1FBUSA Security Center

For security purposes, our computer systems employ software programs to monitor network traffic, to identify unauthorized attempts to upload or change information, and to prevent denial of services attacks and other attacks intended to cause damage.

All data you provide to and receive from the 1FBUSA website is transmitted over HTTPS using Transport Layer Security (TLS). TLS creates a private conversation between two communicating applications, such as your web-enabled device and our corporate Internet server. When your data is transmitted electronically, it is encrypted, or scrambled, at the sending end and then decrypted at the receiving end, helping to ensure that the information remains confidential.

As further protection, we require that you use a browser that supports at least 128-bit encryption to access your account using the 1FBUSA website but recommend that you use a browser that supports 256-bit encryption. Examples of browsers supporting 256-bit encryption include the latest versions of Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. The 1FBUSA website uses 256-bit encryption because it provides a significantly greater amount of cryptographic protection than the lower level of encryption does.

No one can access your account without your username, password and the one-time multifactor authentication code. You create or select a username and password at the time of registration. You may change your password, as often as you like after successfully logging into the 1FBUSA website or 1FBUSA Mobile. If your online access is locked, only authorized 1FBUSA personnel can upon your request reinstate your online access after confirming your identity. This policy is intended to protect you from hackers or other unauthorized individuals attempting to access your 1FBUSA account.

We also want you to know that we maintain physical, electronic and procedural safeguards that comply with federal standards to guard your nonpublic personal information. Our security procedures are aimed at preventing unauthorized access to such information and are reviewed and audited periodically for compliance with federal standards.

Your privacy is important to us. We have established standards that govern our collection, use, retention, and protection of information about you in connection with your use of the 1FBUSA website and 1FBUSA Mobile.

1FBUSA is the sole owner of the information collected on the 1FBUSA website and 1FBUSA Mobile. We will not sell, share, or rent it to others or use it in ways different from what is disclosed in this policy.

1FBUSA collects information from our online customers at several different points on the 1FBUSA website and 1FBUSA Mobile:

In addition to the information described above, we also collect information we receive from you on applications and other forms, such as your address and Social Security number; information about your transactions with us or others, such as payment history and account balances; and information we receive from third parties, such as consumer reporting agencies, and including your credit history and employment verification.

Children's Online Privacy Protection Act (COPPA) In accordance with COPPA, no part of the 1FBUSA website or 1FBUSA Mobile is intended to attract anyone under the age of 13, and the Bank does not intentionally collect information from those we actually know are under 13. Parents can also be proactive and limit website and mobile app access by their children by installing filtering software.

• Outside the 1FBUSA Organization We may disclose all of the information we collect about customers and former customers, as described above, to individuals or companies that assist us in providing our products or services. We do not otherwise disclose any nonpublic personal information about our customers and former customers to anyone outside the 1FBUSA organization, except as permitted or required by law.
• Within the 1FBUSA Organization We may disclose all of the information we collect about our customers and former customers, as described above, to companies within the 1FBUSA organization. These companies do not offer financial services directly but assist us with important risk management, legal, Internet, securitization, and account-acquisition services.

Policies of Linked Sites and Other Third Parties This privacy policy only addresses our use and disclosure of information we collect from you. You should be aware that when you are on the 1FBUSA website or 1FBUSA Mobile, you could be directed to other websites that are beyond our control. 1FBUSA is not responsible for the privacy practices of third parties or the content of those linked websites. We encourage you to read the posted privacy policy whenever interacting with any website.

Updates to the Privacy Policy 1FBUSA reserves the right to update this privacy policy from time to time. Please visit this page periodically so that you will be apprised of any changes.

If you have any questions about our security or privacy policies, please contact us, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays or by mail:

Accessing Secure Websites Be wary of suspicious emails. Never open attachments, click on links, or respond to emails from suspicious or unknown senders. To access a secure website, you should type the address into your web browser. Before providing any information electronically, ensure that a secure connection is made when you access a website. When a secure connection is attempted, the beginning of the internet address will change from "http" to "https". To confirm that the connection is secure, you will need to verify both that the connection was established and the security certificate used by the website is valid. For information on how to verify that a connection was established and the security certificate used by the website is valid, refer to How to Identify 1FBUSA Websites. If you have concerns about your secure connection when accessing the 1FBUSA website, contact us, toll free, at 1-844-328-9330, Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays.

Passwords When setting a password, make sure that it has a minimum of 10 characters and is not easily discovered by intelligent guessing. Include numbers, symbols, and upper and lowercase letters to increase the strength of the password. Do not use your name or birthday and do not use the same password for multiple websites. Never write down or record your password or other security information unless it is well disguised. Always take reasonable steps to keep your password and other security information secret at all times and never share it with anyone, especially in a text, by email or over the phone.

Log In and Log Out Do not use an automatic login feature that saves your password. Never leave your web-enabled device unattended when logged in to a website. Log out properly when you have finished with the website.

Shared Web-Enabled Devices View or download documents, such as account statements, only on a web-enabled device that you know to be safe and secure. Private and sensitive information about your account may easily be accessed by others using the same web-enabled device.

Saved Files and Browser Cache Online bank, merchant and creditor websites may provide account statements in PDF format. When you click on a link that opens a PDF document, the document you view may be accessible to others using the same web-enabled device. For Mac users, a document in PDF format may be automatically copied to the computer's desktop or to an easily accessible download folder. Be sure to delete the document in PDF format after viewing it and empty the Trash folder. For PC users, the browser may cache a document in PDF format. Be sure to clear your browser cache. For information on clearing your browser cache, check the Help feature of your browser.

Delete Unnecessary Personal Information Delete files, emails, and text messages containing account and personal information when no longer needed.

Safe Disposal of Information Stored on Computer Delete all personal information stored on your computer before you dispose of the computer. Use a wipe utility program to overwrite the entire hard drive.

Safe Disposal of Information Stored on Mobile Device Before you dispose of a mobile device, delete all personal information stored on it (e.g., phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos), save or transfer the information to a new device, and unregister the device with all your cloud based account providers.

Phishing(pronounced "fishing") Phishing - as in fishing for confidential information - is a scam that involves fraudulently obtaining and using an individual's personal or financial information. In a typical case, a consumer receives an email appearing to originate from a financial institution, government agency or other entity requesting personal or financial information. The email often requests immediate attention and directs the consumer to click on a link which is not to an official website but rather a phony site. For more information on phishing and how to protect yourself, refer to Protect Yourself From Phishing.

Unsolicited Communication Always be wary of unsolicited emails, text messages and phone calls asking you to disclose personal and/or account information. Keep this information secret. We will never contact you to ask you to disclose your password. If you receive suspicious emails, do not provide any information in response to them or otherwise respond to them. For information on how to identify and protect yourself from suspicious emails, refer to Protect Yourself From Phishing.

Secure Your Web-Enabled Device Use anti-virus software, anti-spyware software, and anti-malware software on all your web-enabled devices and be sure to update the software on a regular basis.

Block Non Standard or Suspicious Traffic Learn how to install and use a firewall to block unknown or suspicious traffic and, if your firewall supports it, monitor and generate alerts concerning this traffic.

Keep Your Device Up to Date Download the latest system updates to keep your web-enabled device operating system and web browser up to date.

Locking Your Mobile Device Always enable your mobile device lock function when the device is not in use.

Sharing Your Mobile Device and Password Do not give others access to your mobile device. Do not share your password with anyone and, apart from secure Password Management apps, do not store it in other apps on your mobile device, such as in a note-taking app.

Use Your Mobile Device Responsibly Be sure no one is looking over your shoulder and able to view your device's screen when using it in congested public areas.

Sign Out Sign out of your session when you're finished, whether you're using 1FBUSA Mobile or the 1FBUSA website.

Regularly Delete Banking Related Messages Regularly delete text messages related to banking.

Update Information To ensure you continue to receive communications and other information from us, promptly update your contact information if any of that information is changed or your mobile device is lost or stolen.

Jailbreaking and Rooting Avoid tampering with your device's operating system. This is called "jailbreaking" on an iPhone® device and "rooting" on an Android™ phone.

Official App Stores Always use official app stores to download apps, such as the Apple® App Store or the Google Play™ Store. Downloads from non-official app stores are common ways for key loggers or other malware to be installed on your mobile device.

Open or public wireless networks, such as those in a coffee shop, library, airport, hotel, or other public place, should never be used to send personal or sensitive data or login to your banking websites. Even wireless networks that are encrypted and require a username and password may not fully protect your data unless they use WPA2 encryption. Please refer to your device or operating system documentation for information on how to determine a wireless network's security level.

If you have no other option other than using a wireless network to send personal or sensitive data, ensure that your computer or mobile device immediately connects to a Virtual Private Network (VPN) that offers appropriate security as soon as you join the wireless network and before you access any other websites.

The information contained herein is provided as a general resource to our customers and is intended for informational purposes only. It is not intended to be comprehensive or to protect you from identity theft or other fraudulent activity. The information is subject to change without notice but is intended to be updated to include new information or tips when it is appropriate and may be helpful to you. We make no claims, promises or guarantees about the accuracy, completeness, reliability, or adequacy of the information contained in or referenced in this document.

Identity theft is the use of your personal information by someone who you have not authorized to use it. Once someone has your personal information, there are many ways it can be used without your knowledge. For example, an identity thief can contact your credit card company pretending to be you and ask to change the mailing address on your account. The thief then runs up charges on your account. Because your statements are being sent to the new address, you may not realize your account is being used in such manner.

Another way in which an identity thief can use your personal information is by opening a new credit card account using your name, Social Security number, and date of birth. When the thief uses the account and does not pay the bills, the delinquent account is reported on your credit report.

Phishing (pronounced "fishing") Phishing - as in fishing for confidential information - is a scam that involves fraudulently obtaining and using an individual's personal or financial information. In a typical case, a consumer receives an email appearing to originate from a financial institution, government agency or other entity requesting personal or financial information. The email often requests immediate attention and directs the consumer to click on a link which is not to an official website but rather a phony site. For information on how to identify and protect yourself, refer to Protect Yourself From Phishing.

Dumpster Diving A low-tech method of identity theft, dumpster diving is a way identity thieves can get a hold of your bank account statements, credit card numbers and other personal information by digging through trash or recycling bins.

Stealing Your Belongings Credit cards, checks, and even personal account information are commonly carried in purses, wallets, backpacks, and laptops-all of which can be easily stolen.

At 1FBUSA, we're committed to helping you protect your personal information. We believe that the best way to fight identity theft is to prevent it from happening in the first place. Here are some things you can do to protect yourself from identity theft.

Keep your information private Don't give out or share your personal or financial information, such as Social Security number, checking account number or credit card number, in response to an unsolicited email or over the phone unless you initiate the call and know the person or organization with whom you are dealing. Don't give out personal information to anyone who calls you, even someone claiming to be from 1FBUSA. No legitimate representative of 1FBUSA will ever ask you for your PIN or password over the phone. If you receive an unsolicited email, the safest approach is to not open it. If you open an unsolicited email, do not click on any embedded links or open any attachments. To confirm that a communication is legitimate, call the organization's customer service number or log into your account. If the attempt is fraudulent, report it to the organization's fraud department.

Keep track of your monthly statements Promptly review your bank statements and bills when you receive them. Keep your receipts to compare them with the charges shown on your statements and bills. Report any discrepancies to the bank or merchant immediately. If you do not receive a statement or bill when you expect to receive one, contact the bank or merchant to find out why. Someone may have filed a false change-of-address notice to divert your information to his or her address. If a statement or bill includes suspicious items, don't ignore them. Contact the bank or merchant as soon as possible to prevent or reduce any possible or further fraud.

Review your credit report Periodically obtain and review your credit report to confirm that the information in the report is accurate and complete. For a small fee, you can obtain a copy of your credit report at any time. Also, the national consumer reporting agencies are required to provide you with a free copy of your credit report once every 12 months at your request. To request a copy, visit www.annualcreditreport.com or call toll free 1-877-322-8228. If you see anything in your credit report that is out of the ordinary or with which you are not familiar, such as an account you never opened or an address change that is incorrect, immediately notify the agency from which you obtained the report.

Appropriately discard documents containing personal information Never toss documents containing your personal or financial information (such as, a Social Security number, driver's license number, or bank account number) into a public trash bin. Always shred documents containing personal, financial or other sensitive information before you discard them. Do not crumble such documents and throw them in the trash. Cut up or otherwise destroy old credit cards to ensure the information on the card is not legible.

Don't put outgoing mail in or on your mailbox Identity thieves may access and use your mail to steal your identity. To avoid such threat, drop your mail into a secure, official Postal Service collection box.

Carry only what you need Limit what you carry with you. The less personal information you have with you, the better off you will be if your purse or wallet is stolen. When you go out, take only the identification, credit, and debit cards you need. If you keep written records of your account information, store them in a locked box or file drawer. Do the same with items such as your passport and Social Security card.

Report lost or stolen credit cards immediately Call each credit card issuer and ask to have the stolen card accounts closed and new ones opened to replace them. Remember to update any automatic payment accounts with your new account numbers.

Don't preprint personal information on checks Your checks should not have your driver's license, telephone or Social Security numbers preprinted on them.

Be alert to telephone scams If you receive a telephone call in which the caller asks for personal or financial information, be wary about providing such information. If a request for such information is suspicious and/or asks you to verify personal or financial information, notify the bank or other company on whose behalf the request was made.

Guard your Personal Identification Numbers (PINs) and passwords Don't write your PIN on your ATM, credit and prepaid cards and don't keep your PINs with your cards. Keep an eye on your credit or debit card during a transaction and be sure it is returned to you right away. Avoid convenience store ATMs. They may not be as secure as bank ATMs. Sign cards as soon as soon as you receive them. Don't create PINs or passwords using information that can be guessed easily (such as, birthdays, addresses or pets' names). Don't share PINs or passwords with anyone, including friends and family. Change your passwords often. Use different passwords across banking, email, and social media accounts. Do not store personal information, passwords, or account numbers on your web-enabled device.

Be careful with your ATM and credit card receipts Never toss receipts into a public trash bin.

Protect your computers A stolen computer or mobile device can provide a wealth of information to an identity thief. Learn how your devices save passwords and account numbers and be sure any software you use to store personal and financial information is secure. Always set your laptop to require a password when it is turned on or awakened from sleep, especially when you're traveling.

Protect your identity online When conducting financial transactions, making purchases or sending personal information online, make sure the websites you are using are secure and able to protect your data from Internet theft. Websites that are secure and able to protect your data from Internet theft use Transport Layer Security/Secure Sockets Layer (TLS/SSL) technology to encrypt at a minimum your personal information. For information on how to determine whether a website you are using is secure and uses TLS/SSL technology, refer to How to Identify 1FBUSA Websites. Another online safety feature is your password. Every time you log in to the Bank's website (www.1fbusa.com), you are required to enter your username and password and select your personal image.

If you are a victim of identity theft, here are some steps you can take to help reclaim your identity:

1. Contact the consumer reporting agencies

2. Stop using your computer

3. Contact your local police

4. Contact the Federal Trade Commission

5. Check your mail carefully

6. Review all of your accounts

The information contained herein is provided as a general resource to our customers and is intended for informational purposes only. It is not intended to be comprehensive or to protect you from identity theft or other fraudulent activity. The information is subject to change without notice but is intended to be updated to include new information or tips when it is appropriate and may be helpful to you. We make no claims, promises or guarantees about the accuracy, completeness, reliability, or adequacy of the information contained in or referenced in this document.

The 1FBUSA website uses Transport Layer Security (TLS) to encrypt your online session. TLS is an updated and more secure version of SSL, which is an obsolete technology. The terms SSL and TLS are often used interchangeably, while the term TLS/SSL is often used to mean TLS.

You can check to see if your online session is secure by looking for a small lock symbol usually located near the URL field in your web browser window. Current versions of leading web browsers indicate when a webpage is encrypted by using this symbol. The certificate is a good indication that our site is indeed the site that's intended to be there.  In addition, these certificates can be verified by a third party, Digicert in this case, which is our Certificate Authority.

When you visit 1fbusa.com, you should look at the security certificate to confirm it is actually our website. You can review the security certificate details by clicking or double clicking on the small lock symbol. 1FBUSA uses EV or Extended Validation TLS/SSL certificates issued by DigiCert that have the following details:

• Organization Name: 1st Financial Bank USA
• Organizational Unit Name: Secure Services Division
• Locality: Dakota Dunes
• State: South Dakota
• Issued By: DigiCert Inc

If you are or suspect you are a victim of identity theft or other fraudulent activity involving your 1FBUSA account, or you have a question regarding unauthorized activity you have already reported to us, please contact us, toll free, at 1-844-328-9330 Monday through Friday, 8:00 am - 8:00 pm (Central Time) and Saturday 8:00 am - 5:00 pm (Central Time) excluding Federal holidays. When you call, please have your account information available as well as details about the identity theft or other fraudulent activity about which you are calling. If you are or suspect you are a victim of identity theft or other fraudulent activity, refer to Protect Yourself From Identity Theft for some steps you can take to help reclaim your identity.

If your 1FBUSA credit card has been lost or stolen, or transactions have posted to your account which you have not authorized, please contact us, toll free, at 1-800-733-1732, 24 hours a day, seven days a week.

Fraudulent activities may affect you even if you do not have an account with us. For example, a 1FBUSA account that you did not apply for could be opened in your name or could be reflected on your credit report.

If a 1FBUSA account that you did not apply for has been opened in your name or is reflected on your credit report, for your protection, please contact us immediately, toll free, at 1-844-328-9330.