Personal---Landing-Page-Ad---Privacy-and-Security

Customer Information & Privacy Policy       Questions? Contact Us.
Online Banking Security

Online Banking Security

Home Savings Online Banking's new security service, which is known in the industry as Multifactor Authentication, will help protect you from identity theft. Home Savings will begin requiring a verification code which will allow us to verify your identity when you access Online Banking from an unrecognized device, such as friend or family member's computer, by sending a verification code to your previously registered phone or email address.

What is Multifactor Authentication?

Authentication is the process used to allow access to only the correct customer. Without effective authentication controls, it is possible for fraudulent users to access your account. We authenticate customers by issuing challenges that only the actual customer should be able to pass.

Multifactor Authentication (MFA) means two or more different types of authentication must be passed. By using two different factors of authentication, we get a higher assurance that the customer is the correct intended user. MFA is commonly used to protect transactions at ATMs, where your card is something you have, and your PIN code is something you know. Similarly with our Online Banking MFA, your phone or computer is something you have, and your password is something you know.

What information will be required to enroll?

When you login to online banking, you will be prompted for your password. In addition you will be required to provide information that enables us to send you a one-time passcode also referred to as a verification code. We recommend that you enroll your personal mobile phone, if you have one. However, we will give you the option to enroll your mobile phone, your home phone (landline) and/or an email address. Enrolling a phone number or email that is shared with others is not recommended.

How does the verification code/one-time passcode work with mobile phones or tablets?

This security upgrade was designed for customers using personal computers. At this time we do not support the security features on mobile devices, however in the near future we will be offering mobile banking services. In the meantime, if you do use Online Banking on a mobile device, you will need to be prepared to use both your password and a new one-time passcode to log in.

How will it affect my online banking experience?

Instead of answering a Challenge Question, you will receive a verification code at the number you enroll. Optionally, you may then enroll your computer to act in place of your phone. Once you enroll your computer, the rest of your online banking experience will remain exactly the same. If you register the computer you should not have to go through the process again. We do NOT recommend you choose to have a shared or public computer remembered. This will make it easier for unauthorized users to access your online banking account. If you choose to have your device remembered, any clearing of cookies may result in the verification process again.

What if I need to upgrade my browser?

If you access Online Banking using Internet Explorer 6 or 7 (or an earlier version), you will be presented with a prompt asking you to upgrade your browser in order to continue. A link will be provided for you to upgrade your browser.

Can I access my accounts from other computers at my home, my office or on the road?

Yes, you can access your accounts from any computer. However, when you login from a system that does not have the special browser cookie, you will need to authenticate using the verification code instead. You may enroll multiple computers, but be mindful not to enroll a computer that you don't often use, or that is shared with people you do not know. Enrolling a non-trusted computer is equivalent to lending your ATM card to a stranger.

Questions or Issues?

Email us or call us at 330.781.6525 I 1.866.466.3050

Mobile Banking Security

Mobile Banking Security

Home Savings' mobile banking service gives you the convenience you want with industry-leading safety and security features that provide peace of mind. We are committed to making our mobile banking safe and secure. Our fraud prevention and security systems protect you with the latest encryption technology and secure email communications. When using our mobile banking application you're protected by these security features:

  • Encryption technology to prevent unauthorized access
  • Privacy protection of your financial information as detailed in our Consumer Privacy Notice

Common-sense steps to protect your accounts

Synch your mobile devices
Mobile devices are basically small computers with software that needs to be kept up to date just like on a PC or laptop. Make sure all the mobile devices in your house have the latest security protection. This may require synching your devices with a computer.

Guard your personal information
Protect your phone or tablet device just as you would your computer. Secure your mobile device by using a strong password and be cautious about the sites you visit and the information you release.

Think before you app
Before you download an application (app) on your device, review the privacy policy and understand what specific data the app can access.

Protect your money
When banking and shopping on your mobile device, check to be sure the sites are secure. Look for web addresses with https:// in the address. This means the site takes extra measures to help secure your information.

When in doubt, don't respond
Fraudulent texting, calling and voicemails are on the rise.  Just like in fraudulent email, requests for personal information or a call for immediate action are almost always a scam. Home Savings will never contact you asking for personal or banking information.

Fake Mobile Banking apps
Criminals may develop and publish fake mobile banking applications that look like Home Savings apps but are in truth designed to steal your online banking credentials. Here are tips for recognizing an unofficial app:

  • The developer or author of the application is not Digital Insight (Home Savings' online and mobile banking provider).
  • The app is being promoted on a third-party site, somewhere other than the official app store for your mobile device.
  • There is a charge for downloading the app — Home Savings does not charge for mobile app downloads.

To help protect your accounts and information, never download or install a mobile banking app if you spot any of these warning signs.

SMShing
SMShing is phishing that happens via SMS text message. A criminal sends you a text message that tries to trick you into replying with financial or personal information or clicking on links that will sneak viruses onto your mobile device. Don't respond to a text message that requests personal or financial information.  Home Savings will never ask you to provide your information in this way.

Lost and stolen devices
Mobile phones and tablet devices offer convenience, but they're also easy to lose or steal, which can put your information at risk. Here are some ways you can protect yourself now in the event your device is lost or stolen later:

  • Password-protect your device so it can't be accessed unless the password is entered.
  • Enable an automatic screen-locking mechanism to lock the device when it's not actively being used.
  • Consider using a remote wipe program that gives you the ability to send a command to your device that will delete any data.
  • Keep a record of the device's make, model and serial number in case it's stolen.

Traditional online threats
Viruses, malware and other programs intended to steal your personal information or financial details are able to infect some mobile devices. If your tablet supports a traditional anti-virus product, consider installing that software. Backup the device's data and keep the copy in a safe and secure location. This will allow you to restore your data in the event you need to wipe the device clean in order to remove a harmful software threat.

Report suspicious activity

  • In your email - To report a suspicious email that uses Home Savings' name, forward it to us immediately at webmail@homesavings.com and use the subject "Suspicious E-Mail."
  • On your statement - To report fraudulent activity on your Home Savings account, call 1.866.466.3050 or visit a branch location near you.

More tips for safe use of a mobile banking application

  • Never provide personal identification or banking information over your mobile device unless you initiate the contact and you know that you're dealing directly with your bank.
  • Remember, Home Savings would never contact you asking for personal or banking information. Assume any unsolicited text request is fraudulent. Giving this information places your finances and privacy at risk.
  • Avoid sharing your password, account number, PIN and answers to secret questions. Never save this information anywhere on your phone.
  • Add our short code to your device's contact list with a distinctive name, to recognize any incoming messages are from us and not spoofed.
  • Bookmark www.homesavings.com to avoid mistyping.
  • Don't set the Web or client-text service to automatically log you in to your bank account. If your phone is lost or stolen, someone will have free access to your money.
  • Don't type sensitive information that others can see; be aware of your surroundings.
  • Set the phone to require a password to power on the handset or awake it from sleep mode.
  • Immediately notify us and your mobile operator if you lose your phone.
  • Microsoft provides guidance on how to create a strong password.
Identity Theft Protection

Identity Theft Protection

Protecting Your Personal Information 

Identity theft is the fraudulent use of your personal identifying information to commit fraud or theft. Here are some helpful tips to avoid becoming the next victim.

  • Store personal information in a safe place. Shred financial statements, bank checks, credit card offers, charge receipts and credit applications before discarding them.  
  • Don't release personal information. Never disclose account, social security and credit card numbers over the phone or online unless you know the person or organization with whom you're dealing.  
  • Guard against mail theft. Deposit outgoing mail into a secure, official Postal Service collection box. Promptly remove incoming mail after it has been delivered.  
  • Monitor account information and billing statements. Know your billing cycles and review monthly statements for authorized charges or withdrawals. Missing statements could indicate someone has filed a change of address notice to divert your mail to his or her address.  
  • Reduce pre-approved credit offers and direct mail solicitations. To opt-out of pre-approved offers call 888-567-8688. To opt-out of direct mail offers register with the Direct Marketing Association
  • Obtain and review copies of your credit report. Order copies of your credit report yearly to review your file and make certain the information is accurate. The three major credit bureaus are:
    • Equifax: 800.685.1111

    • Experian: 888.397.3742

    • TransUnion: 800.888.4213

  • Review the FBI Fraud Alert Questions. If you answer "YES" to any of the questions, you could be involved in a fraud or about to be scammed!

Steps to take if you become a victim:

  1. Notify the three credit bureaus' fraud departments. Request that a "fraud alert" be placed in your file, as well as a victim's statement asking that creditors call you before opening any new accounts. To report fraud:
  2. File a police report and call the Federal Trade Commission's toll-free Identity Theft Hotline at 877.ID.THEFT.
  3. Request a copy of your credit report. Credit reports are free to fraud victims.
  4. Contact your creditors for any accounts that have been opened fraudulently. Close your accounts and obtain new credit, debit and ATM cards.
  5. Report any suspected stolen mail to your local postal inspector and check the post office for unauthorized change of address requests.
 

 To learn more about identity theft, visit the following websites:

Online Fraud Prevention

Online Fraud Prevention

While attempted Internet scams are not an uncommon occurrence, a basic awareness of the most common ones can thwart attempts to collect sensitive information.

Email and Internet-related fraudulent schemes, such as "phishing" (pronounced "fishing"), are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate email messages and Internet web sites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords and personal identification numbers (PINs). The perpetrator of the fraudulent email message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank. Techniques such as a false "from" address or the use of seemingly legitimate bank logos, web links and graphics may be used to mislead email recipients.

In most phishing schemes, the fraudulent email message will request that recipients "update" or "validate" their financial or personal information in order to maintain their accounts. The directions in the email usually prompt the recipient to:

  • Respond to the fraud perpetrator via email, or  
  • Complete an online form that is embedded in the email, or  
  • Click on a link in the email, which leads to a sometimes authentic-looking site that collects the sensitive information.

These web sites may include copied or "spoofed" pages from legitimate web sites to further trick consumers into thinking they are responding to a bona fide request. Some consumers will mistakenly submit financial and personal information to the perpetrator who will use it to gain access to financial records or accounts, commit identity theft or engage in other illegal acts.

Risks Associated With Email and Internet-Related Fraudulent Schemes 

Customers who fall prey to e-mail and Internet-related fraudulent schemes face real and immediate risk. Criminals will normally act quickly to gain unauthorized access to financial accounts, commit identity theft or engage in other illegal acts before the victim realizes the fraud has occurred and takes action to stop it.

Tips to Remember

  • NEVER supply sensitive information (such as account numbers, passwords, etc.) via email.  
  • A financial institution's web page should never be accessed from a link provided by a third party. It should only be accessed by typing the web site name, or URL address, into the web browser or by using a "book mark" that directs the web browser to the financial institution's web site.  
  • A financial institution should not send e-mail messages that request confidential information, such as account numbers, passwords or PINs. Financial institution customers should be reminded to report any such requests to the institution.  
  • If emails or Internet sites contain typographical or grammatical errors, these are often indicators of fraud attempts to compromise your information.
     

To learn more about online fraud, please visit:

Corporate Account Security

Corporate Account Security

There are many ways that cyber criminals can take over corporate accounts.  It’s important to monitor your accounts daily for suspicious activity.  Here is some very important information about how corporate account takeovers can happen, and what you can do to protect yourself and your business.

Corporate Account Takeover

Corporate account takeover occurs when a criminal obtains electronic access to your bank account and conducts unauthorized transactions. They gain access by stealing the confidential security credentials of your employees who are authorized to conduct electronic transactions (wire transfers, Automated Clearing House-ACH, and others) on your corporate bank accounts. Dollar losses from this type of cyber-crime range from tens of thousands into the millions, with the majority of these thefts not fully recovered. Corporate account takeovers can affect both large and small banks.

How it happens

There are several methods used to steal confidential security credentials:  Phishing mimics the look and feel of a legitimate financial institution’s website, e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution.

Malware can infect computer workstations and laptops via infected e-mails with links or document attachments. In addition, malwarecan be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of the malware. The malwareinstalls key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto a financial institution’s website, then trick the user into thinking the system is down or not responding. During this perceived downtime, the perpetrator is actually sending transactions in the user’s name.

If robust authentication is not used and a user’s credentials are stolen, the perpetrator can take over the account of the business. To the financial institution, the credentials appear to be the legitimate user. The perpetrator has access to, and can review the account details of, the business. These details include account activity and patterns, and ACH and wire transfer origination parameters such as file size and frequency limits and Standard Entry Class (SEC) codes.

With an understanding of the permissions and the limits associated with the account, the perpetrator can transfer funds out of the account using wire transfers or ACH files. With ACH, the file would likely contain credits routed to accounts at one or more financial institutions. These accounts may be newly opened by accomplices (unsuspecting individuals called “money mules”) for the express purpose of receiving and laundering these funds. The money mules withdraw the entire balances shortly after receiving the money and send the funds overseas via wire transfer or other popular money transfer services.

(A money mule is a person who is local to the compromised account, who can receive money transfers with a lesser chance of alerting the banking authorities. Often, they are “hired” by the cyber criminals to conduct these activities, and often become identity theft victims themselves.)

Perpetrators also send ACH files containing debits in order to collect additional funds into the account that can subsequently be transferred out. The debits would likely be to other small business accounts for which the perpetrator has also stolen the credentials or banking information. Given the 2-day return timeframe for debits, and the relative lack of account monitoring and controls at many small businesses, these debit transactions often go unnoticed until after the return timeframe has expired.

Criminals may pretend to represent official agencies or organizations.

  • The FDIC does not directly contact bank customers (especially related to ACH and Wire Transfer transactions, account suspension or security alerts), nor does the FDIC request bank customers to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.
  • Messages or inquiries from the IRS, BBB, NACHA and almost any other organization asking the customer to install software, provide account information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed or information is provided.
  • Phone calls or text messages requesting sensitive information are likely fraudulent. If in doubt, account holders should directly contact the organization requesting the information at the phone number obtained from a different source (such as the number they have on file, that is on their most recent statement or that is from the organization's website, etc.). Account holders should not call the phone numbers (even with local area codes) that are listed in the suspicious email or text message.

Best practices to protect yourself and your business accounts.

Education is key – train your employees

  • A strong security program paired with employee education about the warning signs, safe practices and responses to a suspected takeover are essential to protecting your company and customers.
  • Employee education is effective in reducing the threat of an account takeover.
  • Develop a formal security policy and train the employees on internet safety.

Protect your online environment

  • Secure your computer and networks – possibly dedicate one computer for online banking functions only, no emails or other internet browsing allowed.
  • Install and maintain spam filters.
  • Use the internet carefully.
  • Install and maintain real-time anti-virus and anti-spyware desktop firewall, as well as malware detection and removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
  • Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
  • Install security updates (patches) to operating systems and all applications as they become available.
  • Block pop-ups, enforce strong password policies and use multi-layer security.
  • Do not use public internet access points.

Partner with your bank to prevent unauthorized transactions

  • Make sure that your employees know how and to whom to report suspicious activity, both at your company and at your bank.
  • Use dual control with online banking transactions.

Pay attention to suspicious activity and react quickly

  • Monitor and reconcile bank accounts daily, especially near the end of the day.
  • Note any changes in the performance of your computer such as dramatic loss of speed, computer lock-ups, unexpected rebooting, unusual pop-ups, etc.
  • Do not open attachments from e-mails; be on the alert for suspicious e-mail.

Understand your responsibilities and liabilities

  • The account and cash management online service agreements detail what commercially reasonable security measures are required for your business.  It is critical that you understand and implement the security safeguards in these agreements.  If you don’t, you could be liable for losses resulting from a takeover.
  • Consider cyber-insurance.
  • Limit administrative rights. Do not allow employees to install any software without receiving prior approval.

When to contact the bank

  • If you suspect a fraudulent transaction.
  • If you are trying to process an online wire transfer or ACH batch and you receive a maintenance page.
  • If you receive an e-mail claiming to be from the bank and it is requesting personal and/or company information.  The Bank will NEVER ask for sensitive information, such as Account Numbers, Access IDs, or Passwords via e-mail.

Have an action plan in the event of account takeover

  • Keep handy a list of direct contact numbers of key bank employees (including after-hours numbers).
  • Contact local law enforcement to report an incident.
  • Actions to consider to limit further unauthorized transactions include:
    • Change passwords;
    • Disconnect computers used for internet banking;
    • Request a temporary hold on all other transactions until out-of-band confirmations can be made;Note information the accountholder will provide to assist the bank in recovering the accountholder’s money;
    • Contact your insurance carrier; and
    • Work with computer forensic specialists and law enforcement to review appropriate equipment.
  • If bank account is found to be compromised, close the account affected.
  • Document the incident, writing down all that happened (time, date, employees affected, etc.).

More Resources

Protecting Your Computer

Protecting Your Computer

Worms, viruses and spyware that have appeared on the Internet carry a variety of problems. Some have the capability to install software on an end user's computer, seeking Internet banking or financial data with the intent of communicating the data back to the attacker.

A financial institution or a service provider cannot prevent these items from being sent out and infecting people's computers. What we can do is ensure that our systems are virus-free, properly patched and that our users are knowledgeable of the risks.

The following are tips to help protect your computer and information:

  1. Keep anti-virus software current on any computer, especially those from which financial transactions are conducted over the Internet.   
  2. Keep software patched with the latest updates, especially computers that conduct financial transactions over the Internet.   
  3. Install a personal firewall and anti-spyware software on your computer from a vendor you know and trust.   
  4. Do not open emails or attachments that are of unknown origin, as this is often the source of virus and worm infections.   
  5. When conducting online transactions, ensure that it is a secure connection. Visual markers to indicate a secure connection include:
    • "https://" in the address line of your browser;
    • a padlock icon in the window of the browser.
    • You can also view the security levels provided on any page by going to File/Properties in the menu bar.   
  6. Never reveal your password to another person and change it periodically.  Avoid using passwords such as: Birth dates, first names, pet names, addresses, phone numbers, social security numbers, etc.   
  7. Always sign-off (log out) of a web site when completing a secure online session.

For more tips on protecting your computer and personal information, visit the following websites:

FraudWatch

FraudWatch

Debit card fraud can hit at any time… We work round the clock to keep it from affecting you with FraudWatch Plus!

To help fight fraud, Home Savings debit cards are protected by FraudWatch Plus. Trained analysts watch for suspicious activity 24/7, 365 days a year. When a transaction is not consistent with your usual card activity, you will get a call from “Fraud Prevention Services” to verify the transaction.

How You Can Help…

  • Notify Home Savings immediately if you notice any suspicious activity on your account.
  • Make sure Home Savings has your current phone number. Fraud Prevention Services will try to reach you in the event of suspicious card activity.
  • Contact our Customer Care team before you travel. We will ensure your card is working for you while you travel.
  • For areas outside of Ohio, Pennsylvania, West Virginia and Florida, if you use your Home Savings Visa® Debit Card at retailers you may find that specific credit transactions are declined.  This is for your security and protection.  If you experience this, simply conduct your transaction as a debit instead of a credit, and enter your PIN.

Important Phone Numbers:

  • FraudWatch Plus Customer Service is available 24/7: 866.842.5208; Or outside the USA, call collect at 412.552.2697
  • Lost or stolen debit card: Call Customer Care at 1.888.822.4751, Option 2. After normal business hours call 1.800.264.5578.
  • Home Savings Customer Care: 1.888.822.4751, Option 2
USA Patriot Act

USA Patriot Act

CUSTOMER IDENTIFICATION NOTIFICATION
As required by the USA Patriot Act

Important Information About Procedures For Opening A New Account

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify and record information that identifies each person or business opening an account.

What this means for you:

  • When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you.
  • We may also ask to see your driver's license or other identifying documents.

Back to Top