Security Statement

 

When you bank with us, your security is our highest priority. As such, whenever you enter a branch, use our ATMs, call us on the phone, or use our online banking portal for your banking needs, we verify your identity using various methods including asking things only you know, or by verifying you with something you have in your possession. For example, we may ask you about previous banking transactions, we may require a password, or we may require you enter a code from a security token, all in the interest of ensuring an unauthorized person does not gain access to your account.


To protect yourself, it is important that you not share these personal pieces of information with others, including your account number, passwords, PINs, etc. The Bank will NEVER call, email or text you to ask you for your account number, PIN, or password to your account. If you receive this type of correspondence, it is likely a scam and should be reported to the Bank and law enforcement!


Your security is important to us. As such, all online banking transactions containing confidential information are protected by 128-bit secure sockets layer (SSL) encryption. To protect your data, look for sites that start with “https” (rather than “http”) and have a lock in the lower right corner of your screen before entering your user ID, password, and confidential information. To ensure your security, we recommend never clicking links sent to you in email or text messages.


Collecting Information: At Hampton Roads Bankshares, we may collect certain information from you such as personal information entered in forms, applications, or online fields. We also may collect information about your computer, browser, and browsing habits, to include Internet Protocol (IP) address, domain name, Internet Service Provider (ISP), system configuration, and settings. This information is used to make your Bank browsing session more efficient, and/or for Bank marketing campaigns.


Cookies: Cookies are pieces of information stored on your computer used to identify you for security purposes, to facilitate browsing, and to personalize your experience on our website. If you have an account with us and access your account through Online Banking, we may store your information during the browsing session to increase security.


Firewalls: At Hampton Roads Bankshares, we use firewalls to help ensure your confidential information is not accessed by unauthorized individuals. All transmissions not meeting our firewall criteria are prevented from accessing our network.


Security challenge questions and pictures: In order to protect your information, the Bank may ask you to select questions and enter responses to those questions prior to accessing your online account. You may also select a picture that will appear on your online banking website when you enter our secure site. Both these measures increase the likelihood that only you will have access to your online account. The picture ensures that you know you are on our website, not on a fake website.


Linking to other sites:
We may provide links to external (non-Bank) websites. When you leave the Bank’s website, you will be prompted with a disclaimer to let you know you are leaving the site; please be sure to check the external website’s privacy and security policies. The Bank is not responsible for your privacy or security on these sites, nor can we guarantee the accuracy or reliability of these sites.

 

Frequent attacks: In this section, we briefly describe some frequently-used attacks on customers of banks. Please be aware of these threats, and protect yourself by always verifying the source and calling your local branch if you suspect fraud.

 

  • Phishing/email fraud: Phishing is a common attack method where attackers attempt to acquire information such as account numbers, passwords, credit card details, etc. by masquerading as a legitimate and trustworthy source. Phishing emails often have attachments containing viruses (which may infect your machine and cause it to send your data to the attacker) or links to phony websites where you may be encouraged to enter your personal information.
    • Preventing fraud: The Bank will NEVER ask you for your user ID, account number, or password through email. If you receive an email that asks for this type of information, or encourages you to call a number, click on an attachment or link to enter this information (or reactivate your account, verify your information, etc.), call your local branch and report the email and delete the email.

  • SMiShing: a variation on phishing, where phony text messages are sent to customers to gather information; these may also contain links to phony websites or encourage you to call a phone number to enter your personal information.
    • Preventing fraud: The Bank will NEVER ask you for your user ID, account number, or password through text message. If you receive a text message that asks for this type of information, or encourages you to call a number, click on an attachment or link to enter this information (or reactivate your account, verify your information, etc.), call your local branch and report the text message and delete the text message.

  • Web site fraud: Often an attacker will create a fake website that looks similar to the legitimate version of the site, or will use a URL that is similar to a legitimate URL but is slightly misspelled or different.
    • Preventing fraud: Always type URLs yourself rather than clicking on links embedded on other websites or in emails or text messages. Watch for signs of fake websites, including grammar mistakes, spelling errors, broken links, or a missing lock in the lower corner of the site.

  • Spyware, viruses, and pop-up advertisements: Spyware and viruses are malicious software applications that seek to gather information about you or infect your machine to point you to malicious websites, record keystrokes, or show annoying pop-up ads that may contain more spyware or viruses. Viruses can cause major headaches on your machine and with your personal information. They may also get into your address book and send emails from your address.
    • Preventing fraud: Never open emails or attachments to emails if you do not recognize the sender or if the context of the email is suspicious. Protect your computer with the latest anti-spyware and anti-virus programs and signatures. Protect your computer with a firewall. Update your operating system and software applications with the latest security patches and service packs.
    • Zeus: Zeus (or zbot) is a Trojan virus that targets Bank customers to steal their online banking credentials. The virus incorporates a keylogger to steal the user's keystrokes as he/she is typing them into various sites, including banking sites. Once the criminal has stolen the user's credentials, he/she is able to log into the user's bank site and make transfers or create illicit ACH transactions to unauthorized accounts. Zeus is often spread through phishing emails or by "drive-by downloads" (unintentional downloads that occur when installing infected ActiveX controls or Java applets, e.g., or when visiting an infected website). Zeus is extremely hard to detect using virus software. We recommend that you do your online banking on PCs that are used only for banking, rather than using PCs that are also used for email and internet surfing, to avoid being infected by this virus. For business customers, we require that you perform certain transactions on dedicated PCs (as determined by your contract with us).

  • Social engineering: Attackers posing as Bank personnel, either over the phone or in person, and attempting to trick the customer into providing personal information to the attacker.

    • Preventing fraud: Be cautious of those claiming to be Bank personnel. The Bank may legitimately call you occasionally for business purposes; however, if you are unsure the Bank person is legitimate, call the Bank directly using a published phone number, and ask to speak to someone in customer service or to the person who called you.