Identity Theft and Internet Security

Return to Home Page

Identity theft is a growing problem and consumers need to take measures to protect themselves at all times.  Awareness is one of the best deterrents against fraud. Criminals can steal your identity in many ways, and are inventing new avenues every day.  Chesapeake Bank takes real interest and responsibility in protecting our customers against fraud, and while we have many checks in place to detect deceitful activity, we both can only benefit from customers who are educated on the risks.

Chesapeake Bank and Trust Contacting You

Chesapeake Bank and Trust will NOT, under any circumstances, contact you and ask for passwords, pin numbers, or any electronic banking credentials.

Secure Communications

Our system ensures that data-exchanged between your PC and our computers are encrypted with 128-bit encryption. Encryption is accomplished through Secure Sockets Layers (SSL), which utilizes mathematical formulas to ‘encrypt’ or hide information from prying eyes on the Internet. Additionally, if SSL detects that data was added or deleted after you sent it to the bank, the connection will be severed in order to guard against any tampering. The most popular browsers have the SSL security feature included.

Secure Environment

Our computer system does not connect directly to the Internet. It is isolated from the network via a number of ‘firewalls'. A firewall is a combination of software and hardware products that designate parameters, and control and limit the access that outside computers have to the banks’ internal networks and databases.

Secure Login

User IDs and passwords are isolated from the Internet. This way, the passwords and IDs can not be accessed or downloaded by anyone on the Internet. The system also checks for invalid logins and automatically disallows a user after three invalid attempts. This prohibits the ‘hacker’ from gaining access to our system.

Your Protection Under “Reg E”

Chesapeake Bank and Trust follows specific rules for electronic transactions issued by the Federal Reserve Board.  Known as Regulation E, the rules cover all kinds of situations revolving around transfers made electronically.  Under the consumer protections provided under Reg E, you can recover internet banking losses according to how soon you detect and report them.
For a copy of Chesapeake Banks most recent “Regulation E” documents, please visit a conveniently located branch or call 410-778-1600.

Avoid Identity Theft and Online Fraud

Scams such as Spoofing and Phishing to commit identity theft are becoming more prevalent. Identity theft involves the use of your personal information - your name, Social Security number, credit card, bank account numbers, or other identifying information - by someone else, to commit fraud or other crimes.

E-mail Phishing - Involves you receiving an e-mail, with something similar to “Official Information” or “Online Banking Problem” in the subject line, that appears to be from a legitimate company. It may even include the company's logo and a link to an Internet address that looks appropriate. This e-mail directs you to link to a website where you are to supply account or personal information. This is not normal operating procedure for a reputable company and should be questioned.  Chesapeake will never send an e-mail that asks for information such as social security number, account number, or PIN.  Simply clicking the link could secretly install software on your computer. The software may infect your computer with a virus or record and transmit everything you type, including passwords. Additionally, the website you link to may be spoofing the correct Internet site.

Website Spoofing - Involves you trying to visit a website but accidentally keying-in or linking-to a different address. This may lead you to a website that mimics the legitimate site that you were trying to visit. The spoof Internet site may route whatever information you provide to criminals. This can include your account numbers, Social Security Numbers, credit card information, passwords and personal identification numbers. To make spoof sites seem legitimate, criminals may use the logos, graphics, names and code of the real company's site. They also may attempt to fake the URL that appears in the address field at the top of your browser window and the padlock that appears in the lower right corner.

Skimming - Another method is called “skimming”. This method uses a small electronic device placed over or sometimes even inside a card slot at an ATM, gas pump, etc.  The device will capture information from a customer’s card, such as account numbers and PIN.  This recorded information is then used to create fraudulent cards.  If you notice anything out of ordinary, notify the machine’s owners immediately.

Sometimes, the scheme can be as simple as a phone call or letter asking you to update your information.  You should never give out personal information such as your PIN, social security number, or account number to unknown parties.  No reputable company will ever call you requesting this type of information.

Protect Yourself

• First and foremost is education and awareness-be alert for the latest scams and how to prevent becoming a victim
• Do not reply to an e-mail or pop-up message asking for personal or financial information. Legitimate companies will never ask for personal or financial information via an e-mail or pop-up message.
• Don't e-mail personal or financial information. If you initiate a transaction, look for indicators that the message is secured, which can be validated by a lock icon. Most e-mail programs do not provide confidentiality via encryption.
• Use bookmarks to access known sites to avoid being lured to imposter sites.
• Use updated anti-virus software. Some phishing emails contain viruses and software that can harm your computer.
• Do not just throw documents containing personal information in the trash
• Shred unwanted documents that contain personal information.
• Pay close attention to new charges on your credit card bill.  Review credit card and bank statements immediately for unauthorized charges and contact the company if statements are more than a few days late.
• Don't leave mail in your mailbox.
• Memorize your Social Security number instead of carrying it with you.
• Don't write down your passwords, and don't use birth dates or names of family members as passwords. 
• Never write down PIN numbers.
• Take your receipts from ATMs, gas pumps, etc.
• Report lost or stolen credit and debit cards immediately!
• Protect the sensitive information contained in your wallet, checkbook, and other items at all times.
• Take outgoing mail to the Post Office, or put it in a USPS drop box.
• Check your credit report often (1-2 times a year)-a small fee can save you a huge problem down the road.
• Always sign a debit card or credit card immediately.
• Balance your statements.
• If you receive a questionable call, tell the caller you are busy and ask what number you can reach them back on.

Your Password

You will be responsible for maintaining one of the most important security measures: your password. Please be sure to keep your password a secret. We recommend you memorize your password. It is not recommended you write it down or carry your password in your purse, wallet, or computer bag. Make sure no one watches you enter your password and always close your browser when leaving the computer. Make sure you regularly scan your computer for viruses that could be used to capture password keystrokes. You ultimately hold the key to your password security Below are some suggestions on Password Dos and Don'ts:

Password DOs
• Change passwords regularly and whenever they may have become compromised
• Use the first (or last) letter of each word in an easily remembered phrase. For added security, substitute symbols for letters. For example using the phrase "If money doesn't grow on trees then why do banks have branches?" would be IMDGOTTWDBHB? or 1md9077wD6Hb?

Password DON'Ts
• Don't give your passwords to ANYONE for ANY reason
• Don't write your passwords down; anywhere near your PC, in your purse, wallet or computer bag, in user manuals, electronically in word documents, or sent in e-mails
• Don't use personal information such as; your name, your friends name, pets, address, social security number, phone number, license plate number, important dates such as birthdays and anniversaries
• Don't use words that can be found in any language's dictionary. Or these words spelled backwards or with numbers or symbols added to the beginning or end
• Do not use the same password for multiple sign-ins when possible
• Do not use easy to spot passwords such as "qwerty", "123456", or "aaaAAA"

Consumers Across the Country Eligible for Free Annual Credit Reports

On September 1, 2005, consumers in 14 East Coast states, including Maryland, joined the rest of the country in qualifying for a free annual credit report from each of the three nationwide consumer reporting companies – Equifax, Experian, and TransUnion. The free reports were mandated by Congress in The Fair and Accurate Credit Transactions Act of 2003 (FACTA), which requires the nationwide credit bureaus to provide consumers with a free copy of their credit report, at their request, once every 12 months. Consumers who want to access their credit report online can go to

Consumers can also obtain a copy of their credit report from the following companies:

Equifax Credit Information Services
P. O. Box 740241
Atlanta, GA 30374-0241
Phone: To request a credit report: 800-685-1111 Option 4
To report fraud: 800-525-6285
Web site:

P. O. Box 2104
Allen, TX 75013
Phone: (888) 397-3742
Web site:

TransUnion Corporation
P. O. Box 1000
Chester, PA 19022
Phone: To request a credit report: 800-916-8800
To report fraud: 800-680-7289
Web site:

If you feel you are a victim of identity theft, contact anyone that you have a financial relationship with, including banks and credit card companies, and the police.  Keep a written record of everything related to the incident and all people/companies you contact.  

You can also contact the following agencies:

• Federal Trade Commission
Identity Theft Clearing House
Hotline: 877-438-4338
IDD: 202-326-2502

• Social Security Administration
Fraud Hotline: 800-269-0271
The Federal Trade Commission has an identity theft hotline 877-438-4338 and a website that is a very useful tool for consumers.

Business Account Takeover

Business Account Takeover is the business equivalent of personal identity theft. Businesses not only need to protect themselves from identity theft but also ensure they have protections in place so that they do not have a business account takeover.
Hackers, backed by professional criminal organizations are targeting small and medium businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into other accounts.

Controls Evaluation

Chesapeake Bank recommends that an online banking assessment and control evaluation be completed periodically by all of our business customers who use online banking.

Protect Yourself
• Use a dedicated computer for financial transactional activity. DO NOT use that computer for general web browsing and email.
• Never open attachments or click on links from unsolicited emails.
• Apply operation system and application updates (patches) regularly.
• Use the latest versions of Internet browsers, such as Internet Explorer, Firefox or Google Chrome with "pop-up" blockers and ensure that updates (patches) are most recent versions.
• Use and maintain updated spam filters and anti-virus software.
• Have host-based firewall software installed on computers.
• Turn off your computer when not in use.
• Review your banking transactions daily.

Potential Signs Your Computer System May Be Compromised
• Inability to log into online banking.
• Dramatic loss of computer speed.
• Changes in the way things appear on the screen.
• Computer locks up so the user is unable to perform any functions.
• Unexpected rebooting or restarting of the computer.
• Unexpected request for a one time password (or token) in the middle of an online session.
• Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working.
• New or unexpected toolbars and/or icons.
• Inability to shut down or restart the computer.