1FBUSA Privacy and Security Center
1FBUSA Privacy and Security Center
1FBUSA Privacy and Security Center
WHAT DOES 1ST FINANCIAL BANK USA DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
- Social Security number and income
- Account balances and payment history
- Account transactions and credit history
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons 1st Financial Bank USA chooses to share; and whether you can limit this sharing.
|Reasons we can share your personal information||Does 1st Financial Bank USA share?||Can you limit this sharing?|
|For our everyday business purposes-
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
|For our marketing purposes-
to offer our products and services to you
|No||We don't share|
|For joint marketing with other financial companies||No||We don't share|
|For our affiliates' everyday business purposes-
information about your transactions and experiences
|No||We don't share|
|For our affiliates' everyday business purposes-
information about your creditworthiness
|No||We don't share|
|For our affiliates to market to you||No||We don't share|
|For nonaffiliates to market to you||No||We don't share|
Call 800-733-1732 or 605-365-5191
|What we do|
|How does 1st Financial Bank USA protect my personal information?||
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
|How does 1st Financial Bank USA collect my personal information?||
We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
|Why can't I limit all sharing?||
Federal law gives you the right to limit only
State laws and individual companies may give you additional rights to limit sharing.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
What is Personal Information?
For purposes of the CCPA, "Personal Information" is information that identifies, relates to, or could reasonably be linked with a particular California resident or household.
Our Collection of Personal Information
We collect Personal Information relating to California residents in certain contexts. For example, we collect Personal Information relating to California residents who apply for or obtain our financial products and services for their personal, family or household purposes and who visit our website and mobile app. We also collect Personal Information relating to California residents in order to market our products and services to them.
In the past 12 months, we have collected the following categories of Personal Information relating to California residents:
- Identifiers, such as name;
- Personal information, as defined in a California data security law, such as contact information;
We collected these categories of Personal Information from the following types of sources:
- Indirectly from California residents;
- From and/or through activity on our website and mobile app, such as website and mobile app usage details and through submissions provided on or through the website or mobile app; and
- From our service providers.
Our Use of Personal Information
The purposes for which we use the Personal Information that we collect depend on our relationship or interaction with a specific California resident. Nonetheless, we have used and may use Personal Information to operate, manage and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives. For example, we use Personal Information to personalize, develop, market, and provide our products and services; conduct research and data analysis; detect and prevent fraud; perform identity verification; maintain our facilities, systems, and infrastructure; conduct risk and security control and monitoring; perform accounting, audit, legal, and other internal functions; comply with law, legal process, and internal policies; maintain business records; and exercise and defend legal claims.
Our Disclosure of Personal Information
In the past 12 months, we have disclosed the following categories of Personal Information to our service providers for our business purposes:
- Identifiers, such as name;
- Personal information, as defined in a California data security law, such as contact information;
Requests Under the CCPA
Access to Information. If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
- The categories of Personal Information we have collected about you;
- The categories of sources from which we collected Personal Information about you;
- The business or commercial purpose for collecting Personal Information about you;
- The categories of Personal Information about you that we disclosed to third parties for a business purpose and the categories of third parties to whom we disclosed such Personal Information; and
- The specific pieces of Personal Information we have collected about you.
Deletion of Personal Information. If you are a California resident, you may also request that we delete Personal Information that we collected from you.
In some instances, we may not honor your access or deletion request. For example, we may not honor your request if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another California resident. In other instances, we may not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another individual or where the Personal Information that we maintain about you is not subject to the CCPA's access or deletion rights.
Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
How to Make a Request
If you are a California resident, you may make an access or deletion request described above by:
- Calling us at 1-800-733-1732;
- Sending us a SecureMail message through our website at https://www.1fbusa.com or mobile app (1FBUSA Mobile); or
- Sending a request to 1st Financial Bank USA, P.O. Box 1200, North Sioux City SD 57049.
We cannot respond to an access or deletion request unless we are able to determine that the individual making the request is the individual about whom we have collected or maintain Personal Information. Your request must:
- Provide sufficient information to allow us to match the identifying information provided about you in the request to the information we already maintain about you or to otherwise reasonably verify you are the California resident about whom the request relates or your authorized agent; and
- Describe the nature of the request with sufficient detail to allow us to fully and properly understand, evaluate and respond to it.
Only you or an agent registered with the California Secretary of State that you have authorized to act on your behalf may make a verifiable consumer request related to the Personal Information we collect about you. You may also make a request on behalf of your minor child. Before acting on a request from an authorized agent, we may require that you verify your identity and provide your written permission authorizing the agent to make a request on your behalf. We may deny a request from an authorized agent who does not submit proof that you authorized him, her or it to act on your behalf.
We will confirm receipt of right to know and right to delete requests within 10 days of receipt and provide information about how we will process the request and when you should expect a response. We will use reasonable efforts to respond to a request within 45 days of receipt. If we require more time (up to a total of 90 days), we will notify you of the extended response period and reason for the extension. We will provide our response at your option by mail or electronically. If we cannot comply with a request, our response will explain the reason we cannot comply.
We will not respond to a right to know request more than twice in a 12-month period.
Contact for More Information
For questions or concerns about our privacy policies or practices, the ways in which we collect and use your personal information, your rights and choices regarding such collection or use, or to exercise your rights under the CCPA, you may contact us at 1-800-733-1732, send us a SecureMail message through our website at https://www.1fbusa.com or mobile app (1FBUSA Mobile), or write to us at 1st Financial Bank USA, P.O. Box 1200, North Sioux City SD 57049.
This notice at collection is provided in accordance with the California Consumer Privacy Act (CCPA) to California residents who are employees, contractors and job applicants ("you" and "your") of 1st Financial Bank USA or its subsidiaries ("we", "us" and "our").
Categories of Personal Information We Collect
We may collect the following categories of personal information about you:
- Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
- Characteristics of protected classifications under California or federal law, such as name, signature, physical characteristics or description, address, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
- Biometric information, such as fingerprints.
- Internet or other electronic network activity information, such as browsing history, search history, application access location, and information regarding interaction with an Internet website, application, advertisement and publicly available social media activity.
- Audio, electronic, visual, thermal, olfactory, or similar information, such as voice and email messages.
- Professional or employment-related information, such as job application, resume, performance reviews, employment or contractor agreements, payroll and benefits related information.
- Education information, such as school records, transcripts and degrees/certifications/licenses.
Purposes for Collecting Your Personal Information
We collect the categories of personal information listed above you for the following purposes:
- Recruitment: To receive, evaluate and process job applications; verify your information and conduct background checks; communicate with you about the recruitment process and your application; schedule interviews; and manage employee onboarding.
- Employment Operations: To provide you with employment; manage your employment relationship with us and for general employee administration and processing; maintain employee files and records, performance evaluations, promotions and transfers; manage employment-related claims and litigation, provide training; and create reports for workforce planning
- Payroll and Benefits: To administer pay and benefits; process business and travel expenses reimbursements; calculate tax and Social Security withholdings; comply with wage garnishment orders; and monitor and process leave and absences.
- Information Technology and Security: To provide IT and security support; manage log-in credentials; monitor IT systems and networks for suspicious activity; detect intrusions; and monitor and control access to facilities.
- Legal and Compliance: To fulfill applicable reporting requirements, including IRS, EEO, I-9 (employment eligibility verification), affirmative action and veterans' employment reporting; process employee work-related claims, such as worker compensation and insurance claims; ensure compliance with our employee policies and security requirements; gather evidence for and to support any internal investigations, litigation, disciplinary action, termination, or related activities.
At 1st Financial Bank USA (1FBUSA), we are committed to maintaining the security and privacy of your personal and account information. As part of this commitment, we have taken a number of steps to enhance the safety and confidentiality of information sent electronically to and from 1FBUSA.
Our Security Measures
For security purposes, our computer systems employ software programs to monitor network traffic, to identify unauthorized attempts to upload or change information, and to prevent denial of services attacks and other attacks intended to cause damage.
All data you provide to and receive from the 1FBUSA website is transmitted over HTTPS using Transport Layer Security (TLS). TLS creates a private conversation between two communicating applications, such as your web-enabled device and our corporate Internet server. When your data is transmitted electronically, it is encrypted, or scrambled, at the sending end and then decrypted at the receiving end, helping to ensure that the information remains confidential.
As further protection, we require that you use a browser that supports at least 128-bit encryption to access your account using the 1FBUSA website but recommend that you use a browser that supports 256-bit encryption. Examples of browsers supporting 256-bit encryption include the latest versions of Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer. The 1FBUSA website uses 256-bit encryption because it provides a significantly greater amount of cryptographic protection than the lower level of encryption does.
No one can access your account without your username, password, and personal image. You create or select a username, password and personal image at the time of registration. You may change your password, and your personal image when changing your password, as often as you like after successfully logging into the 1FBUSA website or 1FBUSA Mobile. If your online access is locked, only authorized 1FBUSA personnel can upon your request reinstate your online access after confirming your identity. This policy is intended to protect you from hackers or other unauthorized individuals attempting to access your 1FBUSA account.
We also want you to know that we maintain physical, electronic and procedural safeguards that comply with federal standards to guard your nonpublic personal information. Our security procedures are aimed at preventing unauthorized access to such information and are reviewed and audited periodically for compliance with federal standards.
Protecting Your Privacy
Your privacy is important to us. We have established standards that govern our collection, use, retention, and protection of information about you in connection with your use of the 1FBUSA website and 1FBUSA Mobile.
1FBUSA is the sole owner of the information collected on the 1FBUSA website and 1FBUSA Mobile. We will not sell, share, or rent it to others or use it in ways different from what is disclosed in this policy.
1FBUSA collects information from our online customers at several different points on the 1FBUSA website and 1FBUSA Mobile:
At Registration When you register, we may ask that you provide to us certain nonpublic personal information. We request this information in order to verify compliance with the Registration Terms and applicable federal, state, and local laws and for identification and security purposes.
During Correspondence If you correspond with us via 1FBUSA SecureMail, which is a secure email service which you can access through the 1FBUSA website and 1FBUSA Mobile, we may retain the information from such correspondence (including the content of the correspondence and our response) in a file specific to you.
1FBUSA may collect information from our customers and other consumers who are not our customers in connection with their use of the 1FBUSA website and 1FBUSA Mobile:
Targeted Ads When you visit our websites, we may use information that allows us to send your computer or device targeted messages and offers. We may use passive technologies such as cookies, location information, device-level advertising and user identifiers, and pixel tags to uniquely identify your computer or device and the pages you view. 1st Financial Bank USA may customize content and advertisements for our products and services based on this information. We may use third-party vendors, including Google, to show our ads on sites across the Internet.
If you prefer to not have us display such advertisements to you, you may opt out by visiting www.aboutads.info/choices - Opens a modal dialog. You may also opt out of receiving behavioral ads from many sites through the Network Advertising Initiative's (NAI) Opt-Out Tool or other tools provided by the publishing platform. Opting out relies on information in the unique cookies placed on your web browser by our partners, so if you delete cookies, use a different device, or change web browsers, you may need to opt out again.
If you opt out of such ads, you may still see 1st Financial Bank USA ads. These are ads that are not based on data collected via passive technologies. Some may be generic. Others may be targeted to you or an advertising segment you are in. The websites or services where targeted ads appear will have instructions about how to modify your advertising preferences within those sites. We encourage you to review those instructions and settings.
In addition to the information described above, we also collect information we receive from you on applications and other forms, such as your address and Social Security number; information about your transactions with us or others, such as payment history and account balances; and information we receive from third parties, such as consumer reporting agencies, and including your credit history and employment verification.
Children's Online Privacy Protection Act (COPPA) In accordance with COPPA, no part of the 1FBUSA website or 1FBUSA Mobile is intended to attract anyone under the age of 13, and the Bank does not intentionally collect information from those we actually know are under 13. Parents can also be proactive and limit website and mobile app access by their children by installing filtering software.
- Outside the 1FBUSA Organization We may disclose all of the information we collect about customers and former customers, as described above, to individuals or companies that assist us in providing our products or services. We do not otherwise disclose any nonpublic personal information about our customers and former customers to anyone outside the 1FBUSA organization, except as permitted or required by law.
- Within the 1FBUSA Organization We may disclose all of the information we collect about our customers and former customers, as described above, to companies within the 1FBUSA organization. These companies do not offer financial services directly but assist us with important risk management, legal, Internet, securitization, and account-acquisition services.
If you have any questions about our security or privacy policies, please contact us, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays or by mail:
Privacy and Security
1st Financial Bank USA
P.O. Box 7300
North Sioux City, SD 57049
Educating yourself by knowing how criminals operate is the best way to defend yourself. Knowledge is power, which helps keep you safe wherever you go online.
General Online Safety Measures
Accessing Secure Websites Be wary of suspicious emails. Never open attachments, click on links, or respond to emails from suspicious or unknown senders. To access a secure website, you should type the address into your web browser. Before providing any information electronically, ensure that a secure connection is made when you access a website. When a secure connection is attempted, the beginning of the internet address will change from "http" to "https". To confirm that the connection is secure, you will need to verify both that the connection was established and the security certificate used by the website is valid. For information on how to verify that a connection was established and the security certificate used by the website is valid, refer to How to Identify 1FBUSA Websites. If you have concerns about your secure connection when accessing the 1FBUSA website, contact us, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays.
Passwords When setting a password, make sure that it has a minimum of 10 characters and is not easily discovered by intelligent guessing. Include numbers, symbols, and upper and lowercase letters to increase the strength of the password. Do not use your name or birthday and do not use the same password for multiple websites. Never write down or record your password or other security information unless it is well disguised. Always take reasonable steps to keep your password and other security information secret at all times and never share it with anyone, especially in a text, by email or over the phone.
Log In and Log Out Do not use an automatic login feature that saves your password. Never leave your web-enabled device unattended when logged in to a website. Log out properly when you have finished with the website.
Shared Web-Enabled Devices View or download documents, such as account statements, only on a web-enabled device that you know to be safe and secure. Private and sensitive information about your account may easily be accessed by others using the same web-enabled device.
Saved Files and Browser Cache Online bank, merchant and creditor websites may provide account statements in PDF format. When you click on a link that opens a PDF document, the document you view may be accessible to others using the same web-enabled device. For Mac users, a document in PDF format may be automatically copied to the computer's desktop or to an easily accessible download folder. Be sure to delete the document in PDF format after viewing it and empty the Trash folder. For PC users, the browser may cache a document in PDF format. Be sure to clear your browser cache. For information on clearing your browser cache, check the Help feature of your browser.
Delete Unnecessary Personal Information Delete files, emails, and text messages containing account and personal information when no longer needed.
Safe Disposal of Information Stored on Computer Delete all personal information stored on your computer before you dispose of the computer. Use a wipe utility program to overwrite the entire hard drive.
Safe Disposal of Information Stored on Mobile Device Before you dispose of a mobile device, delete all personal information stored on it (e.g., phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos), save or transfer the information to a new device, and unregister the device with all your cloud based account providers.
Protecting Your Email
Phishing (pronounced "fishing") Phishing - as in fishing for confidential information - is a scam that involves fraudulently obtaining and using an individual's personal or financial information. In a typical case, a consumer receives an email appearing to originate from a financial institution, government agency or other entity requesting personal or financial information. The email often requests immediate attention and directs the consumer to click on a link which is not to an official website but rather a phony site. For more information on phishing and how to protect yourself, refer to Protect Yourself From Phishing.
Unsolicited Communication Always be wary of unsolicited emails, text messages and phone calls asking you to disclose personal and/or account information. Keep this information secret. We will never contact you to ask you to disclose your password. If you receive suspicious emails, do not provide any information in response to them or otherwise respond to them. For information on how to identify and protect yourself from suspicious emails, refer to Protect Yourself From Phishing.
Protecting Your Web-Enabled Device
Secure Your Web-Enabled Device Use anti-virus software, anti-spyware software, and anti-malware software on all your web-enabled devices and be sure to update the software on a regular basis.
Block Non Standard or Suspicious Traffic Learn how to install and use a firewall to block unknown or suspicious traffic and, if your firewall supports it, monitor and generate alerts concerning this traffic.
Keep Your Device Up to Date Download the latest system updates to keep your web-enabled device operating system and web browser up to date.
Protecting Yourself on Your Mobile Device
Locking Your Mobile Device Always enable your mobile device lock function when the device is not in use.
Sharing Your Mobile Device and Password Do not give others access to your mobile device. Do not share your password with anyone and, apart from secure Password Management apps, do not store it in other apps on your mobile device, such as in a note-taking app.
Use Your Mobile Device Responsibly Be sure no one is looking over your shoulder and able to view your device's screen when using it in congested public areas.
Sign Out Sign out of your session when you're finished, whether you're using 1FBUSA Mobile or the 1FBUSA website.
Regularly Delete Banking Related Messages Regularly delete text messages related to banking.
Update Information To ensure you continue to receive communications and other information from us, promptly update your contact information if any of that information is changed or your mobile device is lost or stolen.
Jailbreaking and Rooting Avoid tampering with your device's operating system. This is called "jailbreaking" on an iPhone® device and "rooting" on an Android™ phone.
Official App Stores Always use official app stores to download apps, such as the Apple® App Store or the Google Play™ Store. Downloads from non-official app stores are common ways for key loggers or other malware to be installed on your mobile device.
Be Wise About Wi-Fi
Open or public wireless networks, such as those in a coffee shop, library, airport, hotel, or other public place, should never be used to send personal or sensitive data or login to your banking websites. Even wireless networks that are encrypted and require a username and password may not fully protect your data unless they use WPA2 encryption. Please refer to your device or operating system documentation for information on how to determine a wireless network's security level.
If you have no other option other than using a wireless network to send personal or sensitive data, ensure that your computer or mobile device immediately connects to a Virtual Private Network (VPN) that offers appropriate security as soon as you join the wireless network and before you access any other websites.
No matter how careful you are about protecting your personal information, no one is completely safe from identity theft. Millions of Americans are victims of some type of identity theft or fraud each year, according to the Federal Trade Commission (FTC). Unfortunately, identity theft can be difficult to discover. You may not find out until you review your account transactions or until you have been contacted by a debt collector. Skilled thieves, like pickpockets, burglars and computer hackers, have many ways (both low- and high-tech) to get hold of your personal information and use it for their own benefit. Their methods evolve constantly. To protect yourself, you should be aware of identity theft scams and account takeovers and how to detect and prevent them.
What Is Identity Theft?
Identity theft is the use of your personal information by someone who you have not authorized to use it. Once someone has your personal information, there are many ways it can be used without your knowledge. For example, an identity thief can contact your credit card company pretending to be you and ask to change the mailing address on your account. The thief then runs up charges on your account. Because your statements are being sent to the new address, you may not realize your account is being used in such manner.
Another way in which an identity thief can use your personal information is by opening a new credit card account using your name, Social Security number, and date of birth. When the thief uses the account and does not pay the bills, the delinquent account is reported on your credit report.
Recognizing Identity Theft and Credit Scams
Phishing (pronounced "fishing") Phishing - as in fishing for confidential information - is a scam that involves fraudulently obtaining and using an individual's personal or financial information. In a typical case, a consumer receives an email appearing to originate from a financial institution, government agency or other entity requesting personal or financial information. The email often requests immediate attention and directs the consumer to click on a link which is not to an official website but rather a phony site. For information on how to identify and protect yourself, refer to Protect Yourself From Phishing.
Dumpster Diving A low-tech method of identity theft, dumpster diving is a way identity thieves can get a hold of your bank account statements, credit card numbers and other personal information by digging through trash or recycling bins.
Stealing Your Belongings Credit cards, checks, and even personal account information are commonly carried in purses, wallets, backpacks, and laptops-all of which can be easily stolen.
How to Protect Yourself
At 1FBUSA, we're committed to helping you protect your personal information. We believe that the best way to fight identity theft is to prevent it from happening in the first place. Here are some things you can do to protect yourself from identity theft.
Keep your information private Don't give out or share your personal or financial information, such as Social Security number, checking account number or credit card number, in response to an unsolicited email or over the phone unless you initiate the call and know the person or organization with whom you are dealing. Don't give out personal information to anyone who calls you, even someone claiming to be from 1FBUSA. No legitimate representative of 1FBUSA will ever ask you for your PIN or password over the phone. If you receive an unsolicited email, the safest approach is to not open it. If you open an unsolicited email, do not click on any embedded links or open any attachments. To confirm that a communication is legitimate, call the organization's customer service number or log into your account. If the attempt is fraudulent, report it to the organization's fraud department.
Keep track of your monthly statements Promptly review your bank statements and bills when you receive them. Keep your receipts to compare them with the charges shown on your statements and bills. Report any discrepancies to the bank or merchant immediately. If you do not receive a statement or bill when you expect to receive one, contact the bank or merchant to find out why. Someone may have filed a false change-of-address notice to divert your information to his or her address. If a statement or bill includes suspicious items, don't ignore them. Contact the bank or merchant as soon as possible to prevent or reduce any possible or further fraud.
Review your credit report Periodically obtain and review your credit report to confirm that the information in the report is accurate and complete. For a small fee, you can obtain a copy of your credit report at any time. Also, the national consumer reporting agencies are required to provide you with a free copy of your credit report once every 12 months at your request. To request a copy, visit www.annualcreditreport.com - Opens a modal dialog or call toll free 1-877-322-8228. If you see anything in your credit report that is out of the ordinary or with which you are not familiar, such as an account you never opened or an address change that is incorrect, immediately notify the agency from which you obtained the report.
Appropriately discard documents containing personal information Never toss documents containing your personal or financial information (such as, a Social Security number, driver's license number, or bank account number) into a public trash bin. Always shred documents containing personal, financial or other sensitive information before you discard them. Do not crumble such documents and throw them in the trash. Cut up or otherwise destroy old credit cards to ensure the information on the card is not legible.
Don't put outgoing mail in or on your mailbox Identity thieves may access and use your mail to steal your identity. To avoid such threat, drop your mail into a secure, official Postal Service collection box.
Carry only what you need Limit what you carry with you. The less personal information you have with you, the better off you will be if your purse or wallet is stolen. When you go out, take only the identification, credit, and debit cards you need. If you keep written records of your account information, store them in a locked box or file drawer. Do the same with items such as your passport and Social Security card.
Report lost or stolen credit cards immediately Call each credit card issuer and ask to have the stolen card accounts closed and new ones opened to replace them. Remember to update any automatic payment accounts with your new account numbers.
Don't preprint personal information on checks Your checks should not have your driver's license, telephone or Social Security numbers preprinted on them.
Be alert to telephone scams If you receive a telephone call in which the caller asks for personal or financial information, be wary about providing such information. If a request for such information is suspicious and/or asks you to verify personal or financial information, notify the bank or other company on whose behalf the request was made.
Guard your Personal Identification Numbers (PINs) and passwords Don't write your PIN on your ATM, credit and prepaid cards and don't keep your PINs with your cards. Keep an eye on your credit or debit card during a transaction and be sure it is returned to you right away. Avoid convenience store ATMs. They may not be as secure as bank ATMs. Sign cards as soon as soon as you receive them. Don't create PINs or passwords using information that can be guessed easily (such as, birthdays, addresses or pets' names). Don't share PINs or passwords with anyone, including friends and family. Change your passwords often. Use different passwords across banking, email, and social media accounts. Do not store personal information, passwords, or account numbers on your web-enabled device.
Be careful with your ATM and credit card receipts Never toss receipts into a public trash bin.
Protect your computers A stolen computer or mobile device can provide a wealth of information to an identity thief. Learn how your devices save passwords and account numbers and be sure any software you use to store personal and financial information is secure. Always set your laptop to require a password when it is turned on or awakened from sleep, especially when you're traveling.
Protect your identity online When conducting financial transactions, making purchases or sending personal information online, make sure the websites you are using are secure and able to protect your data from Internet theft. Websites that are secure and able to protect your data from Internet theft use Transport Layer Security/Secure Sockets Layer (TLS/SSL) technology to encrypt at a minimum your personal information. For information on how to determine whether a website you are using is secure and uses TLS/SSL technology, refer to How to Identify 1FBUSA Websites. Another online safety feature is your password. Every time you log in to the Bank's website (www.1fbusa.com), you are required to enter your username and password and select your personal image.
How to Deal with Identity Theft
If you are a victim of identity theft, here are some steps you can take to help reclaim your identity:
1. Contact the consumer reporting agencies
Contact the fraud department of one of the three nationwide consumer reporting agencies. They maintain reports that track the credit accounts that have been opened in your name and how you pay your bills. You should call first and then follow up in writing. As a victim of identity theft, you are entitled to a free credit report from each of the following consumer reporting agencies:
Write: Equifax Fraud Assistance, P.O. Box 105069, Atlanta, GA 30348 or www.equifax.com
Write: P.O. Box 949, Allen, TX 75013-0949 or www.experian.com
Write: Fraud Victim Assistance Department. P.O. Box 6790, Fullerton, CA 92834 or www.tuc.com
Request that a fraud alert be placed in your file Tell the consumer reporting agencies you would like to include a statement in your credit report asking that creditors call you before opening any new accounts or changing your existing accounts. An initial alert remains on file for 90 days and an extended alert requires a law enforcement report and remains on file for seven years. You may also place an active duty alert on your credit file. Such alerts remain on the file of an active duty military consumer for one year. A fraud alert can help prevent an identity thief from opening additional accounts in your name.
Ask for copies of your credit reports If you are a victim of identity theft, the consumer reporting agencies must give you a free copy of your report for you to check for inaccuracies.
Review your credit reports carefully Make sure that no additional fraudulent accounts have been opened or unauthorized changes made. Report anything suspicious to the consumer reporting agencies. Check the inquiry section of the report. When inquiries appear from companies that opened fraudulent accounts, request that the inquiries be removed from your report. Then follow up with the consumer reporting agencies and any associated financial institutions.
2. Stop using your computer
Assume anything you type may be captured by a hacker. Install anti-virus or anti-malware software on your computer and run a full scan that identifies malicious software. Even if no malicious software is found by your anti-virus or anti-malware software, it doesn't always mean that your computer is safe. Consider seeking professional advice from a reputable computer support organization. Make sure your computer and its software is updated and secure before using it again, and change all your passwords, including email passwords.
3. Contact your local police
File a report with your local police or the police in the community where the identity theft took place. Even if the police are unable to catch the thief, having a copy of the police report can help provide evidence of fraud to creditors. Obtain a copy of the police report in case your bank, credit card issuer or others need evidence of the incident.
4. Contact the Federal Trade Commission
Call the Federal Trade Commission's (FTC) Identity Theft Hotline at 1-877-IDTHEFT (1-877-438-4338). The FTC will put your information into a secure consumer fraud database and may, in appropriate instances, share it with other law enforcement agencies.
5. Check your mail carefully
If you receive statements for accounts for which you did not apply, contact the company that sent the statement. An identity thief may have opened an account in your name. If you do not receive statements for any of your usual accounts (including credit, banking and investment accounts), contact the company immediately. An identity thief may have submitted a change of address in order to redirect your statements to a different location. If you do not receive mail you usually receive, contact the post office. An identity thief may have falsified a change of address to redirect your mail to a different location.
6. Review all of your accounts
You should check transactions on all account statements, including credit card accounts, home equity lines of credit, bank accounts and investment accounts. If you identify a transaction or activity that you did not authorize, contact the company immediately.
What is Phishing?
Phishing (pronounced "fishing") is a type of email and Internet-related fraudulent scheme involving the use of seemingly legitimate email messages and Internet websites to deceive consumers into disclosing sensitive information, such as bank account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs). The perpetrator of the fraudulent email message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship, such as a bank. Techniques such as a false "from" address or the use of seemingly legitimate bank logos, web links and graphics may be used to mislead email recipients. In most phishing schemes, the fraudulent email message will request that recipients "update" or "validate" their financial or personal information in order to maintain their accounts, and direct them to a fraudulent website that may look very similar to the website of the legitimate business. These websites may include copied or "spoofed" pages from legitimate websites to further trick consumers into thinking they are responding to a bona fide request. Some consumers will mistakenly submit financial and personal information to the perpetrator who will use it to gain access to financial records or accounts, commit identity theft or engage in other illegal acts.
Phishing emails often aim to create a sense of urgency or panic to try and make you react and not question the authenticity of the email or message. An email or message that contains or tells you to do any of the following should be considered suspicious and could involve phishing:
- Threatens to suspend or close your account if you don't login to the website or answer questions immediately.
- Tells you that one of your accounts has been compromised and asks you to click a link to verify your personal and account information.
- Tells you about unauthorized charges on your account and asks you to click a link to verify your account information.
- Tells you that your personal information is out-of-date or needs to be reconfirmed and asks you to click a link to verify your personal information.
- Invites you to take a survey and then asks you to enter personal or account information.
- Presents any of the information above and asks you to open an attachment to complete the information and answer the survey. If you are told that the attachment is smart and to open it and enable macros that can process the information for you, don't do this.
If you receive an email that contains or tells you to do any of the foregoing or an email purporting to be from or related to 1FBUSA that seems suspicious, notify us immediately. For information on how to report suspicious email, refer to Reporting Cybersecurity Concerns to 1FBUSA.
How to Identify Phishing emails
Fraudsters and scammers are always coming up with new ways to trick people into believing their phishing emails are legitimate. While it is becoming more difficult to identify phishing email as fraudulent, the following are some things to look for that might indicate an email involves phishing:
- Spelling and grammatical mistakes
- Missing words, punctuation and other signs that the email is unprofessional
- Awkward language, possibly indicating that it was written by a non-native English speaker
- Emails that are a different style or format than the company from which they were purportedly sent normally uses
- Emails with attachments
- Emails that include background information about you that you've put on social networking sites
- The sender's from and reply-to email addresses are not from the company from which they were purportedly sent
- If you hover the mouse over a website link in the email and the displayed URL is not the same as the website address displayed in the email or it's not the normal website you visit
- Emails that directly ask for personal or account information
Fraudsters are getting very clever at trying to trick you into believing an email or website address is legitimate when it really is not. Using the 1FBUSA website as an example, a fraudster may take one or more of the following actions to convince you that an email it has sent is from us:
- Add something after .com
- Use something else instead of .com
- Add another section to the name after 1fbusa and before .com
- Replace characters in the url name, making it difficult to see the change, such as "lfbusa" where the "1" in "1fbusa" is replaced with the letter "l"
Because it is often difficult to know whether an email you receive is from 1FBUSA just from the email address, you will need to validate the website link(s) in the email by hovering over the link(s) to ensure they direct to you our website. While 1FBUSA uses a few different email addresses and domains, it only uses the 1fbusa.com website through which you can access your account.
How to identify 1FBUSA websites
The 1FBUSA website uses Transport Layer Security (TLS) to encrypt your online session. TLS is an updated and more secure version of SSL, which is an obsolete technology. The terms SSL and TLS are often used interchangeably, while the term TLS/SSL is often used to mean TLS.
You can check to see if your online session is secure by looking for a small lock symbol usually located near the URL field in your web browser window. Current versions of leading web browsers indicate when a webpage is encrypted by using this symbol.
When you visit 1fbusa.com, you should look at the security certificate to confirm it is actually our website. You can review the security certificate details by clicking or double clicking on the small lock symbol. 1FBUSA uses EV or Extended Validation TLS/SSL certificates issued by DigiCert that have the following details:
- Organization Name: 1st Financial Bank USA
- Organizational Unit Name: Secure Services Division
- Locality: Dakota Dunes
- State: South Dakota
- Issued By: DigiCert Inc
What do emails from 1FBUSA look like?
1FBUSA uses a number of different email addresses and domains to correspond with you. We do not list them here because we do not want to assist fraudsters and scammers in using them to impersonate us. When you receive a legitimate email from 1FBUSA, please add the email address to your safe sender list.
We will never ask for your personal or account information, such as username, password or PIN in any email, text message or phone call that we make to you. We will only ask for personal information from a caller to verify the caller's identity.
We will not ask you to reply to any email that we send to you. Instead, we will request that you visit our website to update your account or personal information and view documents. We also will not send you any emails with an attachment unless you request that we send you an email with an attachment, or we have advised you that we will be sending you an email with an attachment. You should never open an attachment in an unsolicited email or click on a link in an email unless you have validated the website link.
Under normal circumstances, we will not send you emails with attachments. Instead, in most cases, we will direct you to our website where you can update your information or view documents, such as statements. In the case that an email attachment has been requested or discussed, we may send an attachment to you via email. Never open an attachment in an unsolicited email and only click on a link if you are certain of the link's authenticity.
What to Do if You Have Responded to a Phishing Email
If you think you are a victim of a phishing attack involving your 1FBUSA account, it is essential that you let us know immediately. For information on how to report suspicious email, refer to Reporting Cybersecurity Concerns to 1FBUSA.
If you have disclosed personal or account information in a phishing attack, you could be the victim of identity theft. In such case, you should immediately contact one of the three nationwide consumer reporting agencies to discuss whether you should place a fraud alert in your credit file. Finally, report all suspicious phishing related contact to the Federal Trade Commission at http://www.consumer.gov/idtheft - Opens a modal dialog, or by calling 1-877-IDTHEFT (1-877-438-4338).
Additional Resources on Phishing
The following resources provide additional information on how to identify and protect yourself from phishing:
- "You Can Fight Identity Theft", published in September 2004, which is available at: https://www.fdic.gov/news/news/press/2004/pr9304b.pdf - Opens a modal dialog
- FTC guidance on phishing, which is available at: https://www.consumer.ftc.gov/articles/0003-phishing - Opens a modal dialog
- FTC guidance on identity theft, which is available at: https://www.consumer.ftc.gov/topics/identity-theft - Opens a modal dialog
- FTC guidance on online security in general, which is available at: https://www.consumer.ftc.gov/topics/online-security - Opens a modal dialog
If you are a victim of a phishing email or are concerned about any cybersecurity issue involving 1FBUSA, please contact us, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays.
If you have received a suspicious or phishing email that purports to be from 1FBUSA, or otherwise requests personal or account information, please forward the email to us at email@example.com. We will send you an automated response to let you know we received your email, and if necessary, we will follow-up within a few days.
For information on how to identify and protect yourself from phishing email, refer to Protect Yourself From Phishing. You do not need to be a 1FBUSA customer to report a suspicious email to us.
If you are or suspect you are a victim of identity theft or other fraudulent activity involving a 1FBUSA account, please contact us immediately, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays.
For 1FBUSA Customers
If you are or suspect you are a victim of identity theft or other fraudulent activity involving your 1FBUSA account, or you have a question regarding unauthorized activity you have already reported to us, please contact us, toll free, at 1-844-328-9330 Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays. When you call, please have your account information available as well as details about the identity theft or other fraudulent activity about which you are calling. If you are or suspect you are a victim of identity theft or other fraudulent activity, refer to Protect Yourself From Identity Theft for some steps you can take to help reclaim your identity.
If your 1FBUSA credit card has been lost or stolen, or transactions have posted to your account which you have not authorized, please contact us, toll free, at 1-800-733-1732, 24 hours a day, seven days a week.
For Non-1FBUSA Customers
Fraudulent activities may affect you even if you do not have an account with us. For example, a 1FBUSA account that you did not apply for could be opened in your name or could be reflected on your credit report.
If a 1FBUSA account that you did not apply for has been opened in your name or is reflected on your credit report, for your protection, please contact us immediately, toll free, at 1-844-328-9330.
If you have a 1FBUSA account and suspect unauthorized activity has occurred in connection with the account, please contact us, toll free, at 1-844-328-9330 Monday through Friday, 8:00 am - 8:00 pm CT and Saturday 8:00 am - 5:00 pm CT excluding Federal holidays. The sooner you report the incident, the sooner we can investigate it and limit the exposure of your account to unauthorized and other fraudulent activity.
Fraudulent activity may involve you even if you do not have a 1FBUSA account. For example, a 1FBUSA account could be opened in your name and/or appear in your credit file even if you did not apply for it. If you discover that a 1FBUSA account has been opened in your name without your knowledge or consent, please contact us, toll-free, at 1-844-328-9330 Monday through Friday, 8:00 am - 8:00 pm CT and Saturday 8:00 am - 5:00 pm CT excluding Federal holidays.
If your 1st Financial Bank USA credit card has been lost or stolen, call us, toll free, at 1-800-733-1732, 24 hours a day, 7 days a week.