OceanFirst Security StatementOceanFirst values the confidentiality and security of your assets and personal information. Accordingly, we have created systems that address security concerns from every angle to protect you and your confidentiality.
- Multi-Factor User Authentication to prevent unauthorized attempts to login to Online Banking
- Secure communications between you (your browser) and our Online Banking servers
- Secure environment in which the Online Banking servers and customer information database reside
OceanFirst employs multi-factor authentication to ensure user authorization. Your User ID and confidential Password, as well as information stored on your computer, protect against others accessing your Online Banking and Bill Pay accounts.
- Your User ID serves to identify you and your account relationship with OceanFirst.
- With Out-of-Band authentication our system uses two separate networks simultaneously to communicate with your device at login. This enhanced authentication with one-time access code is delivered by text, call or email.
- Your Password serves to authenticate your identity.
- Within personal Online Banking, device tagging and fingerprinting allow our system to “remember” your particular computer device(s). This is accomplished by leaving a tag in multiple locations on your device (ex. browser cookies; browser database) as well as capturing device attributes to create a securely stored fingerprint. For Cash Management Online Banking, the cookie employs a complex device identification process using the browser, the browser version, and IP address as part of the identifying criteria.
Login attempts are constantly monitored. We allow you to enter your Password only a limited number of times. Too many unsuccessful login attempts will result in the locking of your Online account. Personal Online Banking password lock outs can be resolved within the Forgotten Password link if your phone and email are on our system or by calling us for assistance at (732) 240-4500 ext. 7710. To resolve a Cash Management Online Banking password lock out please call us for assistance at (732) 240-4500 ext. 7770. As an added safeguard, your device will automatically log out of the system after a specified period of inactivity.
The security of communications between you (your browser) and our servers is ensured via encryption.
- Encryption scrambles messages exchanged between your browser and our Online Banking servers.
- When you visit the Online Banking sign-on page a secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption.
- The SSL protocol requires the exchange of what are called public and private keys. Keys are random numbers, much like numbers on a combination lock, chosen for that session and known only between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require keys in order to descramble (decrypt) messages received.
- o For your protection, OceanFirst’s personal Online Banking requires your browser to connect at 128-bit encryption. Cash Management Online Banking generally requires you to connect at 256-bit encryption. If necessary, this will be adjusted to 128-bit encryption based on your browser.
The network is structured so that the computers storing your actual account information are not linked directly to the Internet. This configuration isolates the publicly accessible Web servers from the data stored on our Online Banking servers and ensures only authorized requests are processed.
- Transactions initiated through the Internet are received by our Web servers.
- These Web servers route your transaction through firewall servers.
- Firewall servers act as a traffic cop between segments of our Online Banking network used to store information, and the public Internet.
Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our Online Banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.
Best Practices for Online Security
The security of your personal information begins with using extra caution and good sense when using the Internet. We encourage you to keep in mind the following tips when you are using the internet:
- Don't share your User ID or Password with anyone
- Periodically change your Password
- Select a Password that is hard for others to guess, but easy for you to remember (use a password containing something other than birthday, anniversary, social security number, phone number, pet's name or your address)
- Don't leave your computer while in the middle of an Online Banking or Online Bill Pay session
- Always sign off (log out) when you have completed your Online Banking or Online Bill Pay session
- Eliminate cached pages before leaving a shared or public computer
- Never provide personal information such as your bank account numbers, credit or debit card numbers, social security number or other sensitive personal/financial information unless you have initiated the contact.
- Only install software from trusted sources and known origins. Software distributed via email is particularly dangerous as viruses are often transmitted via email.
- Download Trusteer Rapport - free fraud protection software provided by OceanFirst Bank.
- Install and maintain Antivirus and Anti-Spyware software on your computer.
- Update your browser software to benefit from the latest security protections.
- Pay attention to warning messages presented through your browser. Browser warning messages may indicate a security threat.
- Use caution when reviewing privacy policies and acceptance terms for online products and services.
- Avoid clicking pop-ups
- Utilize passphrases
- Do not open emails and/or attachments from unkown senders
If you are a registered Online Banking user and have forgotten your Password or User ID, or think your Online Banking Password has been compromised, call OceanFirst Retail Customer Services at 1-888-OCEAN33, ext. 7710.
Protect yourself from security attacks, including identity theft, by following these important tips:
- Do monitor your accounts regularly and report any suspicious activity to us immediately
- Do ensure you are connected with our site before entering your password
- Do call us and your mobile carrier to report any lost or stolen devices, or if you change your phone number
- Do use the power-on password feature, if available, on your mobile device
- Do password protect your mobile device and lock it when you're not using it
- Do bookmark www.oceanfirst.com to avoid mistyping
- Do add our short code to your device's contact list with a distinctive name, to recognize any incoming messages are from us and not spoofed
- Do log out completely when you complete a mobile banking session
- Do protect your phone from viruses and malware by installing mobile security software
- Do download the updates for your phone and mobile Apps
- Do use discretion when downloading various Apps
- Do use account nicknames in place of account numbers, but don't use any part of your account numbers in the nicknames
- Don't type sensitive information that others can see; be aware of your surroundings
- Don't use the auto log-in feature on your mobile device
- Don't share your log-in information
- Don't save confidential information on your mobile device
A “Corporate Account Takeover” is when cyber-thieves gain control of a business’ bank account by stealing valid online banking credentials. Cyber criminals target small and medium-sized businesses by using malware to infect workstations and laptops. A business can become infected with malware through e-mail attachments or links connecting to an infected website or through clicking on documents, videos or photos posted on legitimate websites, such as social networking sites. In many cases, e-mails are sent that appear to be from reputable organizations but contain links to fake websites. When recipients access these links they unknowingly install keylogging software, which provides cyber-thieves with access to the user’s account details, activity and ACH and wire transfer origination parameters. This information is then used to initiate fraudulent funds transfers.
What can you do to protect your business?
- Initiate ACH and Wire Transfer payments using Token access and dual control
- Download Trusteer Rapport - free fraud protection software provided by OceanFirst Bank and keep enabled on all company computers
- Ensure that anti-virus and security software is installed and up to date.
- Restrict functions for workstations and laptops that are used for online banking and payments
- Monitor & reconcile accounts daily.
- Utilize routine and "red-flag" reporting for transaction activity
- Perform periodic internal Risk Assessments and contol evaluations
- Secure access voice or text options, rather than email, to receive a one-time passcode
- Avoid using adminitrator/super user credentials for day to day processing
- Enforce screen locks
The Internet scam known as "phishing" is an attempt to obtain your personal financial information. In a phishing scam, you may receive an e-mail message designed to look like it came from a legitimate source that warns of a serious problem requiring immediate attention or redirects you to a phony website that looks like the real thing. Phishing attempts may also be sent via instant messaging. Voice phishing called "vishing" involves the use of Voice over Internet Protocol (VoIP) and can be in the form of an email appearing to be from a trusted source, or automated dialing programs showing a legitimate-looking local or toll-free phone number in caller ID. Never provide your personal information or password in response to an unsolicited request by telephone or by clicking on the URL link imbedded in an e-mail or instant message, or by calling a telephone number provided, if there is reason to believe the e-mail or message may be fraudulent.
In another scam known as "pharming" online users are redirected to an illegitimate website through technical means. "Pharmers" take advantage of slight misspellings in domain names, or trick users into inadvertently visiting the pharmer's website, to obtain personal information.
Click the links below to watch each video
If you fall victim to a scam and have disclosed personal information, act immediately to protect yourself by alerting us, placing fraud alerts on your credit files and monitoring your account statements closely. Also report suspicious e-mails or pharming attempts to the Federal Trade Commission through the Internet at https://www.identitytheft.gov/, or by calling 1-877-IDTHEFT (1-877-438-4338). Suspicious e-mails purporting to be from the Federal Deposit Insurance Corporation (FDIC) should be reported to email@example.com.