Skip Navigation Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,download Adobe® Acrobat Reader.
The Merchants National Bank of Sacramento
Relationship Banking since 1921
Businessman on a smartphone and a laptop

Security/Fraud Prevention

The Federal Financial Institutions Examination Council (FFIEC) recently issued new supervisory guidance for banks designed to help make online transactions more secure. The new guidance is in response to an ever more dangerous online threat environment. Scams and hacking techniques are more sophisticated, new threats are continually being developed, and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft.

The new guidance means you may begin to see new security features on the websites you visit. Each of our online products has built-in security features which are continually enhanced in response to changing threats. Some of these enhancements are visible to you, the user, but others occur behind the scenes.

The new guidance also means you will see more information on how you, as a user of online services, can take action to keep your identity and your financial information and funds secure.

Important Information For Our Online Users

Accordion 1
Your Log-In Credentials
We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer. If you receive such a request, do not provide any information.
Accordion 2
Reporting Suspicious Activity
If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship with The Merchants National Bank, call 916-442-3883 and ask to speak to a Service Representative.
Accordion 3
Protect Yourself by Controlling Online Risks
Understand the online products you are using:

Understand the risks of online transaction processing:

Our website includes security alerts and information about preventing and reporting identity theft. The security tips and links to websites noted below provide important information and news to help you understand online transaction risk and options to help you control these risks. It is important to be informed and proactive. When it comes to internet fraud, account takeover and identity theft, an ounce of prevention is definitely worth a pound of cure.
Accordion 4
Password Security Tips
Do not share your User ID’s or Passwords with another person or provide them to others. Safeguard your User ID and Password information—never leave the information “lying around” in an unsecured location. Create a unique User ID and Password for each site. Do not use the same identifying information on multiple websites
Create strong User ID’s and Passwords. In other words, use upper case letter(s), lower case letter(s), and numbers; if the site allows for them, use symbols as well.

Many websites force password changes (i.e. every 60 days). If a website does not do so, take the initiative and change your password on a regular basis.

Avoid posting personally identifiable information on social media sites such as on Facebook and Twitter. Information such as street address, pets’ names, home town and mother’s maiden name can be used to access more secure information.
Accordion 5
Website Security Tips
Monitor account activity. View account activity online on a regular basis and review periodic account statements (monthly and/or quarterly) and reconcile them to your personal records.

Log off from a website; do not just close the page or “X” out.

Secure websites have a web address that includes an “s” (https rather than http). If this feature is lacking, the site may not be genuine. Do not log in or conduct business on these sites.

When completing financial transactions, verify encryption and other security methods are in place, protecting your account and personal information.
Accordion 6
 Computer/Network Security Tips
 Use quality security monitoring software on your PC that includes anti-virus, anti-malware and firewall functions.
  • Use your PC’s security features such as individual Log-In accounts.
  • Keep PC operating system security up-to-date by applying patches and updates.
Password-protect your computer network (physical or wireless)
Accordion 7
 Stay Aware of Current Scams
The Internet Crime Complaint Center (IC3) website is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), and contains useful information.

IC3 information on gift card scams can be found here
IC3 information on other scams can be found here
Accordion 8
 Identity Theft

What can you do to avoid becoming a victim of IDENTITY THEFT?

Protecting your identity:
Never respond to unsolicited requests for your social security number or financial data.
Before discarding, shred credit card, ATM receipts and any pre-approved credit offers you have received, but don't plan to use.
  • Check all credit card and bank statements for accuracy.
  • Avoid easy-to-figure out access and personal ID codes.
  • Obtain a copy of your credit report annually and check it for accuracy.
  • Use only secure sites when making online purchases. Secure pages begin with "https."
  • Pay for online purchases by credit card to assure you get what you paid for and to limit your liability.
  • Safeguard your SSN, and check earnings and benefit statements annually for fraudulent use.
If you have become a victim of Identity Theft, immediately take the following actions:
  • File a police report.
  • Contact your bank.
  • Notify all of those with whom you have a financial relationship.
  • Tag accounts closed due to fraud, "closed at consumer's request."
  • Notify credit bureau fraud units.
  • Establish a password for telephone inquiries on credit card accounts.
  • Place a fraud alert statement on your credit report.
  • Request bi-monthly copies of your credit report until your case is resolved (free to fraud victims).
  • Report theft of checks to check verification companies.
  • Check post office for unauthorized change of address requests.
  • Follow-up contacts with letters and keep copies of all correspondence.

For additional help:

Report Fraud: 888-397-3742
Order Credit Report: 888-397-3742

Trans Union:
Report Fraud: 800-680-7289
Order Credit Report: 800-888-4213

Report Fraud: 800-766-0008
Order Credit Report: 800-685-1111

More information about Identity Theft and how to avoid it can be found at the Federal Trade Commission Website

Accordion 9
 Consumer Protection- Regulation E
 Regulation E provides rules for error resolution and unauthorized transactions for electronic fund transfers, which includes most transactions processed online. In addition, it establishes limits to your financial liability for unauthorized electronic fund transfers. These limits, however, are directly related to the timeliness of your detection and reporting of issues to TCSB. It is for this reason that we encourage you to immediately review periodic account statements and to regularly monitor your account activity online.

The "Electronic Fund Transfers" disclosure provided to you at the time of account opening provides detailed information. We will provide to you, upon request, a free printed copy of this disclosure.

Additional Information for Business Users of Online Services
The new FFIEC Guidance takes note that business transactions, because of their frequency and dollar value, are inherently more risky than consumer transactions. The Guidance also notes the steep rise of online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.

Recently, small to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.

The FFIEC Guidance suggests enhanced controls for businesses:
Business customers should be encouraged to perform a periodic risk assessment and an evaluation of the effectiveness of the controls they have in place to minimize the risks of online transaction processing.
The password, website, computer and network tips above provide a starting point for this process and the web resource links provide additional detailed information.|

The FTC Business Center has a great deal of information for businesses at Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.

Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verifications), fraud detection and monitoring systems, and IP reputation–based services. The Guidance encourages establishing layered security processes.

Helpful Links:

On Guard Online 
Stay Safe Online 
FTC Consumer Alerts and Tips 
Recent Scams 
Tips To Avoid Being A Victim 

Mobile Banking Safety Tips
Mobile banking. . .is it safe? Yes. Should you take precautions? Yes.;
It’s no surprise that mobile banking keeps rising in popularity as it offers customers added convenience and flexibility to do their banking. It is important to be aware of the cyber threats that face new banking methods. By taking proper precautions, mobile banking can be a safe and convenient way to manage your accounts. Help us keep your financial information safe by asking yourself the following questions.
  1. Is my account safe? One of the biggest advantages to mobile banking is the convenience it brings to monitoring your accounts. When you start banking on a mobile device, your most frequent action should be to check your accounts to ensure no fraudulent transactions appear.
  2. Is this link safe? Phishing scams are common in both email and text messages. Never click on links you receive in a text message that come from unknown numbers. If you receive an email that appears to be from your bank, look closely to make sure it is actually from the bank before clicking on any links.
  3. Is my network secure? You should never conduct mobile banking over a public Wi-Fi connection. Use a secured private Wi-Fi connection, or switch to cellular data to conduct banking.
  4. Is this banking app official? Before downloading a mobile banking app, check the bank’s website to see if it is promoted by the bank. If it does not appear on the website, it is possible that it was not sanctioned by the bank.
  5. Are my other apps safe? Only download apps from your device’s app store. Apps are scanned for malware before they are made public. Android devices allow users to download from external sources, however, and these apps could be corrupted by malware. Beware of apps that ask for unnecessary “permissions”.
  6. Are my apps up-to-date? Apps are frequently updated to fix bugs and provide added security. Make sure you have downloaded the latest updates to your app to ensure your device is secure.
  7. Is my device secure? Use the security measures that come with your mobile device. Set a passcode to your device, so if it is lost or stolen, someone will not be able to gain access to your information.
  8. Have I changed my password lately? Passwords should be changed frequently. We suggest every few months.
  9. Did I log out? When you finish your mobile banking, make sure you log out of your account.
  10. Is anyone watching? The most basic form of information theft is observation. Be aware of your surroundings and be sure you don’t have any “shoulder surfers” when you’re punching in sensitive information.
  11. See something suspicious? If you suspect fraud, report it to your bank immediately.
Also, please avoid using your mobile device for storage. Don’t save sensitive information like passwords or a social security number on your mobile device.