Security and Legal
A Commitment to Your Security/Privacy
Keeping your online financial and personal information secure and confidential remains one of our top priorities. We insure your privacy and security by offering technology and services that are top of the line in the online banking industry.
.bank URL - Our recent url change is part of our ongoing commitment to providing our clients the most advanced security available. For more information, visit our why-dot-bank page.
Encryption - The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server.
Password Complexity - It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly a fixed number of times; to many incorrect passwords will result in the locking of your online banking account until you call us to reset the account. We monitor and record "bad login" attempts to detect any suspicious activity such as someone trying to guess your password.
You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples could be:
- Birth dates
- First names
- Pet names
- Phone Numbers
- Social Security Numbers
Never reveal your password to another person. You should periodically change your password in the User Option section of Internet Banking.
Secure Architecture - The computers storing your actual account information are not linked directly to the Internet. Transactions initiated through the Internet are received by online banking Web servers. These servers route your transaction through firewall servers. Firewall servers act as traffic police between segments of our online banking network used to store information, and the public internet. This configuration isolates the publicly accessible Web servers from data stored on our online banking servers and ensures only authorized requests are processed. Various access control mechanisms, including intrusion detection and anti-virus, monitor and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant and provide for uninterruptible access, even in the event of various types of failures.
myVRB Online Banking Features that Promote Security - We provide a number of additional security features in online banking to protect you:
Multifactor Authentication - Enhanced login security that will defend against identity theft and fraud, provide added security from any computer, wherever you are, and make it easier for you to use.
Timeout - This prevents curious persons from continuing your online banking session if you left the PC unattended without logging out. You may set the timeout period in online banking's User Options screen. We recommend that you always sign off (log out) when done with your online banking.
Online Statements - Online statements are facsimiles of traditional financial statements packaged and delivered to you securely within Internet Banking. By eliminating your paper statement, you help stop thieves from stealing your information out of your mailbox.
Check Images - View an exact facsimile of your check transactions online to help prevent fraud.
Alerts - Check clear alerts, payment alerts, and balance alerts are financial tools we provide to help you monitor your account activity and detect suspicious transactions.
Community Reinvestment Act
Valley Republic Bank is pleased to provide information for public inspection under the Community Reinvestment Act. Interested parties can review the data provided and produce hard copies as needed. The Bank can provide hard copies of the documents; however, please note we may charge a reasonable fee to cover copying and mailing expenses.
Under the Community Reinvestment Act, the following information must be maintained in a public file, current as of April 1 of each year;
- Public comments received for the current year and the prior two calendar years;
- The Public Section of the bank’s most recent CRA Performance Evaluation;
- Loan to Deposit Ratios for 2019
- Branch locations, hours, and services;
- Branches opened or closed during the prior two calendar years
- Deposit/Loan Products and Services;
- Business Products and Fee Schedule
- Personal Products and Fee Schedule
- A map of the Bank's assessment area and a listing of census tracts;
- HMDA Disclosure Statements: The HMDA data about our residential mortgage lending are available online for review. The data show geographic distribution of loans and applications; ethnicity, race, sex, age, and income of applicants and borrowers; and information about loan approvals and denials. These data are available online at the Consumer Financial Protection Bureau’s Web site (www.consumerfinance.gov/hmda). HMDA data for many other financial institutions are also available at this web site.
Any comments or questions about this portion of the Valley Republic Bank website or about Valley Republic Bank CRA performance may be addressed to:
Valley Republic Bank
Attn: CRA Officer
5000 California Ave. Suite 110
Bakersfield, CA 93309
ELECTRONIC RECORD AND SIGNATURE DISCLOSURE
From time to time, Valley Republic Bank (the “Bank”) may be required by law to provide to you certain written documents, notices or disclosures. Described below are the terms and conditions for providing to you such notices and disclosures electronically through the DocuSign system. Please read the information below carefully and thoroughly. When you receive an electronic document from the Bank, and if you can access this information electronically to your satisfaction and agree to this Electronic Record and Signature Disclosure (“ERSD”), please confirm your agreement by selecting the check-box next to ‘I agree to use electronic records and signatures’ before clicking ‘CONTINUE’ within the DocuSign system.
- Getting paper copies
You may, at any time, request the Bank to provide you with a paper copy of any record previously provided electronically to you or made available electronically to you by the Bank. You will have the ability to download and print documents we send to you through the DocuSign system during and immediately after the signing session and, if you elect to create a DocuSign account, you may access the documents for a limited period of time after such documents are first sent to you. If you wish for the Bank to send you paper copies of any electronic documents, please follow the procedure described in Paragraph 7 below.
- Withdrawing your consent
If you previously agreed to receive notices and disclosures from us electronically, you may at any time withdraw your consent and tell us that, in the future, you want to receive required notices and disclosures only in paper format. Please inform us of your decision to withdraw your consent for electronic delivery and to receive future notices and disclosures in paper format only by following the procedures in Paragraph 8 below.
- Consequences of changing your mind
If you elect to receive required notices and disclosures only in paper format, it will slow the speed at which we can complete certain steps in transactions and deliver certain services to you. Instead, we will need to first send the required notices or disclosures to you in paper format and then wait until we receive your acknowledgment of your receipt of such paper notices or disclosures. In addition, your decision will prevent the Bank from sending documents electronically to you and you will no longer be able to sign documents from the Bank electronically.
- All notices and disclosures will be sent to you electronically
Unless you tell us otherwise in accordance with the procedures described herein, we may electronically provide to you all required notices, disclosures, authorizations, acknowledgements, and other documents through the DocuSign system. You have the option to either receive all documents, disclosures and notices from the Bank electronically or mailed to you in paper format. If you do not agree with this process, please let us know by contacting your account representative or by following the procedures described in Paragraphs 7 and 8 below.
- How to contact Valley Republic Bank:
You may inform us as to how we may contact you electronically, to request paper copies of certain information from us, and to withdraw your prior consent to receive notices and disclosures electronically by contacting your account representative or emailing us at CustomerService@valleyrepublic.bank.
- To advise Valley Republic Bank of your new email address
To let us know of a change in your email address that the Bank will use to send notices and disclosures electronically to you, please contact your account representative or email us at CustomerService@valleyrepublic.bank. In the body of the request, please state your previous email address and your new email address.
If you created or currently have a DocuSign account, you may update it with your new email address through your account preferences.
- To request paper copies from Valley Republic Bank
To request delivery of paper copies of the documents, notices and disclosures previously provided by the Bank to you electronically, you may contact your account representative or send us an email at CustomerService@valleyrepublic.bank.
- To withdraw your consent for electronic delivery by Valley Republic Bank
To inform us that you no longer wish to receive future notices and disclosures in electronic format you may:
- Decline to sign a document from within your DocuSign signing session, and on the subsequent page, select the check-box indicating you wish to withdraw your consent,
or you may;
- Send us an email at CustomerService@valleyrepublic.bank and tell us your email address, full name, mailing address, and telephone number, along with a brief description of
- Required hardware and software
The minimum system requirements for using the DocuSign system may change over time. The current system requirements are found here: https://support.docusign.com/guides/signer-guide-signing-system-requirements.
- Acknowledging your access and consent to receive and sign documents electronically
To confirm to us that you can access this disclosure electronically, which will be similar to other electronic documents, notices and disclosures that we will provide to you, please confirm that you have read this ERSD, and (i) that you are able to print on paper or electronically save this ERSD for your future reference and access; or (ii) that you are able to email this ERSD to an email address where you will be able to print on paper or save it for your future reference and access. Further, if you consent to receiving notices and disclosures exclusively in electronic format as described herein, then select the check-box next to ‘I agree to use electronic records and signatures’ before clicking ‘CONTINUE’ within the DocuSign system.
By selecting the check-box next to ‘I agree to use electronic records and signatures’, you confirm that:
- You can access and read this Electronic Record and Signature Disclosure; and
- You can print on paper this Electronic Record and Signature Disclosure, or save or send this Electronic Record and Disclosure to a location where you can print it for future reference and access; and
- Until or unless you notify Valley Republic Bank as described above, you consent to receive exclusively through electronic means all notices, disclosures, authorizations, acknowledgements, and other documents that are required to be provided or made available to you by Valley Republic Bank during the course of your relationship with the Bank.
myVRB Online User Agreements
USA Patriot Act
Important Information About Procedures For Opening A New Account
Section 326 of the USA PATRIOT Act requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account or changes an existing account. This federal requirement applies to all new customers and current customers. This information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities.
What this means to you: when you open an account or change an existing account, we will ask each person for their name, physical address, mailing address, date of birth, and other information that will allow us to identify them. We will ask to see each person's driver's license and other identifying documents and copy of record information for each of them.
Your Security Online – Fraud Prevention
Preventing Identity Theft
- Don’t share your secrets. Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.
- Shred sensitive papers. Shred receipts, banks statements, and unused credit card offers before throwing them away.
- Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.
- Use online banking to protect yourself. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
- Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.
- Protect your computer. Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.
- Protect your mobile device. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.
- Report any suspected fraud to your bank immediately.
Business Email Compromise “BEC” Scam
Best Practices to thwart BEC attacks:
- Check to see if the request is consistent with how earlier wire payments have been requested. How often does the CEO or CFO directly request a wire payment? Do they typically submit requests when traveling (these attacks often are timed when the exec is out of the office)? Have earlier requests included the phrases “code to admin expenses” or “urgent wire transfer,” which have been reported by victims in some of the fraudulent email requests?
- Check to see if the payment is consistent with earlier wire payments – including the timing, frequency, recipient, and country to which prior wires have been sent.
- Be suspicious of requests for secrecy or urgency, and emails that request all correspondence stay within the same email thread, such as only use Reply, not Forward.
- Establish a company domain for company email instead of using open source email services such as Gmail. Businesses using open source email are most targeted. Register domains that are slightly different than the actual company domain and might be used by fraudsters to spoof company email.
- Look carefully for small changes in email addresses that mimic legitimate email addresses. For example, .co vs. .com, abc-company.com vs. abc_company.com, or hijkl.com vs. hljkl.com.
- Program your email system to add “-e” to the end of all external senders’ email addresses, thereby flagging email coming from domains that don’t match the company domain. The system will detect minor changes to the domain name and flag it as external, making it easier for employees to detect fraudulent emails.
- If you don’t need web access to email, turn webmail off as it provides another attack point for criminals. If you must provide web access to email, limit accessibility by implementing VPN or another security control.
- If the request is from a vendor, check for changes to business practices. Were earlier invoices mailed and the new one is emailed? Were earlier payments by check and they’re now asking for a wire transfer? Did a current business contact ask to be contacted via their personal email address when all previous official correspondence used a company email address? Is the location or account to which the payment is to be sent different from earlier payments to that vendor?
- Use an alternate mechanism to verify the identity of the person requesting the funds transfer. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation. If the request is via phone call or fax, then use email to confirm using an email address known to be correct. Or Forward the email (instead of using Reply) and type in a known email address. Don’t reply to the email or use the phone number in the email.
- While many people may be hesitant to question what appears to be a legitimate email from their boss or the CEO, consider which would be worse in light of how common this scam is: asking the CEO or CFO to reconfirm the request, or having the money stolen.
- Limit the number of employees who have the authority to submit or approve wire transfers.
- Implement dual approvals for financial transactions. If you do not have written procedures, develop them. Avoid having the two parties responsible for dual approvals in a supervisor/subordinate relationship as it could undermine the effectiveness of the process. Once they’re in place, be sure to always follow established procedures.
- Use a purchase order model for wire transfers to ensure that all payments have an order reference number that can be verified before approval.
- For employees who frequently travel and are authorized to request funds transfers, develop a special way to confirm requests. Perhaps develop a coding method that isn’t documented within the network (in case of an intrusion search).
- Spread the word. Coach your employees about this type of fraud and the warning signs. Alert receptionists, admins, and others not to provide executive’s travel schedules over the phone to unknown callers. Be suspicious and diligent, and encourage employees to ask questions.
- Be careful what is posted to social media and company websites, especially reporting structure and out of office details. Criminals have been known to launch these attacks when they know the CEO or CFO is traveling and therefore not easily available to confirm the request.
- Slow down. Fraudsters gain an advantage by pressuring employees to take action quickly without confirmation of all the facts. Be suspicious of requests to take action quickly.
- Trust your financial institution. If they question a payment, it’s worth a couple minutes to cooperate with them to confirm it’s legitimate.
- Executives need to be tolerant, indeed supportive, of employees double-checking requests.
What to do if you’re hit by the BEC Scam Report the Attack
- Businesses that have been victimized by the BEC scam (regardless of dollar amount), are encouraged to file a report with the IC3 at www.IC3.gov or contact their local FBI office.
- Businesses also are encouraged to contact their financial institution to report the attack, ideally within 24-48 hours after which it is very rare that funds can be recovered.
- Timing is critical. If notified immediately, financial institutions and law enforcement have a better chance of recovering the stolen funds, even if the funds were sent internationally. Waiting even 24 hours to report an incident can greatly diminish law enforcement's ability to recoup funds.
- Keep all original documentation, emails, faxes, and logs of all telecommunications. You will not be able to add or upload attachments with your IC3 complaint if it’s filed online; however, retain all relevant information in the event you are contacted by law enforcement.
This website has been established by the Bank for the sole purpose of conveying information about the Bank's products and services and to allow communication between the Bank and its customers. Information that appears on this website should be considered an advertisement. Nothing contained in any page on this site takes the place of the bank's agreements and disclosures that govern its products and services. If any information on the site conflicts with that in the bank's agreements and disclosures, the agreements and disclosures will control.
From time to time the Bank may place links to other websites on this page. The Bank has no control over any other website and is not responsible for the content on any site other than this one. Users assume all responsibility when they go to other sites via the links on this page.
The information and materials contained in this website are owned by the Bank or by others, as applicable. No material may be copied, displayed, transmitted, distributed, framed, sold, stored for use, downloaded, or otherwise reproduced except as permitted by law.
The Bank makes no warranties of any kind regarding the products and services advertised on this site. The Bank will use reasonable efforts to ensure that all information displayed is accurate, however, the Bank expressly disclaims any representation and warranty, express and implied, including, without limitation, warranties of merchantability, fitness for a particular purpose, suitability, and the ability to use the site without contracting a computer virus. The Bank is not responsible for any loss, damage, expense, or penalty (either in tort, contract, or otherwise), including direct, indirect, consequential, and incidental damages, that result from the access of or use of this site. This limitation includes, but is not limited to the omission of information, the failure of equipment, the delay or inability to receive or transmit information, the delay or inability to print information, the transmission of any computer virus, or the transmission of any other malicious or disabling code or procedure. This limitation applies even if the Bank has been informed of the possibility of such loss or damage.
This agreement and the use of this website are governed by the laws of the state of California.