Alerts

Debit Card Alert

DEBIT CARD ALERT

We have been made aware of fraudulent phone calls coming from "Bancorp South". These calls are to inform you that your debit card has been deactivated. These phone calls are a scam.

Please be aware that no one representing The Bank of Fayetteville will ever contact you by phone to ask for your debit card number, PIN number or any other vital information pertaining to your card. If you receive a call from someone inquiring about this material, please do not give him or her any information, and if possible, obtain his or her name and phone number and contact the bank immediately.

You should never give your card number, PIN number or any other personal information to anyone who asks for it in an email or by phone or anyone else who you do not want to have access to your accounts. If you receive an email or phone call asking you to provide personal and/or sensitive information, do not click on any link, do not give out any information to the caller and do not send the information. Even if the website, phone call and/or email appear genuine - do not continue.

If you have any questions, please call our customer support team at (479) 444.4444.

Equifax Scam

Equifax Corporate Security has received notice that businesses are receiving fraudulent letters appearing to be from Equifax. These letters request that current or potential contractors register by submitting their company's financial information on a release form entitled, "Authorization to release financial information." Sample from this letter:

"Our records show that you are currently registered as a prospective contractor for procurements listed by the U.S. Federal Government. However after reviewing your records we have noticed that you have not submitted your financial release form. Your financial institution's privacy policy may not allow it to release your financial information even to government institutions without your consent, therefore we must have such form on file before we can move on with any procurement decisions."

The authorization to release financial information requests that you provide the name of your financial institution and the account number and fax to (202) 652-4312.

This letter is a scam and not from Equifax. Other versions of this letter have been sent out to businesses purporting to be from the Department of Transportation as well as from other companies. These letters are a fraudulent means to obtain financial information. Please discard these letters. Do not give them any of your personal information.

If you have responded to this fraudulent letter, please contact us immediately.

Visa Network Intrusion

ALERT: Visa Network Intrusion - Debit/Credit Cards at Risk

Visa Fraud control and Investigations has notified The Bank of Fayetteville of a confirmed network intrusion that has put almost 300 of our Visa Debit Cards/Visa Business Debit Cards at risk. The reported incident involves confirmed unauthorized access to a retail merchant's database of customer information. This customer data may have been exposed on transactions conducted from 12/4/2009-12/1/2010.

The retail merchant in question is Genesco. Genesco is a leading specialty retailer of branded footwear and headwear. Their stores include: Journeys, Journeys Kidz, Shi by Journeys, Underground Station, Johnston & Murphy, Hatworld, Lids, Lids Kids, Hat Shack, Hat Zone, Cap Connection and Head Quarters.

If you have used one of these merchants, you debit card(s) may be among those that have been compromised. It is important to note that "compromised" simply means that typically secure information may have been exposed to an unauthorized person. This does not mean that fraud has taken place on your account at this time.

We are asking all Bank of Fayetteville debit cardholders to diligently monitor their account activity. You can monitor your transactions online at BOF.com, and balance your bank statements in a timely manner. The Bank of Fayetteville has a Debit Card Fraud monitoring system in place through the Shazam Network. This system provides a risk assessment on cardholder activity for The Bank of Fayetteville debit card customers. If fraudulent activity is suspected, the company will attempt to verify the transaction in question by phone with the customer. If unsuccessful, card usage is restricted until the customer has made approval of suspicious activity. With your help and the tools the bank has in place to monitor your account, The Bank of Fayetteville has chosen to not automatically replace your card(s) at this time.

Should you, under the circumstances, choose to replace your current card(s), please feel free to come by one of our convenient branch locations. We will replace your card(s) free of charge.

Please monitor your account closely, and if you discover fraudulent activity on your current Bank of Fayetteville debit card(s), please contact the bank at 444-4444. We will then follow our normal procedure in processing the fraudulent activity.

Previous Alerts

If you have any questions, please call our customer support team at (479) 444.4444.

-----

FDIC Insured

September 17, 2009

The Bank Of Fayetteville is participating in the FDIC's Transaction Account Guarantee Program. Under that program, through June 30, 2010 all *noninterest-bearing transactions are fully guaranteed by the FDIC for the entire amount in the account. Coverage under the Transaction Account Guarantee Program is in addition to and separate from the coverage available under the FDIC's general deposit insurance rules.

*Noninterest-bearing transaction accounts are identified as transaction accounts with interest rates no higher than .50%.

May 20, 2009

Deposits at FDIC-insured institutions are now insured up to at least $250,000 per depositor through December 31, 2013. On January 1, 2014, the standard insurance amount will return to $100,000 per depositor for all account categories except for IRAs and other certain retirement accounts which will remain at $250,000 per depositor. (This supersedes the October 3, 2008 changes.)

On September 26, 2008 the FDIC adopted an interim rule amending the deposit insurance provisions on revocable trusts and payable on death accounts. It takes effect immediately (September 26, 2008). Beneficiaries no longer have to be "qualifying" as defined by the FDIC. That means any POD on an account qualifies for additional FDIC coverage.

------

Fake Check Scams (pdf)

-----

ALERT: Suspicious Telephone Calls Claiming to Be From the FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of suspicious telephone calls where the caller claims to represent the FDIC and is calling regarding the collection of an outstanding debt.

To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to "avoid a lawsuit and possible arrest." In some instances, the caller is said to sound aggressive and threatening.

These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.

If a caller demonstrates that he or she has the recipient's sensitive personal information, such as Social Security number, date of birth and bank account numbers, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a "fraud alert" on his or her credit reports. This can be done by contacting one of the three consumer reporting companies listed below. Only one of the three companies needs to be contacted. That company is required to contact the other two, which will place an alert on their versions of the report.

TransUnion: 1-800-680-7289; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, California 92834-6790
Equifax: 1-800-525-6285; P.O. Box 740241, Atlanta, Georgia 30374-0241
Experian: 1-888-EXPERIAN (397-3742); P.O. Box 9554, Allen, Texas 75013

-----

Alert Cites Increase in ACH, Wire Transfer Fraud

August 26, 2009 - Linda McGlasson, Managing Editor

Online crime is increasingly hitting small and mid-size companies in the U.S., draining those entities' bank accounts through fraudulent transfers. The problem has gotten so bad that a financial services group recently sent out a warning about the trend, and the Federal Deposit Insurance Corporation (FDIC) issued an alert today.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," says a bulletin sent on Aug. 21 to member financial institutions by the Financial Services Information Sharing and Analysis Center, (FS-ISAC). The FS-ISAC is part of the government-private industry umbrella working with the Department of Homeland Security and Treasury Department to share information about critical threats to the country's infrastructure. The member-only alert described the problem and told its members to implement many of the precautions and monitoring currently used to detect consumer bank and credit card fraud.

The FS-ISAC notice -- and subsequent media attention -- in turn prompted the FDIC alert to warn banking institutions about this kind of fraud.

The Threat

The FDIC traces the fraud to compromised login credentials on online banking websites. Over the past year, the FDIC says, it has detected an increase in the number of reports and the amount of losses resulting from unauthorized electronic fund transfers (EFTs), such as automated clearing house (ACH) and wire transfers.

In most of the cases, the fraudulent fund transfers were made from business customers that had their online business bankingsoftware credentials stolen or compromised.

"Web-based commercial EFT origination applications are being targeted by malicious software, including Trojan horse programs, key loggers and other spoofing techniques," says the FDIC's alert. These malware are designed to circumvent online authentication methods. Illicitly-obtained credentials can be used to initiate fraudulent ACH transactions and wire transfers, as well as take over commercial accounts. These types of malicious code, or "crimeware," can infect business customers' computers when the customer is visiting a Web site or opening an e-mail attachment.

Some types of crimeware are difficult to detect because of how they are installed and because they can lie dormant until the targeted online banking session login is initiated. These attacks could result in monetary losses to financial institutions and their business customers if not detected quickly.

The FDIC recommends that institutions and technology service providers use regulatory guidance on authentication and information security for high-risk transactions.

The Trend

Security experts familiar with online attacks have long warned of these dangers to institutions and their customers. While the institutions and business customers are not necessarily large or high-profile, the money that is being drained by the criminals can add up to significant amounts. One recent example: Dwelling House Savings and Loan Association, Pittsburgh, PA. The tiny institution failed after an ACH fraud event siphoned off a whopping $3 million.

This fraud trend bears some of the same trademarks of larger breaches, namely the collaboration among overseas hackers and people within the U.S. Paul Kocher, chief research scientist at Cryptography Research Inc., says it's interesting that Albert Gonzales, the hacker indicted in the Heartland Payment Systems breach, was allegedly cooperating with Russian counterparts. "International cooperation within fraud rings has been a growing trend for a long time," says Kocher. "What I always find frustrating is that perpetrators of fraud are much better than victims or law enforcement at forging international working relationships."

Article on protecting yourself from online banking fraud.

-----

Fraudulent Visa Email

SHAZAM has been made aware of a new e-mail based card scam that appears legitimate and can be deceiving. In this scam, consumers are falsely notified by e-mail that their Visa® cards may have been compromised due to fraudulent activity. The e-mail provides official looking information about Visa's commitment to fighting fraud, along with a false Case ID Number. It also directs cardholders to verify their identity through the Web to continue using online services.

An example of the fraudulent e-mail is provided below:

Dear Visa Cardholder,

Continuous monitoring is an integral part of Visa's multiple layers of security. In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholders typical purchasing pattern. This allows us to spot fraudulent activity as quickly as possible and acts an early warning system to identify fraudulent activity. During a recent checkout we detected suspicious activity and your Visa card may have been compromised. Fraudulent activity made it necessary to limit your card for online services. Your Case ID Number is: DD7Q8QQEDR7. To conform to our security requirements and in order to continue online services with your card, we must validate your identity. Please click here to verify your identity. Visa takes online security very seriously so that you can shop safely on the Internet. As part of our commitment to fighting fraud we have the right to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of the terms and conditions for using Visa.

Sincerely,

Visa Customer Service

Please be alert and aware that neither Visa nor MasterCard® will request personal information, account details, or card information over the telephone or through e-mail. Cardholders should promptly notify their card-issuing financial institution if they receive suspicious e-mails or phone calls. They should also closely monitor their statements for any unfamiliar activity.

Phising Alert

We have been notified of a recent scam in which customers and non-customers of Bank of Fayetteville are being sent an email asking to update their personal information via a link that will take the user to a site that is not Bank of Fayetteville's site.

Please know that Bank of Fayetteville will never send you an email or call you to ask for your personal information. If you receive an email or phone call asking you to provide personal and/or sensitive information, do not click on any link, do not give out any information to the caller and do not send the information. Even if the website, phone call and/or email appear genuine - do not continue.

If you have any questions please call our customer support team at (479) 444-4444.

Debit Card Alert

January 2009

Visa has notified The Bank of Fayetteville of a network intrusion that has put Visa account numbers at risk. The reported incident involves confirmed unauthorized access to Heartland Payment Systems, a large debit/credit card payment processor. Exposed customer information included: Visa account numbers, cardholder name and expiration date. The identified exposure window is from debit card transactions performed between May 15, 2008 and November 13, 2008. Although a list of companies that use Heartland for their payment processing has not been released, they service over 175,000 merchants nationwide.

Your debit card(s) may be among those that have been compromised. It is important to note that "compromised" simply means that typically secure information may have been exposed to an unauthorized person. This does not mean that fraud has taken place on your account at this time.

Should you, under the circumstances, choose to replace your current card(s), please feel free to come by one of our convenient branch locations. We will replace your card(s) free of charge.

Sincerely,

Billie Pelton

Executive Vice President

Chief Operations Officer

Fraudulent Emails

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@ fdic.gov" e-mail addresses, such as " protection @ fdic.gov," "admin @ administration.fdic.gov," or "service @ admin.fdic.gov."

They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."

These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.