7/20/17 - TLS 1.1 Deactivation
Our Web provider will no longer support TLS 1.1. as of 9/30/17 as newer updates have been set in place. To eliminate any impact to you, please make sure that you have the most up-to-date browser version on your device. (By this we mean, Google Chrome, Internet Explorer, Safari, Fire Fox, etc. Whatever platform you use to access the internet, please make sure that you are using the most current version.) This will ensure compatibility with our new TLS 1.2 Security updates.
7/19/17 - Chip Card Fraud (Fallback transaction)
What is a fallback transaction?
A fallback transaction occurs when a transaction iscompleted between an EMV chip card reader and an EMV enabled chip card but thechip on the card cannot be read. The card is then either swiped or key enteredto complete the transaction. Since the chip cannot be read correctly, theterminal "falls back" from its primary programming of reading thechip to a secondary method of either swiping or key entering the card. If thetransaction falls back to a different method of processing, the transaction hasto route through a PIN network.
Fallback transactions can occur from a damaged or dirty cardreader, various compatibility issues, incomplete EMV migration, as well asfraud.
How to minimize risk.
Recommend blocking fallback transactions outside of yourstate and over a certain dollar amount. You will want to do an analysis beforeplacing this restriction to minimize as many false positive scenarios aspossible, while still reducing fraud losses and allowing valid cardholderactivity.
5/24/17 - TLS 1.2 Update coming
Earlier this month we placed a notice on social media notifying you that a security update to TLS 1.2 would take place on 6/6/2017. In that process, TLS 1.0 would also be deactivated. This update will still take place in the coming months, but the deactivation has been extended until further notice. We will post the new date once it is available. Meanwhile, if your browser is not updated to the current version, our online banking and this site may not work for you when TLS 1.0 is deactivated. Please take a moment to update your browsers. Click here to learn more about TLS 1.2.
5/15/17 - DocuSign Breach
Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.
Although we do not utilize DocuSign for our electronic signatures, this is a good reminder that it doesn’t matter how legit the message looks or even if you do business with the company that the sender is representing. Don’t click links or open attachments that you aren’t expecting. Even when you are expecting something, it’s okay to reach out with the contact information that you already have on file for that business and confirm that the message is legit. Otherwise clicking on these links and attachments may install malware on your computer. Remember: Think Before You Click.
Upgraded Fraud Prevention Service
As part of our continuous efforts to keep your accounts secure, we've improved our alert system for potential debit card fraud.
Here's how it works:
- When potential fraud is detected, you will receive an automatic email notification from Chesapeake Bank, with the option to reply with "fraud" or "no fraud."
- One minute after the email, you will receive a text alert* from 32874 between 7am and 9pm, which also has the "fraud" or "no fraud" option. NOTE BELOW
- If there is no response received from you, five minutes after the text alert, you will receive automatic phone calls to confirm or deny fraud (between 7am and 9pm).
Remember - our messages will never ask for your PIN or account number.
*The phone number for our Fraud Center has changed to 1-800-417-4592. If you add this number to your phone contacts and label it "Fraud Center," it will display whenever you get a call or text from this number.
NOTE: You will not receive text messages if your mobile carrier is not listed or is not a subsidiary of one of the following carriers who support FTEU (Free to End User) messages: AT&T, Verizon, Sprint, Boost, Virgin Mobile and T-Mobile. Please check with us to be sure we have your updated mobile number on file for this service.
June 8, 2016