Tips to Mitigate Security Risks for your Business

What is a Corporate Account Takeover?
A Corporate Account Takeover (CATO) occurs when a criminal obtains electronic access to your bank account and conducts unauthorized transactions. The criminal obtains electronic access by stealing the confidential security credentials of employees who are authorized to conduct electronic transactions on your corporate bank account.

We encourage businesses using our Business Resource Manager service to take the following CATO Risk Assessment to discover any security-based shortcomings in their business practices:

Take the Risk Assessment Here

Best Practices for Companies

Best Practices for Third-Party Service Providers

How are confidential security credentials stolen?
There are several methods used today to steal confidential security credentials. One is to mimic the look and feel of a legitimate financial institution’s website. Users provide their credentials to these sites without knowing that a perpetrator is stealing their security credentials through a fictitious website which appears to be their financial institution.

A second method is malware that infects computer workstations and laptops via infected emails with links or document attachments. In addition, malware can be downloaded to a user’s workstation and laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos or photos posted there can activate the download of the malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto a financial institution’s website, then trick the user into thinking the system is down, or not responding during this perceived downtime, the perpetrator is actually sending transactions in the user’s name.

What does Corporate Account Takeover look like?
If robust authentication is not used and a user’s credentials are stolen, the perpetrator can take over the account of the business. To the financial institution, the credentials appear to be the legitimate user. The perpetrator has access to and can review the account details of the business, including account activity and patterns and ACH and wire transfer origination parameters such as file size and frequency limits and Standard Entry Class (SEC) codes.

With an understanding of the permissions and the limits associated with the account, the perpetrator can transfer funds out of the account using wire transfers or ACH files. With ACH, the file would likely contain PPD (Prearranged Payments & Deposits) credits routed to accounts at one or more receiving depository financial institutions (RDFI’s). These accounts may be newly opened by accomplices or unwitting “mules” for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money and send the funds overseas via wire transfer or other popular money transfer services.

Perpetrators also send ACH files containing debits in order to collect additional funds into the account that can subsequently be transferred out. The debits would likely be CCD (Cash Concentration & Disbursement) debits to other small business accounts for which the perpetrator has also stolen the credentials or banking information. Given the return timeframe for CCD debits and the relative lack of account monitoring and controls at many small businesses, these debit transactions often go unnoticed until after the return timeframe has expired.

Warning signs of potentially compromised computer system:

• Dramatic loss of computer speed
• Changes in the way things appear on the screen
• Computer locks up or freezes
• Unexpected rebooting or restarting
• Unexpected request for a token pass-code in the middle of an online session
• Unusual pop-up messages, especially a message in the middle of an online banking session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
• New or unexpected toolbars and/or icons
• Inability to shut down or restart the computer

Best practices for safe business online banking:

• Reconcile banking transactions on a daily basis
• Utilize separation of duties when initiating ACH transfers- one person originates the transaction on one computer and another person approves the transaction on another computer
• Immediately report suspicious transactions to Prevail Bank by calling 800.205.0914
• Install a firewall to help limit unauthorized access to the network and/or computer
• Install anti-virus software on all computer systems
• Do not download “Free versions” of anti-virus programs. Free versions do not provide “real-time” protections
• Ensure that computers are patched regularly, particularly operating systems and key applications
• Install anti-spyware/anti-malware software and update them often
• Be suspicious of Emails purporting to be from the bank or any financial institution requesting account information, account verification or online banking credentials such as user names, passwords, token codes, and similar information
• Create strong passwords and do not use online banking passwords for other sites
• Change the default login passwords on all network devices
• Limit administrative rights on users’ workstations
• Carry out all online banking activities from a stand-alone computer system- that is, one that is not used for Email and general web browsing/social networking
• Avoid using automatic login features that save usernames and passwords for online banking
• Never leave a computer unattended while using any online banking service
• Never access bank, brokerage or other financial services information at Wi-Fi hot spots such as internet cafes, public libraries, airports, etc. Unauthorized software may have been installed to trap account number and login information leaving open the possibility of fraud