First Security Bank

The Card Suite Lite app is a third-party app that puts you in control of your debit card(s)! Set up is easy!

Download Card Suite Lite

• Control your card by location, merchant and transaction type
• Real-time alerts each time your card is used
• View recent transactions
• Authorize transactions immediately – even when your card is locked

Download the Card Suite Lite mobile app from your app store and follow the prompts to:

• Select Sign Up
• Enter the debit card number either manually or by scanning it with your smartphone's camera. Then, select Verify.
• On the next page, Add Card Details, enter your full name as it appears on the card. Then select Continue.
• During the card verification process, you may be presented with a two-factor authentication option to verify card ownership with optional personal identifying information. Enter the information and click Continue. NOTE: If an error message is displayed during the registration process, contact our Customer Support.
• Accept the Terms and Conditions, as well as the Privacy Policy.
• Create your username and password and then select Continue. An Account Created message will be displayed. Click Okay to proceed.
• After account creation, you will be asked to enter personal details and click Continue.
• Verify the mobile phone number entered on the Personal Information page. A one-time PIN will be sent via text message to the mobile number provided. Enter the One-time passcode and click Continue. You will receive a confirmation message. Click Continue.
• A one-time PIN will also be sent to the email address that was entered on the Personal Information page. Enter the one-time passcode and click Continue. You will receive a confirmation message. Click Continue.
• You now have instant control of the debit card.

Set up Notifications

• Tap your initials in the top right corner to open your profile. Tap Profile Settings, then Notifications, Transactions, and finally, tap to toggle on the switch for All Successful Transactions. The default setting is to be notified of all denied transactions.

Set up Controls

• Tap Controls underneath the card for which you'd like to set up controls.
  • Transaction Controls- set Overall Spend Limits, ATM Withdrawals, In-Store Transactions, Contactless Transactions, E-Commerce Transactions, Mail/Phone Transactions, Autopay Transactions, and Other Transactions
  • Location Controls- Set up a location Shield, Regional Shield, and International Transactions
  • Merchant Controls- Select which categories of merchants to allow transactions.

Tap Freeze to turn the card off (preventing transactions). You can unfreeze the debit card at any time.

Regarding Transactions:

• Check your transactions regularly for strange activity, changes, or unusual patterns.
• Note and question unfamiliar transactions.
• Recognize that the sense of urgency, panic, and secretive actions encouraged by the scammer on the phone, in emails, on websites, etc., are common tactics used to disorient you and increase the likelihood of falling for the scam.

Regarding Inconsistent Information:

• Mismatched names, addresses, or contact details.
• Documents that look altered or forged.
• Conflicting stories or explanations.
• Typically contains typos.

Pressure Tactics and Emotional Appeals

• Scammers often use tactics such as urgency, fear, or flattery to manipulate their victims.
• Phrases like “act now,” “don’t tell anyone,” or “you’ve won” are red flags.
• Scammers on the phone will often instruct you to stay on the line with them while they provide instructions or advise against muting them if you want the issue resolved. They will not be understanding and polite if you offer to call them back at a later, more convenient time.

Requesting Personal Identifying Information:

• Legitimate organizations rarely ask for passwords, Social Security numbers, or banking details via email or phone.
• Be cautious of links or attachments in unsolicited messages. For more on this, see our section on Links and Typo Squatters.

Too Good to be True

• Promises of large sums of money, prizes, or guaranteed returns with little effort.
• Fake job offers, investment opportunities, or inheritance claims.

Lack of Verifiable Details

• No physical address, phone number, or legitimate website provided to you that you can access on your own web search.
• Refusal to provide written documentation or contracts.

If you think you're being scammed, act both quickly and carefully. You may need to take a few calming breaths and step away from your computer or phone for a few minutes to calm down and escape the panic and urgency the scammer has instilled in you.

1. Stop all communication with the scammer.
2. Secure your accounts. Change passwords, set up two-factor authentication, check for unauthorized activity.
3. Report the scam to your bank by calling 877-611-3118, email provider, social media platform. If this is a situation involving your credit or identity, contact:
   • In the U.S., report to the FTC at https://reportfraud.ftc.gov
   • For identity theft, visit https://www.identitytheft.gov
4. Document everything.
   • Save screenshots, emails, texts, or any communication related to the scam.
   • Note dates, names, and any financial transactions
5. Warn others. Let your coworkers, friends, or family know if the scam might affect them.

1. Stay Educated and Aware

• Learn about common scams (e.g., phishing, fake invoices, identity theft).
• Stay updated on new fraud tactics through trusted sources like the FTC or cybersecurity blogs.
• Follow us on social media to stay informed about current scam alerts.

2. Protect Personal and Financial Information

• Never share sensitive data (e.g., passwords, Social Security numbers) unless you're sure of the recipient.
• Use strong, unique passwords and change them regularly—more on this in our Safe Passwords section.
• Enable two-factor authentication on important accounts.

3. Verify Before Trusting

• Verify the identity of individuals or organizations before sending money or sharing sensitive information.
• Verify URLs, email addresses, and phone numbers for accuracy and legitimacy. For more information on this, see our Typo-Squatters section.
• Be skeptical of unsolicited offers, especially those that seem too good to be true.

4. Monitor Accounts and Activity

• Regularly check bank statements, credit reports, and online accounts for unusual activity.
• Set up alerts for transactions or login attempts.
• Download and set up Card Suite Lite, a third-party app our customers can use to stay on top of and control debit card transactions in real time.

5. Use Secure Technology

• Keep software, browsers, and antivirus programs up to date.
• Avoid using public Wi-Fi for sensitive transactions.
• Use encrypted platforms for communication and data storage.

6. Implement Internal Controls (for businesses)

• Separate duties (e.g., one person approves payments, another processes them).
• Conduct regular audits and reviews.
• Train employees to recognize and report suspicious behavior.

7. Report and Respond Quickly

• If fraud is suspected, report it immediately to relevant authorities or platforms.
• Freeze affected accounts and change passwords.
• Notify others who may be impacted.

How to Create Safe Passwords

A strong password should be:

1. Long – At least 12–16 characters.
2. Complex – Use a mix of:
   • Uppercase and lowercase letters
   • Numbers
   • Symbols (e.g., !@#$%^&*)
3. Unpredictable – Avoid using:
   • Names, birthdays, or common words
   • Repeated characters or sequences (e.g., 123456, abcdef)
4. Unique – Never reuse passwords across accounts.

Example of a strong password:

T!m3To$ecur3MyD@t@2025

Or use a passphrase: Purple!Rain$Dances@Midnight77

Where to Store Passwords Safely

1. Password Manager Software

• Generate strong passwords
• Autofill login forms
• Sync across devices
• Encrypt your data

2. Secure Offline Storage

If you prefer not to use a password manager:

• Write passwords in a locked notebook or safe.
• Use encrypted files (e.g., a password-protected Excel file).

3. Avoid These Methods

• Saving passwords in plain text files or emails.
• Using browser autofill without encryption.
• Writing them on sticky notes near your computer.

Two-Factor Authentication

Two-factor authentication provides an extra layer of security if your password is compromised, stolen, or guessed.

• Blocks unauthorized access.
• Protects against phishing.
• Safeguards sensitive information.
• Prevents automated attacks.
• Provides peace of mind.
• Helps with compliance with your employer's security.

It can also alert you that account tampering is going on because when you receive a code through text, email or phone call that you didn't initate yourself—you can bet it's time to secure your accounts, check for unsual transactions or activity, and report the occurrence to the institution through your usual means of communicating with the institution (not by clicking unverifyable links or by calling a number that doesn't appear on the institution's website).

Biometrics

You should set up biometrics because it provides enhanced security, convenience, and is more difficult for fraudsters to bypass than traditional passwords. Biometrics, such as fingerprints and facial recognition, are unique to each individual, making them a strong defense against identity theft and fraud. Plus, it's harder to steal!

Protecting your personal information from scammers is all about being proactive and cautious. NEVER give personal identifying information (PII) such as your full name, Social Security number, driver's license number, bank account number, passport number, debit card number or email address to a received phone call, text, instant message or email. First Security Bank will NEVER ask you for your debit/credit card PIN or password for online banking. If you receive a suspicious notification, call Customer Support directly at (877)611-3118.

Here are some of tips we've covered in previous sections to help you keep your information secure:

Be Cautious with Sharing Information

• Only share personal details (like your address, phone number, or Social Security number) with trusted sources.
• Avoid oversharing on social media—scammers can use public posts to guess passwords or impersonate you.

Use Strong, Unique Passwords

Enable Two-Factor Authentication (2FA)

Watch Out for Phishing Scams

• Don’t click on suspicious links or download attachments from unknown emails or texts.
• Check the sender’s email address carefully—scammers often use addresses that look similar to legitimate ones.

Monitor Your Accounts

Use Security Tools

• Keep antivirus software and firewalls up to date.
• Use secure, encrypted connections (look for “https” in URLs).

Be Smart About Financial Transactions

• Verify payment requests, especially if they’re urgent or unexpected.
• Use secure payment methods and avoid wiring money to unknown individuals.

Report Suspicious Activity

Typosquatting occurs when scammers create fake websites with URLs that closely resemble legitimate ones—often with minor spelling changes or added characters. Here’s how to check links safely:

How to Spot a Typosquatting Scam

1. Hover Before You Click

• On a computer, hover your mouse over the link to see the actual URL in the bottom corner of your browser.
• On mobile, press and hold the link (without tapping) to preview the URL.

2. Look Closely at the URL

Watch for:

• Misspellings (e.g., amaz0n.com instead of amazon.com)
• Extra characters or dashes (e.g., paypal-secure.com)
• Wrong domain endings (e.g., .net instead of .com)
• Subdomains that try to look like the main site (e.g., secure.paypal.com.scam-site.com)

3. Use a Link Scanner

You can paste suspicious links into tools like:

• https://transparencyreport.google.com/safe-browsing/search
• https://www.virustotal.com/
• https://www.urlvoid.com/

4. Check the Site’s SSL Certificate

• Look for the padlock icon in the browser’s address bar.
• Click it to view certificate details—make sure it’s issued to the correct organization.

5. Search Instead of Clicking

If you're unsure, search for the company or service name in your browser instead of clicking the link directly.

Both Apple Pay and Google Pay are considered highly secure options for making online purchases.

Security Features Shared by Both

• Tokenization: Your real card number is never shared with merchants. Instead, a unique token is used for each transaction.
• Biometric Authentication: Both require Face ID, Touch ID, or a PIN to authorize payments.
• Encryption: All data is encrypted during transmission and storage.

Best Practices for Safe Use

• Always enable biometric authentication.
• Use device-level security (PIN, password, or biometric lock).
• Monitor your bank statements and set up alerts.
• Only use these services on trusted devices and networks.

1. Open the Wallet App
   • Tap the Wallet app (it looks like a colorful wallet icon).
   • Tap the “+” sign in the top-right corner.
2. Add a Card
   • Choose Debit or Credit Card.
   • You can scan your card using your camera or enter the details manually.
   • You may also see options to add a previous card or one from a supported app.
3. Verify Your Card
   • Your bank or card issuer may ask you to verify your identity via text, email, or app.
   • Follow the prompts to complete verification.
4. Enable Apple Pay
   • Go to Settings > Wallet & Apple Pay.
   • Turn on Apple Pay and set your default card if you’ve added more than one.
5. Set Up Face ID or Touch ID
   • This ensures secure payments.
   • Go to Settings > Face ID & Passcode or Touch ID & Passcode to enable.
6. Test Apple Pay
   • Try using it at a store with a contactless terminal or within an app that supports Apple Pay.

Tips

• You can add up to 12 cards on an iPhone.
• Apple Pay also supports transit passes, Apple Cash, and driver’s licenses in some regions.
• Apple never stores your actual card number—only a secure token is used for transactions.

On Android Devices

1. Download the App
   • Go to the Google Play Store and search for Google Wallet.
   • Install the app.
2. Sign In
   • Open the app and sign in with your Google account.
3. Add a Payment Method
   • Tap “Add a payment method”.
   • Choose a credit/debit card or PayPal.
   • Follow the prompts to verify your card with your bank.
4. Enable NFC (for contactless payments)
   • Go to Settings > Connections > NFC & payment.
   • Turn on NFC and set Google Wallet as your default payment app.
5. Set Up Screen Lock
   • Ensure your phone has a secure lock screen (PIN, fingerprint, or face recognition).
6. Ready to Pay
   • Unlock your phone and hold it near a contactless terminal to pay.

On iPhone Devices

Note: Google Pay is now Google Wallet, and while iPhones can't use it for in-store tap-to-pay, you can still use it for online purchases, sending money, and managing cards.

1. Download the App
   • Go to the App Store and search for Google Wallet.
   • Install the app.
2. Sign In
   • Open the app and log in with your Google account.
3. Add a Payment Method
   • Tap “Add a payment method”.
   • Enter your card or PayPal details and verify them.
4. Use Google Wallet
   • Send or receive money.
   • Track purchases and manage cards.
   • Use it for online shopping where Google Pay is accepted.

Security Tips

• Enable 2-factor authentication on your Google account.
• Use biometric authentication (Face ID or fingerprint).
• Monitor your transactions regularly.

If you receive a letter or email from an organization and want to make sure you're contacting them safely, here are some steps to follow:

1. Don’t Use Contact Info in the Message Right Away

Scammers often include fake phone numbers, email addresses, or links. Instead:

• Go directly to the organization’s official website by typing the URL into your browser.
• Use contact information listed on their verified site—not what’s in the message.

2. Verify the Sender

• Check the email address carefully. Official emails usually come from domains like @irs.gov, @bankofamerica.com, etc.
• Be cautious of addresses with extra characters (e.g., @secure-bank.com instead of @bank.com).

3. Look for Red Flags

• Urgent language like “act now” or “your account will be closed.”
• Requests for personal info, passwords, or payment.
• Poor grammar or formatting.

4. Use Official Contact Channels

• For government agencies: Visit https://www.usa.gov to find verified contact info.
• For banks or businesses: Use the phone number printed on your bank card or official documents.
• For email verification: Call the organization directly using a known number to confirm the message.

5. Use Online Tools to Check Legitimacy

• Search the organization’s name + “scam” or “fraud alert” to see if others have reported similar messages.
• Use email or link scanners like:
  • https://transparencyreport.google.com/safe-browsing/search
  • https://www.virustotal.com