Remote Deposit Quick Start Guide



Similar documents
Don t Fall Victim to Cybercrime:

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices

Best Practices Guide to Electronic Banking

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Payment Fraud and Risk Management

Retail/Consumer Client. Internet Banking Awareness and Education Program

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Protecting your business from fraud

Phishing for Fraud: Don't Let your Company Get Hooked!

Deter, Detect, Defend

OIG Fraud Alert Phishing

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Take Over (CATO) Guide

Information Security Awareness

What are the common online dangers?

Identity Theft Protection

Tips for Banking Online Safely

How To Protect Yourself Online

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Online Banking Customer Awareness and Education Program

Identity Theft and Strategies for Crime Prevention

Learn to protect yourself from Identity Theft. First National Bank can help.

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

Best Practices: Reducing the Risks of Corporate Account Takeovers

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

National Cyber Security Month 2015: Daily Security Awareness Tips

Your security is our priority

Payments Fraud Best Practices

Malware & Botnets. Botnets

Online Cash Management Security: Beyond the User Login

Electronic Fraud Awareness Advisory

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Cyber Security Survival Guide

Questions You Should be Asking NOW to Protect Your Business!

NATIONAL CYBER SECURITY AWARENESS MONTH

These Terms and Conditions specifically apply to the following functionalities:

BE SAFE ONLINE: Lesson Plan

Data Management Policies. Sage ERP Online

Online Cash Manager Security Guide

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Top tips for improved network security

Advice about online security

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

& INTERNET FRAUD

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

A Quick and Easy Guide to Business Online Banking. By Paul A. Murphy

INTERNET BANKING SYSTEM AGREEMENT

Computer Security Maintenance Information and Self-Check Activities

A QUICK AND EASY GUIDE TO ONLINE BANKING AND BILL PAY

Why is a strong password important?

STRONGER ONLINE SECURITY

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

If you contact us orally, we may require that you send us your complaint or question in writing within 10 business days.

Business Online Banking Client Setup Form

F-Secure Anti-Virus for Mac 2015

BUSINESS ONLINE BANKING AGREEMENT

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Published by Murphy & Company, Inc Barrett Office Dr Suite 206 St. Louis, MO

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Security Bank of California Internet Banking Security Awareness

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

How To Protect Your Online Banking From Fraud

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Client Advisory October Data Security Law MGL Chapter 93H and 201 CMR 17.00

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Desktop and Laptop Security Policy

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Transcription:

Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide

What s Inside We re committed to the safety of your company s financial information. We want to make you aware of common types of business fraud and what you can do to protect your organization. The information in this guide is designed to help you learn more about fraud prevention and the services available to help protect your business. Common Types of Online Fraud: Phishing.................. 3........................... Malware.................. 4........................... Spyware.................. 4 Best Practices for Online Security............................. 5 Online Fraud Prevention Tools:. Firewalls.................. 6........................... Software Updates.......... 6........................... Anti-Virus................. 7........................... Anti-Spyware.............. 7 Common Types of Payment Fraud: ACH..................... 8........................... Check Fraud............... 9........................... Credit Card Fraud........... 9 Best Practices for Payment Fraud Prevention................... 10 How We Protect Your Company............................. 11 How to Respond to a Security Breach........................ 13 Conclusion............................................... 14 Additional Resources...................................... 15 Note: The following information should be used for reference only and should not be used as a sole resource for security training in your organization. Published by Murphy & Company, Inc. 459 Sovereign Court St. Louis, MO 63011 www.mcompany.com 2010 Murphy & Company, Inc. Disclaimer: Concepts, strategies and procedures outlined in this guide can and do change and may not be applicable to all readers. The content in this guide is not warranted to offer a particular result or benefit. Neither the author/publisher, nor the service provider shall be liable for any damages arising out of the use of this guide, including but not limited to loss of profit, commercial, special, incidental or other damages. For complete product and service information, please refer to the terms, conditions and disclosures for each product and service. 2

Common Types of Online Fraud Phishing Phishing refers to one of a variety of scams in which cybercriminals attempt to gather personal and financial information from unsuspecting victims. Often, phishers claim to be representatives from a legitimate organization or business. There are several common types of phishing you should be aware of. E-mail Phishing: Cyber-criminals send e-mails attempting to trick victims into divulging sensitive information such as usernames, passwords and debit/credit card numbers. These e-mails may contain fake toll-free numbers, links to counterfeit websites or harmful computer viruses. Spear Phishing: This type of phishing is usually directed at a person within a company who is able to initiate business funds transfers or payments. A cyber-criminal sends an attachment containing a keystroke logger, which will capture the user s online banking credentials and transmit them back to the criminal. Phone Phishing (Vishing): A victim may receive a phone call from either a live person or recorded message, asking them to provide or confirm personal or financial information. Text Phishing (SMiShing): A cyber-criminal contacts a victim via text message, directing them to call a toll-free number or visit a website which asks for the victim s personal or financial information. Note: We will never request your personal or account information via e-mail, text message, or pop-up windows. Contact your local branch directly if you suspect any message to be fraudulent. Do not respond to or use links within e-mails; always type the URL into your browser. 3

Common Types of Online Fraud Malware Malware is designed to infect or damage a computer system without the owner s knowledge or consent. Examples of malware include viruses, worms, Trojans and spyware. Spyware and Trojans are becoming increasingly popular with cyber-criminals. Common symptoms of a computer infected with malware include system instability or extremely slow operation, advertising pop-ups, a new browser homepage or toolbar, repeated error messages and e-mails sent from your account which you didn t initiate. Spyware Spyware is a form of malware that can monitor and in some instances control a victim s computer. If your system is infected with spyware, a third party could monitor your web browsing, record your keystrokes or direct your browser to counterfeit websites. If you notice your browser accessing websites you did not request, computer keys that don t work, a large number of advertising pop-ups, error messages, and generally poor system performance, these may be signs of spyware compromising your system. To avoid malware and spyware, do not click on links in pop-up windows or e-mails, even if the links claim to be offering anti-spyware software. Use reputable commercial anti-virus and anti-spyware software, and keep them up-to-date. Use of a hardware or software firewall is highly recommended. 4

Best Practices for Online Security The following tips can help protect you and your company from online fraud. Protect Your Accounts: Initiate outbound ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer. Set daily limits for wire transfers and ACH batches and use ACH blocks and filters to protect your accounts from fraudulent inbound transactions. You can use our Positive Pay service to review/approve checks before they are cleared. Contact Treasury Management at 1-866-339-6847 for more information. Set online alerts to provide additional security and awareness within online banking. Protect Your Computer Systems: Perform online banking activities from a computer that is used only for accessing online banking services and not any other e-mail or web browsing activities. Be suspicious of any e-mail claiming to be from us, any other financial institution or government agency asking for your online banking login credentials. Install a dedicated business firewall. Use complex passwords with at least eight characters of mixed case letters, numbers and special characters. Immediately report any suspicious activity to us at 1-800-650-7141, particularly if you suspect fraudulent activity concerning ACH or wire transfers. There is a limited recovery window for these transactions, and immediate escalation may assist us in preventing losses to your company. 5

Online Fraud Prevention Tools Firewalls A firewall is a hardware or software system designed to block unauthorized access to your computer. Think of a firewall as an electronic gatekeeper, allowing only legitimate network access to your computer workstations. Software Firewall: Many modern computer operating systems for home and professional use include a pre-installed software-based firewall. Hardware Firewall: Many businesses choose to run a dedicated, physical firewall device to protect access to their network. A hardware firewall connects directly to the network, independent of any individual computer. Software Updates It s important to keep the software running on your business s computers up-to-date. As hackers and other cyber-criminals find new ways to compromise software applications or systems, developers will release fixes or patches to the software to address any new security weaknesses. Many of these software updates can be set to occur automatically, such as updates to Microsoft Windows or Mac operating systems. Make sure to consult the documentation for the software used on your business computer for details on how to make sure applications are updated. 6

Online Fraud Prevention Tools Anti-Virus Every computer used by you or your employees should use up-to-date anti-virus software. These programs keep your computer safe from malware (malicious software) in two ways: Removing Known Malware: The anti-virus software scans your computer s hard drive for known viruses and removes any detected malware. Preventing New Malware: The anti-virus software keeps track of running computer processes and will block any suspicious computer code or files. Anti-Spyware Spyware is a particular kind of program designed to monitor and collect information about your computer or Internet usage and transmit it to a third party without your knowledge. This information can be as simple as what websites you visit regularly, or as dangerous as recording your keystrokes as you enter your password when logging on to manage finances with online banking. As with anti-virus software, anti-spyware works in two ways: Removing Known Spyware: The anti-spyware software scans your computer s hard drive for known spyware and removes any detected programs. Preventing New Spyware: The anti-spyware software keeps track of running computer processes and will block any suspicious computer code or files. 7

Common Types of Payment Fraud ACH Automated Clearing House (ACH): Cyber-criminals steal funds directly from accounts by accessing account and routing numbers illegitimately. Payroll and government payments are common transactions that cyber-criminals focus on, as well as any online payments or payments made over the phone. Account Hijacking: A cyber-criminal captures a user s login credentials to gain access to the ACH origination system and then uses it to make payments. Criminals can capture login credentials in a variety of ways, such as using a keystroke logger or remote access Trojan. Identity Theft: A criminal creates a false identity and uses it to obtain origination capabilities within an online banking environment. They then initiate fraudulent credits using these capabilities. ACH Kiting: ACH kiting is very similar to check kiting, but involves cyber-criminals using a pair of accounts for fraudulent purposes. The criminal originates an ACH debit from one account to another, with the available balance withdrawn before settlement. Reverse Phishing: Instead of e-mails attempting to fraudulently obtain online banking information, the cyber-criminal sends e-mails to businesses that provide fraudulent banking information, redirecting payments to an account they control. Counterfeiting: The perpetrator of this kind of payment fraud converts a counterfeit check to electronic form and uses it to originate an ACH debit. 8

Common Types of Payment Fraud Check Fraud Even as businesses conduct more and more financial management online, check fraud is still a threat to financial security. Check fraud involves forging, altering or counterfeiting checks as well as the issuing of a check for an account the criminal knows has been closed or has insufficient funds to cover the check amount. Check fraud is easy to commit, needing no more advanced technology than a scanner, printer and desktop publishing software. Credit Card Fraud Many businesses use corporate or commercial credit cards to conduct business-to-business payments. The widespread use of corporate credits cards has led to many types of credit card fraud. Misuse: A legitimate company employee uses a corporate credit card for unauthorized purposes. Embezzlement: An employee with authorization to use a corporate credit card uses card information to defraud the company. False Fraud: A card-holder claims legitimate charges are invalid in order to avoid paying them or to avoid repercussions. 9

Best Practices for Payment Fraud Prevention The best way to protect your business against payment fraud is to have a plan in place before any fraudulent activity occurs. ACH Fraud Protection: Make absolutely sure of the other party s identity when conducting electronic transactions. Mask account numbers and Tax ID numbers in correspondence. Never transmit confidential or personal information over unencrypted e-mail. When employees leave the company, make sure all tokens are collected and users are deleted from the system. Protect your funds by preventing unauthorized transactions from taking place with the use of our ACH Filters and Blocks. Designate the type of ACH transactions you wish to block from your accounts with ACH Blocks, or limit which companies can initiate ACH entries to and from your account with ACH Filters. Both these ACH control measures will help protect against fraudulent transactions. Check Fraud Protection: Use high-quality check stock with built-in security features such as watermarks, bleach-reactive stains, micro printing and fluorescent fibers. Establish and implement financial document destruction processes and check reorder policies. Segregate duties by assigning different employees to make payments and reconcile accounts. Credit Card Fraud Protection: Require training for all card-holders to make sure everyone understands the limits of the program. Use a card provider that offers web-based payment management tools, including real-time spending reports. Establish protective controls like monthly transaction limits and blocking unauthorized vendors. 10

How We Protect Your Company Privacy Protection: The privacy of your financial information is our top priority. We provide access to confidential information only for authorized users. Encryption, monitoring and automated analysis software is used to protect confidential information. We monitor all consultants and vendors who work with us through contractual agreements and corporate-wide security programs. Password Policy Guidelines: We comply with industry standards for complex passwords, requiring at least eight characters of mixed case letters, numbers and special characters. 11

How We Protect Your Company Multi-Factor Authentication: We use strong authentication methods to make sure only you and/or your authorized users are able to access your accounts online. Users must provide a User ID and Password to log in, and may be asked several challenge questions. Corporate Net Banking users must provide information from a security token at sign-on, while Business Net Banking users must use their security tokens to process ACH and wire transfers. Encryption: All online activity is encrypted from the time it leaves your computer until it enters our systems. Your information is protected by Secure Sockets Layer (SSL) technology, preventing your data from being read. Please be aware that information accessed from a compromised computer may still be at risk. Online Payments Digital Controls: Our online products give your business a wide variety of tools and features aimed at allowing you to manage access to your accounts at the user level, including regulated permissions and specified limits to ACH, wire transfers and other transactions. Payment approval permissions and advanced reporting tools help to further prevent fraudulent activity from occurring. 12

How to Respond to a Security Breach An electronic security breach is any unauthorized acquisition of computerized data that compromises the security, confidentiality and integrity of nonpublic information maintained by your business. To Report a Security Breach: Should you suspect someone has breached your account security, immediately report the suspicious activity to us at 1-800-650-7141. This is particularly important if you suspect fraudulent activity concerning ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may assist us in preventing further losses to your company. As a general precaution, we suggest businesses establish written procedures to be followed in the event of a security breach, with the assistance of legal counsel, information technology consultants or both. Suggested Guidelines: Develop a list of local police department phone numbers to report thefts or break-ins. Select an information technology consultant who can take proactive steps to stop further dissemination of information taken from a compromised computer system. Designate specific employees to contact us in the event of a security breach. If we are unsure the information is coming from an authorized company representative, we will follow established protocols to validate the identity of the contact. Establish a written policy detailing conditions under which you will notify your customers of the breach, who will provide the notification and how the notification will take place. 13

Conclusion No company or organization is immune to fraud. Criminals are extremely resourceful, inventive and elusive in defrauding consumers, businesses and government agencies. Scams can occur online and offline involving anything from individual check fraud to organized groups of criminals working to steal billions. We are your partner in establishing and maintaining effective fraud prevention techniques and procedures. Through a combination of strict internal controls such as segregation of duties, third-party audits and services like Positive Pay, we provide a multitude of tools to help you keep your financial information safe. We continue to invest in technology and the ongoing research necessary to reduce fraud risk and protect your company around the clock. 14

Additional Resources Secure Communications: We will never send you an e-mail asking you to click a link to verify or supply personal information. If you are unsure about an e-mail or website that appears to be from us, take the following precautions. 1. Type our web address (sterlingsavingsbank.com) into your browser to visit our website instead of relying on links in e-mails or an 1 entry in your favorites. 2. Double click the gold lock icon at the bottom or top of the page to verify the security certificate is listed as being issued to sterlingsavingsbank.com. Our services are certified by VeriSign, Inc. Third-Party Information: 2 Federal Trade Commission (FTC) - www.ftc.gov: The FTC is an independent government agency tasked with promoting consumer protection. This agency investigates issues raised by reports from consumers and businesses. Internet Crime Complaint Center (IC3) - www.ic3.gov: The IC3 is a task force comprised of representatives of the Federal Bureau of Investigation, National White Collar Crime Center and Bureau of Justice Assistance, assembled specifically to address instances of cyber-crime. BBB s Data Security Made Simple - www.bbb.org/data/-security/: The Better Business Bureau provides an overview of best practices for data security. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information