Special Considerations for Businesses
- Verify use of a secure session (https not http) in the browser for all online banking.
- Avoid using automatic log-in features that save usernames and passwords for online banking.
- Never leave a computer unattended while using any online banking or investing service.
- Never access bank, brokerage or other financial services information at internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
- When possible, for businesses that transact high value or large numbers of online transactions, it is recommended that all commercial online banking activities be carried out from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
- Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on Web links in suspicious emails could expose your system to malicious code that could hijack your computer.
- Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
- Ensure virus protection and security software are updated regularly, and consider installing spyware detection programs.
- Install a dedicated, actively managed firewall, especially if you have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
- Make certain computers are patched regularly, particularly operating systems and key applications with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
- Prohibit the use of “shared” usernames and passwords for online banking systems.
- Change the password a few times each year.
- Never share username and password information for online services with third-party providers.
- Limit administrative rights on users’ workstations to help prevent the inadvertent downloading of malware or other viruses.
- Conduct reconciliation of all banking transactions on a daily basis.
- Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
IMMEDIATELY ESCALATE ANY SUSPICIOUS TRANSACTIONS TO EVOLVE, PARTICULARLY ACH OR WIRE TRANSFERS. THERE IS A LIMITED RECOVERY WINDOW FOR THESE TRANSACTIONS AND IMMEDIATE ESCALATION MAY PREVENT FURTHER LOSS.
If your business accepts wires and/or sends outgoing wires to or on behalf of customers, beware of a scheme in which hackers can take over a legitimate email address and initiate fraudulent wire requests. Fraudsters have the ability to take over email accounts and send requests to bank employees asking for wire transfers or account information. Please be assured that we will never disclose your personal account information or initiate a wire transfer via e-mail. There are steps you can take to help protect yourself against this scheme, such as:
- Ensure your anti-virus software is up-to-date.
- Make sure your computer is free of malware.
- Whenever possible, discuss sensitive banking information via telephone or in person.
- Do not provide confidential information via email (i.e., account number, balances, Social Security number, PINs, etc.).
- Use a strong password on your email account.
Ensure that your business has procedures in place to verify any wire that is received via email or fax. For example, calling your customer directly using a phone number on file before proceeding with a wire can determine if the customer actually sent the request.