Online Privacy and Security

Privacy

If an individual is just visiting us online, or utilizing any of our demos or financial calculators, we do not collect or capture any of their personal information. If they are a current customer, we use the information provided to validate their identity, establish their account, or provide the information they requested. We do gather data about our web site usage, such as number of hits, pages visited, and length of stay in order to evaluate the effectiveness of our site.

We do not market nor knowingly collect data from children. We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.

First Federal Savings Bank has provided external web addresses solely as pointers to information that may be useful to users. First Federal Savings Bank does not endorse or accept responsibility for any such web site.

If an individual chooses to send us an email, we may retain the content of the email message, their email address, and our subsequent response. NOTICE: because there is a risk that information transmitted via internet email could fall into the wrong hands, we suggest that confidential information, such as account numbers or social security numbers, not be transmitted via email. Instead, we ask that customers please contact our office directly at (574) 223-2128 or 800-422-3372.

The privacy of the communications between the customer (their browser) and our servers is ensured using cryptography. Cryptography scrambles messages exchanged between the customer's browser and our online banking server. Encryption happens as follows: When a customer goes to the sign-on page for online banking, their browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between the customer's browser and our server. After the keys are exchanged, their browser will use the numbers to scramble (encrypt) the messages sent between their browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received. The SSL protocol not only ensures privacy, but also ensures that no other browser can "impersonate" the customer's browser, nor alter any of the information sent. The customer can tell whether their browser is in secure mode by looking for the secured lock symbol at the bottom of our browser window.

It is also important to verify that only authorized persons log into home banking. This is achieved by verifying customers' passwords. When a customer submits their password, it is compared with the password we have stored in our secure data center. We allow them to enter their password incorrectly 3 (three) times. If they enter their password incorrectly three times, their online banking account will be locked until they call us to reinitialize the account. Customers are advised to never use passwords that are easy to guess, and never reveal their password to another person.

We provide a number of additional security features in online banking. Online banking will automatically "timeout" after a specified period of inactivity in case a customer has left the PC unattended without logging out.

Should customers have any other questions about our policies, we ask that they please call us at 800-422-3372 or send us an email at online@firstfederalbanking.com.

Website Policy Statement

First Federal Savings Bank
Rochester, Indiana

Date Approved by the Board – June 13, 2012

First Federal Savings Bank is strongly committed to maintaining the privacy of our customers' personal information. If an individual simply chooses to visit our web site, then at no time is any information collected or stored about that person. The following discloses our information gathering and dissemination practices for this site.

First Federal Savings Bank automatically collects and stores the following information about an individual when they send a request or inquiry over our web site:

• The date and time the request or inquiry was received
• The individual's Internet Protocol (IP) address, or the proxy address of their internet service provider
• The content of the request or inquiry received
• The content of any forms sent to our site

If an individual sends us email, we will not share that information with outside contacts unless it is necessary for us to do so in order to respond to the email or to carry out a request contained therein, or unless we are required to do so by law or court order.

Please remember that electronic mail is not necessarily secure. Persons should never supply sensitive information such as User ID or password via email. Customers are advised that if they question email supposedly sent by First Federal Savings Bank, they should contact us for assistance. First Federal will NEVER ask for confidential information via email.

First Federal Savings Bank sponsors this web site. Questions and comments regarding this site's contents, or concerns about how information customers may have provided us is used, should be directed to:

First Federal Savings Bank
P.O. Box 572
Rochester, IN 46975-0527

We may be reached via email at online@firstfederalbanking.com. Customers may telephone us directly at 800-422-3372.

We may call you

We protect the accounts of our debit card holders by monitoring ATM and debit card transactions for potentially fraudulent activity. If we should discover unusual activity with your card, we will immediately call you to verify whether or not the card is being used by you.

The kinds of activities that raise red flags include:

• The unexpected use of a U.S.-issued card overseas
• A sudden string of costly purchases
• Any pattern associated with new fraud trends around the world

If we call you, we will ask you to validate the legitimacy of your transactions. Your participation in responding to our call is critical to prevent potential risk and avoid restrictions we may place on the use of your card.

• Our automated call will ask you to verify recent transactions on your card
• You will use your touchtone keypad to respond
• You will receive a toll-free number to call if you have additional questions
• We will not ask for your card number, expiration date or PIN

You can call us

If you are planning to take a trip overseas or use your card in a way outside your normal pattern, please let us know your plans ahead of time so there will be no disruption in your service.

If you have any questions, please feel free to call us at 800-422-3372 or (574) 223-2128.

Do what you can to protect yourself

Please be diligent in monitoring transaction activity on your account and contact us immediately if you identify any fraudulent transactions. Here are some additional tips on protecting yourself from debit card fraud:

• Unless absolutely required for a legitimate business purpose, never give out your address and ZIP code, phone number, date of birth, Social Security number, card or account number, expiration date or PIN.
• In stores and at ATMs, always cover your card and PIN, and watch for cell phone cameras, mirrors, or other tools used to view cards and PINs, people watching your transactions, cashiers taking your card out of sight, or any unusual activity at ATMs. If you feel uncomfortable, go to another ATM.
• Online, never respond to unsolicited emails that link you to sites that may look legitimate but may collect data or put spyware on your computer. Also, never respond to any email that asks you to verify your card or account number. No legitimate business will ask for this information in an email.
• Beware of phone calls that, for whatever reason, ask for your card number, expiration date and PIN.

Identity Theft

Identification thieves steal personal information, such as a credit card account number, Social Security number or driver's license number. Then, they open accounts in a consumer's name and run up charges on the account, or they use the personal information to charge goods and services to a consumer's existing accounts.

The harm to a consumer's credit and daily life can be devastating. Victims of ID theft often have trouble getting new credit cards or loans because of the damage to their credit rating.

The most common types of identity theft are:

• Using or opening a credit card account fraudulently
• Opening telecommunication or utility accounts fraudulently
• Passing bad checks on your account or opening a new bank account using your identity

Guidelines to minimize your risk

Minimize the identification information and the number of cards you carry.

• Sign your credit cards immediately
• Promptly remove mail from your mailbox – deposit outgoing mail at the post office or post office collection boxes
• Do not attach a PIN or Social Security number to any of your cards
• Shred documents that contain credit card numbers, invoices, old bank statements, and the unwanted pre-approved credit offers
• NEVER give personal information or account numbers to anyone online or by phone unless you know the party you are dealing with
• Alert your bank or cardholder if you do not receive your statements. (Someone could have taken them from your mailbox or could have filed a false change of address notice so your mail would be diverted).
• Do not pre-print your driver's license or Social Security number on your personal checks
• Check your credit report periodically to monitor that new accounts have been opened, there has not been a change of address, or balances have not increased without your authority

If you suspect that you are a victim of identity theft

Quick action is the key. The following are some steps you should take in case you become a victim of identity theft:

• Contact the fraud departments of each of the three major credit bureaus and report that you have been a victim of identity theft. Ask that a "Fraud Alert" be placed on your file and that no new credit be granted without your approval.
  
  • Equifax: www.equifax.com 
  • Experian: www.experian.com 
  • Trans Union: www.transunion.com 
• For any accounts that have been fraudulently accessed or opened, contact the Credit Grantor or Financial Institution and request these accounts be closed. If you open new accounts, do not use passwords that contain a Social Security number or mother's maiden name.
• File a report with local police. Get the report number or a copy of the report for proof of crime.

Call the identity theft clearinghouse toll-free at 1-877-IDTHEFT (877-438-4338) to report the theft. Document these contacts with dates, names, and phone numbers for your records. The web site for identity theft is www.consumer.gov/idtheft, the central point of contact within the Federal Government for reporting incidents of identity theft.

Our Security Procedures

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Our Web Site

When visiting our web site, you do so without revealing who you are and without revealing any nonpublic personal information. However, by using the email feature on our web site to contact us, you are sending us your email address and perhaps other information that typically might include your name, mailing address and any other information that you might include in the email itself.

Unless otherwise indicated, your email transmission, and our response, are not secure and may be subject to interception. We ask that you do not send confidential information to us via email. If you want to send us nonpublic personal information like account or Social Security numbers, you should call us, send the information by regular mail or visit one of our branch offices. We will not obtain nonpublic personal information about you when you visit our web site unless you have chosen to provide such information to us. The information that you choose to send us by email is used internally only for the purpose of meeting your request or for contacting you directly. This information is not shared with any other organization.

Online Transactions

We utilize stringent security methods to ensure that your online banking and bill paying transactions remain secure and confidential. These methods include routers, firewalls, encryption, and password protection.

Use of Financial Calculators

When visiting our web site to use our financial calculators, the work and calculations that you perform are not stored in our records.

Hyperlinks

Links to other web sites from our web site are provided only as a convenience to you. We are not responsible for the content or accuracy of third-party web sites. They may collect data and personal information about you and you should review that privacy statement of a web site before you provide any personal or confidential information.

We reserve the right to change this policy at any time, without prior notice, by posting a new privacy policy.