Online Security & Privacy
At Bank OZK, protecting your information and assets is top priority. As fraud schemes evolve and become more sophisticated, the best way to be safe is to stay informed about the current trends.
Bank Safely Online
Here are some proactive tips for keeping your bank account safe:
- Don’t leave personal items like your wallet or purse in your car.
- Don’t leave outgoing mail in your mailbox with the flag up. It is a notice to thieves that you may have checks in your mailbox.
- Don’t write down PIN’s or logins. Memorize them.
- Put a password on your account that only you know.
- Use caution with public unsecured Wi-Fi. Criminals may be waiting to access your device.
- Notify your bank as soon as you think your identity may have been compromised.
Online Banking Security
Bank OZK’s online banking systems bring together a combination of industry proven security technologies to protect data for the bank and for you, our customer. Some of these features include transmission security, which addresses the need to keep unauthorized agents from intercepting and/or deciphering the transmission of customers’ encrypted data while it travels between the customer’s computer and the Bank OZK (“Bank”) server environment and various other state of the art security technologies working behind the scenes to help insure your data remains safe.
“End user” will be used to signify an authorized customer using software for the benevolent purposes it was intended and “agent” will be used to signify a person whose goal it is to exploit a software application for some negative end.
THREE STRIKES AND YOU’RE OUT!
If an agent attempts unauthorized entry into a customer’s account by trying to guess a Login ID and password, the customer’s Bank OZK Online Banking account will be disabled on the third incorrect login attempt, thus invalidating the Login combination. The disabling and/or destruction of the password keeps an unauthorized agent from running a brute force attack, which uses an application that will run through millions of possible passwords eliminating the invalid ones until it arrives at a match. In this scenario, to guard against unauthorized use of a customer’s Login ID and password, Bank OZK Online Banking system disables the password indefinitely until the customer calls the Bank and requests the associated Login ID and password to be reset, or the customer clicks the “receive a new password” link to have a temporary password sent to the email address on file with the Bank. A customer will also trigger this security feature by unintentionally misskeying a password three times. In this situation the customer will need to call the Bank to reestablish the password for the locked account(s). For example, a common mistake made by end users is having the caps-lock on while keying in a password. Since the password is case sensitive and an end user cannot actually see the characters being typed, it is easy to think the password is being typed correctly when the caps-lock is engaged.
SUGGESTIONS FOR PASSWORDS
A password and Login ID provide security against unauthorized entry and access to customers’ accounts. Passwords should not be easy to guess; for example, children’s or pet’s names, birth dates, addresses or other easily recognized identifications should be avoided. Combining cases (utilizing upper and lower case) within your password as well as combining alpha, numeric, and special characters is a good security precaution in selecting a password.
TRANSMISSION SECURITY
End-users must use later versions of Mozilla Firefox, Safari, Google Chrome and Microsoft Edge to access the Bank’s Online Banking application. The later versions come equipped with Netscape developed encryption technology known as Secure Sockets Layer, commonly referred to as SSL. SSL’s specific function is to manipulate data into an unreadable format as it leaves the end user’s computer. The temporary scrambling of data in transit is referred to as ‘encryption.’ In the unlikely case that an agent should intercept the data in transit, the encryption makes the data unreadable to a human. Furthermore, data in transit is split up into packets that travel separately and are not reorganized until they filter through the Bank's router and firewall. The Bank also uses multiple measures to ensure data is encrypted and subsequently decrypted in a secure fashion. The use of electronic keys that lock data as it is transmitted and unlock the data once received and passed successfully through the Bank’s firewalls is just one example.
Public email is not always a secure process, as data is not always encrypted as it travels over the public Internet, and it can be intercepted by third parties. Please be careful not to provide information in a single message that would allow an agent to log onto your account. Full account numbers should not be included in an email. If an account must be referenced, reference it by only the last four digits. Bank OZK will never request a customer’s password for any system and encourages customers to never share passwords.
Identity Theft
More than 27 million Americans have experienced identity theft, and that number is growing every year. Just as your home, automobile or personal safety can be at risk from criminals, so can your financial information. Bank OZK has substantial security measures in place to protect your identity and accounts.
Our Online Banking System uses an Internet server completely separate from the Bank's mainframe computer. The Online Banking System also uses the latest industry technology including password-controlled entry, secure sockets layer (SSL) protocol, data encryption, public-private key pair, firewalls and filtering routers. Each component acts as a secure layer of protection to safeguard all data.
Tips to protect yourself against identity theft:
- Do not share personal information. Never give your passwords, PIN, checking account and credit card numbers or Social Security number to anyone unless you know the person or the organization. Bank OZK will never ask you for this type of sensitive information via email or during a phone call that we initiate without your request.
- Shred financial solicitations, bank statements or other papers containing personal information before disposing of them.
- Put outgoing mail into a secure, official Postal Service collection box.
- If you stop receiving your bills, call the companies generating the bills to find out why.
- Carefully review all account statements and investigate immediately if your bills include questionable items or charges.
- At least once a year, contact the major credit reporting companies to review your credit report and make certain the information is correct.
- For more information, including steps to take if you become a victim of identity theft, visit the Federal Trade Commission's website at www.ftc.gov.
Phishing
Phishing (pronounced 'fishing') is a scam employed by cybercriminals to trick you into providing them with personal information that could be used to steal your identity. Bank OZK will never ask you for sensitive information via email or during a telephone conversation you did not initiate or request.
The scam usually works like this: You receive an email that appears to come from a reputable company - one you recognize and possibly do business with - like your Internet provider, a bank, credit card company, government agency, etc. The language in the email will be designed to make you think you must respond immediately to solve a problem with your account, avoid cancellation, claim a valuable prize, etc. Most likely you will be asked to update or validate information - account number, password, Social Security number or other information that can be used to verify your account. You will be encouraged to click on a button to go to the organization's website. Don't do it!
If the email you received was part of a phishing scam, the link provided would take you to a fake website that looks just like the real thing. Or, it may actually be the real website, but will include pop-up windows designed to gather your personal information. Another objective of this scam may be to infiltrate your computer with a virus or software designed to spy on your Internet transactions.
It's never a good idea to open an email attachment you did not request or one from an unknown sender. And, you should never provide confidential information in response to an email or call you did not initiate.
If you are concerned about your accounts as a result of receiving an email, visit the company's website directly (don't cut and paste the address in the phisher's email), or call to find out if there is a problem and let the company know you received the email.
Vishing
Vishing, also known as voice phishing, is a type of cybercrime that uses the phone to steal personal information. In a vishing attack, cybercriminals attempt to persuade victims to provide personal information, typically with the goal of accessing financial accounts. Bank OZK will never ask you for sensitive information via email or during a telephone conversation you did not initiate or request.
Cybercriminals using Vishing scams will often attempt to impersonate a legitimate business such as a financial institution. Some criminals may even use personal public data they have found to make the call seem more legitimate. Steps to take to ensure you do not fall victim to a Vishing scam:
- Never reveal your personal, confidential information over the phone especially on a call you did not initiate. This includes account numbers, usernames, passwords, and other information that should be kept private.
- If you feel the call you have received could be a vishing attempt, ask for the caller’s name and collect the phone number used. Then, call the organization using a verified contact number to validate if the call was legitimate. If it was not, report the call to the organization.
Smishing
Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. Criminals want the victim to open a link within the text message, which leads to tool prompting them to disclose their personal data. This tool often comes in the form of a website or app that poses under a false identity. These schemes require very little beyond your trust and a lapse in judgment and are often successful as most people have a smartphone that is used on the go, often when you’re distracted or in a hurry.
How to prevent being a victim of a Smishing attack:
- Be mindful of messages that contain a link. While there are some times you will receive a legitimate link in a message, never click on it unless you were expecting it and are sure it is legitimate.
- Do not respond. The best option is to delete the message. Even prompts to reply like texting “STOP” to unsubscribe can be a trick to identify phone numbers.
- Remember, legitimate institutions don’t request account updates or login info via text.
Spoofing
Everyday there are people attempting to identify themselves as companies to gather personal information by spoofing customers. Spoofing is when someone takes on the identity of another person to gain access to financial information, but often, those same spoofers take on the identity of companies to first get your personal information.
Spoofers will try to present themselves as Bank OZK through imitating emails, phone numbers, and even text messages. Often, they will contact you with urgency requesting login information or demanding a call to verify account information claiming to be Bank OZK by using a familiar number. Best practice to avoid spoofing:
- Never click links through unsolicited text messages and only use the verified Bank OZK banking app.
- Know that numbers can be spoofed to be presented as Bank OZK.
Deepfake AI
Deepfake AI (Artificial Intelligence) is false information presented in a formal format through social media to grab the attention of customers by using audio files and pictures that have been manipulated. This is a common practice but with new technology, cyber criminals are now able to digitally mirror information adding their twist to it.
With this technology, false information can be posted about Bank OZK to push customers away. The best way to protect yourself from acting on false information is to always verify through trusted Bank OZK channels. If you see information anywhere other than a verified Bank OZK site, contact your local branch or Bank OZK customer service department with any questions and concerns you may have.
Check Fraud
There are many different ways to commit check fraud, but one of the most common is when criminals use forged checks to purchase merchandise or services. In some cases, victims are instructed to deposit fake checks and send a portion of the funds to another person. After the funds are withdrawn, the check is returned leaving the victim at a financial loss.
Protect yourself by watching for the following red flags:
- The amount of payment for the item or task is inflated
- The issuer of the check is unknown to you
- You are asked to withdraw the funds quickly and send it to someone else
Email Compromised
Businesses are common criminal targets. In many cases, fraudsters target employees with access to company finances and con them via email into making wire transfers into accounts that look like they belong to the company or a trusted partner, but are actually controlled by the criminal.
Techniques used to perpetuate this crime include spear-phishing, social engineering, identity theft, email spoofing, and use of malware.
Follow these best practices to help protect your business:
- Protect your computer network to prevent intrusion
- Verify email changes in wiring instructions by phone
- Verify new email requests for wires by phone
- Provide training to employees on how to protect company-issued computers and cell phones
Businesses who fall victim to a wire fraud loss from a compromised email request can file a complaint with the FBI at https://www.ic3.gov.
Employment Scam
Some criminals create fake job opportunities and use the application process as a way of collecting personal information from victims. Other criminals go one step further in offering applicants jobs and then requesting the victim send funds to pay for supplies, credit reports, software, or equipment.
Both of these schemes are more common with online job applications and work-from-home opportunities.
Watch for the following red flags while job hunting:
- The pay for the job is higher than expected
- The job description and requirements are vague
- You are expected to send money to someone you don’t know
- You are not able to find information about the company in online searches
- They ask for your bank account information or login
Lottery Scam
Criminals sometimes contact people by phone, email, or text congratulating them on winning a lottery, sweepstakes, or contest they did not enter. The message usually states that to receive the winnings you must first pay the taxes or another type of fee in advance. They then give instructions to mail or wire the payment to an individual.
If you find yourself in a winning situation, prevent it from becoming a losing one by being aware of the following:
- Taxes are typically deducted from lottery winnings, not paid up front
- Be extra cautious if you do not remember entering the lottery or contest
- Do not send funds to an unknown individual
Romance Scam
Criminals troll dating websites and social media for unsuspecting victims. They spend weeks, sometimes months, cultivating an online relationship and then begin making requests for assistance paying bills or helping relatives. Many times, victims become so invested in the relationship they are reluctant to believe it may be a scam.
Look for the following red flags before falling in love online:
- You have not met in person
- Attempts to meet are postponed
- The person is usually out of the country or can’t be reached
- They ask you to send funds to an unknown person
- The reason for the funds transfer does not make sense
Let Bank OZK know immediately if you have lost or stolen checks or cards; if you feel your user ID, password or account numbers have been compromised; or if you notice any unauthorized activity associated with any of your Bank OZK accounts. These situations should be reported by calling (800) 274-4482 (Monday-Friday 7 a.m. to 7 p.m. CT, Sat. 7 a.m. to 4 p.m. CT), contacting us via our website or stopping by your nearest branch.
The Bank OZK Online Security and Privacy resources are intended for general information and educational purposes only. They do not claim to be comprehensive, or to provide legal advice and should not be treated as a substitute for professional legal advice on individual cases on computer-related events
Let's Connect
Need assistance with something? Our Customer Care Team is available to help you Monday through Friday from 7am to 7pm CT and Saturday from 7am to 4pm CT.
By submitting this form, you agree to our privacy and terms.
Please do not enter any sensitive information such as SSN or account number in the form below.