How does multi-factor authentication work at NexTier Bank?

Multi-factor authentication combines something the customer knows (User ID and password) with something the customer has (a one-time code delivered via SMS, voice call, email, or an authenticator app). MFA is prompted on first-device sign-in, on any sensitive action like wire initiation or external-transfer setup, and on any session flagged as unusual by the fraud-detection engine. The system supports hardware security keys and app-based TOTP for customers who prefer them.

What are my Regulation E dispute rights?

Regulation E, implementing the federal Electronic Fund Transfer Act, gives consumer account holders the right to dispute unauthorized electronic transactions. You must notify the bank within 60 days of the first statement on which the disputed item appears. Provisional credit is generally issued within 10 business days while the investigation proceeds. Consumer liability for unauthorized use is capped when the loss is reported promptly, with full protection when reported within two business days.

How do I report phishing or suspicious emails?

Forward any suspicious message claiming to be from NexTier Bank to fraud-reporting@nextier.at without clicking links, opening attachments, or replying. Include the full original headers if your email client supports that. The fraud operations team reviews reports daily, adds confirmed phishing infrastructure to the banking industry shared-intel feeds, and files with federal authorities where appropriate. Never disclose your password, MFA code, or Social Security number in email.

What should I do if I suspect identity theft?

Place a fraud alert or credit freeze with all three nationwide credit bureaus, file a report at IdentityTheft.gov, notify the bank at 1-800-262-8215 so your accounts can be reviewed for unauthorized activity, and change passwords on any shared credentials. Ask the bank for a statement of unauthorized activity under Regulation E and keep written records of every call. The consumer financial protection agencies publish step-by-step recovery checklists.

Security at NexTier Bank: Fraud Protection and Secure Sign-In

NexTier Bank protects Western Pennsylvania deposits with a layered security program — TLS 1.3 encryption in transit, AES-256 encryption at rest, mandatory multi-factor authentication, machine-learning fraud detection, automatic session timeout, account lockout, FDIC deposit insurance up to $250,000, and full Regulation E consumer dispute coverage on electronic transactions.

Report a lost or stolen card 24/7 at 1-800-262-8215. Forward phishing emails to fraud-reporting@nextier.at. Review federal deposit account protection guidance and FDIC deposit insurance rules for context.

The security program at NexTier Bank is organized around four layers. The first layer is cryptographic: all traffic between a browser or mobile app and the online-banking platform runs over TLS 1.3 with modern cipher suites, and all stored deposit records, transaction history and document images are encrypted at rest using AES-256 inside SOC 2-aligned data-center facilities. Keys are rotated on a documented schedule and are never stored alongside the ciphertext they protect.

The second layer is identity. Multi-factor authentication is mandatory, not optional, across online banking and the mobile app. Sessions time out automatically after 15 minutes of inactivity. Five failed password attempts trigger an automatic account lockout that can only be cleared by the customer verifying identity with a service officer. Biometric sign-in on iOS and Android uses the device-native secure enclave; the bank never sees the biometric template itself.

The third layer is behavioural. A fraud-detection machine-learning engine scores every transaction against the customer’s historical pattern — geography, merchant type, velocity, channel, device fingerprint — and flags outliers in real time. Alerts flow through SMS, push and email so the customer can confirm or dispute the activity before funds clear. The card lock/unlock toggle inside the mobile app disables authorization instantly, which is useful when a card is temporarily misplaced rather than lost outright.

The fourth layer is regulatory. Deposits are insured by the FDIC up to $250,000 per depositor, per ownership category. Electronic transactions are governed by Regulation E, which caps consumer liability for unauthorized use when reported promptly. BSA/AML, OFAC screening and CFPB compliance are embedded in daily operations.

Security Control	Technology	Standard	Use Case
Transport encryption	TLS 1.3, modern cipher suites	NIST SP 800-52	All browser and mobile-app traffic
Data-at-rest encryption	AES-256 with rotated keys	FFIEC Cybersecurity Assessment	Deposit records, statements, documents
Multi-factor authentication	SMS, voice, authenticator app, hardware key	FFIEC MFA Guidance	Sign-in, wires, external transfers
Session management	15-minute idle timeout, re-auth for sensitive actions	OWASP ASVS	Online and mobile banking
Account lockout	5 failed attempts, identity-verified unlock	NIST SP 800-63	Credential stuffing defense
Fraud-detection ML	Behavioural scoring, real-time alerts	FFIEC Fraud Guidance	Card authorizations, ACH, wires
Deposit insurance	FDIC coverage to $250K per category	FDIA, 12 CFR Part 330	All insured deposit balances

Regulation E Electronic Transaction Rights

Regulation E, the Federal Reserve rule implementing the Electronic Fund Transfer Act, protects consumer account holders against unauthorized debit-card, ACH and online-banking activity. You have a 60-day window from the first statement showing the disputed item to file a claim. Provisional credit is generally issued within 10 business days while the investigation runs. The CFPB Regulation E reference explains the full text and consumer obligations.

Report unauthorized activity immediately to lock liability at the lowest tier. Report card fraud 24/7 at 1-800-262-8215. Online-banking disputes can be filed from inside the secure-message center after sign-in.

Reg E dispute timeline with 60-day window, 10-day provisional credit and investigation workflow for NexTier Bank customers

FDIC Deposit Insurance Categories

The Federal Deposit Insurance Corporation insures deposits up to $250,000 per depositor, per ownership category, at every FDIC-insured bank. Common categories include single accounts, joint accounts, certain retirement accounts, and revocable trust accounts. Coverage is automatic — no enrollment required. For households with balances above a single category limit, combining ownership structures or adding additional institutions are standard approaches.

The FDIC deposit insurance overview includes the official calculator (EDIE) for complex household structures.

Identity Theft Response

If you suspect identity theft, file a report at IdentityTheft.gov, place fraud alerts or credit freezes with the three nationwide credit bureaus, and notify the bank so accounts can be reviewed. The bank’s fraud operations team will pull an unauthorized-activity statement under Regulation E, freeze affected cards, and issue replacement credentials with forced-rotation passwords.

Keep a written record of every call, every reference number, and every response letter. The federal agencies publish a recovery checklist that tracks each step from initial report through dispute resolution.

Identity theft recovery checklist with credit bureau freeze, IdentityTheft.gov report, NexTier Bank account review and dispute tracking

"Fraud Alert Saved Us $3,200"

"A skimmed debit-card number was used overnight for three gas-station purchases in Florida. The fraud-detection alert hit my phone before the third transaction cleared. I locked the card from the app, called the toll-free line, and had a replacement in four business days. Provisional credit posted within the Reg E window."

— Heather L., Personal Client, Renfrew, PA

"MFA on Every Wire"

"Our construction business wires subcontractor payments weekly. The mandatory MFA step on every wire origination — not just sign-in — caught a business email compromise attempt last spring. An attacker had spoofed a subcontractor email requesting new routing details. The MFA prompt slowed us down enough to pick up the phone and verify."

— Stephen H., Controller, Oakmont Builders (Butler, PA)

"Identity Theft Recovery Was Handled"

"When my wallet was stolen in Pittsburgh, I called the 24/7 line from the hospital parking lot where I was stuck waiting on a family member. The card was frozen while I was still on the call. The fraud team pulled an unauthorized-activity statement and walked me through the Reg E dispute steps. Clean recovery in three weeks."

— Melissa T., Customer, Tarentum, PA

How does multi-factor authentication work?

A User ID and password combined with a one-time code via SMS, voice, email or authenticator app. MFA is prompted on new devices, on sensitive actions (wires, external transfers) and on sessions flagged as unusual. Hardware keys and TOTP apps are supported.

What do I do if my debit card is lost or stolen?

Call 1-800-262-8215 24/7 or freeze the card instantly inside the mobile app using the card lock feature. Replacement cards arrive in 5-7 business days with rush delivery available.

What are my Regulation E rights?

60-day dispute window from the first statement showing the disputed item. Provisional credit within 10 business days during investigation. Full liability cap when reported within two business days. See CFPB Regulation E.

How do I report phishing?

Forward the message to fraud-reporting@nextier.at without clicking links or opening attachments. Include full email headers if possible. Never disclose passwords, MFA codes or SSN by email.

What do I do if I suspect identity theft?

Place fraud alerts or credit freezes with the three nationwide credit bureaus, file at IdentityTheft.gov, call 1-800-262-8215 for account review, and request a Reg E unauthorized-activity statement.

Security at NexTier Bank: Fraud Protection and Secure Sign-In

Security Profile: Layered Controls Across Every Channel

Security Controls Reference

Consumer Protections You Should Know

Regulation E Electronic Transaction Rights

FDIC Deposit Insurance Categories

Identity Theft Response

Report Fraud or Lost Cards

Voices on the Security Program

"Fraud Alert Saved Us $3,200"

"MFA on Every Wire"

"Identity Theft Recovery Was Handled"

Frequently Asked Questions

Related Services

Security at NexTier Bank: Fraud Protection and Secure Sign-In

Security Profile: Layered Controls Across Every Channel

Security Controls Reference

Consumer Protections You Should Know

Regulation E Electronic Transaction Rights

FDIC Deposit Insurance Categories

Identity Theft Response

Report Fraud or Lost Cards

Voices on the Security Program

"Fraud Alert Saved Us $3,200"

"MFA on Every Wire"

"Identity Theft Recovery Was Handled"

Frequently Asked Questions

Related Services

Secure Sign-In

Online Banking

Mobile Banking

Account Alerts

Knowledge Base

Branch Locator

Our History

Privacy Disclosure