewed regularly and any anomalies or discrepancies are investigated thoroughly.
Montgomery Bank’s Online Banking product provides additional security measures.
The browsers that Montgomery Bank’s Web-based financial services currently support are listed below. Some versions of these browsers provide 128-bit encryption while other versions support only 40-bit encryption. 128-bit browsers provide strong encryption capability. The U.S. government does not allow the export of secure browsers with strong encryption anywhere outside the U.S., with Canada being the only exception. Montgomery Bank requires its financial service customers to use browsers with 128-bit encryption. Use of 40-bit browsers for accessing Montgomery Bank’s services will not be permitted.