Alerts

Please be aware that no one representing The Bank of Fayetteville will ever contact you by phone to ask for your debit card number, PIN number or any other vital information pertaining to your card. If you receive a call from someone inquiring about this material, please do not give him or her any information, and if possible, obtain his or her name and phone number and contact the bank immediately.

You should never give your card number, PIN number or any other personal information to anyone who asks for it in an email or by phone or anyone else who you do not want to have access to your accounts. If you receive an email or phone call asking you to provide personal and/or sensitive information, do not click on any link, do not give out any information to the caller and do not send the information. Even if the website, phone call and/or email appear genuine - do not continue.

If you have any questions, please call our customer support team at (479) 444.4444.

September 17, 2009

The Bank Of Fayetteville is participating in the FDIC's Transaction Account Guarantee Program. Under that program, through June 30, 2010 all *noninterest-bearing transactions are fully guaranteed by the FDIC for the entire amount in the account. Coverage under the Transaction Account Guarantee Program is in addition to and separate from the coverage available under the FDIC's general deposit insurance rules.

*Noninterest-bearing transaction accounts are identified as transaction accounts with interest rates no higher than .50%.

May 20, 2009

Deposits at FDIC-insured institutions are now insured up to at least $250,000 per depositor through December 31, 2013. On January 1, 2014, the standard insurance amount will return to $100,000 per depositor for all account categories except for IRAs and other certain retirement accounts which will remain at $250,000 per depositor. (This supersedes the October 3, 2008 changes.)

On September 26, 2008 the FDIC adopted an interim rule amending the deposit insurance provisions on revocable trusts and payable on death accounts. It takes effect immediately (September 26, 2008). Beneficiaries no longer have to be "qualifying" as defined by the FDIC. That means any POD on an account qualifies for additional FDIC coverage.

Fake Check Scams (pdf)

-----

Alert Cites Increase in ACH, Wire Transfer Fraud

August 26, 2009 - Linda McGlasson, Managing Editor

Online crime is increasingly hitting small and mid-size companies in the U.S., draining those entities' bank accounts through fraudulent transfers. The problem has gotten so bad that a financial services group recently sent out a warning about the trend, and the Federal Deposit Insurance Corporation (FDIC) issued an alert today.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," says a bulletin sent on Aug. 21 to member financial institutions by the Financial Services Information Sharing and Analysis Center, (FS-ISAC). The FS-ISAC is part of the government-private industry umbrella working with the Department of Homeland Security and Treasury Department to share information about critical threats to the country's infrastructure. The member-only alert described the problem and told its members to implement many of the precautions and monitoring currently used to detect consumer bank and credit card fraud.

The FS-ISAC notice -- and subsequent media attention -- in turn prompted the FDIC alert to warn banking institutions about this kind of fraud.

The Threat

The FDIC traces the fraud to compromised login credentials on online banking websites. Over the past year, the FDIC says, it has detected an increase in the number of reports and the amount of losses resulting from unauthorized electronic fund transfers (EFTs), such as automated clearing house (ACH) and wire transfers.

In most of the cases, the fraudulent fund transfers were made from business customers that had their online business bankingsoftware credentials stolen or compromised.

"Web-based commercial EFT origination applications are being targeted by malicious software, including Trojan horse programs, key loggers and other spoofing techniques," says the FDIC's alert. These malware are designed to circumvent online authentication methods. Illicitly-obtained credentials can be used to initiate fraudulent ACH transactions and wire transfers, as well as take over commercial accounts. These types of malicious code, or "crimeware," can infect business customers' computers when the customer is visiting a Web site or opening an e-mail attachment.

Some types of crimeware are difficult to detect because of how they are installed and because they can lie dormant until the targeted online banking session login is initiated. These attacks could result in monetary losses to financial institutions and their business customers if not detected quickly.

The FDIC recommends that institutions and technology service providers use regulatory guidance on authentication and information security for high-risk transactions.

The Trend

Security experts familiar with online attacks have long warned of these dangers to institutions and their customers. While the institutions and business customers are not necessarily large or high-profile, the money that is being drained by the criminals can add up to significant amounts. One recent example: Dwelling House Savings and Loan Association, Pittsburgh, PA. The tiny institution failed after an ACH fraud event siphoned off a whopping $3 million.

This fraud trend bears some of the same trademarks of larger breaches, namely the collaboration among overseas hackers and people within the U.S. Paul Kocher, chief research scientist at Cryptography Research Inc., says it's interesting that Albert Gonzales, the hacker indicted in the Heartland Payment Systems breach, was allegedly cooperating with Russian counterparts. "International cooperation within fraud rings has been a growing trend for a long time," says Kocher. "What I always find frustrating is that perpetrators of fraud are much better than victims or law enforcement at forging international working relationships."

Article on protecting yourself from online banking fraud.

-----

Fraudulent Visa Email

SHAZAM has been made aware of a new e-mail based card scam that appears legitimate and can be deceiving. In this scam, consumers are falsely notified by e-mail that their Visa® cards may have been compromised due to fraudulent activity. The e-mail provides official looking information about Visa's commitment to fighting fraud, along with a false Case ID Number. It also directs cardholders to verify their identity through the Web to continue using online services.

An example of the fraudulent e-mail is provided below:

Dear Visa Cardholder,

Continuous monitoring is an integral part of Visa's multiple layers of security. In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholders typical purchasing pattern. This allows us to spot fraudulent activity as quickly as possible and acts an early warning system to identify fraudulent activity. During a recent checkout we detected suspicious activity and your Visa card may have been compromised. Fraudulent activity made it necessary to limit your card for online services. Your Case ID Number is: DD7Q8QQEDR7. To conform to our security requirements and in order to continue online services with your card, we must validate your identity. Please click here to verify your identity. Visa takes online security very seriously so that you can shop safely on the Internet. As part of our commitment to fighting fraud we have the right to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of the terms and conditions for using Visa.

Sincerely,

Visa Customer Service

Please be alert and aware that neither Visa nor MasterCard® will request personal information, account details, or card information over the telephone or through e-mail. Cardholders should promptly notify their card-issuing financial institution if they receive suspicious e-mails or phone calls. They should also closely monitor their statements for any unfamiliar activity.

Phising Alert

We have been notified of a recent scam in which customers and non-customers of Bank of Fayetteville are being sent an email asking to update their personal information via a link that will take the user to a site that is not Bank of Fayetteville's site.

Please know that Bank of Fayetteville will never send you an email or call you to ask for your personal information. If you receive an email or phone call asking you to provide personal and/or sensitive information, do not click on any link, do not give out any information to the caller and do not send the information. Even if the website, phone call and/or email appear genuine - do not continue.

If you have any questions please call our customer support team at (479) 444-4444.

Debit Card Alert

January 2009

Visa has notified The Bank of Fayetteville of a network intrusion that has put Visa account numbers at risk. The reported incident involves confirmed unauthorized access to Heartland Payment Systems, a large debit/credit card payment processor. Exposed customer information included: Visa account numbers, cardholder name and expiration date. The identified exposure window is from debit card transactions performed between May 15, 2008 and November 13, 2008. Although a list of companies that use Heartland for their payment processing has not been released, they service over 175,000 merchants nationwide.

Your debit card(s) may be among those that have been compromised. It is important to note that "compromised" simply means that typically secure information may have been exposed to an unauthorized person. This does not mean that fraud has taken place on your account at this time.

We are asking all Bank of Fayetteville debit cardholders to diligently monitor their account activity. You can monitor your transactions online at BOF.com, and balance your bank statements in a timely manner. The Bank of Fayetteville has a Debit Card Fraud monitoring system in place through the Shazam Network. This system provides a risk assessment on cardholder activity for The Bank of Fayetteville debit card customers. If fraudulent activity is suspected, the company will attempt to verify the transaction in question by phone with the customer. If unsuccessful, card usage is restricted until the customer has made approval of suspicious activity. With your help and the tools the bank has in place to monitor your account, The Bank of Fayetteville has chosen to not automatically replace your card(s) at this time.

Should you, under the circumstances, choose to replace your current card(s), please feel free to come by one of our convenient branch locations. We will replace your card(s) free of charge.

Please monitor your account closely, and if you discover fraudulent activity on your current Bank of Fayetteville debit card(s), please contact the bank at 444-4444. We will then follow our normal procedure in processing the fraudulent activity.

Sincerely,

Billie Pelton

Executive Vice President

Chief Operations Officer