Reducing the Risk of Corporate Account Takeover 

Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business’s bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent ACH transactions.

The bank has procedures in place to protect, detect and respond to corporate account takeover and fraudulent activity. However, it is important and necessary for you and your employees to follow established security practices. Following are security practices you can implement to reduce the risk of theft:

1. Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risk related to their duties;
2. Update anti-virus and anti-malware programs frequently;
3. Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices);
4. Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking;
5. Adhere to dual control procedures;
6. Use separate devices to originate and transmit ACH instructions;
7. Transmit wire transfer and ACH instructions via a dedicated and isolated device;
8. Practice ongoing account monitoring and reconciliation, especially near the end of the day;
9. Adopt advanced security measures by working with consultants or dedicated IT staff; and
10. Utilize resources provided by trade organizations and agencies that specialize in helping small businesses. A list is provided below.

Business account holders should be most vigilant in monitoring account activity. You have the ability to detect anomalies or potential fraud prior to or early in an electronic robbery.

Warning signs visible to a business customer that their system/network may have been compromised include:

1. Inability to log into online banking (thieves could be blocking customer access so the customer wont’ see the theft until the criminals have control of the money);
2. Dramatic loss of computer speed;
3. Changes in the way things appear on the screen;
4. Computer locks up so the user is unable to perform any functions;
5. Unexpected rebooting or restarting of the computer;
6. Unexpected request for a one time password (or token) in the middle of an online session;
7. Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.);
8. New or unexpected toolbars and/or icons;
9. Inability to shut down or restart the computer;
10. Changes in login credentials; and,
11. Distributed Denial of Service of Attacks (Ddos) i.e. Flooding of your email accounts.

Business Resources are:

1. The Better Business Bureau’s Website on Data Security Made Simpler
2. The Small Business Administration’s (SBA) Website on Cyber Security
3. The Small Business Administration’s (SBA) Website on Cyber Security Tips
4. The Federal Trade Commission's (FTC) Website on Data Security
5. The Federal Trade Commission's (FTC) Website on Data Breach Response: A Guide for Business