Privacy and Security


Tustin Community Bank is committed to providing the highest level of security and privacy regarding the collections and use of our customers’ personal information. You have chosen to do business with us, and we recognize our obligation to keep the information you provide us secure and confidential.

Our commitment to protect your financial information will continue under the principles and guidelines described below.


The confidentiality and protection of customer information is one of Tustin Community Bank's fundamental responsibilities. And while information is critical to providing quality service, we recognize that our most important asset is the trust of our customers. Thus, the safekeeping of customer information is a priority for Tustin Community Bank.

The Bank's Privacy Policy explains how we use and protect the information about our customers.


Tustin Community Bank is committed to ensuring your online banking experience is safe and secure.  We have implemented the following security measures to make certain you feel confident accessing our online banking website.

Login and Password

Users access their accounts by entering a Logon name and password that they create during the application process.  In order to deter someone from illegally accessing your account, if there is an attempt to login that fails three times, the user will be locked out.  You must contact Tustin Community Bank at 714-730-5662 during regular business hours to unlock your account. 

Change Security Question

The security answer is another security measure we have taken to identify you while using Internet Banking.  If you forget your password, you can recover it by entering your Security Answer.  When setting up your profile, you will set your own private Security Question and submit your private response, which is considered your Security Answer.  As with your password, it is your responsibility to keep your Security Answer confidential.


To ensure security, users must use a browser that will support Secure Socket Layer (SSL) and 128-bit encryption.  In order to fully utilize these security features, we recommend the use of the latest versions of Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, or Apple Safari.  Tustin Community Bank cannot offer any assurances of how your computer will operate should you update your browser software.  To prevent unauthorized access to your account be sure to close your browser when you have completed your internet banking session.

Extended Validation Certificate

The Extended Validation Certificate provides two security features; it positively identifies our online banking site as certified by VeriSign, by providing a visual clue* to indicate the presence of an EV SSL Certificate and provides the Secure Sockets Layer (SSL) 128-bit encryption required to conduct online banking safely and securely, provided you are utilizing the recommended internet secure browser.

Secure Connection

Look for these signs that a website is safe:
*Look for the “S” in HTTPS, which indicates they are encrypted. This is the security provided by the SSL certificate.
*Check the sites status in your browser’s address bar. For most browsers, a safe site will display a padlock icon in the address bar.  You can click on the padlock icon to verify the details of the website.

Risk-Based Authentication

Risk-Based Multifactor Authentication uses a Transparent Two Factor technology that works behind-the-scenes to authenticate all users and logins based on individual user and device profiles.

In addition, Risk-Based Authentication uses a Risk Engine tool to estimate the level of risk for the specific activity. If a high-risk is detected, you will be prompted for authentication via challenge questions - helping protect your account from being accessed by unauthorized users.


A firewall is designed to block unauthorized access while permitting authorized access to and from the server. All messages entering or leaving the server must pass through the firewall.

Security Issues


Phishing uses email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users into disclosing personal, financial, or computer account information. The attacker can then use this information for criminal purposes, such as identity theft, larceny, or fraud. Users are tricked into disclosing their information either by providing it through a web form or by downloading and installing hostile software.

A phishing attack succeeds when a user is tricked into believing they are interacting with a legitimate company and thus takes actions that have effects contrary to the user's intentions. Usually this involves giving away a user's name and password.

Once they have obtained this compromising, private information; they access the account to perform fraudulent activities, such as transferring the balance of a checking account to an external account.


Smishing is any kind of Phishing that involves a text message or phone number.  Users are more susceptible to Smishing as people tend to be more inclined to trust a text message than an email.  Smishing uses element of social engineering to get you to share your personal information. 


Pharming is setting up a fraudulent Web site that contains copies of pages from a legitimate Web site in order to capture confidential information from users. By hacking into DNS servers and changing IP addresses, users are automatically redirected to the bogus site, at least for some period of time until the DNS records can be restored.

For example, if a bank's DNS were changed, users could be redirected to a Web site that looks familiar. The bogus site could just collect usernames and passwords, or it could allow access to the site and, using some pretense, request financial information. Unlike phishing schemes that use e-mail to make people go to the phony site, pharming is more natural. Users are going to the site on their own and are certainly not suspicious because the pages look familiar.

Protect Yourself

Employees of Tustin Community Bank will never ask for personal information via email.  Never disclose your password or personal information to anyone via email request.   Be sure to report such requests to the bank.

Be careful on any email with urgent requests that claim your account will be closed if you do not respond.  Look for typos and errors; this is often a sign of a fraudulent e-mail and/or website.

Never respond to an unsolicited request.  If you think it is a legitimate request, contact the financial institution directly.  Contact information is available on websites or phonebooks.    It is important that you independently verify that you are speaking with the actual financial institution.

Additional Security Tips

  • Use antivirus software and keep it up to date.
  • Understand and use the security features provided by your PC software, such as those included in many operating systems, browsers and word processing systems.
  • Ensure that your browser uses the strongest encryption available and be aware of the level of encryption used when you connect to various sites and applications. For example, the Tustin Community Bank Online Banking product currently requires the use of 128-bit encryption.
  • Use only software from reliable vendors.
  • Install virus management software on your PC, use it regularly, and keep it up to date.

Email do's and don'ts:

  • Use extreme caution when opening email received from unknown sources and pay special attention to any attachments. Do not launch or open an attachment from an unknown source. When in doubt... delete it without opening it.
  • Do not provide your email address to third party websites without reading the privacy and security policies and terms and conditions of these sites to ensure you understand the circumstances in which your email address will be used.
  • Do not use passwords or account numbers in email correspondence.
  • Use hard-to-guess passwords.
  • Select passwords that would be difficult for others to guess and change them frequently.
  • Do not give your passwords to anyone. Do not save passwords on your computer or leave written notes with your password near your PC.
  • Protect your computer from Internet intruders -- use firewalls.
  • Be cautious when downloading and running programs or Java or ActiveX applets as they may contain unsecured data which cannot be filtered by antivirus software.
  • Don't share access to your computers with strangers.
  • Control physical access to your personal computer (PC); that is, do what you can to prevent unauthorized persons from using your PC.
  • If you are using your PC and need to walk away from it for any reason, log off or lock your PC.
  • Disconnect from the Internet when not in use.
  • Back up your computer data.
  • Regularly download security protection update patches.
  • Check your security on a regular basis. When you change your clocks for daylight savings time, reevaluate your computer security.
  • Make sure your family members and/or your employees know what to do if your computer becomes infected.
  • If you suspect suspicious or fraudulent activity related to your Tustin Community Bank account(s), please let us know right away. You should also contact your Internet Service Provider so they may block suspect companies from your email inbox. To learn more about how to control and manage your incoming emails, please refer to your Internet Service Provider's online resources.

Identity Theft

According to the US Government's central website for information about identity theft... do these three things immediately if you suspect your identity has been stolen.

1. Contact the fraud departments of each of the three major credit bureaus and report that your identity has been stolen.
2. Ask that a fraud alert be placed on your file and that no new credit be granted without your approval. For any accounts that have been fraudulently accessed or opened, contact the security departments of the appropriate creditors or financial institutions. Close these accounts. Put passwords (not your mother's maiden name) on any new accounts you open.
3. File a report with your local police or the police where the identity theft took place. Get a copy of the report in case the bank, the credit card company, or others need proof of the crime later on.

If you would like more information on Identity Theft, click on the following links to learn more: