Security Best Practices
Fraud Protection Guidelines
We offer these guidelines to help you protect against transactional and online fraud. When you consider the potential financial losses, business disruption, recovery time, and costs associated with fraud, implementing these security best practices and due diligence upfront is well worth the effort.
With the increase of cybercrime and fraud scams, you cannot rely on a single system or service to effectively mitigate against transactional and online fraud risks. We urge our customers to adopt many risk mitigation best practices such as multiple layers of security, refinement of operational procedures and system controls, and installation of IBM® Security Trusteer Rapport® and other security software to achieve higher levels of security protection.
When it comes to fraud and cybercrime, you have the tools and responsibility to prevent losses to your business. Please consider the recommended guidelines below, as well as all current and new tools that become available to help safeguard and strengthen your business against financial fraud.
Verify payment information with sender when notified via email for payment
Call the email originator at a previously documented number (provided outside of the email) to confirm payment instructions are accurate. Fraudsters send emails to individuals and businesses from an email account that is disguised to be from a known vendor. Fraudsters may also alter the original email instructions, causing the funds to be rerouted to the fraudster instead of the intended vendor. Be cautious of emails that press urgency and secrecy. Look for slight variations in email addresses and subtle discrepancies.
Install IBM Security Trusteer Rapport
We provide this complimentary software to help you combat financial fraud. Trusteer Rapport’s innovative technology picks up where conventional security software falls short. From the moment it is installed, Trusteer Rapport protects the customer’s device and mitigates financial malware infections. It provides instant PC and Mac anti-fraud protection against financial malware, as well as phishing attacks.
Implement dual control (Bank’s Standard Settings) to initiate and release payment transactions on separate machines
Having a minimum of two persons involved in a transaction ensures accuracy, and adds a layer of complexity to keep fraudsters and internal employees from compromising your accounts.
Establish appropriate company and/or user transaction dollar limits
This will help limit the exposure in case of unauthorized payment attempts.
Never disclose or write down usernames, passwords, and token passcodes
Never disclose these types of sensitive information to another party via phone, email, text or chat. Bank personnel will never ask for passwords and token information.
Review full details of the payment transaction before release
Promptly review ACH, Wire Transfers, and other transaction notifications
Set up email alerts for ACH, Wire Transfer, and balance thresholds
Email alerts will help bring your attention to unauthorized transactions and unusual changes to your account balance.
Reconcile account activities daily
Regularly review user access
Allocate permissions and access to staff on an “as needed” basis to manage risk and limit over-privileged users. Promptly deactivate employee access when it is no longer needed.