Privacy Policy


Tustin Community Bank is committed to providing the highest level of security and privacy regarding the collections and use of our customers’ personal information. You have chosen to do business with us, and we recognize our obligation to keep the information you provide us secure and confidential.

Our commitment to protect your financial information will continue under the principals and guidelines described below.


The confidentiality and protection of customer information is one of Tustin Community Bank's fundamental responsibilities. And while information is critical to providing quality service, we recognize that our most important asset is the trust of our customers. Thus, the safekeeping of customer information is a priority for Tustin Community Bank. 

The Bank’s Privacy Policy explains how we use and protect the information about our customers. 


Tustin Community bank is committed to ensuring your online banking experience is safe and secure.  We have implemented the following security measures to make certain you feel confident accessing our online banking website.

Login and Password
Users access their accounts by entering a Logon name and password that they create during the application process.  In order to deter someone from illegally accessing your account, if there is an attempt to login that fails three times, the user will be locked out.    You must contact Tustin Community Bank at 714-730-5662 during regular business hours to unlock your account.

Change Security Question
The security answer is another security measure we have taken to identify you while using Internet Banking.  If you forget your password you can recover it by entering your Security Answer.  During the apply process, you will set your own private Security Question and submit your private response, which is considered your Security Answer.  As with your password, it is your responsibility to keep your Security Answer confidential.

To ensure security, users must use a browser that will support Secure Socket Layer (SSL) and 128-bit encryption.  In order to fully utilize these security features, we recommend the use of the latest versions of Netscape Navigator, Microsoft Internet Explorer, Mozilla Firefox or Apple Safari.  Tustin Community Bank cannot offer any assurances of how your computer will operate should you update your browser software.  To prevent unauthorized access to your account be sure to close your browser when you have completed your internet banking session.

Extended Validation Certificate

The Extended Validation Certificate provides two security features; it positively identifies our online banking site as certified by VeriSign, by providing a visual clue* to indicate the presence of an EV SSL Certificate and provides the Secure Sockets Layer (SSL) 128 bit encryption required to conduct online banking safely and securely, provided you are utilizing the recommended internet secure browser.
*If you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard the URL address bar to turns green and starts with https// and not http//.  Additionally you will see a lock icon Picture of the Lock icon in the Security Status bar.  The Security Status bar is located on the right side of the address bar.  You can click the lock to verify the identity of the website.

Site to User
Site-to-User helps you know you are really on our legitimate Web site. Our bank does all it can to confirm that you are who you claim to be. Site-to-User helps you know that we are your bank. If our site knows that you are who you claim to be and you know that our site is legitimate, we can transact business safely and securely. During phishing and pharming attacks, users are often lured to fake Web sites that look genuine. Such fake sites may ask a visitor to enter private information. Site-to-User helps you know the difference between a fake Web site and a real one.

On the first screen you will be asked for your logon name. Then, on the second screen, you will be asked for your password and, once you have chosen an image and phrase, your unique image and phrase will be displayed. Then, each time you login, you will see your unique image and phrase.  If you do not see your image and phrase, do not login.

Risk-Based Authentication
Risk-Based Multifactor Authentication uses a Transparent Two Factor technology that works behind-the-scenes to authenticate all users and logins based on individual user and device profiles.

In addition, Risk-Based Authentication uses a Risk Engine tool to estimate the level of risk for the specific activity. If a high-risk is detected, you will be prompted for authentication via challenge questions - helping protect your account from being accessed by unauthorized users.

A firewall is designed to block unauthorized access while permitting authorized access to and from the server. All messaged entering or leaving the server must pass through the firewall.


Phishing uses email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users into disclosing personal, financial, or computer account information. The attacker can then use this information for criminal purposes, such as identity theft, larceny, or fraud. Users are tricked into disclosing their information either by providing it through a web form or by downloading and installing hostile software.

A phishing attack succeeds when a user is tricked into believing they're interacting with a legitimate company and thus takes actions that have effects contrary to the user's intentions. Usually this involves giving away a user's name and password.

Once the they have obtain this compromising, private information; they access the account to perform fraudulent activities, such as transferring the balance of a checking account to an external account

Pharming is setting up a fraudulent Web site that contains copies of pages from a legitimate Web site in order to capture confidential information from users. By hacking into DNS servers and changing IP addresses, users are automatically redirected to the bogus site, at least for some period of time until the DNS records can be restored.

For example, if a bank's DNS were changed, users could be redirected to a Web site that looks familiar. The bogus site could just collect usernames and passwords, or it could allow access to the site and, using some pretense, request financial information. Unlike phishing schemes that use e-mail to make people go to the phony site, pharming is more natural. Users are going to the site on their own and are certainly not suspicious because the pages look familiar.

Protect Yourself
Employees of Tustin Community Bank will never ask for personal information via email.  Never disclose your password or personal information to anyone via email request.   Be sure to report such request to the bank.

Be careful on any email with urgent requests that claim your account will be closed if you do not respond.  Look for typos and errors; this is often a sign of a fraudulent e-mail and/or website.

Never respond to an unsolicited request.  If you think it is a legitimate request contact the financial institution directly.  Contact information is available on websites or phonebooks.    It is important that you independently verify that you speaking with the actual financial institution.

Additional Security Tips
Use antivirus software and keep it up to date.

  • Understand and use the security features provided by your PC software, such as those included in many operating systems, browsers and word processing systems.
  • Ensure that your browser uses the strongest encryption available and be aware of the level of encryption used when you connect to various sites and applications. For example, the Tustin Community Bank Online Banking product currently requires the use of 128-bit encryption.
  • Use only software from reliable vendors
  • Install virus management software on your PC, use it regularly, and keep it up to date.

 Email do's and don'ts:

  • Use extreme caution when opening email received from unknown sources and pay special attention to any attachments. Do not launch or open an attachment from an unknown source. When in doubt... delete it without opening it.
  • Do not provide your email address to third party websites without reading the privacy and security policies and terms and conditions of these sites to ensure you understand the circumstances in which your email address will be used.
  • Do not use passwords or account numbers in email correspondence.

Use hard-to-guess passwords.

  • Select passwords that would be difficult for others to guess and change them frequently.
  • Do not give your passwords to anyone. Do not save passwords on your computer or leave written notes with your password near your PC.

Protect your computer from Internet intruders -- use firewalls.

  • Be cautious when downloading and running programs or Java or ActiveX applets as they may contain unsecured data which cannot be filtered by antivirus software.

Don't share access to your computers with strangers.

  • Control physical access to your personal computer (PC); that is, do what you can to prevent unauthorized persons from using your PC.
  • If you are using your PC and need to walk away from it for any reason, log off or lock your PC.

Disconnect from the Internet when not in use.

Back up your computer data.

Regularly download security protection update patches.

Check your security on a regular basis. When you change your clocks for daylight savings time, reevaluate your computer security.

Make sure your family members and/or your employees know what to do if your computer becomes infected.

If you suspect suspicious or fraudulent activity related to your Tustin Community Bank account(s), please let us know right away. You should also contact your Internet Service Provider so they may block suspect companies from your email inbox. To learn more about how to control and manage your incoming emails, please refer to your Internet Service Provider's online resources.

According to the US Government's central website for information about identity theft... do these three things immediately if you suspect your identity has been stolen.

  • Contact the fraud departments of each of the three major credit bureaus and report that your identity has been stolen.
  • Ask that a fraud alert be placed on your file and that no new credit be granted without your approval. For any accounts that have been fraudulently accessed or opened, contact the security departments of the appropriate creditors or financial institutions. Close these accounts. Put passwords (not your mother's maiden name) on any new accounts you open.
  • File a report with your local police or the police where the identity theft took place. Get a copy of the report in case the bank, the credit card company, or others need proof of the crime later on.

If you would like more information on Identity Theft, click on the following links to learn more:


Copyright 2015 - Tustin Community Bank