SECURITY

Northland Financial understands that your trust in us depends on how well we 
keep your personal, business and account information secure. Our Customer 
Information Security Policy is comprehensive, proactive and designed to ensure 
that information about you is secure whether you bank with us at our main location, 
at our ATMs, or by telephone or Internet.

We will continually update and improve our security standards to help protect 
against unauthorized access to our confidential information. We will maintain 
physical, electronic and procedural safeguards that comply with federal standards 
to guard customers' information.

At Northland Financial the safety of our customers comes first! We are honored to 
be your bank.

New Scam

There is a new version of an old scam that is invading the ACH network. 
At the crux of the scam is one simple goal, to use an unsuspecting victim to launder money.

Here is how the scam works. Fraudsters scour on-line resume posting services looking 
for potential victims. When the fraudster locates an individual that looks promising, an 
email is sent offering them a job as a financial agent. If the individual responds positively, 
a contract is sent. In the contract, the "scam" is laid out. The company, usually posing as a 
stock brokerage firm or other type of financial company that would be moving money regularly, 
will deposit money into the victim's checking account via ACH. The individual will receive an 
email notifying them the money had been sent. The individual then must go withdraw the funds 
from their account as quickly as possible and go to a money transfer service and send the 
money to various sources, generally somewhere in Eastern Europe.

Spear Phishing - a New Scam

Spear Phishing has been identified as a new security risk to online banking users. 
Please be aware of how hackers attempt to attain access to your accounts by using 
this technique.

It's been announced recently that hackers are successfully scamming banking 
customers with spear phishing emails stating that their banking digital certificate 
has expired. The malicious emails state that in order for the bank customer to access 
their bank account, they must load a new cerficiate by clicking on an enclosed link.

Once they click on the link, they are actually downloading the Prg Banking Trojan. This 
banking Trojan, originally discovered in December 2007, is one of the most sophisticated 
and lethal pieces of banking malware developed.

The Prg Banking Trojan enables the hacker to be alerted when the victim is doing online 
banking so the hacker can piggyback in on the session with the victim. This way the 
hacker can compromise the victim's bank account(s) without using the victim's username 
and password.

It's been reported that the Prg Banking hackers targeted commercial banking cutomers 
last December and one scam resulted in the theft of over $6 million from banks in the 
US, UK, Spain and Italy.

How to Protect Yourself Against this Hacking/Phishing Scam

Avoid clicking on ANY links within emails from untrusted sources. The danger is not in 
the email itself, it is in clicking the link which triggers a download of the Prg Banking 
Trojan. Even if the email seems to be from Northland Financial or another trusted source, 
find some way, besides replying to the email, to verify the email's authenticity such as 
calling the bank directly at 701.475.2301 or toll-free at 877.475.2301.

ATM Security

ATM's are very popular as a way to receive cash quickly in our fast-paced society. 
With one located on every corner, we need to protect ourselves from predators that 
may be out to claim our money, identity or safety. The following tips can help:

Take Someone With:

• Being alone sets a tone of vulnerability. Bring someone else 
  along - there is safety in numbers.
  
  

Check the Lighting and Surrounding Area:

• Use extra caution at night and make sure that all of the lights 
  surrounding the ATM are working.
• Check if shrubbery covers or blocks the view around the ATM
• Always read the message on the main screen of the machine.
• If you do not feel comfortable with the lighting or surrounding area 
  or if the ATM is malfunctioning, notify the bank and select a different 
  ATM.
  
  

Secure Your Vehicle:

• If leaving your vehicle to walk to the ATM, turn off the ignition and 
  lock the doors.
• If driving up to the ATM, lock the passenger windows and vehicle 
  doors.
  
  

Arrive Prepared:

• Never pull your ATM card out of your purse or wallet when you arrive 
  at the ATM. Come prepared with your card in hand.
  
  

Privacy is Key:

• Use common courtesy by not standing too close to the person ahead 
  of you in line.
• Use your body to cover the keypad and screen while entering your PIN 
  number. Make sure that no one can see what you are entering.
  
  

Be Responsible With Your Card and PIN:

• Treat your card like it is cash
• Never write down your PIN number or give it to anyone, including those 
  that you know. (Most ATM fraud is committed by individuals who know 
  the victim.)
• Report your card lost or stolen immediately.
• Never use numbers that are easy to identify.
  
  

Watch for "Skimmers":

• If a machine claims to clean, re-magnetize or renew your card, do not 
  use it. This machine could be used to copy identifying iformation from 
  the magnetic strip.
  
  

Always Take Receipts:

• Take the receipt even if a transaction is incomplete. Receipts left behind 
  or thrown away can lead to account hijacking and identity theft.
  
  

Wait to Count Cash:

• Put your money away immediately after your transaction is complete
• Leave the ATM premises quickly
• Count your money at a safe setting.
  
  

Credit Card and Check Card Security

As our customer, we care about you and the accounts you have with us. When we
become aware of information that may help you avoid becoming a victim of any number 
of scams, we're committed to sharing it with you. Below are three recent scenarios 
regarding credit card or check card sams:

Scenario #1:

A man went to a local gym and placed his belongings in a locker.

After a workout and a shower, he saw his locker open, and thought to himself, 
"Funny, I thought I locked the locker." He got dressed and flipped through his wallet 
to make sure all was in order. Everything looked okay and all of his credit cards and 
check cards were present.

A few weeks later his credit card bill came. It was a large bill of $14,000.00! He called 
the credit card company and complained that he did not make the transactions that 
appeared on his credit card bill. The customer service representative verified that there 
was no mistake and asked if his credit card had been stolen. He said, "No." But, when 
he took out his wallet and examined his credit card he realized that a switch had been made. 
An expired credit card, similar to his credit card from the same bank, was in his wallet.

It was determined that a thief broke into his locker at the gym and switched his credit card. 
The credit card issuer said that since the customer did not report his credit card lost or stolen 
earlier, he would have to pay the amount owed to them.

The man ended up having to pay $9,000. Since the credit card was used for many small purchases, 
no 'warning bell' was triggered with the credit card company.

Scenario #2:

A man at a restaurant paid for his meal with his credit card. When the bill for the meal came, 
he signed it, and the waitress folded the receipt and returned the credit card to him. Normally, 
he would just take the card and place it in his wallet or pocket. However, in this instance, he 
actually took a look at the credit card and to his surprise; it was an expired card of another person. 
He called the waitress back to the table and after examining it, looked perplexed. She took the card 
back, apologized, and hurried back to the counter, under the watchful eye of the man. The counter 
cashier retrieved the customer's correct card, gave it back to the waitress and she returned it to the 
man with an apology.

The lesson to be learned is to make sure the credit cards in your wallet are yours. Check the name 
on the card every time you sign for something and/or if the card is taken away from your view for 
even a short period of time. Many people just take back their credit card without even looking at it, 
assuming that it has to be theirs.

Scenario #3:

A woman went to a pizza parlor to pick up an order that she had called in. She paid using her 
Visa Check Card, which, of course was linked to her checking account.

The young man behind the counter took the card, swiped it, and then laid it on the counter as he 
waited for the approval. While he waited, he picked up his cell phone and started dialing.

The woman noticed his cell phone because it was the same model as her phone; however, 
nothing seemed out of the ordinary. Then she heard a click that sounded like her phone sounds 
when a picture is taken. The young man then gave her back her card but kept the phone in his hand 
as if he was still pressing buttons.

Suspecting that the young man may be taking a picture of her credit card, she watched his actions 
closely. He set his cell phone on the counter, leaving it open. About five seconds later, she heard 
the chime that tells you that the picture has been saved.

After realizing the young man had taken a picture of her credit card, she immediately cancelled her 
card as she was walking out of the pizza parlor. She was able to detect what the young man was 
doing since she had the same type of cell phone.

Precautions to take:

• Be aware of your surroundings
• Never leave behind a receipt that may contain your credit card or check card number
• Always look at your credit card or check card after a purchase, even if it is only in someone else's 
  hand for a short time

Report lost or stolen cards:

• Report a lost or stolen cash card or cash and check card:
  
  • During Bank Hours
    Call the phone number of a Northland Financial location near you
  • After Bank Hours
    Call Instant Cash Services at 1-800-535-8440
    
• Report a lost or stolen credit card:
  • Call Card Services at 1-800-883-0131 to report a lost or stolen 
    Visa Platinum Card obtained through Northland Financial. This 
    number is available 24 hours a day, seven days a week.

Website Security

In order to protect the information being gathered, this site has security measures 
in place including firewalls, encryption, and authenticated access to internal 
databases where needed.

We provide Internet access to your banking accounts through highly secure, password-protected 
systems that are guarded by firewalls and monitoring systems. Your financial information is 
protected by 128-bit encryption as it travels between our servers and your computer.

Look for security certificates, locked padlock symbols and the https: designation as indications 
of our commitment to your online security.

Multi-factor Authentication and Layered Security

Northland Financial uses multi-factor authentication and layered security to make you safer than 
ever before from identity theft. Today's authentication methods--used to confirm that it is you, and 
not someone who has stolen your identity--involve one or more basic factors:

• Something the user knows (password or PIN)
• Something the user has (ATM card or similar item)
• Something the user is (biometric characteristic, such as a fingerprint)

Single-factor authentication uses one of these methods; multi-factor authentication uses more than one, 
and thus is considered to be a more reliable and stronger fraud deterrent. When you use your ATM, you 
are using multi-factor authentication: Factor number one is something you have, your ATM card; factor 
number two is something you know, your PIN.

Northland Financial's goal is to ensure that the level of authentication used in a particular transaction is 
appropriate to the level of risk in that application. Accordingly, we have concluded an assessment of our 
current methods following federal regulatory guidelines and have implemented the appropriate 
authentication measures to keep your online transactions safe and secure.

In addition to multi-factor authentication, we may also rely on layers of control to assure your Internet safety. 
These might include:

• Additional controls, such as call-back verification
• Employing customer verification procedures, especially when opening accounts
• Analyzing banking transactions to identify suspicious patterns
• Establishing dollar limits that require manual intervention to exceed a preset limit.

One of our top priorities is to assure your safety and security when conducting online financial business.

Customer Awareness

Understanding the risks is a critical step in protecting yourself online. Here are some threats to watch for:

• Phishing

Lures you to a fake website (one that looks like a trusted financial institution) and tricks you into 
providing personal information, such as account numbers and passwords.

• Spear Phishing

Convinces victim to click a link from within an email which triggers a download of the Prg Banking 
Trojan allowing the hacker to piggyback into an online banking session with it's victim.

• Pharming

Similar to phishing, pharming seeks to obtain personal information by directing you to a copycat 
website where your information is stolen, usually from a legitimate-looking form.

• Malware

Short for malicious software, often included in spam e-mails, this can take control of your computer 
without your knowledge and forward to fraudsters your personal information such as IDs, passwords, 
account numbers and PINs.

Protecting Yourself Online

• Never share your access codes with anyone.
• Change your access codes on a regular basis. If you think your access codes have been compromised, 
  change them and contact us immediately.
• Use only the secure message service provided within Online Banking when sending or requesting 
  account information.
• Consider using a personal firewall to prevent hackers from invading your personal computer, especially 
  if you are using DSL or a cable modem to access the Internet.
• Install virus protection software and scan all downloaded software, as well as all diskettes, before use. 
  Also, delete e-mails with attachments from unknown sources.
• When you are done with your transactions, always click on the Logoff button on the website to exit the 
  application and prevent further access to your account. When using a public PC (such as in a library or 
  school), also close the browser when you are finished.