Mobile Banking Best Practices
Online security is a top priority at The Commercial & Savings Bank (CSB). We want to provide crucial information, tips, and tricks to help protect your secure information.
Mobile Banking is constantly changing, making it difficult to identify all possible risks, but this comprehensive set of guidelines will give you knowledge to protect yourself and utilize mobile banking with confidence.
If you are using a mobile banking application, such as CSB’s Mobile Banking App, or mobile payments app, such as Apple Pay®, Google Pay, or Samsung Pay, your smartphone could be a target for malicious individuals who want to steal your identity or to those you lend your device to.
What is a Smartphone?
A smartphone is a cellular phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications, more commonly known as apps.
On which smartphones can I install the CSB Mobile Banking App?
The CSB Mobile Banking Application is currently available for download on Apple® & Android™ devices including tablets with Apple & Android operating systems.
If you have a smartphone with a different operating system such as Windows, you can still utilize CSB mobile banking though our website at csb1.com.
What devices are compatible with Mobile Pay?
Apple Pay is compatible with iPhone®, iPad®, and Apple Watch®. Google Pay and Samsung Pay work with Android devices.
Key items to keep in mind
- Always treat your cell phone like your wallet or purse.
- Be cautious of who you let use or “borrow” your device – they could quickly download fraudulent apps.
- Keep your device up-to-date with software releases and update and protect it with antivirus software (AVS) and personal firewall.
- When you text someone, the message is stored on your cell phone, on at least one server, and the receiver’s cell phone. It will be around forever.
- Text messages, emails, or alerts from CSB never contain any personally sensitive information (account numbers, username, passwords, etc.). Never send this secure information to anyone.
- You should review your account information on a regular basis to ensure consistency.
- Avoid using public Wi-Fi connections to conduct your banking as these are unsecured.
Lost or Stolen Device
In order to safeguard yourself, there are several best practices you can follow BEFORE losing a device:
- Most smartphones offer a feature allowing you to select a PIN or pattern recognition password in order to unlock the device for use. This feature should be turned on not only when you power-on your device but anytime you turn your screen on.
- Create “strong” passwords (of unusual combinations of upper-and lower case letters, numbers, and symbols) or PIN (random numbers instead of, 1234 or the last four digits of your Social Security number) and periodically change them.
- Do not store your username or password in your device’s notebook, contacts, or any other apps for easy retrieval.
- Check with your mobile carrier about remote wiping. Often times you can wipe the data from your phone either online or through the help of your carrier. This prevents the information from being accessed from anyone who may find or steal your device.
There are serious social engineering threats that users need to be aware of when engaging in mobile banking:
Malware : The intent of malware is to covertly compromise the confidentiality, integrity, or availability of the victim’s data, application, or operating system. The highest risk in a mobile banking setting is from downloading rogue apps or clicking on links contained within certain websites and/or text messages. Just because the picture of an application appears to be backed by a legitimate financial institution doesn’t mean it is secure.
SMiShing : The act of retrieving information via text message. Attackers pose as a financial institution and use SMS (texting) to ask for sensitive information. Your response and information is routed to an unauthorized individual.
Phishing : This has been around since the birth of Internet banking and is still applicable to mobile banking. Phishing is an attack used by tricking the victim into downloading malware or disclosing personal information.
Vishing : Using SMiShing and Phishing to evoke a victim into disclosing information by responding to a bogus phone number and talking to an attacker.
Man-in-the-Middle Attack : A form of active eavesdropping when the attacker makes independent connections with the victims and relays messages between them, making them believe they are talking directly to each other over a private connection, when actually the entire conversation is controlled by the attacker.
Cloning : The transfer of identity between one mobile telephone and another.
Hijacking : The attacker takes control of a phone conversation and masquerades as one of them. This could give the hacker access to the victim’s financial accounts.
NEVER “Jailbreak” Your Device
Smartphones and tablets can be “jailbroken” by installing modified software that unlocks the restrictions of the device's core operating system. “Jailbreaking” or otherwise altering your device could void your warranties, violate your provider's terms of service, or even damage your device. Since jailbreaking methods are unsanctioned by manufacturers and forgo most security protocols, they can make your device unstable, susceptible to viruses, and vulnerable to exploits that feed hackers your personal information.
Research any application (“app”) before downloading it. Just because the name of an app resembles the name of your bank – or of another company you’re familiar with – don’t assume that it is the official one of that bank or company.
Take the time to read the “small print” when installing an app on any smartphone. Evaluate the information the app requires access to and consider if this information is necessary for it to run successfully. If you cannot see a reason for the app to have access to the information, you should reconsider installing it.
The iPhone App Store is the only marketplace that controls “application distribution” meaning they review and restrict applications prior to allowing them to enter the app store.
Even with the strict app design controls, fraudsters may attempt to mimic the CSB Mobile Banking Application in order to create a “spoof” app. When an unsuspecting person downloads the fraudulent app and enters their log-in credentials, it is immediately sent to the fraudsters. They could then use your username and password to log-in to your account.
Non-Smartphone SMS (text) Safety
You may have a cellular device that receives text messages and may even allow access to the internet, but is not considered a “smartphone”. There are two major differences between smart phones and cell phones:
- Smartphones can run applications and cell phones can't
- If your phone has text messaging capabilities, it may be compatible with CSB’s Text Banking service.
- Never give your personal details to anyone without verifying their identity.
- Do not click any links contained within text messages when you are not 100% confident and knowledgeable of the sender.
If you have given out any of your personal information or banking details please call us immediately at 800.654.9015.
When depositing a check with the CSB Mobile App, please endorse the check using a restrictive endorsement, which states the deposit is “For Mobile Deposit Only at CSB.” Once the check has been deposited and approved, write “VOID” on the front of the check.
You must endorse checks “For Mobile Deposit Only at CSB” or your check may be declined for deposit.
Always void your checks after depositing through Mobile Deposit in order to protect yourself and the maker of the check. If someone obtains the check they could try to deposit it into their own account since it has already been endorsed.
Apple® and The AppStore are a registered trademarks of Apple Inc.
Android is a trademark of Google Inc.
Q: Is CSB Online and Mobile Banking hard to use?
A: CSB Online Banking is simple and easy to use. It is also very convenient as you will have access to your accounts at CSB anywhere. If you should ever need assistance or have questions, our Customer Service Center is available to assist you.
Q: Who is eligible to use CSB Online and Mobile Banking?
A: Anyone who is an owner of an active checking or savings account. Additional terms and conditions may apply. If you are not enrolled in CSB Online Banking click here to begin.
Q: Are there fees to use CSB Online or Mobile Banking?
A: No, we are pleased to provide Online Banking services for free to CSB customers. The mobile app is also free to download and free to use. Certain features inside the app may require a fee. See your CSB Electronic Services Agreement for details. Contact your wireless service provider for any connectivity or usage rates that may apply.
Q: Can anyone else get access to my information?
A: You will create a username and password to enroll. You, and only you, can access your accounts. Plus, our powerful firewalls, encryption technology, and timed log-offs help to ensure your privacy.
Q: Is CSB Mobile Banking Safe?
A: We simply optimize your Online Banking experience for use on a mobile device. All of the security currently in place with your Online Banking solution remains intact. You are merely accessing your accounts via a mobile app. User credentials are identical as you are connecting to the same site. We use 128-bit encryption to protect your data as it travels to your mobile device.
Q: Will my account numbers be shown?
A: No, your accounts will each have a nickname, or pseudo name like; “Checking”, “Savings”, “Christmas Club” for easy identification.
Q: What mobile devices are supported?
A: CSB Mobile Banking Apps are available for all Apple® and Android™ devices. The app is available for free download from the Apple App Store℠, Amazon App Store, and Google Play™.
Q: How do I get started with Online or Mobile Banking?
A: Enroll in Online Banking click here. To start with Mobile Banking, go to your app store and download the app.
Q: How do I sign in to CSB Mobile Banking?
A: If you previously enrolled in CSB Online Banking then you are ready to go with our Mobile App. All you need to do is enter your username and password. If you haven't you can easily enroll inside the Mobile App after downloading it. Just click on Enroll Now.
Q: What is Text Banking?
A: CSB Text Banking service is a free service which allows you to quickly request and receive account information via text message. Ask us anything by texting us on our main phone lines 800.654.9015 or 330.674.9015. Or sign up to get automated or self-service access to account information.
Q: How do I sign up?
A: Our Text Banking empowers you to initiate commands and setup alerts based upon your preferences. You can do this instantly in online or mobile banking. Choose Services then Alerts or Text Banking. If you are not an online or mobile customer you can still sign up by completing an enrollment form.
Q: What kinds of alerts are available?
A: You may choose to receive account balance and/or transaction alerts. Text Alerts give you greater control of your account by alerting you of account activity based on a schedule or specific criteria you select.
Q: What else can Text Banking do?
A: Text Banking also allows you to have on-demand access to your balance, transfers, and account history without the use of a user ID or password. By using simple text commands, you can perform several functions while on the go. Send your command to 800.654.9015 or 330.674.9015 to perform the tasks.
Q: Is Text Banking available for my business?
Q: How do I stop Text Banking?
A: To un-enroll or suspend your Text Banking, send SUSPEND or STOP to 800.654.9015 or 330.674.9015.
How do I establish my PIN the first time I use phone banking?
After entering your account number and making your selection first time users should press * when prompted to enter a PIN. You will then be prompted to enter the last 4 digits of your social security or tax ID number.
What if I forget my PIN?
After three failed login attempts you will be locked out of the system. Call us at 800.654.9015 or visit a CSB banking center to have your PIN reset. Your PIN will revert back to the last four digits of your social security number.
Can I change my PIN?
Yes, you can change your PIN at any time using the automated prompts after logging into the Phone Banking System.
What does current balance mean?
Current balance includes all account except ODP balances. Keep in mind this may not include any outstanding checks you may have written, which have not yet been cashed.
How much transaction history is available in Phone Banking?
Typically the last 60 transactions or 45 days worth of history are available.