Protecting your Business
It is suggested that commercial online banking customers perform risk assessments and control evaluations periodically to help identify potential threats and to determine the strength of their controls. Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. We continually strive to improve security for our customers, we recognize that we cannot single-handedly protect our customers from online threats. Customers also have an important role to play in their own online banking security. Here are some recommended general practices to help avoid an account takeover:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Alternative Risk Control Mechanisms
Citizens' Bank provides enhanced security controls over account activities when using Online Banking such as a layered security approach which uses different controls at different points of a transaction so weakness in one control can be compensated for by the strength of another control as well as multi layered security in the authentication process. Some of the security features employed within Online Banking for our customers are as follows:
- Fraud detection and monitoring systems which consider customer history and enable a timely and effective response.
- Internal control of administrative functions including enhance controls for system administrators who set up or change system configurations.
- Enhanced control over account maintenance activities performed by customers or through customer service channels.
- Processes internally designed to detect and respond to suspicious activity related to initial login and initiation of electronic transactions.
- Multifactor authentication for transaction approvals for ACH, wires and external account transfers.
- Transaction related security alerts via email and/or SMS when:
♦ A security related change is made (passcode, email address, phone(s),security questions/answers)
♦ Online Transfer is processed (On-Us)
♦ External Transfer is processed
♦ ACH batch approval
♦ Receiver for ACH origination added/modified
♦ Wire Transfer Approved
♦ Beneficiary for wire transfer added/modified
♦ New payee bill payment alert
- Dual control for commercial activity (ACH origination, wire transfers) and Sub-User administration.
- Security Token PIN for commercial activity (ACH origination, wire transfers).
- Out-of band verification for transactions via email.
- Dollar limits are set for External Transfers, ACH origination and Wire Transfer Requests.
- Offer user initiated Notify-Me Alerts.
- Reminders to users every 120 days to change password and update security questions semi-annually.
Helpful and Useful Tips to Mitigate Risk are Outlined Below:
- Memorize your User Name and Password. Your online User Name and password authenticate you when you begin an Online Banking Session. You should never write it down anywhere, save to your computer, or reveal it to anyone.
- Create a complex unique password for online banking that:
♦ Is 8-12 characters in length. The longer the Password, the better.
♦ Includes both letters and numbers.
♦ Has at least four different characters (no repeats).
♦ Has at least one special character.
♦ Is obvious or easily obtainable information. Avoid dictionary words, children's names or birthdates.
- Do not use the password auto-save feature on your browser.
- Change your password periodically and often.
- Always sign out or log off and close your browser when you are finished. Don't rely on our Online Banking time-out feature.
- Update software frequently and keep systems current.
- Virus software, “definitions” should be updated daily.
- Install and activate a personal firewall.
- Install and run most recent version of Antivirus software.
- Keep your operating system (OS) current.
- Activate the automatic update feature.
- Set your browser’s security level to the default setting or higher.
- If your computer is infected with a virus, run anti-virus software to remove the infection and change passwords on all your financial and business accounts including your email account using a secure device.
General Best Practices
- Keep your personal information private and secure.
- Check your account balance regularly.
- Do not access your account from a public location.
- Be skeptical of email messages, for example, from someone unlikely to send an email such as the IRS.
- Do not open suspicious emails and do not click on the links. Should this happen, stop work and have a diagnostics performed immediately.
Identity Theft Tips
- Shred receipts, billing statements, expired cards, and similar documents.
- Review statements promptly and carefully.
- Only give personal information if you initiate the contact.
- Periodically check your credit report. You are entitled to receive one credit report from each credit bureau annually at no cost.
- Watch out for copycat websites that deliberately use a name or web address very similar to, but not the same as, that of the real financial institution or business.
- Wireless access should be secured with strong password encryption. Be cautious when using public hotspots and consider your WI-FI auto-connect settings.
- Check for the yellow lock icon in the status bar of your browser. This means the website uses encryption to protect your information. Make sure the yellow lock is closed, indicating the encryption is on. Double-click it to display the security certificate. The security certificate information should match the name of the site you intended to be on.
- Pay using credit cards.
- Avoid using a public or shared computer for business and financial transactions. Only conduct Online Banking and financial transactions using a trusted computer.
- Shred credit card, medical and other statements with personal information.
- Never click on suspicious links.
- Only give sensitive information to websites using encryption, verified though the web address.
- Use social media wisely and don’t reveal too much.
- Use passcodes.
- Avoid storing sensitive information.
- Keep software up-to-date.
- Install remote wipe if the device is lost or stolen it can be cleared off.
Using ATM’s safely
- Protect your ATM card and PIN. If lost report as soon as possible.
- Choose a PIN different from your address, telephone #, and birthdate.
- Be aware of people and your surroundings.
- Put away your card and cash.
- Skimming – observe the card reader; if it appears damaged don’t use it.
Listing of Bank Contacts
Contact any Citizens’ Bank Branch Locations click here, in the event you notice suspicious account activity or experience customer information security-related events.
To report a lost or stolen ATM/Debit Card during regular business hours please call (251)947-1981. After regular business hours please call (800)500-1044.
To report a suspicious email that uses Citizens' Bank's name, forward it to firstname.lastname@example.org .
Report any suspected fraud to the Bank and immediately to the fraud units of the three credit reporting agencies: TransUnion (800) 680-7289 - Experian (888) 397-3742-
Equifax (800) 525-6285
For more help and tips on Identity Theft please visit our webpage click here
Other Researched Security References:
Annual Credit Report
Bureau of Consumer Protection
Department of Homeland Security Cyber Report
FTC- Privacy & Security
Internet Crime Complaint Center