Skip to main content

The safety and security of your finances is a primary concern for GRB.  Check this page if you need to report a stolen debit card or need information on eliminating the risk of fraud.  Use the QuickLinks below to find what you need.

 

Lost or Stolen Cards

If your GRB debit card is lost or stolen, please contact us in one of the following ways:

  • During business hours, call 585.663.8930
  • After business hours, call 800.417.4592
  • Login to GRBonline and go to Account Options > ATM/Debit Card to deactivate online

Fraud Alerts

Traveling Outside the U.S. and Canada?  Let GRB Know!

Prevent fraud when traveling graphicEffective April 2017, GRB is blocking ATM and Debit card transactions originating outside the U.S. and Canada to help reduce the risk of fraud.  In order to ensure uninterrupted card access when travling, please contact GRB prior to your trip.  We can update your account to allow ATM and debit card transactions to select countries during your travel timeframe.  This will ensure your card access remains uninterrupted. 

We feel this additional verification process will help ensure that our customers are able to remain safe and secure when using their cards.  Please contact our customer service team at 585.249.1540 or stop in at a branch to make arrangements when you travel.

If at any time you suspect your cards may have been compromised, please contact our Fraud Center at 800.417.4592.

Fraud Prevention Service

When our systems detects potential fraud, you will be contacted in the following manner:

  • When potential fraud is detected, you will receive an automatic email notification from Genesee Regional Bank with the option to reply with “fraud” or “no fraud.”
  • One minute after the email, you will receive a text alert from 32874 between 7 a.m. and 9 p.m. EST which also has the “fraud” or “no fraud” option (*SEE BELOW).
  • If there is no response received from you, five minutes after the text alert you will receive automatic phone calls to confirm or deny fraud.

Remember – our messages will never ask for your PIN or account number.

* The phone number for our Fraud Center is 800.417.4592. Add this number to your phone contacts and label it “GRB Fraud Center,” it will display whenever you get a call from this number.

FBI Issues Warning About "CEO Fraud"

The FBI recently released a warning about a significant increase in scams known as “CEO Fraud.” This type of fraud usually involves thieves gaining access to an executive’s email (by phishing) or impersonating the executive by using a similar email address. The thieves send emails to company employees giving the appearance of providing legitimate wire transfer instructions.

Read more from Krebs on Security

Here are some ways you can protect your accounts:

  • Educate employees that are involved in sending wire and ACH transactions
  • Incorporate verbal confirmations of such transfers into your procedures
  • Be suspicious of any emails from unfamilar or unknown sources, specifically those with links embedded. Educate employees not to click on these links
  • Be careful what your company posts on social media or your company website that specifies job descriptions/functions or hierarchical structures
  • Set up a company website domain and establish company email accounts instead of using free, web-based solutions.

Please contact your Relationship Manager or a Commercial Relationship Associate promptly or call us at 585.249.1540 if you think you may have been the victim of fraudulent activity.

Ransomware Attacks on the Rise

Link to more info on risks of Ransomware from the American Bankers Association (ABA)

The American Bankers Association has released a new infographic to help customers understand, identify and protect themselves from ransomware -- a type of malicious software attack that freezes computers and mobile devices until the victim pays a sum of money (ransom) to the attacker to release their files.  The FBI estimates that more than $1 billion will be lost to ransomware attacks in 2016.

To combat the threat of ransomware, consumers are encouraged to use caution when opening emails or attachments they don’t recognize, back up their files, use popup blockers to avert unwanted ads and malware and keep operating systems security software up to date. Businesses should also take proactive steps against ransomware by educating employees, managing the use of privileged accounts, having a data backup and recovery plan for all critical information and alerting law enforcement when faced with a possible attack.

Learn more about ransomware from the ABA.

EMV "Chip Card" Replacements

GRB is replacing its magnetic stripe cards with new chip-enabled debit cards (also known as EMV cards).  EMV cards are a powerful new tool in the reduction of fraud and identify theft.  Below are common questions about how these cards work and how they provide a more secure purchasing experience:

Image of the new EMV Chip Cards being issued to GRB customersWhat is an EMV card?

EMV (chip) cards provide an added layer of security for in-person transactions with an embedded microchip that contains encrypted information and is harder to duplicate and counterfeit.

Which GRB cards are being replaced?

All GRB-issued cards will need to be replaced.  Currently, we are starting with HSA cards and will move to the other debit cards progressively.

If I have multiple cards from GRB, will I receive them at the same time? 

We are doing a progressive rollout, so most customers with multiple cards will see a staggered delivery of their new chip cards.

How do I use the chip card?

Merchants have special terminals that support EMV cards.  To use these terminals:

  • Insert the card chip first, facing up.
  • Leave your card in the reader until the transaction is complete.  Removing it too soon may result in the transaction not being processed correctly.
  • Follow the prompts at the terminal if your PIN is required.  This validates the transaction.
  • When your transaction is complete, remove the card from the reader.

What if a store does not have the new chip-reader terminals?

Your card still has a magnetic stripe that can be used to process transactions until merchants complete the process of transitioning to the new chip-embedded cards.

Are there any additional fees associated with EMV cards?

There are no additional costs to have or use the chip card.  Replacement fees may apply for lost or stolen cards. 

Will my EMV card work at all ATMs?

Yes, your new card will work at both chip-enabled ATMs and ATMs where only magnetic stripe transactions are processed.  Follow the instructions provided on the screen.  Chip-enabled ATMs will hold the card until the transaction is complete.

Is a PIN required for in-person transactions?

You may be asked for your PIN when using the EMV card in person.  If a PIN is not requested, you may be asked to sign a receipt just as you do today.

Can I continue to use my old card?

No, the EMV card replaces your old card.  Please destroy your old card.

Can I get my old cards replaced with EMV cards earlier?

Yes, we are happy to replace older-style magnetic stripe existing cards with chip cards upon request.

If you have additional questions, please contact our service team at 585.218.4280.

Security Manager 

Effective immediately, GRB introduces Security Manager, a text-based authentication feature that verifies certain types of BillPay and Bank to Bank Transfer activity on personal (not commercial) accounts. 

You will receive a pop-up message when you login to GRBonline requesting your cell phone number.  Follow the steps as prompted to enroll in Security Manager.  Once enrolled, you will receive a prompt to enter a code whenever you initiate BillPay to a new, check-based recipient or set up a transfer to a new outside bank. This provides an additional layer of security against unauthorized transfer attempts on your accounts.

Security Manager does not impact cash management customers or BillPay/Bank to Bank Transfers on GRBmobile. As with all customer information, your phone number and carrier information will not be shared, per GRB's Privacy Policy

Please contact one of our branches if you have questions.

How GRB Protects Your Information

GRB is committed to protecting the personal information of our clients. GRBonline uses several different methods to protect users' information, including multifactor authentication, secure tokens, and anomaly detection software. Additionally, all information within GRBonline uses the Secure Socket Layer (SSL) protocol for transferring data. SSL is a cryptosystem that create a secure environment for the information being transferred between your browser and GRB. All information transferred through GRBonlinehas 128-bit encryption; the highest level.

GRB will never request personal information by email or text message, including account numbers, passwords, personal identification, or any other confidential customer information. Fradulent emails may be designed to appear as though they originated at GRB. DO NOT respond to any email that requests personal or confidential information and do not click on any links in such an email. 

If we contact you, it will be done in a manner that protects your personal information and we will clearly identify ourselves. If you contact us, we may ask verifying questions.

Safely Managing Your Online Transactions

As more and more of our financial transactions move online, fraud and identity theft are becoming an even more significant threat to financial institutions, businesses and individuals alike.  Cyber crime is always evolving and criminals are always looking for new technologies, and scams to secure information and data that can be used to attempt fraudulent activities.  Whether you are a business user or individual customers, it is important that you remain vigilant regarding your use of the online environment to conduct financial transactions.  This information is also provided to help you understand how GRB will conduct business in the event we need to contact you regarding your accounts:  

The following represents GRB's standard business practice regarding your online transactions:

GRB will never email, call, or otherwise ask you for key account information (i.e. username, password, electronic banking credentials, etc.).  No matter how "urgent" the email may seem, resist the temptation to respond to it and provide any kind of account or personal information.  If you ever have any questions about a request, please contact GRB directly. 

GRB also encourages its clients to protect themselves and their identity by following best practices for online security, including:

  • Choose a secure user name password that utilizes a combination of lower and upper case letters, numbers and symbols.  It is also advisable to avoid using words from the dictionary 
  • Select different passwords for multiple accounts, don't use the same password for everything
  • Change your passwords frequently
  • Keep your user name and password secure.  If you must write them down, avoid placing them in obvious places (under your keyboard, top desk drawer, etc.) 
  • Keep your anti-malware and anti-virus software solutions up to date and make sure all security and maintenance patches are installed in a timely manner
  • Make sure a firewall is in place when you are managing your financial transactions.  Avoid using Wi-Fi hotspots in coffee shops, restaurants, health clubs, etc. to complete financial transactions
  • Log off your accounts completely when you're done conducting business (don't just close the page or click on the "X")
  • Do not allow your browser to save your login and password information for your financial accounts
  • Monitor your account activity on a regular basis and use your financial institution's online capabilities to set up text notifications 

In addition, we recommend that business account holders conduct regular monitoring and management of their accounts for fraudulent behavior.  This could include making a list of the risks related to online transactions conducted by your business including:

  • Securing passwords that have been written down and left out in the open
  • Allowing individuals to share logins and passwords on accounts
  • Using old passwords or those that do not follow the recommended combination of letters, numbers and symbols as noted above
  • Addressing processes that lack a system of checks and balances by multiple employees
  • Failing to terminate the access rights of former employees in a timely manner
  • Allowing employees to have "solo" access to particular systems or Web sites which may make it difficult to terminate their access 
  • Lack of dual controls over individual access to online transaction capabilities including wire transfers, ACH Services, etc. 

Businesses can also reduce fraud risk by putting the following controls in place:

  • Using password-protected software solutions to house passwords
  • Designateing specific computer(s) exclusively for online banking transactions
  • Training employees not to click on links or respond to requests for information in unsolicited emails.
  • Reporting any suspicion of viruses or computer performance issues to the appropriate authority at the company.
  • Conducting background checks on new - and existing - employees
  • Tracking the solutions and accounts to which each employee has access and initiating a policy and process to terminate access when they leave
  • Dividing certain responsibilities among two or more people to limit access or control by a single person
  • Setting various approval limits (i.e. by user, transaction type, etc.)
  • Conducting internal or third-party audits of your processes and controls and designate a team to take action on any findings
  • Using firewalls to protect the network from outside intrusion or hackers
  • Setting up visitor Internet and network access capabilities for vendors, partners and customers who may be on-site visiting.  Do not allow outsiders to gain direct access to your network

Federal regulations under the Electronic Fund Trasnsfer Act provide consumers with some protections for electronic fund transfers.  These federal laws establish limits on a consumer's liability for unauthorized electronic fund transfers. They also provide specific steps you need to take to help resolve an error with your account.  Note, however, that in order to take advantage of these protections, you must act in a timely manner. Make sure you notify us immediately if you believe your access information has been stolen or compromised. Also, review your account activity and periodic statement and promptly report any errors or unauthorized transactions. See the Electronic Fund Transfer disclosures that were provided at account opening for more information on these types of protections. These disclosures are also available from GRB - ask us and we will gladly provide you with a copy.  

Even though there are protections in place to help consumers, keep in mind that the disruption of fraud will still be time-consuming and require a significant amount of effort to make your accounts correct and secure again.  It is best to take steps to actively avoid giving cyber criminals the opportunity to make you a victim.

If you become aware of suspicious account activity, or receive any suspicious emails, you should immediately contact GRB at 585.249.1540.