Katahdin Trust Company logo

Privacy & SecurityOnline Banking Brochure Cover

Our commitment to your security also means we want to make sure you're educated about key ways to guard against fraud and identity theft.

Stay Informed. Don't let identity theft happen to you. Keep your personal information safe by staying alert.

  • Know the precautions you can take
  • Access your accounts securely online
  • Ensure that your computer is protected

We take every step possible to safeguard your personal information. We want you to understand what information we collect and how we use it. Click here to view our Privacy Policy.

At Katahdin Trust Company, the security of customer information within our Online Banking service is a primary concern. We are strongly committed to protecting the security and confidentiality of customer information, and we use the latest methods of security technology currently available to do so.

To protect the integrity and confidentiality of customer information and transactions, Katahdin Trust has taken security measure precautions at three levels.

  1. Customer information as it is sent from the customer's computer to the Web server.
  2. The environment in which the internet banking server and customer information database reside.
  3. Measures are in place to minimize the risk of unauthorized users from attempting to log into the online banking section of the web site.

Data security between the customer browser and our Web server is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption, server authentication, and message integrity for an Internet connection. In addition, SSL provides a security "handshake" that is used to initiate the connection. This handshake results in the client and server agreeing on the level of security they will use and fulfills any authentication requirements for the connection.

Currently Katahdin Trust Company's online banking application supports data encryption at a high level (128 bit). Most supported web browsers support 128-bit encryption by default. Check with your browser manufacturer's website for more information.

Requests for online banking information are passed on from the Web server to the Internet banking server. The Internet banking application is designed using a three-tiered architecture. The three-tiered architecture provides a double firewall, completely isolating the Web server from the customer information SQL database.

The World Wide Web interface receives SSL input and sends requests through a firewall over a dedicated private network to the Internet banking server. The World Wide Web interface is the only process capable of communicating through the firewall to the Internet banking server. Therefore, only authenticated requests communicate with the Internet banking server.

The customer information database is housed on a Microsoft SQL Server, which implements Microsoft NT security in addition to the firewall technology. The customer database is stored on a RAID-5 drive array, which provides uninterruptible data access, even in the event of a hard drive failure. Just as the World Wide Web interface is the only process capable of communicating with the Internet banking server, the Internet banking server is the only process able to send requests to the SQL database. Thus, the outside world is removed from the customer database by two dedicated private networks.

A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps will be taken automatically to prevent that account from being used.

Security concerns have been addressed from every angle within the architecture of the Internet banking application. Implementation of the SSL security protocol on the Web server and customer browser ensures authenticated data has been received from the customer. The three-tiered approach of the Internet banking application creates a double firewall which performs information requests over dedicated networks designed to handle specific functions. Placing all business logic and event logging within the Internet banking server creates a controlled environment which allows quick incorporation of Internet security technologies as they evolve. Finally, the security analyzer monitors login attempts in order to minimize the risk of unauthorized logins.

While anyone can fall prey to fraud and identity theft, many ways exist to minimize your risk.

Katahdin Trust Company will NEVER call, text or send emails asking you to provide sensitive banking information and you shouldn't respond to any attempts requesting that type of information.

It's important to always access our website by typing in the URL (www.katahdintrust.com) and never access the website from a link provided in an email.

  • Never give out your social security number, account number, or personal credit information over the phone unless you initiate the call to a number that you know is legitimate.
  • Tear up or shred receipts, bank statements and unused credit card offers before throwing them away.
  • Keep an eye out for missing mail. If a statement, check or bill is missing, someone may have changed your mailing address.
  • Don't mail bills from your own mailbox. Drop them in a post box or at the post office.
  • Review your monthly accounts regularly for any unauthorized charges.
  • Order copies of your credit report annually, and report and correct mistakes. Click here to view a free copy of your credit report.
  • Choose to do business with companies you know are reputable, especially on the Internet.
  • Keep your browser's padlock or key icon active when doing business online.
  • Don't open e-mail from unknown sources.
  • Use virus detection and anti-spyware software, and keep the definitions updated.
  • Protect your PINs (don't carry them in your wallet!) and passwords. Use a combination of letters, numbers, and special characters and change them periodically.
  • Don't carry your Social Security card in your wallet.
  • Report any suspected fraud to us immediately, and notify the fraud divisions of the three major credit bureaus: Trans Union (800) 916-8800, Experian (888) 397-3742 and Equifax (800) 525-6285.

Fraudulent websites often try to mimic legitimate sites so they can gather personal information for financial gain or identity fraud.

We urge you to be cautious when using Mobile Deposit to make your deposits. Following these guidelines is important to ensure the safety and integrity of your deposited items and to protect your bank account.

  • Always remember to treat your mobile device with the same care as you do your personal computer.
  • Avoid storing sensitive information like passwords and social security numbers on your mobile device.
  • Password protect your mobile device and lock it when you’re not using it.
  • Be aware of your surroundings. Don’t type any sensitive information if others around you can see.
  • Protect your phone from viruses and malware just like you do for your computer by installing mobile security software.
  • Download the updates for your phone and mobile apps.
  • Use discretion when downloading apps.
  • If you change your phone number or lose your mobile device, let us know right away.
  • Monitor your accounts regularly and report suspicious activity to us immediately.
  • Always sign off completely when you finish using online banking or the KTC Mobile app rather than just closing your browser.

Though the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. According to a Norton Cybercrime Report, 556 million adults worldwide were victims of cybercrime in 2012. Katahdin Trust Company recommends the following tips to keep you safe online:

  • Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.  Set strong passwords. A strong password is at least eight characters inlength and includes a mix of upper and lowercase letters, numbers, and special characters.
  • Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.  Forward phishing emails to the Federal Trade Commission (FTC) at spam@uce.gov – and to the company, bank, or organization impersonated in the email.
  • Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
  • Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
  • Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
  • Read the site’s privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects. If you don’t see or understand a site’s privacy policy, consider doing business elsewhere.

Malicious software, also known as malware, infects computers by keystroke logging or keylogging. This allows the criminal to obtain user ID and password, which leads them to information about account balances, activity and potential victim accounts.

What should the corporate customers do to protect themselves?

  • One of the most effective, yet basic, controls is for corporate customers to always initiate ACH and wire transfer payments under dual control. For example, one individual initiates the payment file creation and another approves the file for release.
  • The combination of dual control and the use of multiple factors to prove identity is very effective in preventing an attack. Multiple factors are more challenging to compromise. For example, the use of 1) something the person knows (PIN, password), and 2) something the person has (password-generated token, USB token) could mitigate the risk of an attack substantially.
  • Limit administrative rights on users' workstations. This will help to prevent the inadvertent downloading of malware or other viruses by users.
  • Ensure that the corporate customer's operating system and its components are up-to-date with current software 'patches.' For example, the use of the most current firewalls, malicious code filtering, virus protection and spyware removal software will aid in the control of network intrusion tactics.
  • Corporate clients should be reconciling their bank accounts daily. Many corporate clients, particularly small business clients, may not typically reconcile their bank account on a daily basis, or use treasury management services such as debit blocks or positive pay. Therefore, the entry will post and the two-day return time will have passed before the unauthorized debit is noticed.
  • Remember return time frames for CCDs (entries to corporate accounts) have a two-day return time frame for unauthorized entries. This time frame is distinct from entries to consumer accounts, such as PPDs, which have a 60-day return time frame for unauthorized.

MALWARE is malicious software designed to infiltrate or damage a computer system without the owner's informed consent. The damage can be any form of a variety of hostile, intrusive, or annoying software or program code. Malware includes computer viruses, worms, trojans, most rootkits, spyware, and other malicious or unwanted software. Many trojans now have remote administration capabilities that allow the perpetrator to control the victim's computer.

ROOTKIT is a program or combination of several programs designed to hide or obscure the fact that a system has been compromised. A fraudster may use a rootkit to replace system executables, which may then be used to hide processes and files that the fraudster has installed.

SPYWARE is software that is installed surreptitiously on a computer to intercept or take partial control over the user's interaction with the computer without the user's informed consent. While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, but can also interfere with user control of the computer in other ways, such as installing additional software, or redirecting web browser activity.

TROJANS are programs that appear to have some useful purpose, but in actuality contain malicious functionality. Trojan software hides its destructive portion during installation and program execution, often preventing anti-malware from recognizing it

Fight identity theft by monitoring and reviewing your credit report. View a free copy of your credit report now. It's quick, easy and secure. Click here to view your credit report.

Community Banking, since 1918.