|CUSTOMER EDUCATION SERIES|
|Online Banking Security
Thank you for choosing East West Bank for your business banking needs. This communication is part of our ongoing
customer education series on online banking security and payment risk management education.
In this series, we will update you on the emerging security threats and provide you with recommendations and best practices
to protect your business from being the victim of online fraud.
The latest threat is an email phishing scheme where a fraudster intercepts payment instructions from a legitimate vendor to a business customer,
changes the payment beneficiary information, and instructs the unsuspected business customer to make payment to the fraudster's account instead
of the vendor's account. The fraudster ends up with the payment while the legitimate vendor does not get paid.
We highly recommend that you implement the following best practices to protect your company from being a victim of this scheme:
- Do not take payment instructions or changes to payment instructions by email.
- If you receive payment instructions or changes to payment instructions by email, implement a callback procedure to contact your vendor or trading partner to verify the authenticity of the request.
- Implement a process that requires additional review and approval of changes to wire templates and payment beneficiary information.
- Never give sensitive data (like an account number or password) in response to an email request, instant message or on a social network.
These are proven and long standing fraud management and operating controls that are widely used by companies, including East West Bank.
In addition to the callback procedure above, we also recommend that you continue to use the additional recommendations below to protect your company:
Required (Must-Have) Best Practices
- Download Trusteer Rapport from East West Bank's website for enhanced security. If you use ACH or Wires transfer, we highly recommend that you use Rapport along with dual control, alerts, and token to further protect your company.
- Implement dual control to initiate and release funds transfers, where two employees and two separate computers are required to complete the transfer of funds, either through ACH or Wires transfer.
- Establish appropriate dollar limits for ACH and Wires transfer, limiting the exposure in case of unauthorized attempts.
- Do not open emails from unfamiliar sources, especially those with attachments or links to click on.
- Maintain current version of antivirus software, run virus definition updates and scan on a regular basis.
- Review employee's user online banking access periodically and remove former employees immediately.
Other Recommended Best Practices
- Make your passwords longer, use a combination of upper and lowercase letters, numbers and symbols.
- Check for signs that the webpage is secure - a web address starts with "https" and a closed padlock for example.
- Promptly review Wire, ACH or other transaction confirmations and make sure you recognize them. Notify the Bank immediately at (888) 761-3967 if you notice any discrepancy or error.
More information on how to protect your information is available on www.eastwestbank.com, under the Consumer Security link. If you have additional questions -
- Consumer customers: Please contact Customer Service Center at (888) 895-5650, Monday through Friday from 6:00 AM to 7:00 PM and Saturday from 9:00 AM to 5:00 PM PT, or email us at
- Business customers: Please contact Commercial Banking Customer Service at (888) 761-3967, Monday through Friday from 6:00 AM to 7:00 PM PT, or email us at email@example.com.