Protecting You & Your Information
Cybersecurity and identity theft are hot topics in the financial industry. Flatirons Bank has invested heavily in systems and processes to ensure we’re doing our part in keeping your personal information and assets secure. Flatirons Bank will never ask you for account numbers or passwords by phone, email, or text. If you receive a suspicious email, text, or call claiming to be from Flatirons Bank, please hang up and call us at 303.530.4999.
Find helpful information below about security for both consumers and businesses.
Website
Flatirons Bank uses a ".bank" web address for a more secure and trusted web browsing experience. The .bank domain is only available to verified financial institutions, providing their customers greater protection from fraud, phishing attempts, and fake websites.
You'll notice that when you have started an online banking session, the URL will include "https" in green or the image of a closed lock. This means that the website’s security certificate has been verified and it is safe to proceed.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a validation method that requires the user to provide two or more verification factors to gain access to a resource such as an application, email or, bank account. Rather than asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of fraudulent activity.
Consider MFA not just for your bank accounts, but also for your email accounts and other online transaction accounts.
Secure Your Accounts
Consider adding extra security to your accounts:
- MFA – Enable MFA in online banking and mobile banking for an extra layer of security.
- Creative Passwords – Password strength is directly related to the length of the password. Try using different passwords for each login or different passwords for banking than social media.
- Consider a Passphrase - A passphrase is like a password, but longer and more secure. It’s an encryption key that you memorize. To create a passphrase, do the following:
- Add words to create a phrase - ilovetoread
- Be a little more specific - ilovetoreadweliveinboulder
- Add capitals for emphasis - ILoveToReadWeLiveInBoulder
- Use special characters or numbers (@, $, !, &) to replace a letter or two. You can also add an extra character such as an ! at the end. ILOVEtoreadWeL1veInBoulder!
- Account Alerts – Setting up account alerts to show new logins, password changes, or account changes is a great way to help monitor for account takeover.
- Patching and Updating – Enable automatic updates for all of your devices. You should always run the latest versions of software on your computer (Mac or Windows) mobile devices (iPhone and Android) and your software or apps installed on those devices.
- Reputable Software – Always download software from reputable sources: Apple App Store, Google Play, or Windows Store.
- Security Software – On any of your devices, it is a good idea to run anti-virus software. Configuring firewalls, spam filters, and privacy protections are good practices on all of your devices.
Email Correspondence
Email is such a powerful and efficient communication tool, but with it comes an additional degree of risk. We ask that you never email us any personal information such as social security number, date of birth, or account numbers without using a secure email service. If you need to send information to us securely, contact us at 303.530.4999 to receive instructions on how to access our secure portal. Bank employees will not email personal information to you without using secure email.
Social Engineering
In a social engineering attack, an attacker uses human interaction to manipulate a person into disclosing information. People have a natural tendency to trust. Social engineering attempts to exploit this tendency to steal your information.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website Spoofing
- Phishing Emails
- Phishing Phone Calls
Website Spoofing
Website Spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.
- Look at the URL of the website. A website may look legitimate, but the URL may have a variation in spelling or use of a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure connection. Verify that the web address begins with “https://” (the “s” is for secure) rather than just “http://”.
- Avoid using a website when your browser displays certificate errors or warnings.
Phishing
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are typically carried out through email, instant messaging, phone calls, or text messages (SMS).
- Delete email, text, and social media messages that ask you to confirm or provide sensitive information. Flatirons Bank never asks for sensitive information this way.
- Beware of visiting website addresses sent to you in an unsolicited message. Type the web address into your browser instead of clicking the link.
- Try to independently verify any details given in a message directly with the company.
- Do not open attachments from unknown senders or unexpected attachments from know senders.
- Be cautious of the amount of personal data you make publicly available through social media and other methods.
Safety Tips for Cards and ATMs
- PINs are like passwords, commit them to memory and never share.
- Always shield your PIN from view when using it.
- Always be aware of your surroundings and who is watching you.
- Look for signs of ATM tampering. Before using an ATM or a point-of-sale terminal (grocery store, gas stations, etc.) try wiggling the keypad or card slot. If anything seems loose, don’t use the device.
Lost or Stolen Card
If your card is missing, let us know immediately. We'll help minimize your loss and send over a new card right away. To report a lost or stolen card, call us at 303.530.4999.
Report Fraud
If you suspect fraud on your account, let us know immediately. We’ll help minimize your loss. To report a lost or stolen card, call us at 303.530.4999.
Change Your Online & Mobile Banking Login
If you wish to make a change to your login or accounts, please contact us. Username and password information may be deleted upon request. Information such as your usage history, account information, and banking activity will be retained in compliance with regulatory guidelines.
We will only accept, see, and delete data requests made through the form below or by calling us at 303.530.4999. We will accept correction requests by email at clientservice@flatirons.bank or by calling us at 303.530.4999.
Complete the form below to request deletion of your username and password data. We will call you at the number provided to verify your identity prior to deleting information.
Additional Resources
When it comes to protecting your identity and your assets, you can never be armed with too much information.
- Tips to help you stay safe and secure online: Consumer Information from the Federal Trade Commission
- Identity Theft recovery steps: IdentityTheft.gov
- Take advantage of your annual free credit report: AnnualCreditReport.com
- Cybersecurity resources for your home and business: Better Business Bureau