Hyperion Savings Bank

Security & Alerts

Information Security

The safety and protection of your identity and your finances are top priorities at Hyperion Bank. We work with industry leaders like Intuit Financial Services to bring you the latest in state-of-the-art services and online banking security. Before initiating your Internet Banking, we first require that a "secure session" is established using 128 BIT Secure Socket Layer (SSL) encryption. This is a process where the information between our server and your browser is encrypted or scrambled so it cannot be read by unauthorized parties. A general indicator that you have entered a secure session is when the URL (web page address) in the address bar starts with "https" (note the "s" at the end) rather than "http", your session is secure.

  • Security refers to preventing unauthorized access to a computer system or network. Internet Banking uses several layers of technology to prevent unauthorized users from gaining access to the internal network. Our Internet Banking security professionals manage a sophisticated networking architecture that includes screening routers, filtering routers, and firewalls.
  • The Internet Banking section is automatically secured/encrypted, but the rest of the Website can be accessed as either secure or unsecure. Internet Banking is a term for accessing your account information over the Internet. We may refer to it as Internet Account Access, Online Banking or use a different name.

Secure Sign-on with Online Banking

Our state-of-the-art technology and Multi-Factor Authentication (MFA) helps protect the security of your online sessions by adding an additional layer of security for your personal and financial information while you are banking online.

What is Multifactor Authentication?

Your online security is important to us, as well as providing you easy and convenient banking tools. Your online banking experience may include a new Enhanced Login Security service to further help protect you from identity theft which is known in the online security industry as Multifactor Authentication, or MFA.
Authentication is the process used to allow access to only the correct customer. Without effective authentication controls, it is possible for fraudulent users to access your account. We authenticate customers by issuing challenges that only the true customer should be able to pass.

MFA means that two or more different types (or factors) of authentication must be passed. By using two different factors of authentication, we get a higher assurance that the customer is the intended user. MFA is commonly used to protect transactions at ATMs, where your card is something you have, and your PIN code is something you know.

For your convenience, after you successfully authenticate with your Access ID, password and Login Security (One-Time Passcode (OTP) or Challenge Questions, if available), you may enroll your computer for use in authentication. If you choose to enroll your computer, a special Browser Cookie will be present on the system, which will act in place of your phone for something you have in your possession.

We recommend you ensure that your browser settings and any antivirus software you have do not delete your cookies (data files) so that you are not prompted to provide Login Security (One-Time Passcode (OTP) or Challenge Questions, if available) every time you log into Internet Banking.

Logging in from a Computer You Normally Use?

When you choose to enroll your computer as PRIVATE, a special Browser Cookie will be present on the system, which will act in place of your Login Security (One-Time Passcode (OTP) or Challenge Questions, if available). You will only need your Access ID and password to access your account information.

If you are still getting prompted to provide your Login Security, then please ensure that you have the following:

  • Using one of the Recommended Operating Systems for Internet Banking
  • Using one of the Recommended Browsers for Internet Banking
  • Browser is not set to delete cookies – Please follow the steps listed in the online banking HELP Section for your respective browser to determine if cookies are being deleted
  • Any antivirus software is not set to delete cookies
  • No viruses or malware on your computer
  • No usage of a proxy server or “web accelerator” by your internet service provider
  • If using a computer from work, verify that your office technical department is not automating deletion of cookies

Logging in from a Computer You DO NOT Normally Use?

When you choose to list your computer as PUBLIC, you will need to provide your Access ID, password and you will be prompted to provide your Login Security (One-Time Passcode (OTP) or Challenge Questions, if available) each time you log into your account. We recommend this setting when logging in from a library or school computer.

Password Security

To ensure security, we recommend the following: Never reveal your password**.

**Password refers to your telephone access (audio response system, not Bill Payment) password or the password that you selected when you signed up for Internet Banking. We may alternatively use a different name (e.g. "PIN"). If you have questions about what to enter in order to access Internet Banking for the first time, contact our Customer Service Department at 215-789-4200.

Some browsers allow you to enable a function to require passwords for specific sites or certifications. In that instance, you should enter the password for the browser.

Passwords are case sensitive. Mixing uppercase and lowercase letters is permitted.

You can change your Internet Banking password under My Profile/User Options at any time. It is recommended that you change your password every six months.

We do not have access to your password. In the case of a forgotten password and/or challenge questions, contact our Customer Service Department at 215-789-4200 and ask them to reset your password for Internet Banking.

Use the Sign Off Icon to End an Internet Banking Session

This will securely close out your Internet Banking session and expire all the cookies that were set in your session. Do not use the Back key.

If you do not exit the browser, the browser will allow you to use the Back key to get back into your Internet Banking session should you wish to explore another site.

  • The amount of time you can remain inactive before being automatically logged out of Internet Banking can be set under User Options.
  •  For your own security, keep this time setting as short as possible.
  • It is recommended that you balance your account at least once a month so that any discrepancies can be reported in a timely manner.

More Tips to Help Safeguard Your Money and Personal Information:

  • Stay Up to Date - Install anti-virus software on your computer and keep it updated. Use the latest version of your web browser. Install security patches and software updates as soon as they are ready to install.
  • Be Careful Using Wireless Connections - When ever possible use only your person/private computer to access your Online Banking.  Wireless networks may not provide as much security as wired Internet connections. Many wireless networks in public areas like airports, hotels and restaurants reduce their security to make it easier for individuals to access these networks.
  • Go Paperless - When available enroll to receive electronic statements, use direct deposit and make bill payments online…it’s safer, more convenient and it saves trees!

Mobile Banking

Hyperion Bank’s built-in security features ensure your account information is protected. These security features include authentication checks via strong passwords before access to account information is granted. Mobile Banking requires "128-bit" encryption technology for all communications. Personal or financial information is retrieved only when requested and is not stored on your phone - information is not at risk if your phone is ever lost or stolen.

Hyperion Bank will NEVER contact you by telephone, send you an email or text message, or written communication on an unsolicited basis requesting that you validate or provide your online banking credentials including your Access ID, password, social security number, account number, or date of birth.  If you receive any type of unsolicited requests supposedly from Hyperion Bank asking for your personal information or if you suspect you have become a victim of Identity Theft or fraud, please contact us immediately at 215-789-4200.

What to do if you are a victim of Identity Theft

Place a fraud alert on your credit reports, and review your reports.

1. If you suspect your personal information has been used to commit fraud or theft, contact the fraud departments of the three major credit bureaus and request that a "fraud alert" be placed on your file. At the same time, request a copy of your credit report. Follow up in writing and include copies (not originals) of your documentation, such as the police report or your credit card statement with circles around the items in question.

Equifax:    www.equifax.com

Experian:    www.experian.com

Trans Union:    www.transunion.com

2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.

Call and speak with someone in the security or fraud department of each company. Follow up in writing, and include copies (NOT originals) of supporting documents. It's important to notify credit card companies and banks in writing. Send your letters by certified mail, and request a return receipt so you can document what the company received and when. Keep a file of your correspondence and enclosures.

3. File a report with your local police or the police in the community where the identity theft took place.
Ask for a copy of the report. Credit card companies may need proof of the crime to erase the debts caused by identity theft.

4. File a complaint with the Federal Trade Commission.

By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them. The FTC can refer victims' complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces.

You can file a complaint online at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (438-4338); TTY: 1-866-653-4261, or by mail: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Be sure to call the Hotline to update your complaint if you have any additional information or problems.

When "Most Popular" Isn't A Good Thing: Worst Passwords of the Year — And How to Fix Them

SplashData Reveals Its '25 Worst Passwords of the Year' List For 2011, With 'Password' (Yes, That's Right) and '123456' Topping the List

LOS GATOS, CA (Monday, November 21, 2011) — If you're one of those people who thought it was clever to use "password" as your password, it's time to wisen up and make a change. Switching the "o" to a zero to make it "passw0rd"? Not much better. Both are on the list of the 25 most common passwords used on the Internet this year, according to SplashData, a well-known provider of password management applications.

Other common passwords include simple numerical choices like "123456," common names like "ashley" and "michael," and patterns based on the layout of the keyboard like "qwerty" and "qazwsx." There are also some minor mysteries, like the unusual popularity of "monkey" and "shadow." With an increasing number of sites requiring more complex passwords, some letter and number combinations like "abc123" and "trustno1" are being used more often.

In an effort to encourage adoption of stronger passwords, SplashData, a leading provider of password software for more than 10 years, today released its "25 Worst Passwords of the Year" list for 2011. According to SplashData, the most common passwords on the web are:

  • password
  • 123456
  • 12345678
  • qwerty
  • abc123
  • monkey
  • 1234567
  • letmein
  • trustno1
  • dragon
  • baseball
  • 111111
  • iloveyou
  • master
  • sunshine
  • ashley
  • bailey
  • passw0rd
  • shadow
  • 123123
  • 654321
  • superman
  • qazwsx
  • michael
  • football

SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online by hackers, according to CEO Morgan Slain. He advised that if consumers or businesses are using any of the passwords in the list, their passwords should be changed immediately.

"Hackers," Slain said, "can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft," Slain said. "What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves."

Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, Slain said. "Just a little bit more sophistication in choosing passwords will go a long way toward making you safer online."

SplashData suggests making passwords more secure with these tips:

Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, "eat cake at 8!" or "car_park_city?"

Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.

Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10 year history and over 1 million users. SplashID Safe has versions available for Windows and Mac as well as smartphones and tablet devices.

"It's easy to start making your passwords better," Slain said. "Start now; make it a resolution to keep it up and your whole life online will safer and more secure in 2012."

About SplashData, Inc.

SplashData has been a leading developer of productivity and security applications for over 10 years. The company's applications and services have millions of users worldwide and include SplashID Safe, SplashMoney, SplashShopper, SplashTravel, SplashNotes, File Magic, Flight Tracker, Birthdays, and Holiday. SplashData's applications are available at www.splashdata.com and on major smartphone app stores, including Apple's iTunes App Store, Android Market, and BlackBerry App World. SplashData was founded in 2000 and is based in Los Gatos, CA.

Identity Theft and Phishing

A recent study estimates that Identity Theft will victimize more than ten million Americans this year! Don't let it happen to you.

Unfortunately, phishing is now a well-established approach to ID theft. It occurs when a perpetrator posing as a legitimate financial organization uses email to retrieve personal and financial data.

Pharming occurs when an email purporting to be from a known organization carries a computer virus that infects a victim's computer in one of two ways. One sends the victim, who types in a legitimate domain name, to a bogus site. The other records keystroke information and transmits it to a criminal who then uses the data to access the account.

Some suggestions on how to avoid becoming a victim of phishing or pharming:

  1. Never click on links in email text
  2. Be suspicious of any email that does not end with a .com domain name
  3. Ensure that the web site is secure
  4. Update Internet browsers and Windows operating systems
  5. Never act upon any email or pop-up ad that asks for personal or financial information
  6. Review bank and credit card statements immediately
  7. Report suspicious activity to your bank
  8. Report suspicious activity to the Federal Trade Commission

This problem is not going away, nor is there any foolproof solution for it. If you have any doubts whatsoever, contact us immediately.

We will never ask for your personal information in any email we send.


Password Security

Don't use the same password for everything. Avoid using family member, partner, pet and sports idol and team names. In fact, avoid using words that can be found in the dictionary. Don't use your login or user name in your password. Although most consumers create passwords that are easy for us to remember, that makes it easy for the bad guys too.

Use a combination of letters in upper and lower case with numbers and symbols placed between the letters. Make your password at least eight characters. (A 15 character password is 33 thousand times stronger that an eight character password). Never share your password with anyone. And never enter your password on a computer you do not control (public facilities). Change your password frequently (about every month or so).

Internet Security

Don't leave your computer on overnight.

Connect only to trusted websites that you know. Avoid downloading information from sites you do not know.

Be sure when exchanging secure information that the lock displayed at the bottom of your PC screen is in the locked position.

Be certain to get security updates to your system.

Never leave your laptop unattended. Never place your laptop with checked baggage when traveling. Do not leave your laptop in your hotel room, car, conference room or restaurant. Don't use a computer bag to carry your laptop (it's like hanging out a sign to thieves). Keep your laptop's serial number in a separate, safe location in case you need to file a report with police. Always be aware of your surroundings when traveling, don't be a target for 'snatch & run' criminals.


Thieves use a device that can capture the magnetic-stripe and keypad information (when you input your PIN (Personal Identification Number) at ATMS, gas pumps or retailers. Then they take cash from your bank account.


Signature based debit card transactions offer you a higher level of security.

We recommend that you always say "credit" when asked by the merchant and sign for your purchases. Saying 'credit' doesn't mean you are using a 'credit card'. It's just the processing method your transaction will use. The funds are automatically deducted from your checking account. Signature based in-store, mail, phone and Internet transactions enjoy the added benefits of MasterCard's Zero Liability protection from unauthorized purchases.

If you require cash back (an amount over the purchase amount and available only at some merchants), you must say 'debit' and enter your PIN (Personal Identification Number) on a keypad.

The funds are still automatically deducted from your checking account. When you enter your PIN, shield the keypad so no one sees what you enter.

If you use your debit card at gas pumps (which are notorious for skimming) choose the screen prompt that identifies it as a credit card, so that you don't have to enter your PIN.

Use ATMs at banks. Thieves have to attach a skimming device to an ATM and then retrieve the device. It's much easier for them at a non-bank ATM.

Sign your card immediately upon receipt.

When using your card always keep it in your sight.

Safeguard your account number and never keep you card and PIN in the same location.

Do not give your PIN to anyone. If you feel it may have been compromised, contact us immediately have your PIN changed.

Always obtain merchant receipts and destroy carbon copies.

Monitor your bank statements regularly. If you suspect you are the victim of fraudulent charges, contact the bank immediately at 215-789-4200.

Fraudulent E-Mails

Fraudulent E-mails in Circulation — September 13, 2012

This message is to notify you of two fraudulent e-mails in circulation claiming to be from the FDIC. Please consider both to be fraudulent.

The first fraudulent email includes statements pertaining to the Bankruptcy Reform Act of 1978 and the Investor Protection Law under the Securities Act of 1933. The contact information claims to befdic.gov@execs.com, and the area code of (646) is used is for the Washington Office. The FDIC does not have email addresses @execs.com and (202) is the area code for the Washington Office. A form, which is attached to the cover letter, purports to be an "FDIC Claimant Verification" form. It too is fraudulent.

The second fraudulent email claims to originate at support@fdic.gov and pertains to ACH transactions. The recipient is told that an ACH transaction has not been delivered; the recipient is requested to download the update via a link.

These e-mails are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails as an attempt to steal money or obtain personal or confidential information from the recipient. Recipients should NOT, under any circumstances, send funds as requested or provide any personal financial information. Also, please do not click on the links provided in the fraudulent emails, as this may load malicious software onto end users' computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various "@fdic.gov" e-mail addresses, such as "protection@fdic.gov," "admin@administration.fdic.gov," or service@admin.fdic.gov.

They have various subject lines such as "Update for your banking account," "ACH and Wire transfers disabled," and "Banking security update."

The fraudulent messages state:

"Dear clients,

Your account ACH and Wire transactions have been temporarily suspended for your Security, due to the expiration of your security version. To download and install the newest Updates, follow this link. As soon as it is set up, your transaction abilities will be fully restored. Best regards, Online security department, Federal Deposit Insurance Corporation."

These e-mails and links are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT install any related files or software updates.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact bank customers, nor does the FDIC request bank customers to install software upgrades.

Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2011/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

My ID Score

My ID Score is a free public service that gives you a new way to quickly assess your risk of identity theft. Get an instant reading on whether you are at low, medium or high risk of Identity Theft by following the link: www.MyIDScore.com


One of the best ways to keep fraudsters from using your personal information to commit identity theft is to register for your free annual credit report. You can request a free report on an annual basis from each of the three national consumer credit reporting agencies. Review the information carefully and report any issues that concern you to the reporting agency.

Follow the link here to get your free credit report.

Visit: www.annualcreditreport.com

Debit Card Phishing Scam

We have been made aware that cardholders are receiving phone calls from an automated voice service (AVS) stating that there is an issue with their debit card. At this time the calls are only occurring in PA. The recording asks the cardholder to provide personal information over the phone.

Please note that this is a Phishing Scam and you should disconnect and not provide any information to the AVS.

If you did enter personal information to this AVS please contact Hyperion Bank immediately at our main number - (215) 789-4200 - so that we may close your account and reissue your card to avoid future fraud.


Routing Number 036018969 NMLS 631177
FDIC Equal Housing Lender