Keep Your Business Banking

Similar documents
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

FFIEC CONSUMER GUIDANCE

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Your security is our priority

FFIEC CONSUMER GUIDANCE

Don t Fall Victim to Cybercrime:

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Best Practices: Reducing the Risks of Corporate Account Takeovers

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Electronic Fraud Awareness Advisory

Online Cash Manager Security Guide

Online Banking Fraud Prevention Recommendations and Best Practices

Protecting your business from fraud

ONLINE ACCESS ONLINE ACCESS FAQS FAQS

CAPITAL PERSPECTIVES DECEMBER 2012

Payment Fraud and Risk Management

Remote Deposit Quick Start Guide

Reliance Bank Fraud Prevention Best Practices

ELECTRONIC AUTHENTICATION. Understanding the New. Multi-factor authentication and layered security are

FFIEC BUSINESS ACCOUNT GUIDANCE

Best Practices Guide to Electronic Banking

Preventing Corporate Account Takeover Fraud

Safeguarding Your information and accounts

National Cyber Security Month 2015: Daily Security Awareness Tips

ACH Welcome Kit. Rev. 10/2014. Member FDIC Page 1 of 8

Retail/Consumer Client. Internet Banking Awareness and Education Program

& INTERNET FRAUD

Top Fraud Trends Facing Financial Institutions

BE SAFE ONLINE: Lesson Plan

Corporate Account Take Over (CATO) Guide

Cathay Business Online Banking

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Learn to protect yourself from Identity Theft. First National Bank can help.

BUSINESS ONLINE BANKING AGREEMENT

SENIORS ONLINE SECURITY

Alternatives for Managing Commercial Payments Risk

Frequently Asked Questions (FAQ)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Questions You Should be Asking NOW to Protect Your Business!

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Supplement to Authentication in an Internet Banking Environment

Transforming the Customer Experience When Fraud Attacks

Welcome to Information Security Training

How To Protect Your Online Banking From Fraud

SHS Annual Information Security Training

Published by Murphy & Company, Inc Barrett Office Drive Suite 206 St. Louis, MO

Cybersecurity. Are you prepared?

Safe Practices for Online Banking

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

A Quick Reference Guide to Online Banking & Bill Payment

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

A Quick and Easy Guide to Consumer Online Banking and Bill Pay

Business Online Banking & Bill Pay Guide to Getting Started

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Business Online Information Security

Security Guidelines and Best Practices for Retail Online and Business Online

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

NATIONAL CYBER SECURITY AWARENESS MONTH

Federal Trade Commission Privacy Impact Assessment for:

Personal Online Banking & Bill Pay. Guide to Getting Started

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

BUSINESS ONLINE BANKING QUICK GUIDE For Company System Administrators

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Website Privacy Policy Statement

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Guide to Preventing Social Engineering Fraud

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

IT04 UO ACH Security Policy

Catch the Hometown Spirit

Basic Computer Security Part 2

FFIEC Authentication Guidance Examination in 2012: Are You Prepared?

Corporate Account Takeover & Information Security Awareness

As a precaution, we have arranged with AllClear ID to provide identity protection services to affected clients at no cost for a period of one year.

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer

Tips for Banking Online Safely

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

PCI Compliance for Cloud Applications

Online Banking. Customer Information

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

(Unofficial Translation)

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Standard: Information Security Incident Management

Cyber Security Survival Guide

Transcription:

Keep Your Business Banking Safe in the Digital Age By Erin Fonté As a business executive, you have many choices in conducting banking activities, including online and mobile banking options. But with increasing freedom and ease comes increasing responsibility. You can take steps to protect your assets in partnership with your bank, to help you guard against the potential of an account compromise. Partnership for secure electronic banking Your role in the partnership Report odd screens or messages when conducting online banking Monitor accounts and transactions frequently Understand best practices for software use Establish and train employees on security procedures Review any security updates Frost sends you Call your Frost banker Frost s role in the partnership Clearly explain security procedures and answer questions at any time Continually update processes and products to be more secure Frost takes responsibility for safeguarding Educate your employees on proper online banking practices your account and personal information on Notify you regarding account irregularities our systems. You, as the business owner, executive or administrator, must control your interactions and educate yourself about online and mobile security. While there are people out there who want to take advantage of a weak link, you can take action to help avoid becoming a target. Don t forfeit the security game by not educating yourself and your employees. Protecting your accounts not only guards your assets it s also a smart business practice to help protect your reputation. Your customers and vendors rely on you to keep their information secure. Isn t my business automatically protected from unauthorized transactions? Many business managers mistakenly think that they are automatically protected from losses due to unauthorized transactions. While there are certain laws protecting consumer electronic funds transfers, they do not apply to business transactions. frostbank.com business.solutions@frostbank.com p.1

What are some ways bank accounts typically become compromised? One of the most publicized ways a bank account can become compromised is when an unauthorized individual obtains legitimate online or mobile banking login and authentication information. Such information can be used to log in and originate unauthorized transactions. When this happens to a business account, it is referred to as a corporate account takeover. Unauthorized transactions arising from these events can take many forms, including: Transferring funds to an overseas bank account Creating fake employees, vendors or bill payees and transferring funds to them Taking other sensitive customer information and using it for unauthorized purposes and transactions Corporate accounts can be taken over by individuals outside the company or by an employee of the company. Here is what could happen without attention to security. External Account Takeovers External takeovers often target company employees who can be tricked into voluntarily revealing their online or mobile banking information. Unexpected trickery: Debbie, who works in accounts payable, has a group of friends who trade funny videos of their pets. One morning Debbie gets an email saying, My new kitten is so cute thought you would enjoy this! with a video clip attached. On her lunch break, when Debbie opens her new kitten video, she triggers installation of malware to her computer. Later in the afternoon, when Debbie logs in to the company s online banking account, the malware captures her user ID and password. Now the company s business banking account is compromised. When an account is compromised, you might see an unfamiliar screen asking for information you don t usually enter, or perhaps a message indicating you should wait a moment for information to clear. If anyone at your company notices any suspicious or unauthorized activities, you should immediately contact your bank to help investigate the incident. You should also isolate that particular computer from the rest of the company s network. p.2

Internal Account Takeovers Not all takeovers are carried out by people outside of the company. Over the past several years, there have been examples of modern-day trusted bookkeeper insider fraud using bill payment and ACH transactions. Outright deception: Bill is the company s only bookkeeper and accounting person, handling vendor setup and accounts payable and receivable, and also balancing the books. Having total control over setting up new vendors, issuing payments and balancing the books, he creates five fake vendors. Then he creates false invoices and pays the five fake vendors. The money is really routed to Bill s own personal accounts. Each month, he transfers around $500 per vendor via ACH, for a total of $2,500. No one at the company catches the fraud, and by year s end, Bill has embezzled $30,000. As your partner in responsible online banking, Frost s products and services could help prevent such fraud by: Setting up dual authentication with separate people initiating and approving wire or ACH transfers Obtaining positive pay services for checks or ACH positive pay services that compare checks or ACH transfers only to approved companies What can I do to improve my account security? The best way to protect against financial fraud is to have a strong relationship and open line of communication with your financial institution. Talk to your banker if you have any questions about security procedures or your responsibilities for online and mobile banking activities. Implement Good Security on Your Side of the Transaction Attention to internal security is good for your business and helps protect your banking security. Consider these actions: Protect your online and mobile environment just like you protect your cash and physical location. Work with your banker to understand necessary security measures your bank requires you to follow for online and mobile banking, and review any updates your bank sends to you. p.3

- Use only secure Internet connections - Encrypt sensitive data and use strong passwords - For both online and mobile devices, obtain and install anti-virus, anti-malware and anti-spyware software and install firewalls Pay attention to suspicious activity and react immediately. Call your banker if you have any questions or concerns about banking activity that seems different. - Monitor accounts frequently and immediately review wire, ACH or other transaction confirmations - Report suspicious activity to your banker immediately - Keep records of what happened for investigation purposes and because your bank may need information for its own investigation Implement good internal controls. Comply with your bank s security procedures, and do not ask for standard security procedures to be waived just this one time. - Implement dual controls and approval for ACH and wire transfers so that dual approval is required prior to the transaction being initiated - Consider using a dedicated computer for online banking that is never used for email or general Internet browsing - Have good security on any mobile devices used to initiate account transactions - Understand and control the authorized users and permissions granted to any employees approved for commercial or online mobile banking use Provide good employee education. Ask how your banker may be able to help educate your employees. - People are really the first line of defense against account takeover attacks and the best resources for protecting security, so train your employees in computer security best practices - Adopt and provide a computer and mobile device use policy that teaches your employees about computer and mobile device security - Train employees to never share user IDs, passwords, PINs, dynamic tokens or other authentication information with anyone, and don t leave such information unsecured - Never replicate your login or password for other websites, software or apps p.4

What does Frost do to protect my account security and data privacy? Protecting the security of your accounts and your personal information is and will always be a priority. You can be confident in Frost and online electronic banking, knowing that we are on guard to keep your information safe and secure. Frost has a team of highly trained personnel to address the quality and security of our online and mobile banking services. We can even help you in situations with your affected Frost accounts unrelated to Frost actions. For example, Frost has well-recognized experts who can explain and intervene if you face identity theft because non-account-related information is compromised. Frost develops and deploys online and mobile security procedures that are flexible and address current and evolving security concerns. Our routine processes and sophisticated technologies constantly monitor accounts and detect unauthorized activity, and we continually look for ways to strengthen those systems. We will notify you if we notice any irregularities on our side first and quickly respond to your reports of unauthorized activity. When unauthorized activity on a customer s account has been reported and verified, Frost bankers will work quickly to: - Investigate the incident - Determine if any amount of a loss can be recovered - Restore the integrity and security of any affected computer systems or mobile devices - Restore online or mobile banking services p.5

References Here are additional resources regarding security essentials for business. How to Keep Your Personal Information Secure (Federal Trade Commission) http://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure Ten Cybersecurity Strategies for Small Businesses (Federal Communications Commission) http://www.uschamber.com/sites/default/files/issues/defense/files/10_cyber_strategies_for_small_biz.pdf Data Security Made Simpler (Better Business Bureau) http://www.bbb.org/data-security/ Sound Business Practices for Businesses to Mitigate Corporate Account Takeover (NACHA The Electronic Payments Association) https://www.nacha.org/sites/default/files/files/cat%20-%20b.pdf About the Author Erin Fonté is a banking regulatory and payments attorney and shareholder with the Austin office of Cox Smith (efonte@coxsmith.com). She has served as outside counsel to Frost for more than 10 years for regulatory and compliance, commercial and consumer banking services (including online and mobile), and privacy and data protection issues. www.frostbank.com 1-800-513-7678 p.6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information