CUSTOMER AWARENESS PROGRAM

Reg. E Coverage

Federal Reserve regulation that sets rules, liabilities, and procedures for electronic funds transfers (EFT), and establishes consumer protections using EFT systems. This regulation prescribes rules for solicitation and issuance of EFT debit cards, governs consumer liability for unauthorized transfers, and requires financial institutions to disclose annually the terms and conditions of EFT services. For example, the regulation sets up an error resolution procedure for errors on EFT related accounts.

A consumer claiming that funds were taken from an account by another person's unauthorized transfer without prior consent, or a transaction was posted improperly due to a bank bookkeeping error, can have the error corrected by notifying the financial institution holding the account. Once notice is given, the financial institution has from 10 to 45 days to investigate the complaint and recredit funds debited in error. The consumer's account liability is limited by regulation to $50 if the bank is notified of the error, but otherwise can be as high as $500.

Under the Error Resolution procedures in Regulation E, a consumer who claims his bank account was debited erroneously without his or her authorization may challenge the transaction. The consumer's bank has ten business days from the time the complaint is lodged to investigate and if necessary correct the error. If it cannot, the bank must return the funds debited, and it then has up to 45 days in most transactions to investigate the alleged error.

If you believe there has been an unauthorized or inaccurate electronic funds transfer on your account, please contact us as soon as possible.

Understanding Phishing

"Phishing" is the latest form of identity theft on an old telemarketing scam, buts uses email. These criminals send emails to millions of people hoping that even a few will give away valuable information. They will act as if they are representing an organization and try to hook the consumer into providing personal or financial information. Once the consumer is hooked, the thieves can do lasting damage to a consumer's financial accounts. They can dupe customers into providing their Social Security numbers, financial account numbers, Online Banking password's, mothers' maiden names and other personal information.

Thieves often pose as:

How it Works

Consumers receive an email from an organization with which they do business. The email typically includes bogus appeals such as problems with an account or billing errors, and asks the consumer to confirm his/her personal information. Most emails ask recipients to follow an embedded link that takes them to an exact replica of the victim company's web site. Graphics on the counterfeit site are so convincing that even experts often can have a hard time distinguishing the fake site from the real one. Despite the convincing appeals, consumers should not respond to unsolicited emails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally do not request account numbers or passwords unless the consumer initiated the transaction.

Please note that Mega Bank will never request identifying information, account information, or Online Banking password information via email. If you have any question regarding the validity of a phone call or email requesting account information, please call your Mega Bank branch or 626-282-3000 prior to responding to the request for information.

Clues to identifying a "Phishing" email:

To avoid becoming the victim of a phishing scam, Mega Bank offers the following tips:

Understanding Corporate Takeover

There has been a shift in the online criminal world from primarily targeting of individuals to increased targeting of corporations. Financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid online banking credentials belonging to small and medium sized businesses. Eastern European organized crimes groups are believed to be predominantly responsible for the activities that are also employing witting and unwitting accomplices in the United States (money mules) to receive, cash and forward payments from thousands to millions of dollars to overseas locations via popular money and wire transfer services.

How it Works

Typically compromise of the customer is carried out via a "spear phishing" e-mail which directly names the recipient correctly and contains either an infected file or a link to an infectious Web site. The e-mail recipient is generally a person within a company who can initiate funds transfers or payments on behalf of the business. Once the user opens the attachment, or clicks the link to open the Web site, malware is installed on the user’s computer which usually consists of a Trojan keystroke logger, which harvests the user’s corporate online banking credentials. Many types of spear-phishing have been used by criminal groups including messages impersonating the Better Business Bureau, US Court System, Microsoft Update, and UPS to name a few.

The customer's online credentials are either uploaded to a website from where the fraudster can later download them, or, if the bank and customer are using two factor authentication system, the Trojan keystroke logger may detect this and immediately send an instant message to the fraudster alerting them of the secure web activity. The fraudster then accesses the financial institution through use of the captured username and password or through hijacking the secure web session.

The fraud is carried out when the fraudster creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as the legitimate user. These transfers have occurred through wire or ACH that are directed to the bank accounts of willing or unwitting individuals. Often within a couple days, or even hours of recruiting money mules and opening accounts, money is deposited and the mule is directed to immediately forward a portion of the money to subjects in Eastern Europe by various means.

As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats. Here are some suggestions that could help you:

Other Resources regarding types of fraud, prevention, and reporting:

The Internet Crime Complaint Center (IC3) - a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). http://www.ic3.gov/default.aspx

Federal Deposit Insurance Corporation (FDIC) Identity Theft & Fraud Web Site http://www.fdic.gov/consumers/theft/index.html

Anti-Phishing Working Group - The Anti-Phishing Working Group (APWG) is a non-profit global pan-industrial and law enforcement association focused on eliminating the fraud, crime and identity theft that result from phishing, pharming, malware and email spoofing of all types. http://apwg.org/

The Financial Fraud Enforcement Task Force Federal Trade Commission TC Consumer & Privacy Resources. http://www.stopfraud.gov/

Mega Bank contact information. http://www.megabankusa.com/locations.asp